[
https://issues.apache.org/jira/browse/SOLR-8343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17203958#comment-17203958
]
Andras Salamon commented on SOLR-8343:
--------------------------------------
I'm testing Solr 8.4.1 + Zookeeper 3.5.5 with SSL and {{zkcli.sh}} was working
after I set the following:
{noformat}
export ZKCLI_JVM_FLAGS="-Dzookeeper.client.secure=true
-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
-Dzookeeper.ssl.keyStore.location=/path/to/keystore.jks
-Dzookeeper.ssl.keyStore.password=REDACTED
-Dzookeeper.ssl.trustStore.location=/path/to/truststore.jks
-Dzookeeper.ssl.trustStore.password=REDACTED"{noformat}
The command:
{noformat}
zkcli.sh -zkhost <FQDN>:2182/solr -cmd getfile /solr.xml /tmp/solr.xml{noformat}
2182 is the secure port of our Zookeeper (2181 is the unsecure). I had to use
FQDN in zkhost, localhost is not working with SSL.
What does "native support" mean in this Jira description? There is a commented
out section for ZK ACL settings? Should we add an other commented out section
to help the usage? Or some new environment variables could be used here to
setup ZKCLI_JVM_FLAGS?
> zkcli.sh support for SSL enabled ZK communication
> -------------------------------------------------
>
> Key: SOLR-8343
> URL: https://issues.apache.org/jira/browse/SOLR-8343
> Project: Solr
> Issue Type: Sub-task
> Components: scripts and tools
> Reporter: Jan Høydahl
> Priority: Major
>
> If communicating with a secured ZooKeeper, {{zkcli.sh}} script should have
> native support for specifying the needed configurations, ref
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
