Thanks Mate. May I know the version of zookeeper you are using? Regards, Praveen Kumar K S +91-9986855625
On Thu, Jan 16, 2020 at 8:45 PM Szalay-Bekő Máté <[email protected]> wrote: > Hi Praveen, > > Regarding SASL, some useful links: > - > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication > (I > just updated this page today) > - I was also checking the Kerberos JAAS configs when I tried these things > locally: > > https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html > - this is a good howto as well: https://github.com/ekoontz/zookeeper/wiki > - > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication > > In this Jira case you can see some zoo.cfg and client configs that we used > to test SASL + SSL: > > https://issues.apache.org/jira/browse/ZOOKEEPER-3482?focusedCommentId=16998033&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16998033 > > With these configs we were managed to use ZooKeeper SASL + SSL on a real > Hadoop cluster using MIT Kerberos. > > Mate > > On Thu, Jan 16, 2020 at 10:39 AM Praveen Kumar K S < > [email protected]> wrote: > > > Thanks Enrico. I was also looking at > > https://issues.apache.org/jira/browse/ZOOKEEPER-2220 who is facing same > > issue. > > > > I will try with your suggestion. My requirement is to enable SASL based > > authentication between server-server and client-server. > > > > Please advise if I'm looking at the right place or is there any better > > documentation. > > > > Regards, > > Praveen Kumar K S > > +91-9986855625 > > > > > > On Thu, Jan 16, 2020 at 3:01 PM Enrico Olivelli - Diennea < > > [email protected]> wrote: > > > > > Praveen > > > In order to use Netty it is better for you to use 3.5.6 that contains > > > Netty 4, ZooKeeper 3.4.x uses the deprecated Netty 3. For TSL, and it > is > > > known to have security flaws and it is no more maintained > > > > > > Btw your problem looks like there is a missing class and it is weird > > > > > > Enrico > > > > > > Il giorno 16/01/20, 10:25 "Praveen Kumar K S" < > > [email protected]> > > > ha scritto: > > > > > > Hello, > > > > > > I'm looking for help on enabling authentication in zookeeper. > Please > > > note > > > below approach I have tried. > > > > > > 1. I followed > > > > > > > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide > > > 2. I'm deploying zookeeper as single node using docker > > > 3. Zookeeper version is 3.4.13 > > > 4. Below are some important environmental variables in zookeeper > > > container > > > > > > > > > > > > CLIENT_JVMFLAGS=-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > > > -Dzookeeper.client.secure=true > > > > > -Dzookeeper.ssl.keyStore.location=/opt/vault/zookeeper/ssl/KeyStore.jks > > > -Dzookeeper.ssl.keyStore.password=XX@123 > > > > > > > > > -Dzookeeper.ssl.trustStore.location=/opt/vault/zookeeper/ssl/truststore.jks > > > -Dzookeeper.ssl.trustStore.password=XX@123 > > > > > > > > > > > > SERVER_JVMFLAGS=-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > > > > -Dzookeeper.ssl.keyStore.location=/opt/vault/zookeeper/ssl/KeyStore.jks > > > -Dzookeeper.ssl.keyStore.password=XX@123 > > > > > > > > > -Dzookeeper.ssl.trustStore.location=/opt/vault/zookeeper/ssl/truststore.jks > > > -Dzookeeper.ssl.trustStore.password=XX@123 > > > > > > > > > > > > zookeeper.serverCnxnFactory="org.apache.zookeeper.server.NettyServerCnxnFactory" > > > > > > 5. Below is conf file > > > server.1=0.0.0.0:2888:3888 > > > secureClientPort=2281 > > > initLimit=5 > > > syncLimit=2 > > > tickTime=2000 > > > clientPort=2181 > > > clientPortAddress=zookeeper > > > dataLogDir=/opt/vault/zookeeper/logs > > > dataDir=/opt/vault/zookeeper/data > > > > > > 6. Zookeeper is healthy > > > 7. I tried connecting to Zookeeper server from my machine using > > > zkCli.sh. > > > But getting below error > > > > > > 2020-01-16 14:21:27,798 [myid:] - INFO [main:ZooKeeper@442] - > > > Initiating > > > client connection, connectString=zookeeper:2281 > sessionTimeout=30000 > > > watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@531d72ca > > > Exception in thread "main" java.io.IOException: Couldn't > instantiate > > > org.apache.zookeeper.ClientCnxnSocketNetty > > > at > > > org.apache.zookeeper.ZooKeeper.getClientCnxnSocket(ZooKeeper.java:1851) > > > at org.apache.zookeeper.ZooKeeper.<init>(ZooKeeper.java:453) > > > at > > > org.apache.zookeeper.ZooKeeperMain.connectToZK(ZooKeeperMain.java:283) > > > at > org.apache.zookeeper.ZooKeeperMain.<init>(ZooKeeperMain.java:297) > > > at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:290) > > > Caused by: java.lang.ClassNotFoundException: > > > org.apache.zookeeper.ClientCnxnSocketNetty > > > at java.net.URLClassLoader.findClass(URLClassLoader.java:382) > > > at java.lang.ClassLoader.loadClass(ClassLoader.java:424) > > > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349) > > > at java.lang.ClassLoader.loadClass(ClassLoader.java:357) > > > at java.lang.Class.forName0(Native Method) > > > at java.lang.Class.forName(Class.java:264) > > > at > > > org.apache.zookeeper.ZooKeeper.getClientCnxnSocket(ZooKeeper.java:1848) > > > ... 4 more > > > > > > 8.Zookeeper is working fine on 2181 > > > 9.I tried to connect Kafka to Zookeeper on port 2281. Getting below > > > error > > > > > > [2020-01-16 09:12:07,477] INFO Initiating client connection, > > > connectString=zookeeper:2281 sessionTimeout=6000 > > > > > > > watcher=kafka.zookeeper.ZooKeeperClient$ZooKeeperClientWatcher$@5c33f1a9 > > > (org.apache.zookeeper.ZooKeeper) > > > [2020-01-16 09:12:07,488] INFO [ZooKeeperClient] Waiting until > > > connected. > > > (kafka.zookeeper.ZooKeeperClient) > > > [2020-01-16 09:12:07,489] INFO Opening socket connection to server > > > zookeeper/172.16.13.2:2281. Will not attempt to authenticate using > > > SASL > > > (unknown error) (org.apache.zookeeper.ClientCnxn) > > > [2020-01-16 09:12:07,493] INFO Socket error occurred: zookeeper/ > > > 172.16.13.2:2281: Connection refused > > (org.apache.zookeeper.ClientCnxn) > > > [2020-01-16 09:12:08,599] INFO Opening socket connection to server > > > zookeeper/172.16.13.2:2281. Will not attempt to authenticate using > > > SASL > > > (unknown error) (org.apache.zookeeper.ClientCnxn) > > > > > > Please help and advice. > > > > > > Regards, > > > Praveen Kumar K S > > > +91-9986855625 > > > > > > > > > > > > ________________________________ > > > > > > CONFIDENTIALITY & PRIVACY NOTICE > > > This e-mail (including any attachments) is strictly confidential and > may > > > also contain privileged information. If you are not the intended > > recipient > > > you are not authorised to read, print, save, process or disclose this > > > message. If you have received this message by mistake, please inform > the > > > sender immediately and destroy this e-mail, its attachments and any > > copies. > > > Any use, distribution, reproduction or disclosure by any person other > > than > > > the intended recipient is strictly prohibited and the person > responsible > > > may incur in penalties. > > > The use of this e-mail is only for professional purposes; there is no > > > guarantee that the correspondence towards this e-mail will be read only > > by > > > the recipient, because, under certain circumstances, there may be a > need > > to > > > access this email by third subjects belonging to the Company. > > > > > >
