You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by FaXin Zhong <fa...@ericsson.com> on 2016/12/14 12:24:54 UTC
security
Hi,
Our product is using zookeeper. I have some security questions about zookeeper as below.
1. We want to use ssl for the client-server communication, zookeeper supports it since 3.5.1, while it's alpha version, is it OK to upgrade zookeeper to 3.5.1 or latest? We are currently using 3.4.8 for customers.
2. Does zookeeper support server-server secure communication as well? Or any plan? I don't find it in zookeeper documents, but found some JIRA stuff "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEEPER-1045> covers server-server mutual authentication by SASL", what do you think of it for commercial usage?
Thanks a lot!
BRs/Faxin
RE: security
Posted by FaXin Zhong <fa...@ericsson.com>.
Hi,
If I understand correct, the coming 3.5.3 will still be on beta version, which is not like the coming 3.4.10 as a stable version.
3.4.10 is supposed to support SASL with Kerberos, I think, but we might not want to introduce additional KDC in system, so SSL might still the data encryption and client authentication choice, but we need go for stable version of it. And the touch question is when it will happen?
And what is the SSL version being used? The TLS not supported?
BRs/Faxin
-----Original Message-----
From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
Sent: den 16 december 2016 10:13
To: user@zookeeper.apache.org
Subject: Re: security
I believe with the community support, will be able to reach to a 3.5.x beta version soon.
FYI, please refer the release discussion thread https://qnalist.com/que stions/7887505/upcoming-3-4-3-5-releases
Rakesh
On Fri, Dec 16, 2016 at 1:06 PM, FaXin Zhong <fa...@ericsson.com>
wrote:
> Hi,
>
> OK. 3.5.x are still alpha or being beta version, when will the formal
> stable version release, can you foresee? Thanks.
>
> BRs/Faxin
>
> -----Original Message-----
> From: Michael Han [mailto:hanm@cloudera.com]
> Sent: den 15 december 2016 19:48
> To: UserZooKeeper <us...@zookeeper.apache.org>
> Subject: Re: security
>
> >> is there any plan to support SSL
> There is ZOOKEEPER-1000
> <https://issues.apache.org/jira/browse/ZOOKEEPER-1000>, but no one is
> actively pushing this.
>
> >> Does zookeeper provide KDC HA as off-shelf support?
> HA of KDC is not part of ZooKeeper's responsibility. KDC has its own
> HA solutions (i.e. through master slave replication). The test report
> is a record of what's done for the purpose of testing, and is not a
> reference for a product deployment.
>
>
> On Thu, Dec 15, 2016 at 2:34 AM, FaXin Zhong
> <fa...@ericsson.com>
> wrote:
>
> > Hi,
> >
> > Many thanks for the info. For the server-server communication, is
> > there any plan to support SSL as well? We better have one security
> > approach for client and server.
> >
> > The test report mentions installing the KDC on sever 1, how to
> > secure the KDC HA? Does zookeeper provide KDC HA as off-shelf support?
> >
> > BRs/Faxin
> >
> > -----Original Message-----
> > From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
> > Sent: den 14 december 2016 14:24
> > To: user@zookeeper.apache.org
> > Subject: Re: security
> >
> > Hi,
> >
> > Adding one more point to the above. Please refer the test report
> > here, https://goo.gl/qNR45M
> >
> > Both the issues mentioned in the report has been discussed.
> > Problem-1) This has been taken care and corrected the document
> > Problem-2) This is a deployment mistake. Please go through the
> > analysis section and has to be taken care during deployment.
> >
> > Thanks,
> > Rakesh
> >
> > On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan
> > <ra...@apache.org>
> > wrote:
> >
> > > 1 => AFAIK, there are many companies adopted 3.5.x latest alpha
> > > version and no major issues reported so far. I hope beta release
> > > will be out soon at the first quarter of next year if there is no
> > > blockers/critical issues by anyone. IIUC, 3.5.3 release discussion
> > > is in progress. Probably, you can do a trial run and start
> > > analyzing/understanding the changes in 3.5.x latest version
> > (3.5.2-alpha) for smooth adoption to your eco system.
> > >
> > > 2 => Thanks for the interest on this feature. This work has been
> > > committed into the branch 3.4 recently(two weeks back) and
> > > planning
> > > 3.4.10 release asap including this feature. Again, the release
> > discussion is in progress.
> > > This feature has been tested by multiple folks and the test
> > > reports are available. Please go through the below links to
> > > understand more on
> > this.
> > > I'd really appreciate if you could test this feature and publish
> > feedback.
> > > Thanks! Please feel free to contact or discuss issues, some of us
> > > will help you. There are plans to forward port this feature to
> > > branch 3.5 via
> > > ZOOKEEPER-2639 task.
> > >
> > > https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> > > call-for-volunteers
> > > https://issues.apache.org/jira/secure/attachment/12834567/ZO
> > > OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this
> > > test report is already taken care.
> > >
> > > Feature documentation is getting ready and draft version is
> > > available
> > here.
> > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> > > per+and+SASL+authentication
> > > Documentation review is going on.
> > >
> > > Regards,
> > > Rakesh
> > >
> > > On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong
> > > <fa...@ericsson.com>
> > > wrote:
> > >
> > >> Hi,
> > >>
> > >> Our product is using zookeeper. I have some security questions
> > >> about zookeeper as below.
> > >>
> > >>
> > >> 1. We want to use ssl for the client-server communication,
> > >> zookeeper supports it since 3.5.1, while it's alpha version, is
> > >> it OK to upgrade zookeeper to 3.5.1 or latest? We are currently
> > >> using
> > >> 3.4.8 for customers.
> > >>
> > >>
> > >> 2. Does zookeeper support server-server secure communication as
> > >> well? Or any plan? I don't find it in zookeeper documents, but
> > >> found some JIRA stuff
> > >> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
> > >> PER-1045> covers server-server mutual authentication by SASL",
> > >> PER-1045> what do
> > >> you think of it for commercial usage?
> > >>
> > >>
> > >> Thanks a lot!
> > >>
> > >> BRs/Faxin
> > >>
> > >
> > >
> >
>
>
>
> --
> Cheers
> Michael.
>
Re: security
Posted by Rakesh Radhakrishnan <ra...@apache.org>.
I believe with the community support, will be able to reach to a 3.5.x beta
version soon.
FYI, please refer the release discussion thread https://qnalist.com/que
stions/7887505/upcoming-3-4-3-5-releases
Rakesh
On Fri, Dec 16, 2016 at 1:06 PM, FaXin Zhong <fa...@ericsson.com>
wrote:
> Hi,
>
> OK. 3.5.x are still alpha or being beta version, when will the formal
> stable version release, can you foresee? Thanks.
>
> BRs/Faxin
>
> -----Original Message-----
> From: Michael Han [mailto:hanm@cloudera.com]
> Sent: den 15 december 2016 19:48
> To: UserZooKeeper <us...@zookeeper.apache.org>
> Subject: Re: security
>
> >> is there any plan to support SSL
> There is ZOOKEEPER-1000
> <https://issues.apache.org/jira/browse/ZOOKEEPER-1000>, but no one is
> actively pushing this.
>
> >> Does zookeeper provide KDC HA as off-shelf support?
> HA of KDC is not part of ZooKeeper's responsibility. KDC has its own HA
> solutions (i.e. through master slave replication). The test report is a
> record of what's done for the purpose of testing, and is not a reference
> for a product deployment.
>
>
> On Thu, Dec 15, 2016 at 2:34 AM, FaXin Zhong <fa...@ericsson.com>
> wrote:
>
> > Hi,
> >
> > Many thanks for the info. For the server-server communication, is
> > there any plan to support SSL as well? We better have one security
> > approach for client and server.
> >
> > The test report mentions installing the KDC on sever 1, how to secure
> > the KDC HA? Does zookeeper provide KDC HA as off-shelf support?
> >
> > BRs/Faxin
> >
> > -----Original Message-----
> > From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
> > Sent: den 14 december 2016 14:24
> > To: user@zookeeper.apache.org
> > Subject: Re: security
> >
> > Hi,
> >
> > Adding one more point to the above. Please refer the test report here,
> > https://goo.gl/qNR45M
> >
> > Both the issues mentioned in the report has been discussed.
> > Problem-1) This has been taken care and corrected the document
> > Problem-2) This is a deployment mistake. Please go through the
> > analysis section and has to be taken care during deployment.
> >
> > Thanks,
> > Rakesh
> >
> > On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan
> > <ra...@apache.org>
> > wrote:
> >
> > > 1 => AFAIK, there are many companies adopted 3.5.x latest alpha
> > > version and no major issues reported so far. I hope beta release
> > > will be out soon at the first quarter of next year if there is no
> > > blockers/critical issues by anyone. IIUC, 3.5.3 release discussion
> > > is in progress. Probably, you can do a trial run and start
> > > analyzing/understanding the changes in 3.5.x latest version
> > (3.5.2-alpha) for smooth adoption to your eco system.
> > >
> > > 2 => Thanks for the interest on this feature. This work has been
> > > committed into the branch 3.4 recently(two weeks back) and planning
> > > 3.4.10 release asap including this feature. Again, the release
> > discussion is in progress.
> > > This feature has been tested by multiple folks and the test reports
> > > are available. Please go through the below links to understand more
> > > on
> > this.
> > > I'd really appreciate if you could test this feature and publish
> > feedback.
> > > Thanks! Please feel free to contact or discuss issues, some of us
> > > will help you. There are plans to forward port this feature to
> > > branch 3.5 via
> > > ZOOKEEPER-2639 task.
> > >
> > > https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> > > call-for-volunteers
> > > https://issues.apache.org/jira/secure/attachment/12834567/ZO
> > > OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
> > > report is already taken care.
> > >
> > > Feature documentation is getting ready and draft version is
> > > available
> > here.
> > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> > > per+and+SASL+authentication
> > > Documentation review is going on.
> > >
> > > Regards,
> > > Rakesh
> > >
> > > On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong
> > > <fa...@ericsson.com>
> > > wrote:
> > >
> > >> Hi,
> > >>
> > >> Our product is using zookeeper. I have some security questions
> > >> about zookeeper as below.
> > >>
> > >>
> > >> 1. We want to use ssl for the client-server communication,
> > >> zookeeper supports it since 3.5.1, while it's alpha version, is it
> > >> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using
> > >> 3.4.8 for customers.
> > >>
> > >>
> > >> 2. Does zookeeper support server-server secure communication as
> > >> well? Or any plan? I don't find it in zookeeper documents, but
> > >> found some JIRA stuff
> > >> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
> > >> PER-1045> covers server-server mutual authentication by SASL", what
> > >> PER-1045> do
> > >> you think of it for commercial usage?
> > >>
> > >>
> > >> Thanks a lot!
> > >>
> > >> BRs/Faxin
> > >>
> > >
> > >
> >
>
>
>
> --
> Cheers
> Michael.
>
RE: security
Posted by FaXin Zhong <fa...@ericsson.com>.
Hi,
OK. 3.5.x are still alpha or being beta version, when will the formal stable version release, can you foresee? Thanks.
BRs/Faxin
-----Original Message-----
From: Michael Han [mailto:hanm@cloudera.com]
Sent: den 15 december 2016 19:48
To: UserZooKeeper <us...@zookeeper.apache.org>
Subject: Re: security
>> is there any plan to support SSL
There is ZOOKEEPER-1000
<https://issues.apache.org/jira/browse/ZOOKEEPER-1000>, but no one is actively pushing this.
>> Does zookeeper provide KDC HA as off-shelf support?
HA of KDC is not part of ZooKeeper's responsibility. KDC has its own HA solutions (i.e. through master slave replication). The test report is a record of what's done for the purpose of testing, and is not a reference for a product deployment.
On Thu, Dec 15, 2016 at 2:34 AM, FaXin Zhong <fa...@ericsson.com>
wrote:
> Hi,
>
> Many thanks for the info. For the server-server communication, is
> there any plan to support SSL as well? We better have one security
> approach for client and server.
>
> The test report mentions installing the KDC on sever 1, how to secure
> the KDC HA? Does zookeeper provide KDC HA as off-shelf support?
>
> BRs/Faxin
>
> -----Original Message-----
> From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
> Sent: den 14 december 2016 14:24
> To: user@zookeeper.apache.org
> Subject: Re: security
>
> Hi,
>
> Adding one more point to the above. Please refer the test report here,
> https://goo.gl/qNR45M
>
> Both the issues mentioned in the report has been discussed.
> Problem-1) This has been taken care and corrected the document
> Problem-2) This is a deployment mistake. Please go through the
> analysis section and has to be taken care during deployment.
>
> Thanks,
> Rakesh
>
> On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan
> <ra...@apache.org>
> wrote:
>
> > 1 => AFAIK, there are many companies adopted 3.5.x latest alpha
> > version and no major issues reported so far. I hope beta release
> > will be out soon at the first quarter of next year if there is no
> > blockers/critical issues by anyone. IIUC, 3.5.3 release discussion
> > is in progress. Probably, you can do a trial run and start
> > analyzing/understanding the changes in 3.5.x latest version
> (3.5.2-alpha) for smooth adoption to your eco system.
> >
> > 2 => Thanks for the interest on this feature. This work has been
> > committed into the branch 3.4 recently(two weeks back) and planning
> > 3.4.10 release asap including this feature. Again, the release
> discussion is in progress.
> > This feature has been tested by multiple folks and the test reports
> > are available. Please go through the below links to understand more
> > on
> this.
> > I'd really appreciate if you could test this feature and publish
> feedback.
> > Thanks! Please feel free to contact or discuss issues, some of us
> > will help you. There are plans to forward port this feature to
> > branch 3.5 via
> > ZOOKEEPER-2639 task.
> >
> > https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> > call-for-volunteers
> > https://issues.apache.org/jira/secure/attachment/12834567/ZO
> > OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
> > report is already taken care.
> >
> > Feature documentation is getting ready and draft version is
> > available
> here.
> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> > per+and+SASL+authentication
> > Documentation review is going on.
> >
> > Regards,
> > Rakesh
> >
> > On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong
> > <fa...@ericsson.com>
> > wrote:
> >
> >> Hi,
> >>
> >> Our product is using zookeeper. I have some security questions
> >> about zookeeper as below.
> >>
> >>
> >> 1. We want to use ssl for the client-server communication,
> >> zookeeper supports it since 3.5.1, while it's alpha version, is it
> >> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using
> >> 3.4.8 for customers.
> >>
> >>
> >> 2. Does zookeeper support server-server secure communication as
> >> well? Or any plan? I don't find it in zookeeper documents, but
> >> found some JIRA stuff
> >> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
> >> PER-1045> covers server-server mutual authentication by SASL", what
> >> PER-1045> do
> >> you think of it for commercial usage?
> >>
> >>
> >> Thanks a lot!
> >>
> >> BRs/Faxin
> >>
> >
> >
>
--
Cheers
Michael.
Re: security
Posted by Michael Han <ha...@cloudera.com>.
>> is there any plan to support SSL
There is ZOOKEEPER-1000
<https://issues.apache.org/jira/browse/ZOOKEEPER-1000>, but no one is
actively pushing this.
>> Does zookeeper provide KDC HA as off-shelf support?
HA of KDC is not part of ZooKeeper's responsibility. KDC has its own HA
solutions (i.e. through master slave replication). The test report is a
record of what's done for the purpose of testing, and is not a reference
for a product deployment.
On Thu, Dec 15, 2016 at 2:34 AM, FaXin Zhong <fa...@ericsson.com>
wrote:
> Hi,
>
> Many thanks for the info. For the server-server communication, is there
> any plan to support SSL as well? We better have one security approach for
> client and server.
>
> The test report mentions installing the KDC on sever 1, how to secure the
> KDC HA? Does zookeeper provide KDC HA as off-shelf support?
>
> BRs/Faxin
>
> -----Original Message-----
> From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
> Sent: den 14 december 2016 14:24
> To: user@zookeeper.apache.org
> Subject: Re: security
>
> Hi,
>
> Adding one more point to the above. Please refer the test report here,
> https://goo.gl/qNR45M
>
> Both the issues mentioned in the report has been discussed.
> Problem-1) This has been taken care and corrected the document
> Problem-2) This is a deployment mistake. Please go through the analysis
> section and has to be taken care during deployment.
>
> Thanks,
> Rakesh
>
> On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan <ra...@apache.org>
> wrote:
>
> > 1 => AFAIK, there are many companies adopted 3.5.x latest alpha
> > version and no major issues reported so far. I hope beta release will
> > be out soon at the first quarter of next year if there is no
> > blockers/critical issues by anyone. IIUC, 3.5.3 release discussion is
> > in progress. Probably, you can do a trial run and start
> > analyzing/understanding the changes in 3.5.x latest version
> (3.5.2-alpha) for smooth adoption to your eco system.
> >
> > 2 => Thanks for the interest on this feature. This work has been
> > committed into the branch 3.4 recently(two weeks back) and planning
> > 3.4.10 release asap including this feature. Again, the release
> discussion is in progress.
> > This feature has been tested by multiple folks and the test reports
> > are available. Please go through the below links to understand more on
> this.
> > I'd really appreciate if you could test this feature and publish
> feedback.
> > Thanks! Please feel free to contact or discuss issues, some of us will
> > help you. There are plans to forward port this feature to branch 3.5
> > via
> > ZOOKEEPER-2639 task.
> >
> > https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> > call-for-volunteers
> > https://issues.apache.org/jira/secure/attachment/12834567/ZO
> > OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
> > report is already taken care.
> >
> > Feature documentation is getting ready and draft version is available
> here.
> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> > per+and+SASL+authentication
> > Documentation review is going on.
> >
> > Regards,
> > Rakesh
> >
> > On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong
> > <fa...@ericsson.com>
> > wrote:
> >
> >> Hi,
> >>
> >> Our product is using zookeeper. I have some security questions about
> >> zookeeper as below.
> >>
> >>
> >> 1. We want to use ssl for the client-server communication,
> >> zookeeper supports it since 3.5.1, while it's alpha version, is it
> >> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using
> >> 3.4.8 for customers.
> >>
> >>
> >> 2. Does zookeeper support server-server secure communication as
> >> well? Or any plan? I don't find it in zookeeper documents, but found
> >> some JIRA stuff
> >> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
> >> PER-1045> covers server-server mutual authentication by SASL", what
> >> PER-1045> do
> >> you think of it for commercial usage?
> >>
> >>
> >> Thanks a lot!
> >>
> >> BRs/Faxin
> >>
> >
> >
>
--
Cheers
Michael.
RE: security
Posted by FaXin Zhong <fa...@ericsson.com>.
Hi,
Many thanks for the info. For the server-server communication, is there any plan to support SSL as well? We better have one security approach for client and server.
The test report mentions installing the KDC on sever 1, how to secure the KDC HA? Does zookeeper provide KDC HA as off-shelf support?
BRs/Faxin
-----Original Message-----
From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
Sent: den 14 december 2016 14:24
To: user@zookeeper.apache.org
Subject: Re: security
Hi,
Adding one more point to the above. Please refer the test report here, https://goo.gl/qNR45M
Both the issues mentioned in the report has been discussed.
Problem-1) This has been taken care and corrected the document
Problem-2) This is a deployment mistake. Please go through the analysis section and has to be taken care during deployment.
Thanks,
Rakesh
On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan <ra...@apache.org>
wrote:
> 1 => AFAIK, there are many companies adopted 3.5.x latest alpha
> version and no major issues reported so far. I hope beta release will
> be out soon at the first quarter of next year if there is no
> blockers/critical issues by anyone. IIUC, 3.5.3 release discussion is
> in progress. Probably, you can do a trial run and start
> analyzing/understanding the changes in 3.5.x latest version (3.5.2-alpha) for smooth adoption to your eco system.
>
> 2 => Thanks for the interest on this feature. This work has been
> committed into the branch 3.4 recently(two weeks back) and planning
> 3.4.10 release asap including this feature. Again, the release discussion is in progress.
> This feature has been tested by multiple folks and the test reports
> are available. Please go through the below links to understand more on this.
> I'd really appreciate if you could test this feature and publish feedback.
> Thanks! Please feel free to contact or discuss issues, some of us will
> help you. There are plans to forward port this feature to branch 3.5
> via
> ZOOKEEPER-2639 task.
>
> https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> call-for-volunteers
> https://issues.apache.org/jira/secure/attachment/12834567/ZO
> OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
> report is already taken care.
>
> Feature documentation is getting ready and draft version is available here.
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> per+and+SASL+authentication
> Documentation review is going on.
>
> Regards,
> Rakesh
>
> On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong
> <fa...@ericsson.com>
> wrote:
>
>> Hi,
>>
>> Our product is using zookeeper. I have some security questions about
>> zookeeper as below.
>>
>>
>> 1. We want to use ssl for the client-server communication,
>> zookeeper supports it since 3.5.1, while it's alpha version, is it
>> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using
>> 3.4.8 for customers.
>>
>>
>> 2. Does zookeeper support server-server secure communication as
>> well? Or any plan? I don't find it in zookeeper documents, but found
>> some JIRA stuff
>> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
>> PER-1045> covers server-server mutual authentication by SASL", what
>> PER-1045> do
>> you think of it for commercial usage?
>>
>>
>> Thanks a lot!
>>
>> BRs/Faxin
>>
>
>
Re: security
Posted by Rakesh Radhakrishnan <ra...@apache.org>.
Hi,
Adding one more point to the above. Please refer the test report here,
https://goo.gl/qNR45M
Both the issues mentioned in the report has been discussed.
Problem-1) This has been taken care and corrected the document
Problem-2) This is a deployment mistake. Please go through the analysis
section and has to be taken care during deployment.
Thanks,
Rakesh
On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan <ra...@apache.org>
wrote:
> 1 => AFAIK, there are many companies adopted 3.5.x latest alpha version
> and no major issues reported so far. I hope beta release will be out soon
> at the first quarter of next year if there is no blockers/critical issues
> by anyone. IIUC, 3.5.3 release discussion is in progress. Probably, you can
> do a trial run and start analyzing/understanding the changes in 3.5.x
> latest version (3.5.2-alpha) for smooth adoption to your eco system.
>
> 2 => Thanks for the interest on this feature. This work has been committed
> into the branch 3.4 recently(two weeks back) and planning 3.4.10 release
> asap including this feature. Again, the release discussion is in progress.
> This feature has been tested by multiple folks and the test reports are
> available. Please go through the below links to understand more on this.
> I'd really appreciate if you could test this feature and publish feedback.
> Thanks! Please feel free to contact or discuss issues, some of us will help
> you. There are plans to forward port this feature to branch 3.5 via
> ZOOKEEPER-2639 task.
>
> https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> call-for-volunteers
> https://issues.apache.org/jira/secure/attachment/12834567/ZO
> OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
> report is already taken care.
>
> Feature documentation is getting ready and draft version is available here.
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> per+and+SASL+authentication
> Documentation review is going on.
>
> Regards,
> Rakesh
>
> On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong <fa...@ericsson.com>
> wrote:
>
>> Hi,
>>
>> Our product is using zookeeper. I have some security questions about
>> zookeeper as below.
>>
>>
>> 1. We want to use ssl for the client-server communication,
>> zookeeper supports it since 3.5.1, while it's alpha version, is it OK to
>> upgrade zookeeper to 3.5.1 or latest? We are currently using 3.4.8 for
>> customers.
>>
>>
>> 2. Does zookeeper support server-server secure communication as
>> well? Or any plan? I don't find it in zookeeper documents, but found some
>> JIRA stuff "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
>> PER-1045> covers server-server mutual authentication by SASL", what do
>> you think of it for commercial usage?
>>
>>
>> Thanks a lot!
>>
>> BRs/Faxin
>>
>
>
Re: security
Posted by Rakesh Radhakrishnan <ra...@apache.org>.
1 => AFAIK, there are many companies adopted 3.5.x latest alpha version and
no major issues reported so far. I hope beta release will be out soon at
the first quarter of next year if there is no blockers/critical issues by
anyone. IIUC, 3.5.3 release discussion is in progress. Probably, you can do
a trial run and start analyzing/understanding the changes in 3.5.x latest
version (3.5.2-alpha) for smooth adoption to your eco system.
2 => Thanks for the interest on this feature. This work has been committed
into the branch 3.4 recently(two weeks back) and planning 3.4.10 release
asap including this feature. Again, the release discussion is in progress.
This feature has been tested by multiple folks and the test reports are
available. Please go through the below links to understand more on this.
I'd really appreciate if you could test this feature and publish feedback.
Thanks! Please feel free to contact or discuss issues, some of us will help
you. There are plans to forward port this feature to branch 3.5 via
ZOOKEEPER-2639 task.
https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
call-for-volunteers
https://issues.apache.org/jira/secure/attachment/12834567/
ZOOKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
report is already taken care.
Feature documentation is getting ready and draft version is available here.
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
per+and+SASL+authentication
Documentation review is going on.
Regards,
Rakesh
On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong <fa...@ericsson.com>
wrote:
> Hi,
>
> Our product is using zookeeper. I have some security questions about
> zookeeper as below.
>
>
> 1. We want to use ssl for the client-server communication, zookeeper
> supports it since 3.5.1, while it's alpha version, is it OK to upgrade
> zookeeper to 3.5.1 or latest? We are currently using 3.4.8 for customers.
>
>
> 2. Does zookeeper support server-server secure communication as
> well? Or any plan? I don't find it in zookeeper documents, but found some
> JIRA stuff "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
> PER-1045> covers server-server mutual authentication by SASL", what do
> you think of it for commercial usage?
>
>
> Thanks a lot!
>
> BRs/Faxin
>