You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by Pradeep Choudhary <pc...@juniper.net.INVALID> on 2019/12/12 06:02:19 UTC
Zookeeper SSL C Client Support
Dear Experts,
I see that this PR https://github.com/apache/zookeeper/pull/625 is merged to master to enable Zookeeper C Client SSL support. We are planning to use this in our software. Do you have any plan to release a new version of Zookeeper with this support ?
Thanks,
Pradeep
Re: Zookeeper SSL C Client Support
Posted by Szalay-Bekő Máté <sz...@gmail.com>.
Hi Pradeep,
based on the logs, it seems working. It is great to see that you will use
it :) Let us know if you would see any issue with it.
FYI, we already have a few improvements under review around these areas:
- https://issues.apache.org/jira/browse/ZOOKEEPER-3567 (Add SSL support for
the zk python client)
- https://issues.apache.org/jira/browse/ZOOKEEPER-3630 (Autodetection of
SSL library during Zookeeper C client build)
- https://issues.apache.org/jira/browse/ZOOKEEPER-3640 (Implement "batch
mode" in cli_mt)
I also created this improvement idea:
https://issues.apache.org/jira/browse/ZOOKEEPER-3646, "Executing multiple
commands non-interactively with the C client cli "
No one is working on it right now AFAIK, but let me know if it would be
important / helpful for you.
Regards,
Mate
On Thu, Dec 12, 2019 at 8:07 AM Pradeep Choudhary
<pc...@juniper.net.invalid> wrote:
> Hi Enrico,
>
> I have just tested the cli_st utility as of now. It seems to work ok. I
> haven't integrated this code in our software yet. Please check the logs
> below.
>
>
> git clone git@github.com:apache/zookeeper.git
> cd zookeeper
> yum install java-1.8.0-openjdk
> yum install ant
> yum install autoconf
> yum install automake
> yum install cppunit
> yum install cppunit-devel
> ant compile_jute
> cd zookeeper-client/zookeeper-client-c/
> ./configure
> vi Makefile
> ** Uncomment following 2 lines and set OPENSSL_DIR **
> #OPENSSL_CPPFLAGS = -DHAVE_OPENSSL_H -I$(OPENSSL_DIR)
> #OPENSSL_LIB_LDFLAGS = -lssl -lcrypto
> make
> make install
>
>
> Run cli_st utility
> [root@noden9 zookeeper-client-c]# ./cli_st -h 127.0.0.1:2182 -s
> /root/zookeeper_tls/zookeeper+tls/ca-cert.pem,/root/zookeeper_tls/zookeeper+tls/server.pem,/root/zookee
> per_tls/zookeeper+tls/server-privkey.pem,c0ntrail123 -d
> logging level set to DEBUG
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1147: Client
> environment:zookeeper.version=zookeeper C client 3.6.0
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1151: Client environment:
> host.name=noden9
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1158: Client environment:
> os.name=Linux
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1159: Client
> environment:os.arch=3.10.0-1062.1.2.el7.x86_64
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1160: Client
> environment:os.version=#1 SMP Mon Sep 30 14:19:46 UTC 2019
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1168: Client environment:
> user.name=root
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1176: Client
> environment:user.home=/root
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1188: Client
> environment:user.dir=/root/zookeeper_tls/zookeeper/zookeeper-client/zookeeper-client-c
> 2019-12-06 23:30:03,005:26406:ZOO_INFO@zookeeper_init_internal@1241:
> Initiating client connection, host=127.0.0.1:2182 sessionTimeout=30000
> watcher=0x402640 sessionId=
> 0 sessionPasswd=<null> context=(nil) flags=0
> 2019-12-06 23:30:03,005:26406:ZOO_DEBUG@get_next_server_in_reconfig@1401:
> [OLD] count=0 capacity=0 next=0 hasnext=0
> 2019-12-06 23:30:03,005:26406:ZOO_DEBUG@get_next_server_in_reconfig@1404:
> [NEW] count=1 capacity=16 next=0 hasnext=1
> 2019-12-06 23:30:03,005:26406:ZOO_DEBUG@get_next_server_in_reconfig@1413:
> Using next from NEW=127.0.0.1:2182
> 2019-12-06 23:30:03,005:26406:ZOO_DEBUG@zookeeper_connect@2319: [zk]
> connect()
>
> 2019-12-06 23:30:03,006:26406:ZOO_INFO@init_ssl_for_socket@2592: FIPS
> mode is OFF
> 2019-12-06 23:30:03,019:26406:ZOO_INFO@check_events@2737: initiated
> connection to server 127.0.0.1:2182
> 2019-12-06 23:30:03,046:26406:ZOO_INFO@check_events@2790: session
> establishment complete on server 127.0.0.1:2182,
> sessionId=0x100e87594e50004, negotiated timeout=3000
> 0
> 2019-12-06 23:30:03,046:26406:ZOO_DEBUG@check_events@2796: Calling a
> watcher for a ZOO_SESSION_EVENT and the state=ZOO_CONNECTED_STATE
> 2019-12-06 23:30:03,046:26406:ZOO_DEBUG@process_completions@3062: Calling
> a watcher for node [], type = -1 event=ZOO_SESSION_EVENT
> Watcher SESSION_EVENT state = CONNECTED_STATE
> Got a new session id: 0x100e87594e50004
>
>
>
>
> On 12/12/19, 12:13 PM, "Enrico Olivelli" <eo...@gmail.com> wrote:
>
> Pradeep
>
> Il gio 12 dic 2019, 07:02 Pradeep Choudhary <pchoudhary@juniper.net
> .invalid>
> ha scritto:
>
> > Dear Experts,
> >
> > I see that this PR https://github.com/apache/zookeeper/pull/625 is
> merged
> > to master to enable Zookeeper C Client SSL support. We are planning
> to use
> > this in our software. Do you have any plan to release a new version
> of
> > Zookeeper with this support ?
> >
>
> Yes.
>
> Did you try it?
> Knowing that it works for you would be a great feedback
>
> Stay tuned.
> Please test the release candidate of 3.6.0 when we will start a VOTE on
> dev@zookeeper.apache.org
>
> It will happen within a couple of weeks.
> I
>
> >
> > Thanks,
> > Pradeep
> >
>
>
>
Re: Zookeeper SSL C Client Support
Posted by Pradeep Choudhary <pc...@juniper.net.INVALID>.
Hi Enrico,
I have just tested the cli_st utility as of now. It seems to work ok. I haven't integrated this code in our software yet. Please check the logs below.
git clone git@github.com:apache/zookeeper.git
cd zookeeper
yum install java-1.8.0-openjdk
yum install ant
yum install autoconf
yum install automake
yum install cppunit
yum install cppunit-devel
ant compile_jute
cd zookeeper-client/zookeeper-client-c/
./configure
vi Makefile
** Uncomment following 2 lines and set OPENSSL_DIR **
#OPENSSL_CPPFLAGS = -DHAVE_OPENSSL_H -I$(OPENSSL_DIR)
#OPENSSL_LIB_LDFLAGS = -lssl -lcrypto
make
make install
Run cli_st utility
[root@noden9 zookeeper-client-c]# ./cli_st -h 127.0.0.1:2182 -s /root/zookeeper_tls/zookeeper+tls/ca-cert.pem,/root/zookeeper_tls/zookeeper+tls/server.pem,/root/zookee
per_tls/zookeeper+tls/server-privkey.pem,c0ntrail123 -d
logging level set to DEBUG
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1147: Client environment:zookeeper.version=zookeeper C client 3.6.0
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1151: Client environment:host.name=noden9
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1158: Client environment:os.name=Linux
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1159: Client environment:os.arch=3.10.0-1062.1.2.el7.x86_64
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1160: Client environment:os.version=#1 SMP Mon Sep 30 14:19:46 UTC 2019
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1168: Client environment:user.name=root
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1176: Client environment:user.home=/root
2019-12-06 23:30:03,005:26406:ZOO_INFO@log_env@1188: Client environment:user.dir=/root/zookeeper_tls/zookeeper/zookeeper-client/zookeeper-client-c
2019-12-06 23:30:03,005:26406:ZOO_INFO@zookeeper_init_internal@1241: Initiating client connection, host=127.0.0.1:2182 sessionTimeout=30000 watcher=0x402640 sessionId=
0 sessionPasswd=<null> context=(nil) flags=0
2019-12-06 23:30:03,005:26406:ZOO_DEBUG@get_next_server_in_reconfig@1401: [OLD] count=0 capacity=0 next=0 hasnext=0
2019-12-06 23:30:03,005:26406:ZOO_DEBUG@get_next_server_in_reconfig@1404: [NEW] count=1 capacity=16 next=0 hasnext=1
2019-12-06 23:30:03,005:26406:ZOO_DEBUG@get_next_server_in_reconfig@1413: Using next from NEW=127.0.0.1:2182
2019-12-06 23:30:03,005:26406:ZOO_DEBUG@zookeeper_connect@2319: [zk] connect()
2019-12-06 23:30:03,006:26406:ZOO_INFO@init_ssl_for_socket@2592: FIPS mode is OFF
2019-12-06 23:30:03,019:26406:ZOO_INFO@check_events@2737: initiated connection to server 127.0.0.1:2182
2019-12-06 23:30:03,046:26406:ZOO_INFO@check_events@2790: session establishment complete on server 127.0.0.1:2182, sessionId=0x100e87594e50004, negotiated timeout=3000
0
2019-12-06 23:30:03,046:26406:ZOO_DEBUG@check_events@2796: Calling a watcher for a ZOO_SESSION_EVENT and the state=ZOO_CONNECTED_STATE
2019-12-06 23:30:03,046:26406:ZOO_DEBUG@process_completions@3062: Calling a watcher for node [], type = -1 event=ZOO_SESSION_EVENT
Watcher SESSION_EVENT state = CONNECTED_STATE
Got a new session id: 0x100e87594e50004
On 12/12/19, 12:13 PM, "Enrico Olivelli" <eo...@gmail.com> wrote:
Pradeep
Il gio 12 dic 2019, 07:02 Pradeep Choudhary <pc...@juniper.net.invalid>
ha scritto:
> Dear Experts,
>
> I see that this PR https://github.com/apache/zookeeper/pull/625 is merged
> to master to enable Zookeeper C Client SSL support. We are planning to use
> this in our software. Do you have any plan to release a new version of
> Zookeeper with this support ?
>
Yes.
Did you try it?
Knowing that it works for you would be a great feedback
Stay tuned.
Please test the release candidate of 3.6.0 when we will start a VOTE on
dev@zookeeper.apache.org
It will happen within a couple of weeks.
I
>
> Thanks,
> Pradeep
>
Re: Zookeeper SSL C Client Support
Posted by Enrico Olivelli <eo...@gmail.com>.
Pradeep
Il gio 12 dic 2019, 07:02 Pradeep Choudhary <pc...@juniper.net.invalid>
ha scritto:
> Dear Experts,
>
> I see that this PR https://github.com/apache/zookeeper/pull/625 is merged
> to master to enable Zookeeper C Client SSL support. We are planning to use
> this in our software. Do you have any plan to release a new version of
> Zookeeper with this support ?
>
Yes.
Did you try it?
Knowing that it works for you would be a great feedback
Stay tuned.
Please test the release candidate of 3.6.0 when we will start a VOTE on
dev@zookeeper.apache.org
It will happen within a couple of weeks.
I
>
> Thanks,
> Pradeep
>