You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by "blb.dev" <bl...@gmail.com> on 2020/06/15 18:28:34 UTC
Re: ZK not starting during upgrade to use 3.6.1 with SSL
communication
Szalay-Bekő, thank you for sharing your config! It helped me to figure out
what the problem was!
I was only setting "ssl.keyStore" and "ssl.trustStore" options and not
"ssl.quorum.keyStore" and "ssl.quorum. trustStore" - so the quorum SSL was
never working and it gave me all the binding/startup errors because of this.
Once those were set, quorum comes up healthy and quorum SSL works.
Was then also able to enable mixed mode by setting secureClientPort and
client port unification, so I have quorum ssl, and accept ssl and non-ssl
client connections.
I do think I have found a bug/issue with the CLI when connecting to a secure
port though. It always gives "JLine support is disabled" and errors out when
trying to do a create with node data. Null creates work fine though. Will
look through current tickets and open an item for it if I don't find one
already.
Thanks again
--
Sent from: http://zookeeper-user.578899.n2.nabble.com/
Re: ZK not starting during upgrade to use 3.6.1 with SSL
communication
Posted by "blb.dev" <bl...@gmail.com>.
Hi manu31-2,
Yes, my config remains the same except I added in some params:
- added in extra params recommended by the config that Szalay-Bekő Máté
posted in his last message
- added ssl.quorum.* params which configure server-server SSL
Yes, I have my truststore/keystore params all pointing to the same files
(you can have them configured separately, but for simplicity I used the same
files at first).
I added all client and server ssl info into zoo.cfg and as system properties
as well.
I do not set SERVER_JVMFLAGS. I only use JVMFLAGS and CLIENT_JVMFLAGS.
Hope this helps.
--
Sent from: http://zookeeper-user.578899.n2.nabble.com/
Re: ZK not starting during upgrade to use 3.6.1 with SSL
communication
Posted by manu31 <ha...@yahoo.com.INVALID>.
I have been getting the same error, can you share your zoo.cfg, is it the
same as what you posted before? Also your ssl.quorum.keyStore/trustStore
and ssl.keyStore/trustStore do they set to the same values? Do you need the
client ssl information in the zoo.cfg? Do you need SERVER_JVMFLAGS set
anywhere?
Thanks!
--
Sent from: http://zookeeper-user.578899.n2.nabble.com/