You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2021/02/12 18:11:02 UTC

[GitHub] [bookkeeper] dlg99 commented on issue #2546: Bookkeeper TLS upgrade

dlg99 commented on issue #2546:
URL: https://github.com/apache/bookkeeper/issues/2546#issuecomment-778355430


   @ShPrajpati it's been awhile since I dealt with this, so please double-check / experiment on the dev cluster.
   
   First, you need to enable TLS on the server side but allow connections from the clients without the TLS.
   IIRC `tlsClientAuthentication=false` in server config does that 
   Set the config options on teh server side and do rolling restart of the bookies, this should not affect clients (i.e. pulsar)
   
   This is the test that roughly shows the configuration you want: https://github.com/apache/bookkeeper/blob/3a8f4b4d3e762ac24a0563eeaffd068efaab2b81/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java#L465-L476
   
   2nd, enable TLS on the client side (check pulsar docs, I guess). 
   
   3rd, make sure everything works via TLS. Now you can disable non-tls clients on the server side
   
   Please close the issue if this is no longer a problem
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org