Versions Compared

Old Version 4

changes.mady.by.user Hongchao Deng

Saved on

compared with

New Version 5

changes.mady.by.user Hongchao Deng

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ZooKeeper was initially designed and implemented using Java NIO package. Later on, we add Netty feature to optionally take place of NIO since Netty has better support for SSL. Thus, SSL is only supported on top of Netty communication, which means if you want to use SSL you have to enable the Netty feature. We will discuss how to do it in the following section.

 

SSL

It's added in ZOOKEEPER-2125.

...

Code Block
themeEmacs
languagejs
titleJava system property
zookeeper.clientCnxnSocket="org.apache.zookeeper.ClientCnxnSocketNetty"

...

Code Block
themeEmacs
languagejs
titleJava system property
zookeeper.client.secure=true

...

Code Block
themeEmacs
languagejs
titleJava system property
zookeeper.ssl.keyStore.location="/path/to/your/keystore"
zookeeper.ssl.keyStore.password="keystore_password"
zookeeper.ssl.trustStore.location="/path/to/your/truststore"
zookeeper.ssl.trustStore.password="truststore_password"

...

Code Block
themeEmacs
languagejs
titleJava system property
zookeeper.serverCnxnFactory="org.apache.zookeeper.server.NettyServerCnxnFactory"

...

Then set up keystore and truststore environment like what client does.

Example

 

An example setup for running bin/zkServer.sh:

 

 

Code Block
themeEmacs
languagejs
titleenvironmental variable
export SERVER_JVMFLAGS="
-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
-Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks -Dzookeeper.ssl.keyStore.password=testpass -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks -Dzookeeper.ssl.trustStore.password=testpass"

 

 

and set additionally in “zoo.cfg”:

 

 

Code Block
themeEmacs
languagejs
titlezoo.cfg
 …
 secureClientPort=2281

For bin/zkCli.sh:

 

 

Code Block
themeEmacs
languagejs
titleenvironmental variable
export CLIENT_JVMFLAGS="
-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks -Dzookeeper.ssl.keyStore.password=testpass -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks -Dzookeeper.ssl.trustStore.password=testpass"

Start the ZK server, and then connect client to server’s port 2281 should work like normal.

Quorum

Not supported yet!

Authentication

...