I have configured the ZK Server to use SSL (signed cert, trust store,keystore, modified zookeeper.properties all setup done and good). Zookeeper starts and listens on the port 2182 for SSL requests and no errors in the zookeeper and kafka server logs.
#new properties added in kafka/config/zookeeper.properties
secureClientPort=2182
authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.trustStore.location=/path/to/ssl/kafka.zookeeper.truststore.jks
ssl.trustStore.password=serversecret
ssl.keyStore.location=/path/to/ssl/kafka.zookeeper.keystore.jks
ssl.keyStore.password=serversecret
ssl.clientAuth=need
Now to connect to secure zookeeper using ZK-CLI I am following similar approach. Create zk-client cert, get it signed, create truststore and keystore for the same. Create the properties file and trying to connect to ZK server but I get an error
Command not found: Command not found /path/to/ssl/zookeeper-client.properties
$ kafka/bin/zookeeper-shell.sh localhost:2182 -zk-tls-config-file /Users/path/to/ssl/zookeeper-client.properties
Connecting to localhost:2182
ZooKeeper -server host:port cmd args
addauth scheme auth
close
.....
Command not found: Command not found /Users/path/to/ssl/zookeeper-client.properties
My zookeeper-client.properties looks like this
$cat /Users/path/to/ssl/zookeeper-client.properties
#zookeeper.connect=localhost:2182
zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
zookeeper.ssl.client.enable=true
zookeeper.ssl.protocol=TLSv1.2
zookeeper.ssl.truststore.location=/Users/path/to/ssl/kafka.zookeeper-client.truststore.jks
zookeeper.ssl.truststore.password=serversecret
zookeeper.ssl.keystore.location=/Users/path/to/ssl/kafka.zookeeper-client.keystore.jks
zookeeper.ssl.keystore.password=serversecret
Kafka Server logs at the start of the ZK.
[2021-07-16 11:27:38,676] INFO binding to port 0.0.0.0/0.0.0.0:2181 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2021-07-16 11:27:43,760] INFO bound to port 2181 (org.apache.zookeeper.server.NettyServerCnxnFactory)
.....
[2021-07-16 11:27:43,819] INFO Using org.apache.zookeeper.server.NettyServerCnxnFactory as server connection factory (org.apache.zookeeper.server.ServerCnxnFactory)
[2021-07-16 11:27:43,819] INFO binding to port 0.0.0.0/0.0.0.0:2182 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2021-07-16 11:27:43,821] INFO bound to port 2182 (org.apache.zookeeper.server.NettyServerCnxnFactory)
...
When I try to connect to port 2182 with the zk-client the server logs doesn't show an entry (probably because it is not able to connect as the command to initiate connection fails)
I am using kafka_2.12 version and it has zookeeper-3.5.7
What am I missing here? To me configurations look as expected and the zk-cli shouldn't throw
Reference :
https://atsc.com.sg/docs/edp/7-security/zookeeper-mutual-tls/
https://docs.confluent.io/platform/current/security/zk-security.html
Thanks,
JE
I think the problem is that your cli is running from older version that does not yet support this parameter, check your execution path , are you truly executing from the "current" version?
Related
Configuring a ELK stack version 8.1, based on two virtual machine which both run Oracle linux 8. I need to send logs from a VM to the other using rsyslog. On the recieving machine logs will be acquired using FileBeat. The file rsyslog.conf has been configured on the sending machine, adding target machine parameters. The file filebeat.yml has been configured to recieve logs from rsyslog like this:
- type: syslog
enabled: true
format: auto
protocol.tcp:
host: "X.X.X.X:10514"
The firewalld on the receiving machine has been configured opening the port 10514.
Since the reboot after configuration, the only thing I can get is the error:
cannot connect to X.X.X.X:10514: Connection refused
How can I solve this problem?
I'm new to RabbitMQ and I want to run a RabbitMQ server instance on centOS7 using the following command:
sudo systemctl start rabbitmq-server
The command seemed to take forever and when I stopped the process and checked the log files, everything was ok and it said that rabbit is up and running. But when I try to execute any command using rabbitmqctl I'm getting the following error:
Error: unable to perform an operation on node 'rabbit#hostname'. Please see diagnostics information and suggestions below.
Most common reasons for this are:
* Target node is unreachable (e.g. due to hostname resolution, TCP connection or firewall issues)
* CLI tool fails to authenticate with the server (e.g. due to CLI tool's Erlang cookie not matching that of the server)
* Target node is not running
In addition to the diagnostics info below:
* See the CLI, clustering and networking guides on https://rabbitmq.com/documentation.html to learn more
* Consult server logs on node rabbit#hostname
* If target node is configured to use long node names, don't forget to use --longnames with CLI tools
**DIAGNOSTICS**
attempted to contact: [rabbit#hostname]
rabbit#hostname:
* connected to epmd (port 4369) on hostname
* epmd reports node 'rabbit' uses port 25672 for inter-node and CLI tool traffic
* can't establish TCP connection to the target node, reason: timeout (timed out)
* suggestion: check if host 'hostname' resolves, is reachable and ports 25672, 4369 are not blocked by firewall
Current node details:
* node name: 'rabbitmqcli-806330-rabbit#hostname'
* effective user's home directory: /var/lib/rabbitmq
* Erlang cookie hash: KgAE7WR3dl5/FGAyWKE5LA==
I tried killing the processes manually but it didn't work.
every needed port is listening and I can telnet them. Can you please help me on where the problem might be?
The client machine cannot resolve the hostname pointing to the rabbitmq server.
If the IP address isn't publicly propagated, you have to put the IP/host combination in /etc/hosts file.
You could also try to connect to the IP address instead of the hostname to clear any other network related issues.
I want to use ssl in my springboot app. I use this tutorial but when I try up start my app gives me this error:
***************************
APPLICATION FAILED TO START
***************************
Description:
The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be misconfigured.
Action:
Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port.
And my application.properties
#ssl
server.port=8443
server.ssl.key-alias=alias
server.ssl.key-password=password
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
Or do you know another way to do SSL trusted?
Generate the key with command line running in admin mode.
Connecting to Cassandra with non-SSL port works.
But when I try to make a SSL connection by initializing SSLContext, I get this strange exception.
I am using Datastax driver cassandra-driver-core-2.0.0-rc3.jar
Caused by: org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a pipeline.
at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208) [netty-3.9.0.Final.jar:]
at org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182) [netty-3.9.0.Final.jar:]
at com.datastax.driver.core.Connection.(Connection.java:92) [cassandra-driver-core-2.0.0-rc3.jar:]
at com.datastax.driver.core.Connection$Factory.open(Connection.java:421) [cassandra-driver-core-2.0.0-rc3.jar:]
at com.datastax.driver.core.ControlConnection.tryConnect(ControlConnection.java:215) [cassandra-driver-core-2.0.0-rc3.jar:]
at com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:170) [cassandra-driver-core-2.0.0-rc3.jar:]
You need to install the Java Unlimited Strength JCE; this has to be done on your client machine in your JRE installation.
Here is one reference in the context of the Cassandra server, but Java clients using SSL need this as well.
http://www.pathin.org/tutorials/java-cassandra-cannot-support-tls_rsa_with_aes_256_cbc_sha-with-currently-installed-providers/
I want to create localhost connection in Oracle SQL Developer tool
my credentials are
username : SYSTEM
password : SYSTEM
Hostname :localhost or 127.0.0.1
port : 1521
sid : xe
When i connect i gives error The Network Adapter could not establish connection
The Network Adapter could not establish connection is caused because:
The database host name or port number is wrong.
The listener process (service) is not running. You can re-start it with the "lsnrctl start" command or on Windows by starting the listener service.
you have either the wrong SQL Developer URL or you have a basic SQL*Net connectivity issue! This error is most likely caused by one of these factors:
You are using the wrong URL
The wrong port number or IP address (or DNS host name) was used
The listener is not configured properly
The listener process (service) is not running. You can re-start it with the "lsnrctl start" command or on Windows by starting the listener service.
For a step by step checklist, see the notes on troubleshooting an Oracle connection problem.