Hello. Is there something like a community page for Kafka where I can reach out to the community where hopefully someone with a similar setup can help?
Thanks, Chester On Thu, Oct 12, 2023 at 10:48 AM Walchester Gaw <w...@iqbackoffice.com> wrote: > Hello. > > I am trying to implement Quorum TLS by following the instructions in > https://zookeeper.apache.org/doc/r3.5.7/zookeeperAdmin.html#Quorum+TLS, > but I keep on encountering the following errors after doing the second > rolling restart where sslQuorum set to true. > > - [2023-10-11 05:46:03,250] WARN Cannot open channel to 3 at election > address /xxx.xx.xx.xxx:xxxx ( > org.apache.zookeeper.server.quorum.QuorumCnxManager) > javax.net.ssl.SSLHandshakeException: Received fatal alert: > handshake_failure > - [2023-10-11 05:47:12,513] WARN Closing connection to /xxx.xx.xx. > xxx:xxxx (org.apache.zookeeper.server.NettyServerCnxn) > java.io.IOException: ZK down > > Our current Cluster setup consists of 3 Linux servers (Amazon EC2 > instances) which contains one Zookeeper and Broker for each server. I have > tried using Private IP DNS name and Public IPv4 DNS as the alias and > distinguished name when generating the self signed certificate for each of > the servers. For the generation of CA key and CA certificate, I used the > Private IP DNS name and Public IPv4 DNS of one the servers as the common > name respectively. Do note I am generating all keystores/truststore in just > one server (this server's IP is indicated in CA key and CA cert) and > distributing them accordingly. > > I made sure that all ZK is up and running when I am getting the ZK down > issue and I am getting that error for all three ZKs. I can also confirm > that the file path indicated in the zookeeper.properties where the keystore > and truststore is located is correct. > > Can someone assist regarding this? What am I missing here? Let me know if > you need more information. > > I am also unsure if there is something like a community page for Kafka > where I can reach out to the community where hopefully someone with a > similar setup can help. > > Thanks, > Chester >
