Hi Martin, Thanks for the reply. What exactly is SOLR ?
In my case I have set up a zookeeper cluster(3 nodes) across three Azure ubuntu VMs - each VM having one node. Regards, Soumya -----Original Message----- From: Martin Gainty <mgai...@hotmail.com> Sent: Tuesday, July 30, 2019 5:21 PM To: users@kafka.apache.org Subject: Re: TLS Communication in With Zookeeper Cluster MG>definitely implement 3.5 ZK+ as suggested ________________________________ From: Nayak, Soumya R. <sna...@firstam.com> Sent: Tuesday, July 30, 2019 6:41 AM To: users@kafka.apache.org <users@kafka.apache.org> Subject: TLS Communication in With Zookeeper Cluster Thanks Harsha for the link. As I am using a zookeeper cluster. In the below link there is a mention that no SSL support is there between zookeeper servers. (Any future version that would have this feature) MG>JavaDeveloper claims affirmative *if* you configure SSL on SOLR nodes Step 6: Configure Solr properties in zookeeper Before you start any SolrCloud nodes, you must configure your solr cluster properties in ZooKeeper, so that Solr nodes know to communicate via SSL.The urlScheme cluster-wide property needs to be set to https before any Solr node starts up.Use below command: 1. server\scripts\cloud-scripts\zkcli.bat -zkhost localhost:2181 -cmd clusterprop -name urlScheme -val https https://javadeveloperzone.com/solr/securing-solr-cluster-enabling-ssl-on-multi-node/ So is it that the zookeeper servers will talk to each other on the ClientPort - 2181 and the kafka brokers will talk to these zookeeper servers over SSL on the secureClientPort - 2281. MG>cwiki claims affirmative *if* you enable SSL thru ZK Netty Connector Java system property zookeeper.clientCnxnSocket="org.apache.zookeeper.ClientCnxnSocketNetty" In order to do secure communication on client, set this property: Java system property zookeeper.client.secure=true Note that with "secure" property set the client could and should only connect to server's "secureClientPort" which will be described shortly. Then set up keystore and truststore environment by setting the following properties: Java system property zookeeper.ssl.keyStore.location="/path/to/your/keystore" zookeeper.ssl.keyStore.password="keystore_password" zookeeper.ssl.trustStore.location="/path/to/your/truststore" zookeeper.ssl.trustStore.password="truststore_password" MG>https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+U MG>ser+Guide Please confirm if its correct or anything I am missing. MG>the unasked question is can ZK(SOLR) Cluster operate with Netty MG>connectors implementing SSL to ZK(SOLR)client(s) answer ? Regards, Soumya -----Original Message----- From: Harsha <ka...@harsha.io> Sent: Monday, July 29, 2019 4:26 PM To: users@kafka.apache.org Subject: Re: TLS Communication in With Zookeeper Cluster Here is the guide https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide you need zookeeper 3.5 or higher for TLS. On Mon, Jul 29, 2019, at 1:21 AM, Nayak, Soumya R. wrote: > Hi Team, > > Is there any way mutual TLS communication set up can be done with > zookeeper. If any references, can you please let me know. > > I am trying to set up a Zookeeper cluster (3 Zookeepers) and Kafka > cluster (4 Kafka Brokers) using docker images in Azure Ubuntu VM > servers. > > > Also, there is a new protocol of RAFT-ETCD . How is it when compared > to Kafka Zookeeper set up? > > Regards, > Soumya > > ********************************************************************** > ******************** This message may contain confidential or > proprietary information intended only for the use of the > addressee(s) named above or may contain information that is legally > privileged. If you are not the intended addressee, or the person > responsible for delivering it to the intended addressee, you are > hereby notified that reading, disseminating, distributing or copying > this message is strictly prohibited. If you have received this message > by mistake, please immediately notify us by replying to the message > and delete the original message and any copies immediately thereafter. > > If you received this email as a commercial message and would like to > opt out of future commercial messages, please let us know and we will > remove you from our distribution list. > > Thank you.~ > ********************************************************************** > ******************** > FAFLD >
