gpt4 book ai didi

java - zkCli.sh 连接到 SSL 端口 2281 上的服务器

转载 作者:行者123 更新时间:2023-12-04 22:42:36 24 4
gpt4 key购买 nike

我们在连接到端口(安全端口)2281 上的 Zookeeper 服务器时遇到问题,
尝试
zkCli.sh -server localhost:2281
如何通过 SSL 连接到 zk

      at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1262) [zookeeper-3.6.1.jar:3.6.1]
2020-12-01T15:59:48.672+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@1154] - Opening socket connection to server localhost/127.0.0.1:2281.
2020-12-01T15:59:48.672+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@1156] - SASL config status: Will not attempt to authenticate using SASL (unknown error)
2020-12-01T15:59:48.673+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@986] - Socket connection established, initiating session, client: /127.0.0.1:55104, server: localhost/127.0.0.1:2281
2020-12-01T15:59:48.675+0000 [myid:localhost:2281] - WARN [main-SendThread(localhost:2281):ClientCnxn$SendThread@1272] - Session 0x0 for sever localhost/127.0.0.1:2281, Closing socket connection. Attempting reconnect except it is a SessionExpiredException.
org.apache.zookeeper.ClientCnxn$EndOfStreamException: Unable to read additional data from server sessionid 0x0, likely server has closed socket
at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:75) ~[zookeeper-3.6.1.jar:3.6.1]
at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:348) ~[zookeeper-3.6.1.jar:3.6.1]
at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1262) [zookeeper-3.6.1.jar:3.6.1]
2020-12-01T15:59:50.562+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@1154] - Opening socket connection to server localhost/127.0.0.1:2281.
2020-12-01T15:59:50.562+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@1156] - SASL config status: Will not attempt to authenticate using SASL (unknown error)
2020-12-01T15:59:50.563+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@986] - Socket connection established, initiating session, client: /127.0.0.1:55118, server: localhost/127.0.0.1:2281
2020-12-01T15:59:50.565+0000 [myid:localhost:2281] - WARN [main-SendThread(localhost:2281):ClientCnxn$SendThread@1272] - Session 0x0 for sever localhost/127.0.0.1:2281, Closing socket connection. Attempting reconnect except it is a SessionExpiredException.
org.apache.zookeeper.ClientCnxn$EndOfStreamException: Unable to read additional data from server sessionid 0x0, likely server has closed socket
at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:75) ~[zookeeper-3.6.1.jar:3.6.1]
at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:348) ~[zookeeper-3.6.1.jar:3.6.1]
at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1262) [zookeeper-3.6.1.jar:3.6.1]
2020-12-01T15:59:52.068+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@1154] - Opening socket connection to server localhost/127.0.0.1:2281.
2020-12-01T15:59:52.068+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@1156] - SASL config status: Will not attempt to authenticate using SASL (unknown error)
2020-12-01T15:59:52.069+0000 [myid:localhost:2281] - INFO [main-SendThread(localhost:2281):ClientCnxn$SendThread@986] - Socket connection established, initiating session, client: /127.0.0.1:55140, server: localhost/127.0.0.1:2281
2020-12-01T15:59:52.071+0000 [myid:localhost:2281] - WARN [main-SendThread(localhost:2281):ClientCnxn$SendThread@1272] - Session 0x0 for sever localhost/127.0.0.1:2281, Closing socket connection. Attempting reconnect except it is a SessionExpiredException.
org.apache.zookeeper.ClientCnxn$EndOfStreamException: Unable to read additional data from server sessionid 0x0, likely server has closed socket
at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:75) ~[zookeeper-3.6.1.jar:3.6.1]
at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:348) ~[zookeeper-3.6.1.jar:3.6.1]
at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1262) [zookeeper-3.6.1.jar:3.6.1]
服务器配置
  authProvider.loadableX509=com.mom.generic.conn.authentication.AuthenticationLoader
ssl.authProvider=loadableX509
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
sslQuorumReloadCertFiles=true
secureClientPort=2281
sslQuorum=false
portUnification=true
ssl.quorum.clientAuth=need
ssl.quorum.hostnameVerification=true
ssl.quorum.keyStore.location=/etc/zookeeper/secrets/cert.pem
ssl.quorum.trustStore.location=/run/zookeeper/secrets/tlsca/cacertpem
ssl.trustStore.location=/run/zookeeper/secrets/client_ca/clientca.pem
ssl.keyStore.location=/etc/zookeeper/secrets/cert.pem
ssl.clientAuth=need
在这方面需要帮助。

最佳答案

你有 ssl.clientAuth设置为 need .如果是这种情况,您必须使用 bin/zkCli.sh -client-configuration client.conf -server localhost:2281 通过配置文件提供 ZK 客户端配置数据。并将客户端证书数据(信任库/ keystore )与要信任的服务器证书一起提到 client.conf .您甚至可以拥有 CLIENT_JVMARGS设置为环境变量,如 ZooKeeper SSL Guide 中所述
通过 TLS 测试与 ZK 的连接的快速方法是 disable ssl.clientAuth在服务器端运行 4 个字母的单词命令,例如 srvr , stat , 或 mntrnc作为:echo mntr | nc --ssl localhost:2281这将告诉您是否在服务器端正确设置了 TLS,并且您可以连接到 securePort。 .

关于java - zkCli.sh 连接到 SSL 端口 2281 上的服务器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65094260/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com