ssl - Zookeeper TLS 错误:与会话 0x0 的握手不成功(org.apache.zookeeper.server.NettyServerCnxnFactory)
问题描述
无法使用 TSL 启动 Zookeeper,请帮助我!
Zookeeper 版本:3.5.8-f439ca583e70862c3068a1f2a7d4d068eec33315,建于 05/04/2020 15:53 GMT
zookeeper.properties:
###################[ MAIN ]###################
dataDir=~/zookeeper_ssl/data/zookeeper-data
clientPort=2185
secureClientPort=2186
maxClientCnxns=0
##############[ AUTHENTICATION ]##############
authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider # (tried change to authProvider.1 but no success)
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
#############[ SSL ]############ authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider # (tried to remove - but no success)
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.keyStore.location=~/zookeeper_ssl/ssl/broker1.jks
ssl.keyStore.password=xxx
ssl.trustStore.location=~/zookeeper_ssl/ssl/broker1.jks
ssl.trustStore.password=xxx
clientAuth=none
tickTime=3000
initLimit=10
syncLimit=5
##############[ OTHER CONFIGS ]#############
4lw.commands.whitelist=*
admin.enableServer=true
admin.serverPort=8181
它开始很好。然后尝试连接:
./bin/kafka-run-class \
> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty \
> -Dzookeeper.ssl.client.enable=true \
> -Dzookeeper.ssl.keyStore.location=~/zookeeper_ssl/ssl/dev1.jks \
> -Dzookeeper.ssl.keyStore.password=xxx \
> -Dzookeeper.ssl.trustStore.location=~/zookeeper_ssl/ssl/dev1.jks \
> -Dzookeeper.ssl.trustStore.password=xxx \
> org.apache.zookeeper.ZooKeeperMain -server localhost:2186
有:
连接到 localhost:2186
欢迎来到 ZooKeeper!
JLine 支持被禁用实际上什么都
没有发生在这里 - 所以按下 CTRL+C ^C
动物园管理员日志:
[2020-08-17 18:02:07,667] DEBUG Using Java8 optimized cipher suites for Java version 1.8 (org.apache.zookeeper.common.X509Util)
[2020-08-17 18:02:07,981] DEBUG Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1] (io.netty.handler.ssl.JdkSslContext)
[2020-08-17 18:02:07,981] DEBUG Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA] (io.netty.handler.ssl.JdkSslContext)
[2020-08-17 18:02:08,104] DEBUG SSL handler added for channel: [id: 0x6bcbf86b, L:/x.x.x.x:2186 - R:/x.x.x.x:56620] (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.maxCapacityPerThread: 4096 (io.netty.util.Recycler)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.maxSharedCapacityFactor: 2 (io.netty.util.Recycler)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.linkCapacity: 16 (io.netty.util.Recycler)
[2020-08-17 18:02:08,123] DEBUG -Dio.netty.recycler.ratio: 8 (io.netty.util.Recycler)
[2020-08-17 18:02:08,133] DEBUG -Dio.netty.buffer.checkAccessible: true (io.netty.buffer.AbstractByteBuf)
[2020-08-17 18:02:08,133] DEBUG -Dio.netty.buffer.checkBounds: true (io.netty.buffer.AbstractByteBuf)
[2020-08-17 18:02:08,134] DEBUG Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@3021f880 (io.netty.util.ResourceLeakDetectorFactory)
[2020-08-17 18:02:08,149] ERROR Unsuccessful handshake with session 0x0 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2020-08-17 18:02:08,149] DEBUG close called for sessionid:0x0 (org.apache.zookeeper.server.NettyServerCnxn)
[2020-08-17 18:02:08,149] DEBUG cnxns size:0 (org.apache.zookeeper.server.NettyServerCnxn)
[2020-08-17 18:02:08,153] WARN Exception caught (org.apache.zookeeper.server.NettyServerCnxnFactory)
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0000002d000000000000000000000000000075300000000000000000000000100000000000000000000000000000000000
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0000002d000000000000000000000000000075300000000000000000000000100000000000000000000000000000000000
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1214)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1282)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:498)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:437)
... 17 more
[2020-08-17 18:02:08,153] DEBUG Closing /x.x.x.x:56620[0](queued=0,recved=0,sent=0) (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2020-08-17 18:02:08,153] DEBUG close called for sessionid:0x0 (org.apache.zookeeper.server.NettyServerCnxn)
[2020-08-17 18:02:08,153] DEBUG cnxns size:0 (org.apache.zookeeper.server.NettyServerCnxn)
里面 jks
密钥库 broker1.jks
Alias name: zserver
Entry type: PrivateKeyEntry
Owner: CN=zserver, C=RU
Alias name: dev1
Entry type: trustedCertEntry
Owner: CN=dev1, C=RU
密钥库 dev1.jks
Alias name: zserver
Entry type: trustedCertEntry
Owner: CN=zserver, C=RU
Alias name: dev1
Entry type: PrivateKeyEntry
Owner: CN=dev1, C=RU
解决方案
找到问题了——正确的参数是:
-Dzookeeper.client.secure=true
(Dzookeeper.ssl.client.enable=true 是错误的)
推荐阅读
- javascript - Web 音频 API - 可以使振荡器的特定 LR 通道失谐吗?
- visual-studio - 无法更新当我使用 Visual Studio 安装程序更新新版本时(例如 15.7.* 到 15.9.* 或直到现在)
- java - 如何使用 TCP 套接字在 Java 和 Python 之间持续通信
- mysql - 向数据库添加数据时如何修复未找到列错误 [SQLSTATE[42S22]]
- gnuplot - 我的 gnuplot 适合度非常差,我该如何改进它?
- android - 预填充数据库的游标计数始终为 0
- javascript - npm table 不会填充 cli 命令行表?
- python - Pyspark 中压缩稀疏行方法中的矩阵向量乘法
- r - 如何拟合具有混合效果的 nls 模型
- assembly - 使用 CALL 读取 RIP 避免 shellcode 中的 0xFF 字节?