node-zookeeper
node-zookeeper copied to clipboard
yfinkelstein
Documentation on enabling SSL missing
Could not find any documentation or guide on how to configure the below values in the client
client.secure=true
ssl.keystore.location=
ssl.keystore.password=
ssl.truststore.location=
ssl.truststore.password=
etc. Can someone help solve this?
Hello @aby040, sorry for the late reply!
Is this settings for a ZooKeeper client? I don't recognize these, and they look like some ZooKeeper server settings. Do you have any more info about these?
I think I have found something for the Java client actually: https://cwiki.apache.org/confluence/display/zookeeper/zookeeper+ssl+user+guide
Not sure if this is implemented in the C client, though.
Hi, Can this be documented? How are the parameters for enabling SSL be specified?
I don't think the parameters are supported in the C based client (that this library is built on top of as a Node.js AddOn). But if OpenSSL is available on the machine, it will build the AddOn with SSL (on Linux). Not sure it this answers your question @Megabyte516 though, this is an area that I haven't much knowledge in.
To try it out on a Mac or Windows locally, you can delete the prebuilds folder in this package and run npm install. Mac OS X and Windows have already prebuilt versions added (to speed things up during installation). The prebuilds doesn't include SSL.
Thanks for the quick answer, although to be honest I do not understand it. What does it mean in this context "build with SSL"? I am just a user, and what I wanted to now is what I need to do to use zookeeper client to access a ZooKeeper server that is SSL enabled, obviously involving server/client keystores, passwords, etc. If a client "supports" SSL, it should provide a way of communicating these to server in order to be (mutually) authenticated?
Sorry, I should have explained it further!
A Node.js app that has zookeeper as a dependency will, on Linux, build a Node AddOn when running npm install for the app. The zookeeper library will be downloaded from npm just as the other dependencies - but its own install script will trigger the building of an AddOn. The AddOn is a wrapper around the official ZooKeeper C Client.
I haven't found anything about the keystore configurations in the docs or the source code of the C client. However, the docs for the C Client are very minimalistic and I think some of it also is outdated.
The only SSL related thing I know of is that if openssl is installed in the Linux machine already, it will be enabled in the C client too when the AddOn is built (during npm install). But I don't really know that that actually means. I haven't used that feature myself.
I would very much appreciate help with investigating this. My guess is that it isn't added in the C client, but if it is we would probably need to add support for it in this repo too (probably a minor thing to do).
Maybe there's a clue here: https://github.com/apache/zookeeper/pull/1107
There's likely something missing here in this repo, the config passed on from new ZooKeeper(config) isn't passed through as-is (If I understand the C/C++ interop correctly, I am not the developer that wrote that part).
Documenting some findings here, the C client has two ways of initialization - one with and one without SSL: https://github.com/apache/zookeeper/blob/master/zookeeper-client/zookeeper-client-c/src/cli.c#L889 https://github.com/apache/zookeeper/blob/master/zookeeper-client/zookeeper-client-c/src/cli.c#L999 https://github.com/apache/zookeeper/blob/master/zookeeper-client/zookeeper-client-c/src/zookeeper.c#L1452
This should be implemented in the AddOn wrapper too, currently only without SSL: https://github.com/yfinkelstein/node-zookeeper/blob/master/src/node-zk.cpp#L417