Mesos parameters for enabling communication over SSL with Zookeeper-3.5.7
Question
Recently, I've been working on securing communication between Mesos master and zookeeper by setting up SSL authentication.
I followed the steps as listed here to have client-server communication involving zookeeper over SSL.
For a sample zookeeper client, say zookeeper CLI , the following JVM flags are needed to be set to allow the zkCli to communicate over SSL with the zookeeper.
export CLIENT_JVMFLAGS="- Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
-Dzookeeper.client.secure=true
-Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/keyStore.jks
-Dzookeeper.ssl.keyStore.password=xxxx
-Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/trustStore.jks
-Dzookeeper.ssl.trustStore.password=xxxx"
My question arises regarding how to pass the above parameters when we want Mesos master to communicate with zookeeper over SSL.
Tried looking for some pointers here and here but could not find anything that would help in this case. Further, I tried passing these parameters as arguments inside mesos-master.sh as given below but it does not solve my problem.
# Start Mesos master
$ ./bin/mesos-master.sh --ip=127.0.0.1 --work_dir=/var/lib/mesos
Would be great to get some advice on this as it's become a potential blocker for now.
Thank you,
Tushar
1 answers
solution1
0 2020-05-13 19:28:56
It's described here
To enable SSL add following lines to /etc/default/mesos
SSL_ENABLED=1
SSL_KEY_FILE=/etc/mesos/conf/ssl/key.pem
SSL_CERT_FILE=/etc/mesos/conf/ssl/cert.pem
SSL_REQUIRE_CERT=false
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.