Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7B0B3200C37 for ; Sun, 19 Mar 2017 14:42:47 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 79A0E160B7D; Sun, 19 Mar 2017 13:42:47 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C45CC160B6E for ; Sun, 19 Mar 2017 14:42:46 +0100 (CET) Received: (qmail 46370 invoked by uid 500); 19 Mar 2017 13:42:46 -0000 Mailing-List: contact issues-help@flink.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@flink.apache.org Delivered-To: mailing list issues@flink.apache.org Received: (qmail 46361 invoked by uid 99); 19 Mar 2017 13:42:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Mar 2017 13:42:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 7B0011A0333 for ; Sun, 19 Mar 2017 13:42:45 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.451 X-Spam-Level: * X-Spam-Status: No, score=1.451 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id zDlkxDuLJGPI for ; Sun, 19 Mar 2017 13:42:44 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 1D6CF5F3BF for ; Sun, 19 Mar 2017 13:42:44 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id DE1ACE02F1 for ; Sun, 19 Mar 2017 13:42:42 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 1102D254CA for ; Sun, 19 Mar 2017 13:42:42 +0000 (UTC) Date: Sun, 19 Mar 2017 13:42:42 +0000 (UTC) From: "canbinzheng (JIRA)" To: issues@flink.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (FLINK-6117) 'zookeeper.sasl.disable' not takes effet when starting CuratorFramework MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sun, 19 Mar 2017 13:42:47 -0000 [ https://issues.apache.org/jira/browse/FLINK-6117?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] canbinzheng updated FLINK-6117: ------------------------------- Affects Version/s: (was: 1.1.5) (was: 1.3.0) (was: 2.0.0) 1.2.0 Priority: Major (was: Critical) > 'zookeeper.sasl.disable' not takes effet when starting CuratorFramework > ------------------------------------------------------------------------ > > Key: FLINK-6117 > URL: https://issues.apache.org/jira/browse/FLINK-6117 > Project: Flink > Issue Type: Bug > Components: Client, JobManager > Affects Versions: 1.2.0 > Environment: Ubuntu > Reporter: canbinzheng > Labels: security > Original Estimate: 336h > Remaining Estimate: 336h > > The value of 'zookeeper.sasl.disable' does not actually work when starting CuratorFramework. > Here is the settings related to high-availability in my flink-conf.yaml: > high-availability: zookeeper > high-availability.zookeeper.quorum: localhost:2181 > high-availability.zookeeper.storageDir: hdfs:///flink/ha/ > No explicit value is set for 'zookeeper.sasl.disable' so default 'true'(ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE) would be applied. But when FlinkYarnSessionCli & FlinkApplicationMasterRunner start, > both logs show that they attempt connecting to zookeeper in 'SASL' mode. > logs are like this: > 2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper - Initiating client connection, connectString=localhost:2181 sessionTimeout=60000 watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8 > 2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper - Initiating client connection, connectString=localhost:2181 sessionTimeout=60000 watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8 > 2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn - SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. > 2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn - SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. > 2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn - Opening socket connection to server localhost/127.0.0.1:2181 > 2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn - Opening socket connection to server localhost/127.0.0.1:2181 > 2017-03-18 23:53:10,534 ERROR org.apache.flink.shaded.org.apache.curator.ConnectionState - Authentication failed -- This message was sent by Atlassian JIRA (v6.3.15#6346)