hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8315) Support SASL-authenticated ZooKeeper in ActiveStandbyElector
Date Fri, 30 Aug 2013 23:17:53 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13755247#comment-13755247
] 

Kai Zheng commented on HADOOP-8315:
-----------------------------------

Thanks for this fix it's possible to deploy a secured HA cluster with SASL support for the
connection with Zookeeper, with a work around to configure the JAAS login for the Zookeeper
client initialization like follows.

In hadoop-env.sh, 
{code}
export HADOOP_ZKFC_OPTS="$HADOOP_ZKFC_OPTS -Djava.security.auth.login.config=/etc/hadoop/conf/hazk-jaas.conf"
{code}

To avoid such redundancy and the unnecessary extra login in Zookeeper, opened HDFS-5152 to
address this.
                
> Support SASL-authenticated ZooKeeper in ActiveStandbyElector
> ------------------------------------------------------------
>
>                 Key: HADOOP-8315
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8315
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: auto-failover, ha
>    Affects Versions: Auto Failover (HDFS-3042)
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>         Attachments: hadoop-8315.txt, hadoop-8315_v2.txt
>
>
> Currently, if you try to use SASL-authenticated ZK with the ActiveStandbyElector, you
run into a couple issues:
> 1) We hit ZOOKEEPER-1437 - we need to wait until we see SaslAuthenticated before we can
make any requests
> 2) We currently throw a fatalError when we see the SaslAuthenticated callback on the
connection watcher
> We need to wait for ZK-1437 upstream, and then upgrade to the fixed version for #1. For
#2 we just need to add a case there and ignore it.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message