zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tao Xiao <xiaotao.cs....@gmail.com>
Subject Re: Can not setAcl a znode
Date Mon, 28 Sep 2015 14:31:45 GMT
Thanks to Raúl Gutiérrez Segalés
<https://plus.google.com/u/0/100752533842446806851?prsrc=4>, it really
works.
By the way, do you know how to solve this ZooKeeper-and-Kerberos-related
problem
<http://stackoverflow.com/questions/32711260/can-not-start-secure-zookeeper>
?

Thanks very much.

2015-09-28 11:23 GMT+08:00 Raúl Gutiérrez Segalés <rgs@itevenworks.net>:

> On 27 September 2015 at 19:37, Tao Xiao <xiaotao.cs.nju@gmail.com> wrote:
>
> > I'm using CDH 5.3, which has ZooKeeper 3.4.5 in it. I configured Kerberos
> > for the CDH cluster and later disabled Kerberos because of some problems.
> >
> > After disabling Kerberos I tried restarting the cluster but the HBase
> > Master failed to start. I checked the log and found it reported the
> > following exception:
> >
> > baseZNode=/hbase Unable to get data of znode
> >
> >
> /hbase/splitWAL/WALs%2Fhadoop3.com%2C60020%2C1442886930815-splitting%2Fhadoop3.com%252C60020%252C1442886930815.1442886937853.meta
> >
> >
> > org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode
> > = NoAuth for
> >
> /hbase/splitWAL/WALs%2Fhadoop3.com%2C60020%2C1442886930815-splitting%2Fhadoop3.com%252C60020%252C1442886930815.1442886937853.meta
> >
> >
> > I checked the ACL of the znode above using the following command:
> >
> > getACl <the-znode-above>
> >
> >
> > The result is:
> >            'sasl,'hbase
> >
> > : cdrwa
> >
> > I tried to setAcl that znode and use the following command:
> >
> > setAcl  <the-znode-above>   world:anyone:cdrwa
> >
> > but failed with the message of "Authentication is not valid" .
> >
> >
> > So it must be a permission related problem.
> > How can I authenticate myself and then change the permission of that
> znode
> > so that HBase master can get data of it ?
> > Or how can I remove its current privilege and make it accessible by
> anyone
> > in the world?
> >
> > Thanks.
> >
>
> You can enable the super user (i.e.: admin). If you start the servers with
> zookeeper.DigestAuthenticationProvider.superDigest, see:
>
> http://zookeeper.apache.org/doc/r3.4.5/zookeeperAdmin.html
>
> Once that's enabled, you can do something like (the example is for
> zk-shell: https://github.com/rgs1/zk_shell):
>
> $ zk-shell server:2181
> (CONNECTED) /> add_auth digest super:s3cr3t
> (CONNECTED) /> set_acls /the/path 'world:anyone:crdwa'
>
>
> -rgs
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message