Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0CE5317F22 for ; Mon, 28 Sep 2015 14:32:05 +0000 (UTC) Received: (qmail 58502 invoked by uid 500); 28 Sep 2015 14:31:58 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 58449 invoked by uid 500); 28 Sep 2015 14:31:58 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 58436 invoked by uid 99); 28 Sep 2015 14:31:57 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Sep 2015 14:31:57 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 5EC8D1A2000 for ; Mon, 28 Sep 2015 14:31:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.9 X-Spam-Level: ** X-Spam-Status: No, score=2.9 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id MB_1EB-SNtNd for ; Mon, 28 Sep 2015 14:31:46 +0000 (UTC) Received: from mail-io0-f175.google.com (mail-io0-f175.google.com [209.85.223.175]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id C960142B5D for ; Mon, 28 Sep 2015 14:31:45 +0000 (UTC) Received: by ioii196 with SMTP id i196so177526439ioi.3 for ; Mon, 28 Sep 2015 07:31:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=XcnppMtiHLMe+fhbjl5aGB9lNfyEEj04ig2KAhcCE6w=; b=nU0gKcZ28VvcO0rAyo50se3UoplYvh6R7s0lofHa+j7ZHXwMt6O4bfKcP9kcbmAL/u IVPVcB+fv2THH73wRjnFE2OzRNz6f3fuX2EqUJAu6qeewwdmrNyRKSIOWAZfYldgVgkH m2Cb/VFbBkV/H2hP8uaRlV/dsz3HJeNJcxODDYpDiZ7JPtD4tCyPfUUUxiDv98CbDOJ6 /l4HXNXbaB6dWy2W0v9auKqgLkhFJmgiu6K9iylNiIIKSI9Y1+5G0Poxw4g5I5JVufiq 2VkmrJv0mzpt4HXY2ZtIaohulJMjNvOtMNOlMI78kiWf5zlbHMMr6owNyH4gXdFLa02y 3aQw== MIME-Version: 1.0 X-Received: by 10.107.3.170 with SMTP id e42mr18584747ioi.72.1443450705163; Mon, 28 Sep 2015 07:31:45 -0700 (PDT) Received: by 10.79.12.80 with HTTP; Mon, 28 Sep 2015 07:31:45 -0700 (PDT) In-Reply-To: References: Date: Mon, 28 Sep 2015 22:31:45 +0800 Message-ID: Subject: Re: Can not setAcl a znode From: Tao Xiao To: user@zookeeper.apache.org Content-Type: multipart/alternative; boundary=001a113ed442883f220520cf8e6a --001a113ed442883f220520cf8e6a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thanks to Ra=C3=BAl Guti=C3=A9rrez Segal=C3=A9s , it really works. By the way, do you know how to solve this ZooKeeper-and-Kerberos-related problem ? Thanks very much. 2015-09-28 11:23 GMT+08:00 Ra=C3=BAl Guti=C3=A9rrez Segal=C3=A9s : > On 27 September 2015 at 19:37, Tao Xiao wrote: > > > I'm using CDH 5.3, which has ZooKeeper 3.4.5 in it. I configured Kerber= os > > for the CDH cluster and later disabled Kerberos because of some problem= s. > > > > After disabling Kerberos I tried restarting the cluster but the HBase > > Master failed to start. I checked the log and found it reported the > > following exception: > > > > baseZNode=3D/hbase Unable to get data of znode > > > > > /hbase/splitWAL/WALs%2Fhadoop3.com%2C60020%2C1442886930815-splitting%2Fha= doop3.com%252C60020%252C1442886930815.1442886937853.meta > > > > > > org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode > > =3D NoAuth for > > > /hbase/splitWAL/WALs%2Fhadoop3.com%2C60020%2C1442886930815-splitting%2Fha= doop3.com%252C60020%252C1442886930815.1442886937853.meta > > > > > > I checked the ACL of the znode above using the following command: > > > > getACl > > > > > > The result is: > > 'sasl,'hbase > > > > : cdrwa > > > > I tried to setAcl that znode and use the following command: > > > > setAcl world:anyone:cdrwa > > > > but failed with the message of "Authentication is not valid" . > > > > > > So it must be a permission related problem. > > How can I authenticate myself and then change the permission of that > znode > > so that HBase master can get data of it ? > > Or how can I remove its current privilege and make it accessible by > anyone > > in the world? > > > > Thanks. > > > > You can enable the super user (i.e.: admin). If you start the servers wit= h > zookeeper.DigestAuthenticationProvider.superDigest, see: > > http://zookeeper.apache.org/doc/r3.4.5/zookeeperAdmin.html > > Once that's enabled, you can do something like (the example is for > zk-shell: https://github.com/rgs1/zk_shell): > > $ zk-shell server:2181 > (CONNECTED) /> add_auth digest super:s3cr3t > (CONNECTED) /> set_acls /the/path 'world:anyone:crdwa' > > > -rgs > --001a113ed442883f220520cf8e6a--