zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Irfan Hamid <iha...@salesforce.com>
Subject Re: Kerberos SASL broken unless 0.0.0.0 as "this" quorum server address
Date Mon, 14 Mar 2016 16:27:54 GMT
When I initially got the error, my digging through the Internets led me to
http://stackoverflow.com/questions/30940981/zookeeper-error-cannot-open-channel-to-x-at-election-address
which gave me the idea to use 0.0.0.0 as the local address.

Irfan.

On Mon, Mar 14, 2016 at 9:12 AM, Patrick Hunt <phunt@apache.org> wrote:

> Hm, that's very odd. I've never seen that. Eugene do you have any insight?
>
> Patrick
>
> On Thu, Mar 10, 2016 at 9:33 AM, Irfan Hamid <ihamid@salesforce.com>
> wrote:
> > Yup. It works perfectly fine without Kerberos. I was having issues with
> the
> > Kerberos not working due to the machine resolving itself as localhost
> > instead of its FQDN and I modified /etc/hosts. Although I've got it back
> to
> > its original state this issue persists. I'll try and install it onto VMs
> to
> > see if that helps.
> >
> > Thanks,
> > Irfan.
> >
> > On Thu, Mar 10, 2016 at 7:21 AM, Patrick Hunt <phunt@apache.org> wrote:
> >
> >> Have you tried running without Kerberos? Does it work in that
> >> simplified scenario? You might start there to minimize variables, then
> >> turn on kerberos once you're confident the base system is working.
> >>
> >> Patrick
> >>
> >> On Wed, Mar 9, 2016 at 1:52 PM, Irfan Hamid <ihamid@salesforce.com>
> wrote:
> >> > I did modify my /etc/hosts file for testing, that might be messing
> things
> >> > up perhaps. And no, I didn't want to multicast my auth request.
> >> >
> >> > Thanks,
> >> > Irfan.
> >> >
> >> > On Wed, Mar 9, 2016 at 9:09 AM, Martin Gainty <mgainty@hotmail.com>
> >> wrote:
> >> >
> >> >> so you are contacting all IPv4 addresses on the local machine..did
> you
> >> >> want to multicast your Kerberos authentication request?
> >> >> perhaps its time to use a Kerberos Authentication Test Tool to the
> >> >> specific IP and Port you want to connect to
> >> >>
> >> >>
> >>
> http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx
> >> >> Anyone have ideas for testing Kerberos Authentication?
> >> >> Martin
> >> >> ______________________________________________
> >> >>
> >> >>
> >> >>
> >> >> > From: phunt@apache.org
> >> >> > Date: Wed, 9 Mar 2016 08:47:14 -0800
> >> >> > Subject: Re: Kerberos SASL broken unless 0.0.0.0 as "this" quorum
> >> server
> >> >> address
> >> >> > To: user@zookeeper.apache.org
> >> >> >
> >> >> > I've never heard of such an issue. Sounds environmental to me.
I'm
> not
> >> >> > sure what you're trying to use this with but HBase has a pretty
> good
> >> >> > setup guide http://hbase.apache.org/0.94/book/zk.sasl.auth.html
> >> >> >
> >> >> > Patrick
> >> >> >
> >> >> > On Tue, Mar 8, 2016 at 1:19 PM, Irfan Hamid <ihamid@salesforce.com
> >
> >> >> wrote:
> >> >> > > Any info in this issue would be much appreciated.
> >> >> > >
> >> >> > > TIA,
> >> >> > > Irfan.
> >> >> > >
> >> >> > > On Thu, Mar 3, 2016 at 1:28 PM, Irfan Hamid <
> ihamid@salesforce.com>
> >> >> wrote:
> >> >> > >
> >> >> > >> Hi,
> >> >> > >>
> >> >> > >> I have a Kerberised setup with 3 ZK quorum servers (3.4.6
> running
> >> on
> >> >> JRE
> >> >> > >> 8u66). If I set all zoo.cfg server.n to the FQDN of the
servers,
> >> they
> >> >> can
> >> >> > >> connect to each other fine. However, clients cannot connect
to
> any
> >> of
> >> >> the
> >> >> > >> quorum servers and error out with:
> >> >> > >>
> >> >> > >> `Unable to read additional data from server sessionid
0x0,
> likely
> >> >> server
> >> >> > >> has closed socket, closing socket connection and attempting
> >> reconnect
> >> >> > >>
> >> >> > >> However, if I change the server.x for the local server
in each
> >> zoo.cfg
> >> >> > >> with 0.0.0.0:2888:3888 and then it works.
> >> >> > >>
> >> >> > >> Is this standard practice for Kerberos configuration
or is this
> >> >> pointing
> >> >> > >> to a problem in my setup?
> >> >> > >>
> >> >> > >> Thanks,
> >> >> > >> Irfan.
> >> >> > >>
> >> >>
> >> >>
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message