Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id ABEC3200C4D for ; Wed, 22 Mar 2017 02:51:41 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id AA554160B90; Wed, 22 Mar 2017 01:51:41 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 79681160B81 for ; Wed, 22 Mar 2017 02:51:40 +0100 (CET) Received: (qmail 86366 invoked by uid 500); 22 Mar 2017 01:51:38 -0000 Mailing-List: contact commits-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list commits@zookeeper.apache.org Received: (qmail 86352 invoked by uid 99); 22 Mar 2017 01:51:38 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Mar 2017 01:51:38 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id E4EA9DFE8F; Wed, 22 Mar 2017 01:51:37 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: rakeshr@apache.org To: commits@zookeeper.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: zookeeper git commit: ZOOKEEPER-2712: MiniKdc test case intermittently failing due to principal not found in Kerberos database Date: Wed, 22 Mar 2017 01:51:37 +0000 (UTC) archived-at: Wed, 22 Mar 2017 01:51:41 -0000 Repository: zookeeper Updated Branches: refs/heads/branch-3.4 902bee641 -> 5897852db ZOOKEEPER-2712: MiniKdc test case intermittently failing due to principal not found in Kerberos database After long long analysis, I have observed concurrency issues at `ApacheDs `(used for unit test) causing the trouble and failing minikdc test cases. Introduced delay between the ZK server's startup to avoid simultaneous login context init across servers. Also, modified few test code for better debugging. Author: Rakesh Radhakrishnan Reviewers: Michael Han Closes #200 from rakeshadr/ZK-2712 Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/5897852d Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/5897852d Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/5897852d Branch: refs/heads/branch-3.4 Commit: 5897852dba9bbaf78f73bc34ed9cbea5f7c9029a Parents: 902bee6 Author: Rakesh Radhakrishnan Authored: Wed Mar 22 13:02:16 2017 +0530 Committer: Rakesh Radhakrishnan Committed: Wed Mar 22 13:02:16 2017 +0530 ---------------------------------------------------------------------- .../zookeeper/server/quorum/QuorumPeer.java | 11 ++++ .../zookeeper/server/quorum/auth/MiniKdc.java | 2 +- .../server/quorum/auth/QuorumAuthTestBase.java | 60 ++++++++++++++++---- .../quorum/auth/QuorumAuthUpgradeTest.java | 10 ++-- .../quorum/auth/QuorumDigestAuthTest.java | 10 ++-- .../quorum/auth/QuorumKerberosAuthTest.java | 11 +++- .../auth/QuorumKerberosHostBasedAuthTest.java | 20 +++++-- 7 files changed, 92 insertions(+), 32 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zookeeper/blob/5897852d/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java ---------------------------------------------------------------------- diff --git a/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java b/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java index 889ee62..9eeeb5d 100644 --- a/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java +++ b/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java @@ -98,6 +98,10 @@ public class QuorumPeer extends ZooKeeperThread implements QuorumStats.Provider QuorumCnxManager qcm; QuorumAuthServer authServer; QuorumAuthLearner authLearner; + // VisibleForTesting. This flag is used to know whether qLearner's and + // qServer's login context has been initialized as ApacheDS has concurrency + // issues. Refer https://issues.apache.org/jira/browse/ZOOKEEPER-2712 + private boolean authInitialized = false; /* ZKDatabase is a top level member of quorumpeer * which will be used in all the zookeeperservers @@ -571,6 +575,7 @@ public class QuorumPeer extends ZooKeeperThread implements QuorumStats.Provider quorumServerLoginContext, authzHosts); authLearner = new SaslQuorumAuthLearner(isQuorumLearnerSaslAuthRequired(), quorumServicePrincipal, quorumLearnerLoginContext); + authInitialized = true; } else { authServer = new NullQuorumAuthServer(); authLearner = new NullQuorumAuthLearner(); @@ -1455,6 +1460,12 @@ public class QuorumPeer extends ZooKeeperThread implements QuorumStats.Provider return quorumLearnerSaslAuthRequired; } + // VisibleForTesting. Returns true if both the quorumlearner and + // quorumserver login has been finished. Otherwse, false. + public boolean hasAuthInitialized(){ + return authInitialized; + } + public QuorumCnxManager createCnxnManager() { return new QuorumCnxManager(this.getId(), this.getView(), http://git-wip-us.apache.org/repos/asf/zookeeper/blob/5897852d/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java index 8e3cb1b..ebe541d 100644 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java +++ b/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java @@ -224,7 +224,7 @@ public class MiniKdc { DEFAULT_CONFIG.setProperty(TRANSPORT, "TCP"); DEFAULT_CONFIG.setProperty(MAX_TICKET_LIFETIME, "86400000"); DEFAULT_CONFIG.setProperty(MAX_RENEWABLE_LIFETIME, "604800000"); - DEFAULT_CONFIG.setProperty(DEBUG, "false"); + DEFAULT_CONFIG.setProperty(DEBUG, "true"); } /** http://git-wip-us.apache.org/repos/asf/zookeeper/blob/5897852d/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java index 4d4b071..219d5bc 100644 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java +++ b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java @@ -66,10 +66,11 @@ public class QuorumAuthTestBase extends ZKTestCase { } protected String startQuorum(final int serverCount, - Map authConfigs, int authServerCount) throws IOException { + Map authConfigs, int authServerCount, + boolean delayedServerStartup) throws IOException { StringBuilder connectStr = new StringBuilder(); final int[] clientPorts = startQuorum(serverCount, 0, connectStr, - authConfigs, authServerCount); + authConfigs, authServerCount, delayedServerStartup); for (int i = 0; i < serverCount; i++) { Assert.assertTrue("waiting for server " + i + " being up", ClientBase.waitForServerUp("127.0.0.1:" + clientPorts[i], @@ -98,7 +99,7 @@ public class QuorumAuthTestBase extends ZKTestCase { throws IOException { StringBuilder connectStr = new StringBuilder(); final int[] clientPorts = startQuorum(serverCount, observerCount, - connectStr, authConfigs, authServerCount); + connectStr, authConfigs, authServerCount, false); for (int i = 0; i < serverCount; i++) { Assert.assertTrue("waiting for server " + i + " being up", ClientBase.waitForServerUp("127.0.0.1:" + clientPorts[i], @@ -122,12 +123,15 @@ public class QuorumAuthTestBase extends ZKTestCase { * configuration parameters for authentication * @param authServerCount * number of auth enabled servers + * @param delayedServerStartup + * true flag value to add delay between server's startup, false otherwise. * @return client port for the respective servers * @throws IOException */ protected int[] startQuorum(final int serverCount, int observerCount, StringBuilder connectStr, Map authConfigs, - int authServerCount) throws IOException { + int authServerCount, boolean delayedServerStartup) + throws IOException { final int clientPorts[] = new int[serverCount]; StringBuilder sb = new StringBuilder(); @@ -159,7 +163,7 @@ public class QuorumAuthTestBase extends ZKTestCase { String obsCfgSection = quorumCfg + "\npeerType=observer"; quorumCfg = obsCfgSection; } - startServer(authConfigs, clientPorts, quorumCfg, i); + startServer(authConfigs, clientPorts[i], quorumCfg, i, delayedServerStartup); } // servers without any authentication configured for (int j = 0; j < serverCount - authServerCount; j++, i++) { @@ -167,20 +171,52 @@ public class QuorumAuthTestBase extends ZKTestCase { String obsCfgSection = quorumCfg + "\npeerType=observer"; quorumCfg = obsCfgSection; } - MainThread mthread = new MainThread(i, clientPorts[i], quorumCfg); - mt.add(mthread); - mthread.start(); + startServer(null, clientPorts[i], quorumCfg, i, delayedServerStartup); } return clientPorts; } private void startServer(Map authConfigs, - final int[] clientPorts, String quorumCfg, int i) - throws IOException { - MainThread mthread = new MainThread(i, clientPorts[i], quorumCfg, - authConfigs); + final int clientPort, String quorumCfg, int i, + boolean delayedServerStartup) throws IOException { + MainThread mthread; + if (authConfigs != null) { + mthread = new MainThread(i, clientPort, quorumCfg, authConfigs); + } else { + mthread = new MainThread(i, clientPort, quorumCfg); + } mt.add(mthread); mthread.start(); + + if (delayedServerStartup) { + addDelayBeforeStartingNextServer(mthread); + } + } + + private void addDelayBeforeStartingNextServer(MainThread mThread) { + // Refer https://issues.apache.org/jira/browse/ZOOKEEPER-2712 + LOG.info("Waiting to finish login context init(Krb login), " + + "as there are potential concurrency issues in ApacheDS " + + "if multiple servers starts together!"); + int retries = 60; // 15secs delay + while (retries > 0) { + if (mThread.getQuorumPeer() != null + && mThread.getQuorumPeer().hasAuthInitialized()) { + try { + Thread.sleep(1000); // adding 1sec grace period. + } catch (InterruptedException e) { + LOG.info("Ignore InterruptedException"); + } + break; + } + // moving to next retry cycle + retries--; + try { + Thread.sleep(250); + } catch (InterruptedException e) { + LOG.info("Ignore InterruptedException"); + } + } } protected void startServer(MainThread restartPeer, http://git-wip-us.apache.org/repos/asf/zookeeper/blob/5897852d/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java index 3593245..4eeccf3 100644 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java +++ b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java @@ -83,7 +83,7 @@ public class QuorumAuthUpgradeTest extends QuorumAuthTestBase { Map authConfigs = new HashMap(); authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); - String connectStr = startQuorum(2, authConfigs, 0); + String connectStr = startQuorum(2, authConfigs, 0, false); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); @@ -103,7 +103,7 @@ public class QuorumAuthUpgradeTest extends QuorumAuthTestBase { Map authConfigs = new HashMap(); authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - String connectStr = startQuorum(2, authConfigs, 1); + String connectStr = startQuorum(2, authConfigs, 1, false); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); @@ -123,7 +123,7 @@ public class QuorumAuthUpgradeTest extends QuorumAuthTestBase { Map authConfigs = new HashMap(); authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - String connectStr = startQuorum(2, authConfigs, 2); + String connectStr = startQuorum(2, authConfigs, 2, false); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); @@ -145,7 +145,7 @@ public class QuorumAuthUpgradeTest extends QuorumAuthTestBase { authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - String connectStr = startQuorum(2, authConfigs, 2); + String connectStr = startQuorum(2, authConfigs, 2, false); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); @@ -178,7 +178,7 @@ public class QuorumAuthUpgradeTest extends QuorumAuthTestBase { Map authConfigs = new HashMap(); authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); - String connectStr = startQuorum(3, authConfigs, 0); + String connectStr = startQuorum(3, authConfigs, 0, false); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); http://git-wip-us.apache.org/repos/asf/zookeeper/blob/5897852d/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java index 18d1b92..c2f4cc3 100644 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java +++ b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java @@ -87,7 +87,7 @@ public class QuorumDigestAuthTest extends QuorumAuthTestBase { authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - String connectStr = startQuorum(3, authConfigs, 3); + String connectStr = startQuorum(3, authConfigs, 3, false); CountdownWatcher watcher = new CountdownWatcher(); zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); @@ -108,7 +108,7 @@ public class QuorumDigestAuthTest extends QuorumAuthTestBase { authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_LOGIN_CONTEXT, "QuorumLearnerInvalid"); authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "false"); - String connectStr = startQuorum(3, authConfigs, 3); + String connectStr = startQuorum(3, authConfigs, 3, false); CountdownWatcher watcher = new CountdownWatcher(); zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); @@ -132,7 +132,7 @@ public class QuorumDigestAuthTest extends QuorumAuthTestBase { authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); int serverCount = 2; final int[] clientPorts = startQuorum(serverCount, 0, - new StringBuilder(), authConfigs, serverCount); + new StringBuilder(), authConfigs, serverCount, false); for (int i = 0; i < serverCount; i++) { boolean waitForServerUp = ClientBase.waitForServerUp( "127.0.0.1:" + clientPorts[i], QuorumPeerTestBase.TIMEOUT); @@ -262,7 +262,7 @@ public class QuorumDigestAuthTest extends QuorumAuthTestBase { // Starting auth enabled 3-node cluster. int totalServerCount = 3; String connectStr = startQuorum(totalServerCount, authConfigs, - totalServerCount); + totalServerCount, false); CountdownWatcher watcher = new CountdownWatcher(); zk = new ZooKeeper(connectStr.toString(), ClientBase.CONNECTION_TIMEOUT, @@ -310,7 +310,7 @@ public class QuorumDigestAuthTest extends QuorumAuthTestBase { authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - String connectStr = startQuorum(3, authConfigs, 3); + String connectStr = startQuorum(3, authConfigs, 3, false); CountdownWatcher watcher = new CountdownWatcher(); zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); http://git-wip-us.apache.org/repos/asf/zookeeper/blob/5897852d/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java index 2cc56a7..e3eddf7 100644 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java +++ b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java @@ -46,7 +46,9 @@ public class QuorumKerberosAuthTest extends KerberosSecurityTestcase { + " keyTab=\"" + keytabFilePath + "\"\n" + " storeKey=true\n" + " useTicketCache=false\n" - + " debug=false\n" + + " debug=true\n" + + " doNotPrompt=true\n" + + " refreshKrb5Config=true\n" + " principal=\"" + KerberosTestUtils.getServerPrincipal() + "\";\n" + "};\n" + "QuorumLearner {\n" + " com.sun.security.auth.module.Krb5LoginModule required\n" @@ -54,7 +56,10 @@ public class QuorumKerberosAuthTest extends KerberosSecurityTestcase { + " keyTab=\"" + keytabFilePath + "\"\n" + " storeKey=true\n" + " useTicketCache=false\n" - + " debug=false\n" + + " debug=true\n" + + " doNotPrompt=true\n" + + " refreshKrb5Config=true\n" + + " isInitiator=true\n" + " principal=\"" + KerberosTestUtils.getLearnerPrincipal() + "\";\n" + "};\n"); setupJaasConfig(jaasEntries); } @@ -98,7 +103,7 @@ public class QuorumKerberosAuthTest extends KerberosSecurityTestcase { authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_KERBEROS_SERVICE_PRINCIPAL, serverPrincipal); - String connectStr = startQuorum(3, authConfigs, 3); + String connectStr = startQuorum(3, authConfigs, 3, true); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); http://git-wip-us.apache.org/repos/asf/zookeeper/blob/5897852d/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java index fcb7691..55deefb 100644 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java +++ b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java @@ -43,7 +43,7 @@ public class QuorumKerberosHostBasedAuthTest extends KerberosSecurityTestcase { private static File keytabFile; private static String hostServerPrincipal = KerberosTestUtils.getHostServerPrincipal(); private static String hostLearnerPrincipal = KerberosTestUtils.getHostLearnerPrincipal(); - private static String hostNamedLearnerPrincipal = KerberosTestUtils.getHostNamedLearnerPrincipal("myHost"); + private static String hostNamedLearnerPrincipal = KerberosTestUtils.getHostNamedLearnerPrincipal("myhost"); static { setupJaasConfigEntries(hostServerPrincipal, hostLearnerPrincipal, hostNamedLearnerPrincipal); } @@ -58,7 +58,9 @@ public class QuorumKerberosHostBasedAuthTest extends KerberosSecurityTestcase { + " keyTab=\"" + keytabFilePath + "\"\n" + " storeKey=true\n" + " useTicketCache=false\n" - + " debug=false\n" + + " debug=true\n" + + " doNotPrompt=true\n" + + " refreshKrb5Config=true\n" + " principal=\"" + KerberosTestUtils.replaceHostPattern(hostServerPrincipal) + "\";\n" + "};\n" + "QuorumLearner {\n" + " com.sun.security.auth.module.Krb5LoginModule required\n" @@ -66,7 +68,10 @@ public class QuorumKerberosHostBasedAuthTest extends KerberosSecurityTestcase { + " keyTab=\"" + keytabFilePath + "\"\n" + " storeKey=true\n" + " useTicketCache=false\n" - + " debug=false\n" + + " debug=true\n" + + " doNotPrompt=true\n" + + " refreshKrb5Config=true\n" + + " isInitiator=true\n" + " principal=\"" + KerberosTestUtils.replaceHostPattern(hostLearnerPrincipal) + "\";\n" + "};\n" + "QuorumLearnerMyHost {\n" + " com.sun.security.auth.module.Krb5LoginModule required\n" @@ -74,7 +79,10 @@ public class QuorumKerberosHostBasedAuthTest extends KerberosSecurityTestcase { + " keyTab=\"" + keytabFilePath + "\"\n" + " storeKey=true\n" + " useTicketCache=false\n" - + " debug=false\n" + + " debug=true\n" + + " doNotPrompt=true\n" + + " refreshKrb5Config=true\n" + + " isInitiator=true\n" + " principal=\"" + hostNamedLearnerPrincipal + "\";\n" + "};\n"); setupJaasConfig(jaasEntries); } @@ -122,7 +130,7 @@ public class QuorumKerberosHostBasedAuthTest extends KerberosSecurityTestcase { authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_KERBEROS_SERVICE_PRINCIPAL, serverPrincipal); - String connectStr = startQuorum(3, authConfigs, 3); + String connectStr = startQuorum(3, authConfigs, 3, true); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); @@ -143,7 +151,7 @@ public class QuorumKerberosHostBasedAuthTest extends KerberosSecurityTestcase { authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_KERBEROS_SERVICE_PRINCIPAL, serverPrincipal); - String connectStr = startQuorum(3, authConfigs, 3); + String connectStr = startQuorum(3, authConfigs, 3, true); CountdownWatcher watcher = new CountdownWatcher(); ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT);