This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch ranger-2.8
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.8 by this push:
     new 3bd69c167 RANGER-5441: update Docker setup to support running 
Zookeeper with Kerberos (#808)
3bd69c167 is described below

commit 3bd69c167d264e19c3d36d9cc8da27cd653bdd30
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Sat Jan 17 20:36:15 2026 -0800

    RANGER-5441: update Docker setup to support running Zookeeper with Kerberos 
(#808)
    
    Co-authored-by: Abhishek Kumar <[email protected]>
---
 .../ranger-docker/docker-compose.ranger.yml        |  7 ++++++
 .../ranger-docker/scripts/kdc/entrypoint.sh        |  2 ++
 dev-support/ranger-docker/scripts/zk/jaas.conf     |  8 +++++++
 .../scripts/zk/zookeeper-with-kerberos.sh          | 28 ++++++++++++++++++++++
 4 files changed, 45 insertions(+)

diff --git a/dev-support/ranger-docker/docker-compose.ranger.yml 
b/dev-support/ranger-docker/docker-compose.ranger.yml
index 6f9fd1390..5f86c00ca 100644
--- a/dev-support/ranger-docker/docker-compose.ranger.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger.yml
@@ -78,6 +78,13 @@ services:
     image: ranger-zk
     container_name: ranger-zk
     hostname: ranger-zk.rangernw
+    volumes:
+      - ./dist/keytabs/ranger-zk:/etc/keytabs
+      - ./scripts/wait_for_keytab.sh:/etc/wait_for_keytab.sh
+      - ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
+      - ./scripts/zk/jaas.conf:/etc/zookeeper/jaas.conf
+      - ./scripts/zk/zookeeper-with-kerberos.sh:/zookeeper-with-kerberos.sh:ro
+    entrypoint: [ "/bin/bash", "/zookeeper-with-kerberos.sh" ]
     networks:
       - ranger
     ports:
diff --git a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh 
b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
index 2c724bd89..b0ad1277a 100644
--- a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
+++ b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
@@ -98,6 +98,8 @@ function create_keytabs() {
   create_principal_and_keytab knox ranger-knox
 
   create_principal_and_keytab HTTP ranger-solr
+
+  create_principal_and_keytab zookeeper ranger-zk
 }
 
 function create_testusers() {
diff --git a/dev-support/ranger-docker/scripts/zk/jaas.conf 
b/dev-support/ranger-docker/scripts/zk/jaas.conf
new file mode 100644
index 000000000..253d54f72
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/zk/jaas.conf
@@ -0,0 +1,8 @@
+Server {
+  com.sun.security.auth.module.Krb5LoginModule required
+  useKeyTab=true
+  keyTab="/etc/keytabs/zookeeper.keytab"
+  storeKey=true
+  useTicketCache=false
+  principal="zookeeper/[email protected]";
+};
diff --git a/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh 
b/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh
new file mode 100644
index 000000000..33869b661
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+if [ "${KERBEROS_ENABLED}" = "true" ]; then
+  /etc/wait_for_keytab.sh zookeeper.keytab
+
+  export 
ZOO_CFG_EXTRA="authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
 requireClientAuthScheme=sasl"
+  export 
SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/jaas.conf 
-Dzookeeper.sasl.client=false ${SERVER_JVMFLAGS}"
+fi
+
+/docker-entrypoint.sh zkServer.sh start-foreground

Reply via email to