This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.8
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.8 by this push:
new 3bd69c167 RANGER-5441: update Docker setup to support running
Zookeeper with Kerberos (#808)
3bd69c167 is described below
commit 3bd69c167d264e19c3d36d9cc8da27cd653bdd30
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Sat Jan 17 20:36:15 2026 -0800
RANGER-5441: update Docker setup to support running Zookeeper with Kerberos
(#808)
Co-authored-by: Abhishek Kumar <[email protected]>
---
.../ranger-docker/docker-compose.ranger.yml | 7 ++++++
.../ranger-docker/scripts/kdc/entrypoint.sh | 2 ++
dev-support/ranger-docker/scripts/zk/jaas.conf | 8 +++++++
.../scripts/zk/zookeeper-with-kerberos.sh | 28 ++++++++++++++++++++++
4 files changed, 45 insertions(+)
diff --git a/dev-support/ranger-docker/docker-compose.ranger.yml
b/dev-support/ranger-docker/docker-compose.ranger.yml
index 6f9fd1390..5f86c00ca 100644
--- a/dev-support/ranger-docker/docker-compose.ranger.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger.yml
@@ -78,6 +78,13 @@ services:
image: ranger-zk
container_name: ranger-zk
hostname: ranger-zk.rangernw
+ volumes:
+ - ./dist/keytabs/ranger-zk:/etc/keytabs
+ - ./scripts/wait_for_keytab.sh:/etc/wait_for_keytab.sh
+ - ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
+ - ./scripts/zk/jaas.conf:/etc/zookeeper/jaas.conf
+ - ./scripts/zk/zookeeper-with-kerberos.sh:/zookeeper-with-kerberos.sh:ro
+ entrypoint: [ "/bin/bash", "/zookeeper-with-kerberos.sh" ]
networks:
- ranger
ports:
diff --git a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
index 2c724bd89..b0ad1277a 100644
--- a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
+++ b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
@@ -98,6 +98,8 @@ function create_keytabs() {
create_principal_and_keytab knox ranger-knox
create_principal_and_keytab HTTP ranger-solr
+
+ create_principal_and_keytab zookeeper ranger-zk
}
function create_testusers() {
diff --git a/dev-support/ranger-docker/scripts/zk/jaas.conf
b/dev-support/ranger-docker/scripts/zk/jaas.conf
new file mode 100644
index 000000000..253d54f72
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/zk/jaas.conf
@@ -0,0 +1,8 @@
+Server {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="/etc/keytabs/zookeeper.keytab"
+ storeKey=true
+ useTicketCache=false
+ principal="zookeeper/[email protected]";
+};
diff --git a/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh
b/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh
new file mode 100644
index 000000000..33869b661
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+if [ "${KERBEROS_ENABLED}" = "true" ]; then
+ /etc/wait_for_keytab.sh zookeeper.keytab
+
+ export
ZOO_CFG_EXTRA="authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl"
+ export
SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/jaas.conf
-Dzookeeper.sasl.client=false ${SERVER_JVMFLAGS}"
+fi
+
+/docker-entrypoint.sh zkServer.sh start-foreground
