[
https://issues.apache.org/jira/browse/HADOOP-8315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13755247#comment-13755247
]
Kai Zheng commented on HADOOP-8315:
-----------------------------------
Thanks for this fix it's possible to deploy a secured HA cluster with SASL
support for the connection with Zookeeper, with a work around to configure the
JAAS login for the Zookeeper client initialization like follows.
In hadoop-env.sh,
{code}
export HADOOP_ZKFC_OPTS="$HADOOP_ZKFC_OPTS
-Djava.security.auth.login.config=/etc/hadoop/conf/hazk-jaas.conf"
{code}
To avoid such redundancy and the unnecessary extra login in Zookeeper, opened
HDFS-5152 to address this.
> Support SASL-authenticated ZooKeeper in ActiveStandbyElector
> ------------------------------------------------------------
>
> Key: HADOOP-8315
> URL: https://issues.apache.org/jira/browse/HADOOP-8315
> Project: Hadoop Common
> Issue Type: Improvement
> Components: auto-failover, ha
> Affects Versions: Auto Failover (HDFS-3042)
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Attachments: hadoop-8315.txt, hadoop-8315_v2.txt
>
>
> Currently, if you try to use SASL-authenticated ZK with the
> ActiveStandbyElector, you run into a couple issues:
> 1) We hit ZOOKEEPER-1437 - we need to wait until we see SaslAuthenticated
> before we can make any requests
> 2) We currently throw a fatalError when we see the SaslAuthenticated callback
> on the connection watcher
> We need to wait for ZK-1437 upstream, and then upgrade to the fixed version
> for #1. For #2 we just need to add a case there and ignore it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
