congrats! :)
> @Mate: as I copied the jaas.conf from your repo is that the exact file
you used for testing? Because changing the "user_zookeeper" to "user_kafka"
in the server-part fixed it.
if you mean this file, then yes, I used this for testing:
Hello,
I think I found the issue...
One can't use the same username for clients and quorums. I configured
all of them to be "zookeeper", but in the server-part of the jaas.conf
it should probably be more like "kafka" as it's Kafka which
authenticates to the zookeeper in that case and
Hey,
I also just tried using 3.5.7, but same problem...
Best regards
Sebastian
On 17-Feb-20 11:34 AM, Sebastian Schmitz wrote:
Hi Mate,
that's what I also tried. I copied it to the
/opt/zookeeper-cluster/-folder and got the same exception just with
the new path.
So, if that config
Hi Mate,
that's what I also tried. I copied it to the
/opt/zookeeper-cluster/-folder and got the same exception just with the
new path.
So, if that config works on your side it might be my environment then!?
Maybe it's a problem with the base-image openjdk:11-jre-stretch which I
use for
Hi Sebastian,
It's strange indeed... I also see the owner is root. That should work in
docker usually, given that you run the zookeeper process with the root
user. Maybe copying it to a different folder? I see that the conf folder
has different owner, maybe the java security library doesn't like
Hey Mate,
now it gets really weird. I get the file not found exception:
'.20-02-16 18:27:50,530 [myid:1] - ERROR [main:ServerCnxnFactory@246] -
No JAAS configuration section named 'Server' was found in
'/opt/zookeeper-cluster/zookeeper/conf/jaas.conf
java.lang.SecurityException:
Hi Sebastian!
I was able to setup digest authentication, uploaded my results here:
https://github.com/symat/zookeeper-docker-test
You can see my docker compose file:
https://github.com/symat/zookeeper-docker-test/blob/master/3_nodes_digest_quorum_auth.yml
also the zoo.cfg template:
O
Sent from Yahoo Mail on Android
On Fri, Feb 14, 2020 at 11:02 AM, Szalay-Bekő
Máté wrote: Hi Sebastian,
> But I still get the same exception.
at this point I don't know why this happen... Adding the Server section to
the jaas config should have helped. Unfortunately the exact exception
Hi Sebastian,
> But I still get the same exception.
at this point I don't know why this happen... Adding the Server section to
the jaas config should have helped. Unfortunately the exact exception is
not printed out into the logs, just the error message, so it is hard to
find out more details.
I
Hey Mate,
I checked the java.env-file and it contains:
SERVER_JVMFLAGS="-Djava.security.auth.login.config=/opt/zookeeper-cluster/zookeeper/conf/jaas.conf"
which is exactly the place where the pasted jaas.conf is placed.
I also just changed the config to be saslLoginContext and added the
Hi Sebastian,
thanks for the more details!
One thing I found in your config is that you should use:
quorum.auth.learner.saslLoginContext=QuorumLearner
quorum.auth.server.saslLoginContext=QuorumServer
so instead of loginContext, use saslLoginContext in both lines. I found
this in the source
Hello Rakesh,
as mentioned in the other mail adding the "Server"to jaas.conf didn't help.
Here are the Configs and Logs (with the Server-part included):
jaas.conf:
QuorumServer {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_zookeeper="test";
};
QuorumClient {
Hello Mate,
thank you for your reply.
I just deployed it in our Dev-Environment, which has three nodes. But
when updating the first node it has the same problem.
The problem with not using 0.0.0.0 is that the configuration of Docker
only promotes the internal network to the containers and
>java.io.IOException: No JAAS configuration section named 'Server'
I could see you have enabled client-server authentication as well. It looks
to me that the error is coming from that. Please share the complete error
logs to trace it.
Have you configured "*Server*" section along with the
Hello Sebastian,
In general I think you did configure ZooKeeper just fine. A few remarks:
- I am not sure how ZooKeeper server-server authentication is expected to
work when you only use a single server. Would you mind trying to start a
Quorum with e.g. 3 servers?
- also, I think it is a good
Hello,
I'm currently looking into enabling the Auth between Zookeeper-Servers
and found this documentation:
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
However, when I use the config from the document (for Digest-MD5) I get
this exception in
16 matches
Mail list logo