Thanks Kishore, appreciate the help.
I do have a jass.conf on the class path which works for Phoenix client
connecting to ZK (in the same jvm) but does not work for Helix:
-Djava.security.auth.login.config=/etc/ams-hbase/conf/ams_collector_jaas.conf
[root@ambari-sid-4 ~]# cat /etc/ams-hbase/conf/ams_collector_jaas.conf
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/ams.collector.keytab"
principal="amshbase/[email protected]";
};
________________________________
From: kishore g <[email protected]>
Sent: Tuesday, July 12, 2016 6:36 PM
To: [email protected]
Subject: Re: MIT-Kerberos support for ZkHelixAdmin
We haven't tried ZK with authentication. I think ZK authentication can be
enabled by setting system properties. Will take a look at it and get back to you
On Tue, Jul 12, 2016 at 5:12 PM, Siddharth Wagle
<[email protected]<mailto:[email protected]>> wrote:
Hi,
I am working on Ambari Metrics System HA,
https://issues.apache.org/jira/browse/AMBARI-15901
and using Helix for task partitioning as well as service discovery.
The issue I am facing is that as soon as I enable Kerberos, Helix stops working
as it cannot connect to the secure Zookeeper.
Are there any examples or recommendations of how to get the ZkHelixAdmin to
work with secure Zookeeper. I was unable to find any mention of this in the
codebase.
Thanks,
Sid.
