Does not look like standard system variables used by Zookeeper. Take a look at this wiki
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide export CLIENT_JVMFLAGS=" -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks -Dzookeeper.ssl.keyStore.password=testpass -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks -Dzookeeper.ssl.trustStore.password=testpass" On Tue, Jul 12, 2016 at 8:12 PM, Siddharth Wagle <[email protected]> wrote: > Thanks Kishore, appreciate the help. > > > I do have a jass.conf on the class path which works for Phoenix client > connecting to ZK (in the same jvm) but does not work for Helix: > > > > -Djava.security.auth.login.config=/etc/ams-hbase/conf/ams_collector_jaas.conf > > > [root@ambari-sid-4 ~]# cat /etc/ams-hbase/conf/ams_collector_jaas.conf > > Client { > com.sun.security.auth.module.Krb5LoginModule required > useKeyTab=true > storeKey=true > useTicketCache=false > keyTab="/etc/security/keytabs/ams.collector.keytab" > principal="amshbase/[email protected]"; > }; > > > > ------------------------------ > *From:* kishore g <[email protected]> > *Sent:* Tuesday, July 12, 2016 6:36 PM > *To:* [email protected] > *Subject:* Re: MIT-Kerberos support for ZkHelixAdmin > > We haven't tried ZK with authentication. I think ZK authentication can be > enabled by setting system properties. Will take a look at it and get back > to you > > On Tue, Jul 12, 2016 at 5:12 PM, Siddharth Wagle <[email protected]> > wrote: > >> Hi, >> >> >> I am working on Ambari Metrics System HA, >> https://issues.apache.org/jira/browse/AMBARI-15901 >> >> and using Helix for task partitioning as well as service discovery. >> >> >> The issue I am facing is that as soon as I enable Kerberos, Helix stops >> working as it cannot connect to the secure Zookeeper. >> >> >> Are there any examples or recommendations of how to get the ZkHelixAdmin >> to work with secure Zookeeper. I was unable to find any mention of this in >> the codebase. >> >> >> Thanks, >> >> Sid. >> >> >> >> >
