Thanks to Raúl Gutiérrez Segalés <https://plus.google.com/u/0/100752533842446806851?prsrc=4>, it really works. By the way, do you know how to solve this ZooKeeper-and-Kerberos-related problem <http://stackoverflow.com/questions/32711260/can-not-start-secure-zookeeper> ?
Thanks very much. 2015-09-28 11:23 GMT+08:00 Raúl Gutiérrez Segalés <r...@itevenworks.net>: > On 27 September 2015 at 19:37, Tao Xiao <xiaotao.cs....@gmail.com> wrote: > > > I'm using CDH 5.3, which has ZooKeeper 3.4.5 in it. I configured Kerberos > > for the CDH cluster and later disabled Kerberos because of some problems. > > > > After disabling Kerberos I tried restarting the cluster but the HBase > > Master failed to start. I checked the log and found it reported the > > following exception: > > > > baseZNode=/hbase Unable to get data of znode > > > > > /hbase/splitWAL/WALs%2Fhadoop3.com%2C60020%2C1442886930815-splitting%2Fhadoop3.com%252C60020%252C1442886930815.1442886937853.meta > > > > > > org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode > > = NoAuth for > > > /hbase/splitWAL/WALs%2Fhadoop3.com%2C60020%2C1442886930815-splitting%2Fhadoop3.com%252C60020%252C1442886930815.1442886937853.meta > > > > > > I checked the ACL of the znode above using the following command: > > > > getACl <the-znode-above> > > > > > > The result is: > > 'sasl,'hbase > > > > : cdrwa > > > > I tried to setAcl that znode and use the following command: > > > > setAcl <the-znode-above> world:anyone:cdrwa > > > > but failed with the message of "Authentication is not valid" . > > > > > > So it must be a permission related problem. > > How can I authenticate myself and then change the permission of that > znode > > so that HBase master can get data of it ? > > Or how can I remove its current privilege and make it accessible by > anyone > > in the world? > > > > Thanks. > > > > You can enable the super user (i.e.: admin). If you start the servers with > zookeeper.DigestAuthenticationProvider.superDigest, see: > > http://zookeeper.apache.org/doc/r3.4.5/zookeeperAdmin.html > > Once that's enabled, you can do something like (the example is for > zk-shell: https://github.com/rgs1/zk_shell): > > $ zk-shell server:2181 > (CONNECTED) /> add_auth digest super:s3cr3t > (CONNECTED) /> set_acls /the/path 'world:anyone:crdwa' > > > -rgs >