Hi Sebastian, It's strange indeed... I also see the owner is root. That should work in docker usually, given that you run the zookeeper process with the root user. Maybe copying it to a different folder? I see that the conf folder has different owner, maybe the java security library doesn't like that?
But honestly, I don't have any useful explanation. Good luck! Mate On Sun, Feb 16, 2020, 20:06 Sebastian Schmitz < sebastian.schm...@propellerhead.co.nz> wrote: > Hey Mate, > > now it gets really weird. I get the file not found exception: > > '.20-02-16 18:27:50,530 [myid:1] - ERROR [main:ServerCnxnFactory@246] - > No JAAS configuration section named 'Server' was found in > '/opt/zookeeper-cluster/zookeeper/conf/jaas.conf > java.lang.SecurityException: java.io.IOException: > /opt/zookeeper-cluster/zookeeper/conf/jaas.conf > (No such file or directory) > at > java.base/sun.security.provider.ConfigFile$Spi.<init>(Unknown Source) > at java.base/sun.security.provider.ConfigFile.<init>(Unknown > Source) > at > java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native > > Method) > at > java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown > > Source) > at > java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown > > Source) > at java.base/java.lang.reflect.Constructor.newInstance(Unknown > Source) > at java.base/java.lang.Class.newInstance(Unknown Source) > at > java.base/javax.security.auth.login.Configuration$2.run(Unknown Source) > at > java.base/javax.security.auth.login.Configuration$2.run(Unknown Source) > at java.base/java.security.AccessController.doPrivileged(Native > Method) > at > java.base/javax.security.auth.login.Configuration.getConfiguration(Unknown > Source) > at > > org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:210) > at > > org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:646) > at > > org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:143) > at > > org.apache.zookeeper.server.ZooKeeperServerMain.initializeAndRun(ZooKeeperServerMain.java:106) > at > > org.apache.zookeeper.server.ZooKeeperServerMain.main(ZooKeeperServerMain.java:64) > at > > org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:128) > at > > org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82) > Caused by: java.io.IOException: > /opt/zookeeper-cluster/zookeeper/conf/jaas.conf > (No such file or directory) > at > java.base/sun.security.provider.ConfigFile$Spi.ioException(Unknown Source) > at java.base/sun.security.provider.ConfigFile$Spi.init(Unknown > Source) > ... 18 more > 2020-02-16 18:27:50,566 [myid:1] - ERROR [main:ZooKeeperServerMain@83] - > Unexpected exception, exiting abnormally > java.io.IOException: No JAAS configuration section named 'Server' was > found in '/opt/zookeeper-cluster/zookeeper/conf/jaas.conf > '. > at > > org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:247) > at > > org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:646) > at > > org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:143) > at > > org.apache.zookeeper.server.ZooKeeperServerMain.initializeAndRun(ZooKeeperServerMain.java:106) > at > > org.apache.zookeeper.server.ZooKeeperServerMain.main(ZooKeeperServerMain.java:64) > at > > org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:128) > at > > org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82) > > So I checked the image: > > root@2eeeb625500c:/opt/zookeeper-cluster/zookeeper/conf# ls -la > total 32 > drwxr-xr-x 2 1010 1011 4096 Feb 16 18:27 . > drwxr-xr-x 12 root root 4096 Feb 16 18:27 .. > -rw-r--r-- 1 1010 1011 535 Jan 30 12:18 configuration.xsl > -rw-r--r-- 1 root root 600 Feb 13 18:32 jaas.conf > -rw-r--r-- 1 root root 101 Feb 11 00:05 java.env > -rw-r--r-- 1 1010 1011 2712 Feb 14 05:49 log4j.properties > -rw-r--r-- 1 root root 1255 Feb 16 18:27 zoo.cfg > -rw-r--r-- 1 1010 1011 922 Feb 14 05:49 zoo_sample.cfg > > And tried to output the file it states in the error: > > root@2eeeb625500c:/opt/zookeeper-cluster/zookeeper/conf# cat > /opt/zookeeper-cluster/zookeeper/conf/jaas.conf > QuorumServer { > org.apache.zookeeper.server.auth.DigestLoginModule required > user_zookeeper="test"; > }; > QuorumClient { > org.apache.zookeeper.server.auth.DigestLoginModule required > username="zookeeper" > password="test"; > }; > Server { > org.apache.zookeeper.server.auth.DigestLoginModule required > user_zookeeper="test"; > }; > Client { > org.apache.zookeeper.server.auth.DigestLoginModule required > username="zookeeper" > password="test"; > }; > > The weird part now is that the access is set exactly the same as the > zoo.cfg which it can read without problems. > > Also changing the access to 666 doesn't change anything. And using your > config doesn't help either: > > jaas.conf: > QuorumServer { > org.apache.zookeeper.server.auth.DigestLoginModule required > user_zookeeper="test"; > }; > QuorumLearner { > org.apache.zookeeper.server.auth.DigestLoginModule required > username="zookeeper" > password="test"; > }; > Server { > org.apache.zookeeper.server.auth.DigestLoginModule required > user_zookeeper="test"; > }; > > zoo.cfg: > tickTime=2000 > initLimit=10 > syncLimit=5 > > dataDir=/mnt/zk_data > > clientPort=2181 > > standaloneEnabled=true > admin.enableServer=true > localSessionsEnabled=true > localSessionsUpgradingEnabled=true > > 4lw.commands.whitelist=stat, ruok, conf, isro, wchc, wchp, srvr, mntr, cons > > clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider > quorum.auth.enableSasl=true > quorum.auth.learnerRequireSasl=false > quorum.auth.serverRequireSasl=false > quorum.auth.learner.saslLoginContext=QuorumLearner > quorum.auth.server.saslLoginContext=QuorumServer > dataLogDir=/mnt/zk_data_log > autopurge.snapRetainCount=3 > autopurge.purgeInterval=24 > quorum.cnxn.threads.size=20 > server.1=0.0.0.0:2888:3888 > > I have no idea what's different now. I'll try to run the stuff from your > repo and see if that works. > > Best regards > > Sebastian > > On 14-Feb-20 8:11 PM, Szalay-Bekő Máté wrote: > > Hi Sebastian! > > > > I was able to setup digest authentication, uploaded my results here: > > https://github.com/symat/zookeeper-docker-test > > You can see my docker compose file: > > > https://github.com/symat/zookeeper-docker-test/blob/master/3_nodes_digest_quorum_auth.yml > > also the zoo.cfg template: > > > https://github.com/symat/zookeeper-docker-test/blob/master/conf/digest_zoo.cfg > > and the jaas.cfg file: > > > https://github.com/symat/zookeeper-docker-test/blob/master/conf/digest_jaas.conf > > > > It works for me, using ZooKeeper 3.5.6. Although I haven't follow your > > config everywhere. > > > > Still, I wasn't able to reproduce your exception, only when I actually > > deleted the jaas config file. Are you sure that the ZooKeeper process in > > docker can see / open that file? > > > > I created a patched ZooKeeper 3.5.6 for you (you can download from here: > > https://drive.google.com/open?id=1KEPjNkiKf937jMJHAicwW9WATEuyRZIo), > where > > more details are printed in case of errors. E.g. in my case when I > deleted > > the jaas config file, I get: > > > > zoo1_1 | 2020-02-14 07:04:33,288 [myid:1] - ERROR > > [main:ServerCnxnFactory@246] - No JAAS configuration section named > 'Server' > > was found in '/scripts/conf/digest_jaas.conf'. > > zoo1_1 | java.lang.SecurityException: java.io.IOException: > > /scripts/conf/digest_jaas.conf (No such file or directory) > > zoo1_1 | at > > sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) > > zoo1_1 | at > > sun.security.provider.ConfigFile.<init>(ConfigFile.java:102) > > zoo1_1 | at > > sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > > zoo1_1 | at > > > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > > zoo1_1 | at > > > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > > zoo1_1 | at > > java.lang.reflect.Constructor.newInstance(Constructor.java:423) > > zoo1_1 | at java.lang.Class.newInstance(Class.java:442) > > zoo1_1 | at > > javax.security.auth.login.Configuration$2.run(Configuration.java:255) > > zoo1_1 | at > > javax.security.auth.login.Configuration$2.run(Configuration.java:247) > > zoo1_1 | at java.security.AccessController.doPrivileged(Native > > Method) > > zoo1_1 | at > > > javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246) > > zoo1_1 | at > > > org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:210) > > zoo1_1 | at > > > org.apache.zookeeper.server.NettyServerCnxnFactory.configure(NettyServerCnxnFactory.java:383) > > zoo1_1 | at > > > org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:148) > > zoo1_1 | at > > > org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:123) > > zoo1_1 | at > > > org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82) > > zoo1_1 | Caused by: java.io.IOException: /scripts/conf/digest_jaas.conf > > (No such file or directory) > > zoo1_1 | at > > sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666) > > zoo1_1 | at > > sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:262) > > zoo1_1 | at > > sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135) > > zoo1_1 | ... 15 more > > z > > > > Kind regards, > > Mate > > > > On Fri, Feb 14, 2020 at 7:12 AM sagar shukla <sa_shu...@yahoo.com.invalid > > > > wrote: > > > >> O > >> Sent from Yahoo Mail on Android > >> > >> On Fri, Feb 14, 2020 at 11:02 AM, Szalay-Bekő Máté< > >> szalay.beko.m...@gmail.com> wrote: Hi Sebastian, > >> > >>> But I still get the same exception. > >> at this point I don't know why this happen... Adding the Server section > to > >> the jaas config should have helped. Unfortunately the exact exception is > >> not printed out into the logs, just the error message, so it is hard to > >> find out more details. > >> > >> I will try to reproduce your case with 3.5.6 locally and see if it > works. I > >> never actually used digest authentication before... we always use > kerberos > >> in production. If it works, I will share my configs / dockerfiles and > send > >> you a patched version with more debug info printed out. > >> > >>> Why would configuring quorum-auth also enable client-server-auth? > >> it is not very logical indeed... if I see it right, based on the code > once > >> you set the java.security.auth.login.config property, then ZooKeeper > >> assumes you want to use server-client sasl authentication. I guess the > >> quorum-auth feature was added later and they introduced 'enable' config > >> property for this, but forget to introduce the same config for the > client > >> authentication. I also guess most of the people are interested in the > >> client authentication and it is rare that someone does't need that but > >> needs quorum auth. Still, the current behaviour is not good I think. I > will > >> submit a jira ticket requesting an improvement here when I will have > time, > >> but feel free to submit it yourself if you wish. > >> > >> Kind regards, > >> Mate > >> > >> On Thu, Feb 13, 2020 at 7:41 PM Sebastian Schmitz < > >> sebastian.schm...@propellerhead.co.nz> wrote: > >> > >>> Hey Mate, > >>> > >>> I checked the java.env-file and it contains: > >>> > >>> > >>> > >> > SERVER_JVMFLAGS="-Djava.security.auth.login.config=/opt/zookeeper-cluster/zookeeper/conf/jaas.conf" > >>> which is exactly the place where the pasted jaas.conf is placed. > >>> > >>> I also just changed the config to be saslLoginContext and added the > >>> missing semicolon. > >>> > >>> But I still get the same exception. > >>> > >>> Why would configuring quorum-auth also enable client-server-auth? > >>> > >>> Thanks > >>> > >>> Sebastian > >>> > >>> > >>> On 13-Feb-20 5:50 AM, Szalay-Bekő Máté wrote: > >>>> Hi Sebastian, > >>>> > >>>> thanks for the more details! > >>>> > >>>> One thing I found in your config is that you should use: > >>>> quorum.auth.learner.saslLoginContext=QuorumLearner > >>>> quorum.auth.server.saslLoginContext=QuorumServer > >>>> > >>>> so instead of loginContext, use saslLoginContext in both lines. I > >>> found > >>>> this in the source code, I think the wiki is wrong (I will fix it > >> later). > >>>> However, actually this didn't really change anything, as the default > >>> values > >>>> are anyway > >>>> QuorumLearner and QuorumServer, so you can even skip these lines from > >>> the > >>>> config. > >>>> > >>>> I think Rakesh is right, you are seeing exceptions related to not the > >>>> QuorumSasl, but the ClientSasl. This is why ZooKeeper tries to find > the > >>>> 'Server' section (what is configuring the server during the > >> client-server > >>>> authentication). The name of this section can be overwritten by the > >>>> "zookeeper.sasl.serverconfig" system property. > >>>> > >>>> Based on the exception, ZooKeeper can not find the 'Server' section in > >>>> the /opt/zookeeper-cluster/zookeeper/conf/jaas.conf file. Are you sure > >>> this > >>>> is the correct jaas.conf? Does the ZooKeeper process have the > >> permissions > >>>> to open this file? You can specify the jaas config file path for > >>> ZooKeeper > >>>> by providing custom system property e.g. by exporting > >>>> SERVER_JVMFLAGS="-Djava.security.auth.login.config=/path/to/jaas.conf" > >>>> before starting zkServer.sh > >>>> > >>>> Also in the jaas.conf you copied here, you are missing a semicolon > from > >>> the > >>>> end of the last line in the Server block. I am not sure if it is > >> causing > >>>> any parsing error, but I always add the semicolon to the end of the > >> last > >>>> line in the block. > >>>> > >>>> Mate > >>>> > >>>> On Tue, Feb 11, 2020 at 7:53 PM Sebastian Schmitz < > >>>> sebastian.schm...@propellerhead.co.nz> wrote: > >>>> > >>>>> Hello Rakesh, > >>>>> > >>>>> as mentioned in the other mail adding the "Server"to jaas.conf didn't > >>> help. > >>>>> Here are the Configs and Logs (with the Server-part included): > >>>>> > >>>>> jaas.conf: > >>>>> QuorumServer { > >>>>> org.apache.zookeeper.server.auth.DigestLoginModule required > >>>>> user_zookeeper="test"; > >>>>> }; > >>>>> > >>>>> QuorumClient { > >>>>> org.apache.zookeeper.server.auth.DigestLoginModule required > >>>>> username="zookeeper" > >>>>> password="test"; > >>>>> }; > >>>>> > >>>>> Server { > >>>>> org.apache.zookeeper.server.auth.DigestLoginModule required > >>>>> user_zookeeper="test" > >>>>> }; > >>>>> > >>>>> Client { > >>>>> org.apache.zookeeper.server.auth.DigestLoginModule required > >>>>> username="zookeeper" > >>>>> password="test"; > >>>>> }; > >>>>> > >>>>> zoo.cfg: > >>>>> # The number of milliseconds of each tick > >>>>> tickTime=2000 > >>>>> # The number of ticks that the initial > >>>>> # synchronization phase can take > >>>>> initLimit=10 > >>>>> # The number of ticks that can pass between > >>>>> # sending a request and getting an acknowledgement > >>>>> syncLimit=5 > >>>>> # the directory where the snapshot is stored. > >>>>> # do not use /tmp for storage, /tmp here is just > >>>>> # example sakes. > >>>>> dataDir=/mnt/zk_data > >>>>> # the port at which the clients will connect > >>>>> clientPort=2181 > >>>>> # the maximum number of client connections. > >>>>> # increase this if you need to handle more clients > >>>>> #maxClientCnxns=60 > >>>>> # > >>>>> # Be sure to read the maintenance section of the > >>>>> # administrator guide before turning on autopurge. > >>>>> # > >>>>> # > >>>>> > >> > http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance > >>>>> # > >>>>> # The number of snapshots to retain in dataDir > >>>>> #autopurge.snapRetainCount=3 > >>>>> # Purge task interval in hours > >>>>> # Set to "0" to disable auto purge feature > >>>>> #autopurge.purgeInterval=1 > >>>>> dataLogDir=/mnt/zk_data_log > >>>>> autopurge.snapRetainCount=3 > >>>>> autopurge.purgeInterval=24 > >>>>> quorum.auth.enableSasl=true > >>>>> quorum.auth.learnerRequireSasl=false > >>>>> quorum.auth.serverRequireSasl=false > >>>>> quorum.auth.learner.loginContext=QuorumLearner > >>>>> quorum.auth.server.loginContext=QuorumServer > >>>>> quorum.cnxn.threads.size=20 > >>>>> > >> > authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider > >>>>> secureClientPort=2281 > >>>>> server.1=0.0.0.0:2888:3888 > >>>>> server.2=kafkad02.x.azure.com:2888:3888 > >>>>> server.3=kafkad03.x.azure.com:2888:3888 > >>>>> > >>>>> Server-Log: > >>>>> Using config: /opt/zookeeper-cluster/zookeeper/bin/../conf/zoo.cfg > >>>>> Feb 11, 2020 18:43:53 +0000 [1 1] com.newrelic INFO: New Relic Agent: > >>>>> Loading configuration file > >>> "/opt/zookeeper-cluster/newrelic/./newrelic.yml" > >>>>> Feb 11, 2020 18:43:53 +0000 [1 1] com.newrelic INFO: Using default > >>>>> collector host: collector.newrelic.com > >>>>> Feb 11, 2020 18:43:53 +0000 [1 1] com.newrelic INFO: New Relic Agent: > >>>>> Writing to log file: > >>>>> /opt/zookeeper-cluster/newrelic/logs/newrelic_agent.log > >>>>> WARNING: An illegal reflective access operation has occurred > >>>>> WARNING: Illegal reflective access by > >>>>> com.newrelic.weave.weavepackage.NewClassAppender > >>>>> (file:/opt/zookeeper-cluster/newrelic/newrelic.jar) to method > >>>>> java.net.URLClassLoader.addURL(java.net.URL) > >>>>> WARNING: Please consider reporting this to the maintainers of > >>>>> com.newrelic.weave.weavepackage.NewClassAppender > >>>>> WARNING: Use --illegal-access=warn to enable warnings of further > >> illegal > >>>>> reflective access operations > >>>>> WARNING: All illegal access operations will be denied in a future > >>> release > >>>>> 2020-02-11 18:43:59,257 [myid:] - INFO [main:QuorumPeerConfig@136] - > >>>>> Reading configuration from: > >>>>> /opt/zookeeper-cluster/zookeeper/bin/../conf/zoo.cfg > >>>>> 2020-02-11 18:43:59,477 [myid:] - INFO > >>>>> [main:QuorumPeer$QuorumServer@185] - Resolved hostname: > >>>>> kafkad02.x.azure.com to address: kafkad02.x.azure.com/1.2.3.4 > >>>>> 2020-02-11 18:43:59,477 [myid:] - INFO > >>>>> [main:QuorumPeer$QuorumServer@185] - Resolved hostname: 0.0.0.0 to > >>>>> address: /0.0.0.0 > >>>>> 2020-02-11 18:43:59,666 [myid:] - INFO > >>>>> [main:QuorumPeer$QuorumServer@185] - Resolved hostname: > >>>>> kafkad03.x.azure.com to address: kafkad03.x.azure.com/1.2.3.5 > >>>>> 2020-02-11 18:43:59,666 [myid:] - INFO [main:QuorumPeerConfig@398] - > >>>>> Defaulting to majority quorums > >>>>> 2020-02-11 18:43:59,677 [myid:1] - INFO > [main:DatadirCleanupManager@78 > >> ] > >>>>> - autopurge.snapRetainCount set to 3 > >>>>> 2020-02-11 18:43:59,677 [myid:1] - INFO > [main:DatadirCleanupManager@79 > >> ] > >>>>> - autopurge.purgeInterval set to 24 > >>>>> 2020-02-11 18:43:59,732 [myid:1] - INFO > >>>>> [PurgeTask:DatadirCleanupManager$PurgeTask@138] - Purge task > started. > >>>>> 2020-02-11 18:43:59,749 [myid:1] - INFO [main:QuorumPeerMain@130] - > >>>>> Starting quorum peer > >>>>> 2020-02-11 18:43:59,788 [myid:1] - INFO [main:ServerCnxnFactory@117] > >> - > >>>>> Using org.apache.zookeeper.server.NIOServerCnxnFactory as server > >>>>> connection factory > >>>>> 2020-02-11 18:43:59,804 [myid:1] - INFO > >>>>> [PurgeTask:DatadirCleanupManager$PurgeTask@144] - Purge task > >> completed. > >>>>> '.20-02-11 18:43:59,826 [myid:1] - ERROR [main:ServerCnxnFactory@210 > ] > >> - > >>>>> No JAAS configuration section named 'Server' was foundin > >>>>> '/opt/zookeeper-cluster/zookeeper/conf/jaas.conf > >>>>> 2020-02-11 18:43:59,827 [myid:1] - ERROR [main:QuorumPeerMain@92] - > >>>>> Unexpected exception, exiting abnormally > >>>>> java.io.IOException: No JAAS configuration section named 'Server' was > >>>>> foundin '/opt/zookeeper-cluster/zookeeper/conf/jaas.conf > >>>>> '. > >>>>> at > >>>>> > >>>>> > >> > org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:211) > >>>>> at > >>>>> > >>>>> > >> > org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:82) > >>>>> at > >>>>> > >>>>> > >> > org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:133) > >>>>> at > >>>>> > >>>>> > >> > org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:114) > >>>>> at > >>>>> > >> > org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:81) > >>>>> > >>>>> > >>>>> Best regards > >>>>> > >>>>> Sebastian > >>>>> > >>>>> > >>>>> On 12-Feb-20 2:36 AM, Rakesh Radhakrishnan wrote: > >>>>>>>>>>> java.io.IOException: No JAAS configuration section named > >> 'Server' > >>>>>> I could see you have enabled client-server authentication as well. > It > >>>>>> looks to me that the error is coming from that. Please share the > >>>>>> complete error logs to trace it. > >>>>>> Have you configured "*Server*" section along with the > >> "*QuorumServer*" > >>>>>> and "*QuorumClient*" sections? If not, please configure "*Server*" > >>>>>> section along with others and try it out. > >>>>>> > >>>>>> Reference: > >>>>>> > >> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication > >>>>>> image.png > >>>>>> > >>>>>> Thanks, > >>>>>> Rakesh > >>>>>> > >>>>>> On Tue, Feb 11, 2020 at 7:26 AM Sebastian Schmitz > >>>>>> <sebastian.schm...@propellerhead.co.nz > >>>>>> <mailto:sebastian.schm...@propellerhead.co.nz>> wrote: > >>>>>> > >>>>>> Hello, > >>>>>> > >>>>>> I'm currently looking into enabling the Auth between > >>>>>> Zookeeper-Servers > >>>>>> and found this documentation: > >>>>>> > >>>>>> > >> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication > >>>>>> However, when I use the config from the document (for > >> Digest-MD5) > >>>>>> I get > >>>>>> this exception in Zookeeper 3.4.14 and also 3.5.6, which I > tried > >>>>>> because > >>>>>> I thought using latest version could help: > >>>>>> java.io.IOException: No JAAS configuration section named > >> 'Server' > >>> was > >>>>>> found in '/opt/zookeeper-cluster/zookeeper/conf/jaas.conf > >>>>>> > >>>>>> And of course that's right, because there's only QuorumServer > >> and > >>>>>> QuorumClient in the jaas.conf: > >>>>>> > >>>>>> jaas.conf: > >>>>>> QuorumServer { > >>>>>> org.apache.zookeeper.server.auth.DigestLoginModule > >>> required > >>>>>> user_zookeeper="test"; > >>>>>> }; > >>>>>> > >>>>>> QuorumClient { > >>>>>> org.apache.zookeeper.server.auth.DigestLoginModule > >>> required > >>>>>> username="zookeeper" > >>>>>> password="test"; > >>>>>> }; > >>>>>> > >>>>>> I also tried renaming the QuorumServer to just "Server". No > >>> change. > >>>>>> My zoo.cfg: > >>>>>> tickTime=2000 > >>>>>> initLimit=10 > >>>>>> syncLimit=5 > >>>>>> dataDir=/mnt/zk_data > >>>>>> clientPort=2181 > >>>>>> dataLogDir=/mnt/zk_data_log > >>>>>> autopurge.snapRetainCount=3 > >>>>>> autopurge.purgeInterval=24 > >>>>>> quorum.auth.enableSasl=true > >>>>>> quorum.auth.learnerRequireSasl=false > >>>>>> quorum.auth.serverRequireSasl=false > >>>>>> quorum.auth.learner.loginContext=QuorumLearner > >>>>>> quorum.auth.server.loginContext=QuorumServer > >>>>>> quorum.cnxn.threads.size=20 > >>>>>> > >> > authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider > >>>>>> secureClientPort=2281 > >>>>>> server.1=0.0.0.0:2888:3888 > >>>>>> > >>>>>> Any idea what I could try? Or maybe there's some better > document > >>>>>> on how > >>>>>> to achieve this? > >>>>>> > >>>>>> Thank you > >>>>>> > >>>>>> Sebastian > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> DISCLAIMER > >>>>>> This email contains information that is confidential and which > >>>>>> may be > >>>>>> legally privileged. If you have received this email in error > >>> please > >>>>>> notify the sender immediately and delete the email. > >>>>>> This email is intended > >>>>>> solely for the use of the intended recipient and you may not > use > >>> or > >>>>>> disclose this email in any way. > >>>>>> > >>>>> -- > >>>>> DISCLAIMER > >>>>> This email contains information that is confidential and which > >>>>> may be > >>>>> legally privileged. If you have received this email in error please > >>>>> > >>>>> notify the sender immediately and delete the email. > >>>>> This email is intended > >>>>> solely for the use of the intended recipient and you may not use or > >>>>> disclose this email in any way. > >>>>> > >>> -- > >>> DISCLAIMER > >>> This email contains information that is confidential and which > >>> may be > >>> legally privileged. If you have received this email in error please > >>> > >>> notify the sender immediately and delete the email. > >>> This email is intended > >>> solely for the use of the intended recipient and you may not use or > >>> disclose this email in any way. > >>> > > -- > DISCLAIMER > This email contains information that is confidential and which > may be > legally privileged. If you have received this email in error please > > notify the sender immediately and delete the email. > This email is intended > solely for the use of the intended recipient and you may not use or > disclose this email in any way. >