Noted. Thanks, Tania
On Wed, Apr 30, 2014 at 5:53 PM, Ishara Premadasa <ish...@wso2.com> wrote: > Hi Indika, > > When further debugged i could find that in the coordination component, > jaas.conf and java.env files are not read when SASL is enabled, therefore > Zookeeper ServerCnxnFactory skips the creation of ZooKeeperSaslServer > instance as jaas.conf entries not found. This is currently fixed in > r201478. > > We need to add this into 2.2.0 documentation as well. I have created [1] > for that. > @Tania, > Please note. > > Thanks! > Ishara > > [1] https://wso2.org/jira/browse/DOCUMENTATION-777 > > > On Wed, Apr 30, 2014 at 11:59 AM, Indika Sampath <indi...@wso2.com> wrote: > >> Hi Ishara, >> >> Herewith I have attached jaas.conf and java.env files. You need to add >> these two files to <MB-HOME>/repository/conf/etc/ where MB instance start >> as zookeeper profile. After that change the path of jaas.conf in the >> java.env. Also check the <MB-HOME>/repository/conf/security/jaas.conf file >> exist. If it is not exist copy the jaas.conf. The issue seems to be MB >> server start as zookeeper won't get the SASL configuration properly. Anyway >> you can further debug and see with these configuration settings. >> >> Cheers! >> >> >> >> >> On Tue, Apr 29, 2014 at 11:46 PM, Ishara Premadasa <ish...@wso2.com>wrote: >> >>> Hi, >>> >>> From WSO2 MB 2.2.0 onwards we will be supporting zookeeper profiles with >>> MB where a message broker instance can be started as a zookeeper server as >>> well by using carbon profiles. For this we use embedded zookeeper server >>> that getting shipped with Coordination component. However as stated in [1] >>> when enabled SASL security for zookeeper server, the coordination server ( >>> which is zk server here) doesn't seem to initiate a ZooKeeperSaslServer >>> object, but still it starts a non-SASL Zookeeper server only. >>> >>> I enabled the debug logs for zookeeper server and once the client tries >>> to connect to server with providing client login data the following error >>> logs can be seen at zk server side and client side. >>> >>> *server side ( MB with zookeeper profile enabled)* >>> [2014-04-29 22:06:31,316] DEBUG >>> {org.apache.zookeeper.server.ZooKeeperServer} - Responding to client SASL >>> token. >>> [2014-04-29 22:06:31,316] DEBUG >>> {org.apache.zookeeper.server.ZooKeeperServer} - Size of client SASL token: >>> 0 >>> [2014-04-29 22:06:31,317] ERROR >>> {org.apache.zookeeper.server.ZooKeeperServer} - cnxn.saslServer is null: >>> cnxn object did not initialize its saslServer properly. >>> >>> *client side ( MB server which connects to zookeeper)* >>> [2014-04-29 22:06:31,313] DEBUG >>> {org.apache.zookeeper.client.ZooKeeperSaslClient} - >>> ClientCnxn:sendSaslPacket:length=0 >>> [2014-04-29 22:06:31,319] ERROR >>> {org.apache.zookeeper.client.ZooKeeperSaslClient} - SASL authentication >>> failed using login context 'Client'. >>> >>> To get this verified, i tested the same scenario by pointing to an >>> external Apache zookeeper server where client was able to successfully >>> authenticate through same credentials as below logs. >>> >>> [2014-04-29 22:12:10,873] DEBUG >>> {org.apache.zookeeper.client.ZooKeeperSaslClient} - >>> ClientCnxn:sendSaslPacket:length=0 >>> [2014-04-29 22:12:10,873] DEBUG >>> {org.apache.zookeeper.client.ZooKeeperSaslClient} - >>> saslClient.evaluateChallenge(len=101) >>> [2014-04-29 22:12:10,874] DEBUG >>> {org.apache.zookeeper.client.ZooKeeperSaslClient} - >>> ClientCnxn:sendSaslPacket:length=276 >>> [2014-04-29 22:12:10,876] DEBUG >>> {org.apache.zookeeper.client.ZooKeeperSaslClient} - >>> saslClient.evaluateChallenge(len=40) >>> [2014-04-29 22:12:10,877] DEBUG {org.apache.zookeeper.ClientCnxn} - >>> Reading reply sessionid:0x145ae5b1d2e0002, packet:: clientPath:null >>> serverPath:null finished:false header:: 3,3 replyHeader:: 3,5,-101 >>> request:: '/queue_workers_parent,F response:: >>> >>> Therefore it seems coordination server doesn't start zookeeper instance >>> by verifying whether security enabled or not. We need to get this fixed for >>> MB 2.2.0 and i am currently working on it. If there is any configuration >>> available for coordination server to handle this without changing the >>> source please mention it here. >>> >>> Thanks! >>> Ishara >>> >>> [1] https://wso2.org/jira/browse/MB-601 >>> >>> -- >>> Ishara Premasada >>> Software Engineer, >>> WSO2 Inc. http://wso2.com/ >>> >>> >>> *Blog : http://isharapremadasa.blogspot.com/ >>> <http://isharapremadasa.blogspot.com/> Twitter : >>> https://twitter.com/ishadil <https://twitter.com/ishadil>Mobile : +94 >>> 714445832 <%2B94%20714445832>* >>> >>> >>> >> >> >> -- >> Indika Sampath >> Software Engineer >> WSO2 Inc. >> http://wso2.com >> >> Phone: +94 716 424 744 >> Blog: http://indikasampath.blogspot.com/ >> >> > > > -- > Ishara Premasada > Software Engineer, > WSO2 Inc. http://wso2.com/ > > > *Blog : http://isharapremadasa.blogspot.com/ > <http://isharapremadasa.blogspot.com/>Twitter : > https://twitter.com/ishadil <https://twitter.com/ishadil> Mobile : > +94 714445832 <%2B94%20714445832>* > > > -- Tania Mahanama Senior Technical Writer Contact: Mob: +94 077 5129270
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev