[
https://issues.apache.org/jira/browse/FLINK-6117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15932092#comment-15932092
]
ASF GitHub Bot commented on FLINK-6117:
---------------------------------------
Github user vijikarthi commented on a diff in the pull request:
https://github.com/apache/flink/pull/3566#discussion_r106829135
--- Diff:
flink-runtime/src/main/java/org/apache/flink/runtime/util/ZooKeeperUtils.java
---
@@ -89,6 +90,7 @@ public static CuratorFramework
startCuratorFramework(Configuration configuration
boolean disableSaslClient =
configuration.getBoolean(ConfigConstants.ZOOKEEPER_SASL_DISABLE,
ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE);
+ System.setProperty(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
String.valueOf(!disableSaslClient));
--- End diff --
Please move this logic to `ZooKeeperModule` class
https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/ZooKeeperModule.java#L49
> 'zookeeper.sasl.disable' not takes effet when starting CuratorFramework
> ------------------------------------------------------------------------
>
> Key: FLINK-6117
> URL: https://issues.apache.org/jira/browse/FLINK-6117
> Project: Flink
> Issue Type: Bug
> Components: Client, JobManager
> Affects Versions: 1.2.0
> Environment: Ubuntu, non-secured
> Reporter: canbinzheng
> Labels: security
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> The value of 'zookeeper.sasl.disable' not used in the right way when starting
> CuratorFramework.
> Here are all the settings relevant to high-availability in my flink-conf.yaml:
> high-availability: zookeeper
> high-availability.zookeeper.quorum: localhost:2181
> high-availability.zookeeper.storageDir: hdfs:///flink/ha/
> Obviously, no explicit value is set for 'zookeeper.sasl.disable' so default
> value of 'true'(ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE) would be
> applied. But when FlinkYarnSessionCli & FlinkApplicationMasterRunner start,
> both logs show that they attempt connecting to zookeeper in 'SASL' mode.
> logs are like this:
> 2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper
> - Initiating client connection, connectString=localhost:2181
> sessionTimeout=60000
> watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8
> 2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper
> - Initiating client connection, connectString=localhost:2181
> sessionTimeout=60000
> watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8
> 2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn
> - SASL configuration failed:
> javax.security.auth.login.LoginException: No JAAS configuration section named
> 'Client' was found in specified JAAS configuration file:
> '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper
> server without SASL authentication, if Zookeeper server allows it.
> 2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn
> - SASL configuration failed:
> javax.security.auth.login.LoginException: No JAAS configuration section named
> 'Client' was found in specified JAAS configuration file:
> '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper
> server without SASL authentication, if Zookeeper server allows it.
> 2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn
> - Opening socket connection to server localhost/127.0.0.1:2181
> 2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn
> - Opening socket connection to server localhost/127.0.0.1:2181
> 2017-03-18 23:53:10,534 ERROR
> org.apache.flink.shaded.org.apache.curator.ConnectionState -
> Authentication failed
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
