ZooKeeper-trunk-solaris - Build # 1334 - Still Failing

2016-10-04 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper-trunk-solaris/1334/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 173 lines...]
[ivy:retrieve]  found antlr#antlr;2.7.7 in maven2
[ivy:retrieve]  found org.antlr#antlr4-runtime;4.5.1-1 in maven2
[ivy:retrieve]  found commons-beanutils#commons-beanutils;1.9.2 in maven2
[ivy:retrieve]  found commons-logging#commons-logging;1.1.1 in maven2
[ivy:retrieve]  found commons-cli#commons-cli;1.3.1 in maven2
[ivy:retrieve]  found com.google.guava#guava;18.0 in maven2
[ivy:retrieve]  found commons-collections#commons-collections;3.2.2 in maven2
[ivy:retrieve] :: resolution report :: resolve 1487ms :: artifacts dl 47ms
[ivy:retrieve]  :: evicted modules:
[ivy:retrieve]  commons-collections#commons-collections;3.2.1 by 
[commons-collections#commons-collections;3.2.2] in [test]
-
|  |modules||   artifacts   |
|   conf   | number| search|dwnlded|evicted|| number|dwnlded|
-
|   test   |   13  |   0   |   0   |   1   ||   12  |   0   |
-
[ivy:retrieve] :: retrieving :: org.apache.zookeeper#zookeeper
[ivy:retrieve]  confs: [test]
[ivy:retrieve]  12 artifacts copied, 0 already retrieved (7025kB/1898ms)

compile-test:
[mkdir] Created dir: 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/classes
[javac] Compiling 192 source files to 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/classes
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[javac] Compiling 11 source files to 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/classes

test-init:
[mkdir] Created dir: 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/logs
[mkdir] Created dir: 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/tmp
[mkdir] Created dir: 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/data
[mkdir] Created dir: 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/data/invalidsnap
 [copy] Copying 8 files to 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/data/invalidsnap
[mkdir] Created dir: 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/data/buffersize
 [copy] Copying 7 files to 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/data/buffersize
[mkdir] Created dir: 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/data/ssl
 [copy] Copying 3 files to 
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build/test/data/ssl

test-category:

junit-init:

junit.run-single:
 [echo] Running single JUnit process.  Upgrade to Ant 1.9.4 or later to run 
multiple JUnit processes.
[junit] Running org.apache.jute.BinaryInputArchiveTest
[junit] Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0 sec

BUILD FAILED
/zonestorage/hudson_solaris/home/hudson/hudson-slave/workspace/ZooKeeper-trunk-solaris/build.xml:1219:
 Process fork failed.

Total time: 1 minute 43 seconds
Build step 'Invoke Ant' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Recording test results
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any



###
## FAILED TESTS (if any) 
##
1 tests failed.
FAILED:  org.apache.jute.BinaryInputArchiveTest.unknown

Error Message:
Forked Java VM exited abnormally. Please note the time in the report does not 
reflect the time until the VM exit.

Stack Trace:
junit.framework.AssertionFailedError: Forked Java VM exited abnormally. Please 
note the time in the report does not reflect the time until the VM exit.

ZooKeeper_branch35_openjdk7 - Build # 251 - Still Failing

2016-10-04 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch35_openjdk7/251/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 474458 lines...]
[junit] 2016-10-04 10:13:29,234 [myid:] - WARN  [New I/O boss 
#66:ClientCnxnSocketNetty$ZKClientHandler@439] - Exception caught: [id: 
0x23c3fcf9] EXCEPTION: java.net.ConnectException: Connection refused: 
127.0.0.1/127.0.0.1:24687
[junit] java.net.ConnectException: Connection refused: 
127.0.0.1/127.0.0.1:24687
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:744)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.connect(NioClientBoss.java:152)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:105)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:79)
[junit] at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:42)
[junit] at 
org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
[junit] at 
org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
[junit] at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[junit] at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[junit] at java.lang.Thread.run(Thread.java:745)
[junit] 2016-10-04 10:13:29,234 [myid:] - INFO  [New I/O boss 
#66:ClientCnxnSocketNetty@208] - channel is told closing
[junit] 2016-10-04 10:13:29,235 [myid:127.0.0.1:24687] - INFO  
[main-SendThread(127.0.0.1:24687):ClientCnxn$SendThread@1231] - channel for 
sessionid 0x101219fc248 is lost, closing socket connection and attempting 
reconnect
[junit] 2016-10-04 10:13:29,380 [myid:127.0.0.1:24811] - INFO  
[main-SendThread(127.0.0.1:24811):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24811. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2016-10-04 10:13:29,381 [myid:] - INFO  [New I/O boss 
#9471:ClientCnxnSocketNetty$1@127] - future isn't success, cause: {}
[junit] java.net.ConnectException: Connection refused: 
127.0.0.1/127.0.0.1:24811
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:744)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.connect(NioClientBoss.java:152)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:105)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:79)
[junit] at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:42)
[junit] at 
org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
[junit] at 
org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
[junit] at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[junit] at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[junit] at java.lang.Thread.run(Thread.java:745)
[junit] 2016-10-04 10:13:29,382 [myid:] - WARN  [New I/O boss 
#9471:ClientCnxnSocketNetty$ZKClientHandler@439] - Exception caught: [id: 
0x822856bc] EXCEPTION: java.net.ConnectException: Connection refused: 
127.0.0.1/127.0.0.1:24811
[junit] java.net.ConnectException: Connection refused: 
127.0.0.1/127.0.0.1:24811
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:744)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.connect(NioClientBoss.java:152)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:105)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:79)
[junit] at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
[junit] at 
org.jboss.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:42)
[junit] at 
org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
[junit] at 
org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
[junit] at 
java.util.concurrent.ThreadPoolExecu

ZooKeeper_branch35_jdk8 - Build # 253 - Still Failing

2016-10-04 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch35_jdk8/253/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 484597 lines...]
[junit] 2016-10-04 12:39:03,218 [myid:127.0.0.1:24762] - INFO  
[main-SendThread(127.0.0.1:24762):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24762. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2016-10-04 12:39:03,218 [myid:127.0.0.1:24762] - INFO  
[main-SendThread(127.0.0.1:24762):ClientCnxn$SendThread@948] - Socket 
connection established, initiating session, client: /127.0.0.1:51609, server: 
127.0.0.1/127.0.0.1:24762
[junit] 2016-10-04 12:39:03,218 [myid:] - INFO  
[NIOServerCxnFactory.AcceptThread:/127.0.0.1:24762:NIOServerCnxnFactory$AcceptThread@296]
 - Accepted socket connection from /127.0.0.1:51609
[junit] 2016-10-04 12:39:03,219 [myid:] - WARN  
[NIOWorkerThread-27:NIOServerCnxn@369] - Exception causing close of session 
0x0: ZooKeeperServer not running
[junit] 2016-10-04 12:39:03,219 [myid:] - INFO  
[NIOWorkerThread-27:NIOServerCnxn@607] - Closed socket connection for client 
/127.0.0.1:51609 (no session established for client)
[junit] 2016-10-04 12:39:03,219 [myid:127.0.0.1:24762] - INFO  
[main-SendThread(127.0.0.1:24762):ClientCnxn$SendThread@1231] - Unable to read 
additional data from server sessionid 0x0, likely server has closed socket, 
closing socket connection and attempting reconnect
[junit] 2016-10-04 12:39:03,390 [myid:127.0.0.1:24738] - INFO  
[main-SendThread(127.0.0.1:24738):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24738. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2016-10-04 12:39:03,390 [myid:127.0.0.1:24738] - WARN  
[main-SendThread(127.0.0.1:24738):ClientCnxn$SendThread@1235] - Session 
0x201232b233f for server 127.0.0.1/127.0.0.1:24738, unexpected error, 
closing socket connection and attempting reconnect
[junit] java.net.ConnectException: Connection refused
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
[junit] at 
org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:357)
[junit] at 
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1214)
[junit] 2016-10-04 12:39:03,822 [myid:127.0.0.1:24735] - INFO  
[main-SendThread(127.0.0.1:24735):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24735. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2016-10-04 12:39:03,823 [myid:127.0.0.1:24735] - WARN  
[main-SendThread(127.0.0.1:24735):ClientCnxn$SendThread@1235] - Session 
0x101232b233f for server 127.0.0.1/127.0.0.1:24735, unexpected error, 
closing socket connection and attempting reconnect
[junit] java.net.ConnectException: Connection refused
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
[junit] at 
org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:357)
[junit] at 
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1214)
[junit] 2016-10-04 12:39:04,701 [myid:127.0.0.1:24741] - INFO  
[main-SendThread(127.0.0.1:24741):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24741. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2016-10-04 12:39:04,701 [myid:127.0.0.1:24741] - WARN  
[main-SendThread(127.0.0.1:24741):ClientCnxn$SendThread@1235] - Session 
0x301232b2400 for server 127.0.0.1/127.0.0.1:24741, unexpected error, 
closing socket connection and attempting reconnect
[junit] java.net.ConnectException: Connection refused
[junit] at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
[junit] at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
[junit] at 
org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:357)
[junit] at 
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1214)
[junit] 2016-10-04 12:39:04,876 [myid:127.0.0.1:24738] - INFO  
[main-SendThread(127.0.0.1:24738):ClientCnxn$SendThread@1113] - Opening socket 
connection to server 127.0.0.1/127.0.0.1:24738. Will not attempt to 
authenticate using SASL (unknown error)
[junit] 2016-10-04 12:39:04,876 [myid:127.0.0.1:24738] - WARN  
[main-SendThread(127.0.0.1:24738):ClientCnxn$SendThread@1235] - Session 
0x201232b233f for server 127.0.0.1/127.0.0.1:24738, unexpected error, 
closing socket connection and attempting reconnect
[junit] java.net.ConnectException: Connection refused
[junit]

[jira] [Created] (ZOOKEEPER-2606) SaslServerCallbackHandler#handleAuthorizeCallback() should log the exception

2016-10-04 Thread Ted Yu (JIRA) 
Ted Yu created ZOOKEEPER-2606:
-

 Summary: SaslServerCallbackHandler#handleAuthorizeCallback() 
should log the exception
 Key: ZOOKEEPER-2606
 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2606
 Project: ZooKeeper
  Issue Type: Bug
Reporter: Ted Yu
Assignee: Ted Yu


{code}
LOG.info("Setting authorizedID: " + userNameBuilder);
ac.setAuthorizedID(userNameBuilder.toString());
} catch (IOException e) {
LOG.error("Failed to set name based on Kerberos authentication 
rules.");
}
{code}
On one cluster, we saw the following:
{code}
2016-10-04 02:18:16,484 - ERROR 
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@137] - 
Failed to set name based on Kerberos authentication rules.
{code}
It would be helpful if the log contains information about the IOException.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

ZooKeeper_branch34_solaris - Build # 1314 - Still Failing

2016-10-04 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch34_solaris/1314/

###
## LAST 60 LINES OF THE CONSOLE 
###
Started by timer
[EnvInject] - Loading node environment variables.
Building remotely on solaris1 (Solaris) in workspace 
/export/home/hudson/hudson-slave/workspace/ZooKeeper_branch34_solaris
FATAL: java.io.IOException: Unexpected termination of the channel
hudson.remoting.RequestAbortedException: java.io.IOException: Unexpected 
termination of the channel
at hudson.remoting.Request.abort(Request.java:303)
at hudson.remoting.Channel.terminate(Channel.java:847)
at 
hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:92)
at ..remote call to solaris1(Native Method)
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
at hudson.remoting.Request.call(Request.java:172)
at hudson.remoting.Channel.call(Channel.java:780)
at hudson.FilePath.act(FilePath.java:1007)
at hudson.FilePath.act(FilePath.java:996)
at org.jenkinsci.plugins.gitclient.Git.getClient(Git.java:131)
at hudson.plugins.git.GitSCM.createClient(GitSCM.java:741)
at hudson.plugins.git.GitSCM.createClient(GitSCM.java:733)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1080)
at hudson.scm.SCM.checkout(SCM.java:485)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1269)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:604)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529)
at hudson.model.Run.execute(Run.java:1741)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Caused by: java.io.IOException: Unexpected termination of the channel
at 
hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:73)
Caused by: java.io.EOFException
at 
java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2328)
at 
java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2797)
at 
java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:802)
at java.io.ObjectInputStream.(ObjectInputStream.java:299)
at 
hudson.remoting.ObjectInputStreamEx.(ObjectInputStreamEx.java:48)
at 
hudson.remoting.AbstractSynchronousByteArrayCommandTransport.read(AbstractSynchronousByteArrayCommandTransport.java:34)
at 
hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:59)
ERROR: Step ?Publish JUnit test result report? failed: no workspace for 
ZooKeeper_branch34_solaris #1314
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any



###
## FAILED TESTS (if any) 
##
No tests ran.

[jira] [Updated] (ZOOKEEPER-2606) SaslServerCallbackHandler#handleAuthorizeCallback() should log the exception

2016-10-04 Thread Ted Yu (JIRA) 

 [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ted Yu updated ZOOKEEPER-2606:
--
Priority: Minor  (was: Major)

> SaslServerCallbackHandler#handleAuthorizeCallback() should log the exception
> 
>
> Key: ZOOKEEPER-2606
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2606
> Project: ZooKeeper
>  Issue Type: Bug
>Reporter: Ted Yu
>Assignee: Ted Yu
>Priority: Minor
>
> {code}
> LOG.info("Setting authorizedID: " + userNameBuilder);
> ac.setAuthorizedID(userNameBuilder.toString());
> } catch (IOException e) {
> LOG.error("Failed to set name based on Kerberos authentication 
> rules.");
> }
> {code}
> On one cluster, we saw the following:
> {code}
> 2016-10-04 02:18:16,484 - ERROR 
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@137] - 
> Failed to set name based on Kerberos authentication rules.
> {code}
> It would be helpful if the log contains information about the IOException.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

RE: ZooKeeper ping requests Unnecessarily go though request processor chain

2016-10-04 Thread Mohammad arshad 
Thanks Vitalii, Benjamin Reed for the response
Makes sense to me. Got it, ping request is used not only for keeping the 
session alive but also for testing the request processing flow. Therefore the 
current processing flow for the ping is required.

Just for Information:
>> I am not sure why do you want to skip testing part of the flow? Does it 
>> incur high load?
In a performance test, I observed that when ZooKeeper servers are under high 
load, clients throw ConnectionLossException. Client log indicates that ping 
request is not processed in 2/3 of the session time out and causing the client 
time out. For detail please refer ZOOKEEPER-2570

Thanks
-Arshad
-Original Message-
From: Benjamin Reed [mailto:br...@apache.org] 
Sent: 04 October 2016 10:23
To: DevZooKeeper
Subject: Re: ZooKeeper ping requests Unnecessarily go though request processor 
chain

yes, vitalii is correct. the ping is a mutual test of health, so we want it to 
go through the full pipeline.

On Mon, Oct 3, 2016 at 5:26 AM, Vitalii Tymchyshyn  wrote:

> Hi.
>
> I think this would break ordering guarantie, would not it?
> Also ping is supposed to test health and I am not sure why do you want 
> to skip testing part of the flow? Does it incur high load?
> What would happen if disk would stall for a minute?
>
> Best regards, Vitalii Tymchyshyn
>
> Пн, 3 жовт. 2016 05:11 користувач Mohammad arshad < 
> mohammad.ars...@huawei.com> пише:
>
> > Hi All
> > ZooKeeper clients send ping request(heartbeat) to ZooKeeper server 
> > to
> keep
> > its session alive. These ping requests do nothing but touch its 
> > session
> on
> > the server.
> >
> > If client is connected to a follower then the ping request is 
> > processed
> in
> > sequence of ServerCnxn --> ZooKeeperServer --> 
> > FollowerRequestProcessor
> -->
> > CommitProcessor --> FinalRequestProcessor. The ping request will 
> > wait in CommitProcessor for previous request completion. This wait 
> > for ping
> request
> > is unnecessary. I think it offers no benefit.
> >
> > is ping request doing more than touching its session? I think it is 
> > only touching its session, not doing anything else.
> > If this is the case we should process the ping request differently 
> > from the other requests. It should be  treated as system request and 
> > should be processed with higher priority. May be we can process in 
> > the sequence of ServerCnxn --> ZooKeeperServer --> 
> > PingRequestProcessor
> >
> > Any thought?
> >
> > Thanks
> > -Arshad
> >
> >
>

[jira] [Updated] (ZOOKEEPER-2606) SaslServerCallbackHandler#handleAuthorizeCallback() should log the exception

2016-10-04 Thread Ted Yu (JIRA) 

 [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ted Yu updated ZOOKEEPER-2606:
--
Attachment: ZOOKEEPER-2606.v1.patch

> SaslServerCallbackHandler#handleAuthorizeCallback() should log the exception
> 
>
> Key: ZOOKEEPER-2606
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2606
> Project: ZooKeeper
>  Issue Type: Bug
>Reporter: Ted Yu
>Assignee: Ted Yu
>Priority: Minor
> Attachments: ZOOKEEPER-2606.v1.patch
>
>
> {code}
> LOG.info("Setting authorizedID: " + userNameBuilder);
> ac.setAuthorizedID(userNameBuilder.toString());
> } catch (IOException e) {
> LOG.error("Failed to set name based on Kerberos authentication 
> rules.");
> }
> {code}
> On one cluster, we saw the following:
> {code}
> 2016-10-04 02:18:16,484 - ERROR 
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@137] - 
> Failed to set name based on Kerberos authentication rules.
> {code}
> It would be helpful if the log contains information about the IOException.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: Feature Proposal: Embedded (non network stack) connection option for embedded Zookeeper

2016-10-04 Thread Matthias Amberg 
Hi Enrico,

I set up a github repo with just the 'embedded' connection classes.
They unfortunately are from an older (3.4.6) release and would some clean
up to fit into the current dev branch of Zookeeper.

However feel free to have a look. Unfortunately there is a lot of code in
there (just like in the other implementations of that version, that aren't
directly related to
the connection (which later got cleaned up in ZK and would need clean up on
my side too.)

The biggest changes are in the ServerCnxn class starting here:
https://github.com/matthiasamberg/ZookeeperEmbeddedConnection/blob/master/org/apache/zookeeper/server/EmbeddedServerCnxn.java#L416

The gist of it is:
EmbeddedClientCnxnSocket and EmbeddedServerCnxn get instatiated together
when an (internal) client tries to connect. It finds the
EmbeddedServerCnxnFactory via a singleton instance of that class.
The ByteBuffers that normally get sent over the network simply end up in a
pair of Piped Input/Output streams that are shared between ClientCnxnSocket
and ServerCnxn, that's already it. Everything around it just got adapted
to fit into the ZK architecture.

I happily port this to a current version of ZK if you (and/or others) think
this implementation approach would actually get patched into ZK, but it
would be great to hear from you guys whether it is worthwile for me to port
this to the newest version first.

Best regards,

Matthias Amberg
Developer
Office: ++41 511 11 64

unblu inc. - Kernserstrasse 17 - 6060 Sarnen - Switzerland

unblu makes websites personal   http://www.unblu.com

Please consider the environment before printing this email.

This e-mail contains including its attachments confidential protected
information by law. If you are not the intended recipient, please contact
the sender and delete this message. Any unauthorised copying of this
message or unauthorised distribution of the information contained herein is
prohibited.

Diese E-Mail einschließlich Ihrer Anhänge enthält vertrauliche rechtlich
geschützte Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das
unbefugte Kopieren oder die unbefugte Weitergabe der enthaltenen
Informationen ist nicht gestattet.

On 30 September 2016 at 14:30, Enrico Olivelli  wrote:

> Matthias,
> I am sorry I so not have time to pack a good patch these days.
> If you already have some working code maybe you can create a PR on GitHub
> so that the community can review and comment about it.
>
> My actual idea is to make all Netty-aware classes extensible in order to
> support "local" transport.
> In 3.5 branch Netty is fully supported for both client and server sides of
> the connection
>
> On BookKeeper I have already implemented such a feature
> https://issues.apache.org/jira/browse/BOOKKEEPER-896
> https://github.com/apache/bookkeeper/pull/20
>
> Regards
> Enrico
>
>
>
> Il ven 30 set 2016, 14:14 Matthias Amberg  ha
> scritto:
>
> > Hi Enrico,
> >
> > thanks for your response, sorry for the late reply.
> > Would you mind sharing some details of your upcoming implementation, do
> you
> > think it will cover our use case of using it for an embedded Zookeeper
> > instance for a production system?
> > If yes, we'll continue to use our own implementation until this becomes
> > available in Zookeeper, do you have an ETA?
> >
> > Best regards,
> >
> > Matthias
> >
> >
> > Matthias Amberg
> > Developer
> > Office: ++41 511 11 64
> >
> > unblu inc. - Kernserstrasse 17 - 6060 Sarnen - Switzerland
> >
> > unblu makes websites personal   http://www.unblu.com
> >
> > Please consider the environment before printing this email.
> >
> > This e-mail contains including its attachments confidential protected
> > information by law. If you are not the intended recipient, please contact
> > the sender and delete this message. Any unauthorised copying of this
> > message or unauthorised distribution of the information contained herein
> is
> > prohibited.
> >
> > Diese E-Mail einschließlich Ihrer Anhänge enthält vertrauliche rechtlich
> > geschützte Informationen. Wenn Sie nicht der beabsichtigte Empfänger
> sind,
> > informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
> Das
> > unbefugte Kopieren oder die unbefugte Weitergabe der enthaltenen
> > Informationen ist nicht gestattet.
> >
> > On 27 September 2016 at 12:40, Enrico Olivelli 
> > wrote:
> >
> > > Hi Matthias,
> > > I am working on a proposal on this topic. My idea is to use local netty
> > > features.
> > > I will share some code.
> > > Beware that this usage of zookeeper is to be adopted only if needed. My
> > > case is for instance to run unit tests without a real network.
> > > Maybe you should consider to abstract your zookkeper access layer
> > >
> > > Enrico
> > >
> > > Il mar 27 set 2016, 11:07 Matthias Amberg 
> ha
> > > scritto:
> > >
> > > > Dear Zookeeper developers,
> > > >
> > > > I have a feature request for allowing an embedded Zookeeper b

[jira] [Commented] (ZOOKEEPER-1525) Plumb ZooKeeperServer object into auth plugins

2016-10-04 Thread Jordan Zimmerman (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15545521#comment-15545521
 ] 

Jordan Zimmerman commented on ZOOKEEPER-1525:
-

This patch no longer applies for me. Is this still viable? I need this 
functionality. If this is patch is no longer maintained I'm happy to update it.

> Plumb ZooKeeperServer object into auth plugins
> --
>
> Key: ZOOKEEPER-1525
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1525
> Project: ZooKeeper
>  Issue Type: Improvement
>Affects Versions: 3.5.0
>Reporter: Warren Turkal
>Assignee: Tim Crowder
> Fix For: 3.5.3, 3.6.0
>
> Attachments: ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch
>
>
> I want to plumb the ZooKeeperServer object into the auth plugins so that I 
> can store authentication data in zookeeper itself. With access to the 
> ZooKeeperServer object, I also have access to the ZKDatabase and can look up 
> entries in the local copy of the zookeeper data.
> In order to implement this, I make sure that a ZooKeeperServer instance is 
> passed in to the ProviderRegistry.initialize() method. Then initialize() will 
> try to find a constructor for the AuthenticationProvider that takes a 
> ZooKeeperServer instance. If the constructor is found, it will be used. 
> Otherwise, initialize() will look for a constructor that takes no arguments 
> and use that instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (ZOOKEEPER-1525) Plumb ZooKeeperServer object into auth plugins

2016-10-04 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15545543#comment-15545543
 ] 

Hadoop QA commented on ZOOKEEPER-1525:
--

-1 overall.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12771231/ZOOKEEPER-1525.patch
  against trunk revision ec20c5434cc8a334b3fd25e27d26dccf4793c8f3.

+1 @author.  The patch does not contain any @author tags.

+1 tests included.  The patch appears to include 3 new or modified tests.

-1 patch.  The patch command could not apply the patch.

Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3463//console

This message is automatically generated.

> Plumb ZooKeeperServer object into auth plugins
> --
>
> Key: ZOOKEEPER-1525
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1525
> Project: ZooKeeper
>  Issue Type: Improvement
>Affects Versions: 3.5.0
>Reporter: Warren Turkal
>Assignee: Tim Crowder
> Fix For: 3.5.3, 3.6.0
>
> Attachments: ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch
>
>
> I want to plumb the ZooKeeperServer object into the auth plugins so that I 
> can store authentication data in zookeeper itself. With access to the 
> ZooKeeperServer object, I also have access to the ZKDatabase and can look up 
> entries in the local copy of the zookeeper data.
> In order to implement this, I make sure that a ZooKeeperServer instance is 
> passed in to the ProviderRegistry.initialize() method. Then initialize() will 
> try to find a constructor for the AuthenticationProvider that takes a 
> ZooKeeperServer instance. If the constructor is found, it will be used. 
> Otherwise, initialize() will look for a constructor that takes no arguments 
> and use that instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Failed: ZOOKEEPER-1525 PreCommit Build #3463

2016-10-04 Thread Apache Jenkins Server 
Jira: https://issues.apache.org/jira/browse/ZOOKEEPER-1525
Build: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3463/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 119 lines...]
 [exec] PATCH APPLICATION FAILED
 [exec] 
 [exec] 
 [exec] 
 [exec] 
 [exec] -1 overall.  Here are the results of testing the latest attachment 
 [exec]   
http://issues.apache.org/jira/secure/attachment/12771231/ZOOKEEPER-1525.patch
 [exec]   against trunk revision ec20c5434cc8a334b3fd25e27d26dccf4793c8f3.
 [exec] 
 [exec] +1 @author.  The patch does not contain any @author tags.
 [exec] 
 [exec] +1 tests included.  The patch appears to include 3 new or 
modified tests.
 [exec] 
 [exec] -1 patch.  The patch command could not apply the patch.
 [exec] 
 [exec] Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3463//console
 [exec] 
 [exec] This message is automatically generated.
 [exec] 
 [exec] 
 [exec] 
==
 [exec] 
==
 [exec] Adding comment to Jira.
 [exec] 
==
 [exec] 
==
 [exec] 
 [exec] 
 [exec] Comment added.
 [exec] 6822f7d0008440e80b756271b923e565eb85d53c logged out
 [exec] 
 [exec] 
 [exec] 
==
 [exec] 
==
 [exec] Finished build.
 [exec] 
==
 [exec] 
==
 [exec] 
 [exec] 
 [exec] mv: 
'/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-Build/patchprocess' 
and 
'/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-Build/patchprocess' 
are the same file

BUILD FAILED
/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-Build/build.xml:1605: 
exec returned: 1

Total time: 46 seconds
Build step 'Execute shell' marked build as failure
Archiving artifacts
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Recording test results
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
ERROR: Step ?Publish JUnit test result report? failed: No test report files 
were found. Configuration error?
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
[description-setter] Description set: ZOOKEEPER-1525
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7



###
## FAILED TESTS (if any) 
##
No tests ran.

RE: ZooKeeper clients does not handle new error codes properly

2016-10-04 Thread Mohammad arshad 
Thanks Benjamin Reed,
Client protocol version is 0, it is not changed. Also there is no logic 
executed at the server side based on the client protocol version. Increasing 
the client protocol version and converting the errors at server may be the 
ideal and more precise solution but to handle it in a generic way can we 
convert the unknown error to KeeperException.SystemErrorException at client 
side? Do you foresee any problem in this solution? 

Thanks
-Arshad


-Original Message-
From: Benjamin Reed [mailto:br...@apache.org] 
Sent: 04 October 2016 10:27
To: u...@zookeeper.apache.org
Cc: DevZooKeeper
Subject: Re: ZooKeeper clients does not handle new error codes properly

did we bump the protocol version when we added the new errors? the server could 
do the conversion when it responds to older clients.

On Mon, Oct 3, 2016 at 3:05 AM, Flavio Junqueira  wrote:

> Hi Arshad,
>
> It makes sense to me. What if we convert unknown server errors to 
> KeeperException.SystemErrorException? This is a generic error and it 
> extends KeeperException.
>
> I don't see it as a big issue to make this change, but others may feel 
> differently. If we do it, then we will need a release note pointing 
> out the change of behavior.
>
> -Flavio
>
> > On 03 Oct 2016, at 08:54, Mohammad arshad 
> > 
> wrote:
> >
> > Hi All,
> > In Zookeeper rolling upgrade scenario where server is new but client 
> > is
> old, when sever sends error code which is not understood by a client, 
> client throws IllegalArgumentException. Generally 
> IllegalArgumentException is not handled by any of the ZK applications. 
> It is too generic. How to handle this scenario in ZK applications?
> > My understanding is instead of throwing IllegalArgumentException we
> should throw a subclass of KeeperException, for example 
> InvalidErrorCodeException, so that zk apps can take more specific action.
> > Any thoughts?
> >
> > Thanks
> > -Arshad
> >
>
>

[GitHub] zookeeper pull request #84: [ZOOKEEPER-1525] Plumb ZooKeeperServer object in...

2016-10-04 Thread Randgalt 
GitHub user Randgalt opened a pull request:

https://github.com/apache/zookeeper/pull/84

[ZOOKEEPER-1525] Plumb ZooKeeperServer object into auth plugins

Based on patch work from 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525

Created ServerAuthenticationProvider which has a method to accept the 
ZooKeeper
server so that auth can be done using values in the ZK database. As this is 
a new
interface, existing implementations aren't affected helping backward 
compatibility

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/Randgalt/zookeeper ZOOKEEPER-1525

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zookeeper/pull/84.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #84


commit 4de95483cb624217e2f3cd63872e23d60f28749b
Author: randgalt 
Date:   2016-10-04T15:23:30Z

Based on patch work from 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525

Created ServerAuthenticationProvider which has a method to accept the 
ZooKeeper
server so that auth can be done using values in the ZK database. As this is 
a new
interface, existing implementations aren't affected helping backward 
compatibility




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (ZOOKEEPER-1525) Plumb ZooKeeperServer object into auth plugins

2016-10-04 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15545650#comment-15545650
 ] 

ASF GitHub Bot commented on ZOOKEEPER-1525:
---

GitHub user Randgalt opened a pull request:

https://github.com/apache/zookeeper/pull/84

[ZOOKEEPER-1525] Plumb ZooKeeperServer object into auth plugins

Based on patch work from 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525

Created ServerAuthenticationProvider which has a method to accept the 
ZooKeeper
server so that auth can be done using values in the ZK database. As this is 
a new
interface, existing implementations aren't affected helping backward 
compatibility

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/Randgalt/zookeeper ZOOKEEPER-1525

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zookeeper/pull/84.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #84


commit 4de95483cb624217e2f3cd63872e23d60f28749b
Author: randgalt 
Date:   2016-10-04T15:23:30Z

Based on patch work from 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525

Created ServerAuthenticationProvider which has a method to accept the 
ZooKeeper
server so that auth can be done using values in the ZK database. As this is 
a new
interface, existing implementations aren't affected helping backward 
compatibility




> Plumb ZooKeeperServer object into auth plugins
> --
>
> Key: ZOOKEEPER-1525
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1525
> Project: ZooKeeper
>  Issue Type: Improvement
>Affects Versions: 3.5.0
>Reporter: Warren Turkal
>Assignee: Tim Crowder
> Fix For: 3.5.3, 3.6.0
>
> Attachments: ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch
>
>
> I want to plumb the ZooKeeperServer object into the auth plugins so that I 
> can store authentication data in zookeeper itself. With access to the 
> ZooKeeperServer object, I also have access to the ZKDatabase and can look up 
> entries in the local copy of the zookeeper data.
> In order to implement this, I make sure that a ZooKeeperServer instance is 
> passed in to the ProviderRegistry.initialize() method. Then initialize() will 
> try to find a constructor for the AuthenticationProvider that takes a 
> ZooKeeperServer instance. If the constructor is found, it will be used. 
> Otherwise, initialize() will look for a constructor that takes no arguments 
> and use that instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (ZOOKEEPER-1525) Plumb ZooKeeperServer object into auth plugins

2016-10-04 Thread Jordan Zimmerman (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15545855#comment-15545855
 ] 

Jordan Zimmerman commented on ZOOKEEPER-1525:
-

My PR is essentially the same as the OP's patch but a bit more backward 
compatible.

> Plumb ZooKeeperServer object into auth plugins
> --
>
> Key: ZOOKEEPER-1525
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1525
> Project: ZooKeeper
>  Issue Type: Improvement
>Affects Versions: 3.5.0
>Reporter: Warren Turkal
>Assignee: Tim Crowder
> Fix For: 3.5.3, 3.6.0
>
> Attachments: ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch, 
> ZOOKEEPER-1525.patch, ZOOKEEPER-1525.patch
>
>
> I want to plumb the ZooKeeperServer object into the auth plugins so that I 
> can store authentication data in zookeeper itself. With access to the 
> ZooKeeperServer object, I also have access to the ZKDatabase and can look up 
> entries in the local copy of the zookeeper data.
> In order to implement this, I make sure that a ZooKeeperServer instance is 
> passed in to the ProviderRegistry.initialize() method. Then initialize() will 
> try to find a constructor for the AuthenticationProvider that takes a 
> ZooKeeperServer instance. If the constructor is found, it will be used. 
> Otherwise, initialize() will look for a constructor that takes no arguments 
> and use that instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

ZooKeeper_branch35_solaris - Build # 271 - Still Failing

2016-10-04 Thread Apache Jenkins Server 
See https://builds.apache.org/job/ZooKeeper_branch35_solaris/271/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 445009 lines...]
[junit] at 
com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:623)
[junit] at 
com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java:244)
[junit] at 
org.apache.zookeeper.server.ZooKeeperSaslServer.evaluateResponse(ZooKeeperSaslServer.java:165)
[junit] at 
org.apache.zookeeper.server.ZooKeeperServer.processSasl(ZooKeeperServer.java:1103)
[junit] at 
org.apache.zookeeper.server.ZooKeeperServer.processPacket(ZooKeeperServer.java:1073)
[junit] at 
org.apache.zookeeper.server.NIOServerCnxn.readRequest(NIOServerCnxn.java:379)
[junit] at 
org.apache.zookeeper.server.NIOServerCnxn.readPayload(NIOServerCnxn.java:180)
[junit] at 
org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:338)
[junit] at 
org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:530)
[junit] at 
org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:162)
[junit] at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[junit] at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[junit] at java.lang.Thread.run(Thread.java:745)
[junit] 2016-10-04 17:24:48,166 [myid:] - WARN  
[NIOWorkerThread-6:ZooKeeperServer@1115] - Maintaining client connection 
despite SASL authentication failure.
[junit] 2016-10-04 17:24:48,167 [myid:127.0.0.1:11222] - ERROR 
[main-SendThread(127.0.0.1:11222):ZooKeeperSaslClient@363] - SASL 
authentication failed using login context 'Client'.
[junit] 2016-10-04 17:24:48,169 [myid:] - WARN  
[NIOWorkerThread-9:NIOServerCnxn@365] - Unable to read additional data from 
client sessionid 0x1240db4f1b3, likely client has closed socket
[junit] 2016-10-04 17:24:48,169 [myid:] - INFO  
[NIOWorkerThread-9:MBeanRegistry@128] - Unregister MBean 
[org.apache.ZooKeeperService:name0=StandaloneServer_port11222,name1=Connections,name2=127.0.0.1,name3=0x1240db4f1b3]
[junit] 2016-10-04 17:24:48,170 [myid:] - INFO  
[NIOWorkerThread-9:NIOServerCnxn@607] - Closed socket connection for client 
/127.0.0.1:46638 which had sessionid 0x1240db4f1b3
[junit] 2016-10-04 17:24:48,342 [myid:] - INFO  [main:SaslAuthFailTest@71] 
- Got exception as expected: 
org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = 
AuthFailed for /path1
[junit] 2016-10-04 17:24:48,342 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@82] - Memory used 13681
[junit] 2016-10-04 17:24:48,342 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@87] - Number of threads 29
[junit] 2016-10-04 17:24:48,342 [myid:] - INFO  
[main:JUnit4ZKTestRunner$LoggedInvokeMethod@102] - FINISHED TEST METHOD 
testAuthFail
[junit] 2016-10-04 17:24:48,342 [myid:] - INFO  [main:ClientBase@543] - 
tearDown starting
[junit] 2016-10-04 17:24:48,343 [myid:] - INFO  [main:ClientBase@513] - 
STOPPING server
[junit] 2016-10-04 17:24:48,345 [myid:] - INFO  [ProcessThread(sid:0 
cport:11222)::PrepRequestProcessor@841] - Got user-level KeeperException when 
processing sessionid:0x1240db4f1b3 type:create cxid:0x3 zxid:0x2 txntype:-1 
reqpath:n/a Error Path:/path1 Error:KeeperErrorCode = InvalidACL for /path1
[junit] 2016-10-04 17:24:48,378 [myid:] - INFO  
[NIOServerCxnFactory.AcceptThread:0.0.0.0/0.0.0.0:11222:NIOServerCnxnFactory$AcceptThread@219]
 - accept thread exitted run method
[junit] 2016-10-04 17:24:48,435 [myid:] - INFO  
[ConnnectionExpirer:NIOServerCnxnFactory$ConnectionExpirerThread@583] - 
ConnnectionExpirerThread interrupted
[junit] 2016-10-04 17:24:48,435 [myid:] - INFO  
[NIOServerCxnFactory.SelectorThread-1:NIOServerCnxnFactory$SelectorThread@420] 
- selector thread exitted run method
[junit] 2016-10-04 17:24:48,436 [myid:] - INFO  
[NIOServerCxnFactory.SelectorThread-0:NIOServerCnxnFactory$SelectorThread@420] 
- selector thread exitted run method
[junit] 2016-10-04 17:24:48,436 [myid:] - INFO  [main:ZooKeeperServer@529] 
- shutting down
[junit] 2016-10-04 17:24:48,437 [myid:] - ERROR [main:ZooKeeperServer@501] 
- ZKShutdownHandler is not registered, so ZooKeeper server won't take any 
action on ERROR or SHUTDOWN server state changes
[junit] 2016-10-04 17:24:48,437 [myid:] - INFO  
[main:SessionTrackerImpl@232] - Shutting down
[junit] 2016-10-04 17:24:48,437 [myid:] - INFO  
[main:PrepRequestProcessor@965] - Shutting down
[junit] 2016-10-04 17:24:48,437 [myid:] - INFO  
[main:SyncRequestProcessor@191] - Shutting down
[junit] 2016-10-04 17:24:48,437 [myid:] - INFO  [ProcessThread

Re: ZooKeeper clients does not handle new error codes properly

2016-10-04 Thread Michael Han 
Hi Arshad,

I am curious where the IllegalArgumentException was thrown in code in your
use case - I am asking because I spotted that in KeeperException.create, we
have a default fall through [1] that throws IllegalArgumentException, and
if this is not the place where you observed the IllegalArgumentException in
your upgrade use case, then we may also need think to change the default
fall through here from throwing IllegalArgumentException to return
something like SystemErrorException, because it seems possible that unknown
/ not mapped error codes can be passed to KeeperException.create that will
lead to IllegalArgumentException that client can't handle well?

[1] https://github.com/apache/zookeeper/blob/master/src/
java/main/org/apache/zookeeper/KeeperException.java#L144

On Tue, Oct 4, 2016 at 8:21 AM, Mohammad arshad 
wrote:

> Thanks Benjamin Reed,
> Client protocol version is 0, it is not changed. Also there is no logic
> executed at the server side based on the client protocol version.
> Increasing the client protocol version and converting the errors at server
> may be the ideal and more precise solution but to handle it in a generic
> way can we convert the unknown error to KeeperException.SystemErrorException
> at client side? Do you foresee any problem in this solution?
>
> Thanks
> -Arshad
>
>
> -Original Message-
> From: Benjamin Reed [mailto:br...@apache.org]
> Sent: 04 October 2016 10:27
> To: u...@zookeeper.apache.org
> Cc: DevZooKeeper
> Subject: Re: ZooKeeper clients does not handle new error codes properly
>
> did we bump the protocol version when we added the new errors? the server
> could do the conversion when it responds to older clients.
>
> On Mon, Oct 3, 2016 at 3:05 AM, Flavio Junqueira  wrote:
>
> > Hi Arshad,
> >
> > It makes sense to me. What if we convert unknown server errors to
> > KeeperException.SystemErrorException? This is a generic error and it
> > extends KeeperException.
> >
> > I don't see it as a big issue to make this change, but others may feel
> > differently. If we do it, then we will need a release note pointing
> > out the change of behavior.
> >
> > -Flavio
> >
> > > On 03 Oct 2016, at 08:54, Mohammad arshad
> > > 
> > wrote:
> > >
> > > Hi All,
> > > In Zookeeper rolling upgrade scenario where server is new but client
> > > is
> > old, when sever sends error code which is not understood by a client,
> > client throws IllegalArgumentException. Generally
> > IllegalArgumentException is not handled by any of the ZK applications.
> > It is too generic. How to handle this scenario in ZK applications?
> > > My understanding is instead of throwing IllegalArgumentException we
> > should throw a subclass of KeeperException, for example
> > InvalidErrorCodeException, so that zk apps can take more specific action.
> > > Any thoughts?
> > >
> > > Thanks
> > > -Arshad
> > >
> >
> >
>



-- 
Cheers
Michael.

Re: [VOTE] move Apache Zookeeper to git

2016-10-04 Thread Michael Han 
Hi,

Now we've moved to git, what is the policy for uploading patches and doing
code reviews? I am asking because I've seen recently there are git pull
requests coming in without associated patch file uploaded to JIRA. I've
checked
https://cwiki.apache.org/confluence/display/ZOOKEEPER/HowToContribute,
looks like there is not much change regarding patch process - so presumably
we still need to generate and upload patch file to JIRA for the record,
while using github (maybe in addition of review board, or in the future
with gerrit) to do code reviews?


On Wed, Sep 21, 2016 at 6:05 AM, Edward Ribeiro 
wrote:

> Cool, just open https://issues.apache.org/jira/browse/ZOOKEEPER-2597
>
> PS: I removed the REPO_HOME global variable.
>
> On Wed, Sep 21, 2016 at 6:53 AM, Flavio Junqueira  wrote:
>
> > Better to have that in the form of a pull request or diff.
> >
> > REPO_HOME does seem to be unused.
> >
> > -Flavio
> >
> > > On 20 Sep 2016, at 18:57, Edward Ribeiro 
> > wrote:
> > >
> > > Hey, I have started porting the kafka-merge.py to work on ZK repos. I
> > would
> > > need someone to review it and help me test it now.
> > >
> > > The files were uploaded below, but I will create a github repo yet
> today.
> > >
> > > https://www.dropbox.com/sh/od8bet2574jttm3/
> > AADv1DXTb8vfyVCmelFbYCEha?dl=0
> > >
> > > I uploaded the kafka version script so that you can use diff or Meld to
> > > spot my changes, but feel free to grasp the original file here:
> > > https://github.com/apache/kafka/blob/trunk/kafka-merge-pr.py
> > >
> > > PS: It's just me or REPO_HOME env variable is not used anywhere in the
> > > merge script???
> > >
> > > Cheers,
> > > Eddie
> > >
> > > On Tue, Sep 20, 2016 at 12:19 PM, Patrick Hunt 
> wrote:
> > >
> > >> On Mon, Sep 19, 2016 at 4:11 PM, Benjamin Reed 
> > wrote:
> > >>
> > >>> what you are suggesting sounds good, but i don't know how to do it?
> > since
> > >>> in the end we are still just accepting diffs on patches, the only
> thing
> > >>> that changes is that we use svn rather than git right?
> > >>>
> > >>>
> > >> Notice the workflow Kafka uses - which includes "git apply" and
> > specifying
> > >> the author tag when committers commit (so that the OP gets proper
> > >> attribution in the commit itself)
> > >>
> > >> https://cwiki.apache.org/confluence/display/KAFKA/
> > Manual+Commit+Workflow
> > >>
> > >> Patrick
> > >>
> > >>
> > >>
> > >>> i LOVE chris's idea! lets do it!
> > >>>
> > >>> ben
> > >>>
> > >>> On Sun, Sep 18, 2016 at 3:22 PM, Patrick Hunt 
> > wrote:
> > >>>
> >  Ben, do you also want to update the "Applying a patch" section to
> make
> > >> it
> >  git specific?
> > 
> >  We (committers) should move to a model where authors get proper
> credit
> > >> in
> >  git. Our old workflow in svn resulted in only the committer being
> > >> listed
> >  (except that we listed the patch author in the commit message). We
> > >> should
> >  move to a model where the author of the patch gets proper credit in
> > >> git.
> > >>> I
> >  believe we will get that if we use git for patch
> creation/application?
> > 
> >  Chris brought up getting rid of CHANGES.txt recently on the dev list
> > >> in a
> >  separate thread - Chris do you want to implement that change now
> that
> > >>> we've
> >  moved to git?
> > 
> >  Patrick
> > 
> >  On Wed, Sep 14, 2016 at 9:01 PM, Benjamin Reed 
> > >> wrote:
> > 
> > >> 1) actually in the previous step that was just adding new files.
> you
> > >> still
> > >>> need the commit -a for the rest of the changes. that's my normal
> > >> workflow.
> > >>
> > >> I think that will be confusing for most folks. They typically
> stage
> > >> all the changes and then commit or don't stage and use -a.
> > >>
> > >
> > > do you mind fixing it with your workflow. commit -a doesn't get new
> > > files, which is why you need to do the add, but i'm not the most
> > > sophisticated git user, so
> > >
> > >
> > >>
> > >>> 2) i figured since we are using git now that we should use git's
> > >> default.
> > >>> the patch should work (by default it seems to strip the first
> path
> > >> element).
> > >>> does it not work for you?
> > >>>
> > >>
> > >> It will fail precommit in it's current state.
> > >>
> > >
> > > fixed
> > >
> > 
> > 
> > >>>
> > >>
> >
> >
>



-- 
Cheers
Michael.

Re: ZooKeeper clients does not handle new error codes properly

2016-10-04 Thread Flavio Junqueira 
Yeah, unfortunately, I don't think we make use of the protocol version in 
ConnectRequest and Response. When we instantiate ConnectRequest in ClientCnxn, 
we simply set it to zero. 

-Flavio

> On 04 Oct 2016, at 16:21, Mohammad arshad  wrote:
> 
> Thanks Benjamin Reed,
> Client protocol version is 0, it is not changed. Also there is no logic 
> executed at the server side based on the client protocol version. Increasing 
> the client protocol version and converting the errors at server may be the 
> ideal and more precise solution but to handle it in a generic way can we 
> convert the unknown error to KeeperException.SystemErrorException at client 
> side? Do you foresee any problem in this solution? 
> 
> Thanks
> -Arshad
> 
> 
> -Original Message-
> From: Benjamin Reed [mailto:br...@apache.org] 
> Sent: 04 October 2016 10:27
> To: u...@zookeeper.apache.org
> Cc: DevZooKeeper
> Subject: Re: ZooKeeper clients does not handle new error codes properly
> 
> did we bump the protocol version when we added the new errors? the server 
> could do the conversion when it responds to older clients.
> 
> On Mon, Oct 3, 2016 at 3:05 AM, Flavio Junqueira  wrote:
> 
>> Hi Arshad,
>> 
>> It makes sense to me. What if we convert unknown server errors to 
>> KeeperException.SystemErrorException? This is a generic error and it 
>> extends KeeperException.
>> 
>> I don't see it as a big issue to make this change, but others may feel 
>> differently. If we do it, then we will need a release note pointing 
>> out the change of behavior.
>> 
>> -Flavio
>> 
>>> On 03 Oct 2016, at 08:54, Mohammad arshad 
>>> 
>> wrote:
>>> 
>>> Hi All,
>>> In Zookeeper rolling upgrade scenario where server is new but client 
>>> is
>> old, when sever sends error code which is not understood by a client, 
>> client throws IllegalArgumentException. Generally 
>> IllegalArgumentException is not handled by any of the ZK applications. 
>> It is too generic. How to handle this scenario in ZK applications?
>>> My understanding is instead of throwing IllegalArgumentException we
>> should throw a subclass of KeeperException, for example 
>> InvalidErrorCodeException, so that zk apps can take more specific action.
>>> Any thoughts?
>>> 
>>> Thanks
>>> -Arshad
>>> 
>> 
>>

Re: [VOTE] move Apache Zookeeper to git

2016-10-04 Thread Flavio Junqueira 
Until ZOOKEEPER-2597  is 
fixed, we can't merge via github.

For code reviews, we can use GH as long as the opening/closing/commenting all 
get sent to the mailing list or recorded in jira. I don't think we have that 
yet, but it is possible according to this:

https://blogs.apache.org/infra/entry/improved_integration_between_apache_and 


For now, we do need to upload patches and converge using jira.

I think Eddie has been looking at this process trying to replicate the Kafka 
setup, so perhaps he can give an update if I'm right. Kafka doesn't send every 
comment to the mailing list, though, but I'm not sure if that's acceptable 
according to the ASF, I need to double-check.

-Flavio

> On 04 Oct 2016, at 19:42, Michael Han  wrote:
> 
> Hi,
> 
> Now we've moved to git, what is the policy for uploading patches and doing
> code reviews? I am asking because I've seen recently there are git pull
> requests coming in without associated patch file uploaded to JIRA. I've
> checked
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/HowToContribute,
> looks like there is not much change regarding patch process - so presumably
> we still need to generate and upload patch file to JIRA for the record,
> while using github (maybe in addition of review board, or in the future
> with gerrit) to do code reviews?
> 
> 
> On Wed, Sep 21, 2016 at 6:05 AM, Edward Ribeiro 
> wrote:
> 
>> Cool, just open https://issues.apache.org/jira/browse/ZOOKEEPER-2597
>> 
>> PS: I removed the REPO_HOME global variable.
>> 
>> On Wed, Sep 21, 2016 at 6:53 AM, Flavio Junqueira  wrote:
>> 
>>> Better to have that in the form of a pull request or diff.
>>> 
>>> REPO_HOME does seem to be unused.
>>> 
>>> -Flavio
>>> 
 On 20 Sep 2016, at 18:57, Edward Ribeiro 
>>> wrote:
 
 Hey, I have started porting the kafka-merge.py to work on ZK repos. I
>>> would
 need someone to review it and help me test it now.
 
 The files were uploaded below, but I will create a github repo yet
>> today.
 
 https://www.dropbox.com/sh/od8bet2574jttm3/
>>> AADv1DXTb8vfyVCmelFbYCEha?dl=0
 
 I uploaded the kafka version script so that you can use diff or Meld to
 spot my changes, but feel free to grasp the original file here:
 https://github.com/apache/kafka/blob/trunk/kafka-merge-pr.py
 
 PS: It's just me or REPO_HOME env variable is not used anywhere in the
 merge script???
 
 Cheers,
 Eddie
 
 On Tue, Sep 20, 2016 at 12:19 PM, Patrick Hunt 
>> wrote:
 
> On Mon, Sep 19, 2016 at 4:11 PM, Benjamin Reed 
>>> wrote:
> 
>> what you are suggesting sounds good, but i don't know how to do it?
>>> since
>> in the end we are still just accepting diffs on patches, the only
>> thing
>> that changes is that we use svn rather than git right?
>> 
>> 
> Notice the workflow Kafka uses - which includes "git apply" and
>>> specifying
> the author tag when committers commit (so that the OP gets proper
> attribution in the commit itself)
> 
> https://cwiki.apache.org/confluence/display/KAFKA/
>>> Manual+Commit+Workflow
> 
> Patrick
> 
> 
> 
>> i LOVE chris's idea! lets do it!
>> 
>> ben
>> 
>> On Sun, Sep 18, 2016 at 3:22 PM, Patrick Hunt 
>>> wrote:
>> 
>>> Ben, do you also want to update the "Applying a patch" section to
>> make
> it
>>> git specific?
>>> 
>>> We (committers) should move to a model where authors get proper
>> credit
> in
>>> git. Our old workflow in svn resulted in only the committer being
> listed
>>> (except that we listed the patch author in the commit message). We
> should
>>> move to a model where the author of the patch gets proper credit in
> git.
>> I
>>> believe we will get that if we use git for patch
>> creation/application?
>>> 
>>> Chris brought up getting rid of CHANGES.txt recently on the dev list
> in a
>>> separate thread - Chris do you want to implement that change now
>> that
>> we've
>>> moved to git?
>>> 
>>> Patrick
>>> 
>>> On Wed, Sep 14, 2016 at 9:01 PM, Benjamin Reed 
> wrote:
>>> 
> 1) actually in the previous step that was just adding new files.
>> you
> still
>> need the commit -a for the rest of the changes. that's my normal
> workflow.
> 
> I think that will be confusing for most folks. They typically
>> stage
> all the changes and then commit or don't stage and use -a.
> 
 
 do you mind fixing it with your workflow. commit -a doesn't get new
 files, which is why you need to do the add, but i'm not the most
 sophisticated git user, so
 
 
> 
>> 2) i figured since we are using git now that we should use g

[jira] [Commented] (ZOOKEEPER-2606) SaslServerCallbackHandler#handleAuthorizeCallback() should log the exception

2016-10-04 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15546671#comment-15546671
 ] 

Hadoop QA commented on ZOOKEEPER-2606:
--

-1 overall.  Here are the results of testing the latest attachment 
  
http://issues.apache.org/jira/secure/attachment/12831535/ZOOKEEPER-2606.v1.patch
  against trunk revision ec20c5434cc8a334b3fd25e27d26dccf4793c8f3.

+1 @author.  The patch does not contain any @author tags.

-1 tests included.  The patch doesn't appear to include any new or modified 
tests.
Please justify why no new tests are needed for this 
patch.
Also please list what manual steps were performed to 
verify this patch.

-1 patch.  The patch command could not apply the patch.

Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3464//console

This message is automatically generated.

> SaslServerCallbackHandler#handleAuthorizeCallback() should log the exception
> 
>
> Key: ZOOKEEPER-2606
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2606
> Project: ZooKeeper
>  Issue Type: Bug
>Reporter: Ted Yu
>Assignee: Ted Yu
>Priority: Minor
> Attachments: ZOOKEEPER-2606.v1.patch
>
>
> {code}
> LOG.info("Setting authorizedID: " + userNameBuilder);
> ac.setAuthorizedID(userNameBuilder.toString());
> } catch (IOException e) {
> LOG.error("Failed to set name based on Kerberos authentication 
> rules.");
> }
> {code}
> On one cluster, we saw the following:
> {code}
> 2016-10-04 02:18:16,484 - ERROR 
> [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@137] - 
> Failed to set name based on Kerberos authentication rules.
> {code}
> It would be helpful if the log contains information about the IOException.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Failed: ZOOKEEPER-2606 PreCommit Build #3464

2016-10-04 Thread Apache Jenkins Server 
Jira: https://issues.apache.org/jira/browse/ZOOKEEPER-2606
Build: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3464/

###
## LAST 60 LINES OF THE CONSOLE 
###
[...truncated 118 lines...]
 [exec] 
 [exec] 
 [exec] 
 [exec] -1 overall.  Here are the results of testing the latest attachment 
 [exec]   
http://issues.apache.org/jira/secure/attachment/12831535/ZOOKEEPER-2606.v1.patch
 [exec]   against trunk revision ec20c5434cc8a334b3fd25e27d26dccf4793c8f3.
 [exec] 
 [exec] +1 @author.  The patch does not contain any @author tags.
 [exec] 
 [exec] -1 tests included.  The patch doesn't appear to include any new 
or modified tests.
 [exec] Please justify why no new tests are needed 
for this patch.
 [exec] Also please list what manual steps were 
performed to verify this patch.
 [exec] 
 [exec] -1 patch.  The patch command could not apply the patch.
 [exec] 
 [exec] Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3464//console
 [exec] 
 [exec] This message is automatically generated.
 [exec] 
 [exec] 
 [exec] 
==
 [exec] 
==
 [exec] Adding comment to Jira.
 [exec] 
==
 [exec] 
==
 [exec] 
 [exec] 
 [exec] Comment added.
 [exec] dba569d3ef240df49ea87d6fd75c84bfc00454d9 logged out
 [exec] 
 [exec] 
 [exec] 
==
 [exec] 
==
 [exec] Finished build.
 [exec] 
==
 [exec] 
==
 [exec] 
 [exec] 
 [exec] mv: 
'/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-Build/patchprocess' 
and 
'/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-Build/patchprocess' 
are the same file

BUILD FAILED
/home/jenkins/jenkins-slave/workspace/PreCommit-ZOOKEEPER-Build/build.xml:1605: 
exec returned: 1

Total time: 42 seconds
Build step 'Execute shell' marked build as failure
Archiving artifacts
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Recording test results
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
ERROR: Step ?Publish JUnit test result report? failed: No test report files 
were found. Configuration error?
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
[description-setter] Description set: ZOOKEEPER-2606
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Email was triggered for: Failure - Any
Sending email for trigger: Failure - Any
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7
Setting JDK_1_7_LATEST__HOME=/home/jenkins/tools/java/latest1.7



###
## FAILED TESTS (if any) 
##
No tests ran.

Re: [VOTE] move Apache Zookeeper to git

2016-10-04 Thread Michael Han 
>> as long as the opening/closing/commenting all get sent to the mailing
list or recorded in jira
Yeah, this is my impression as well, that we need to keep certain paper
trail regarding activities and comments on ASF side (JIRA or mail list).
Infra page said:

   - Any Pull Request that gets opened, closed, reopened or **commented**
   on now gets recorded on the project's mailing list
   - If a project has a JIRA instance, any PRs or *comments* on PRs that
   include a JIRA ticket ID will trigger an update on that specific ticket

I checked a couple Kafka and Spark JIRAs but I don't see any of the
comments made in github PR were posted on JIRA, except the activities (open
a PR, close a PR). Since both projects have been using github for a while I
assume such practice of NOT integrating comments between github and ASF
JIRA is acceptable? Though I feel it would be really useful if comments
could converge in a single place as well, that will provide a clear history
for a given technical issue.

On Tue, Oct 4, 2016 at 12:06 PM, Flavio Junqueira  wrote:

> Until ZOOKEEPER-2597 
> is fixed, we can't merge via github.
>
> For code reviews, we can use GH as long as the opening/closing/commenting
> all get sent to the mailing list or recorded in jira. I don't think we have
> that yet, but it is possible according to this:
>
> https://blogs.apache.org/infra/entry/improved_
> integration_between_apache_and  infra/entry/improved_integration_between_apache_and>
>
> For now, we do need to upload patches and converge using jira.
>
> I think Eddie has been looking at this process trying to replicate the
> Kafka setup, so perhaps he can give an update if I'm right. Kafka doesn't
> send every comment to the mailing list, though, but I'm not sure if that's
> acceptable according to the ASF, I need to double-check.
>
> -Flavio
>
> > On 04 Oct 2016, at 19:42, Michael Han  wrote:
> >
> > Hi,
> >
> > Now we've moved to git, what is the policy for uploading patches and
> doing
> > code reviews? I am asking because I've seen recently there are git pull
> > requests coming in without associated patch file uploaded to JIRA. I've
> > checked
> > https://cwiki.apache.org/confluence/display/ZOOKEEPER/HowToContribute,
> > looks like there is not much change regarding patch process - so
> presumably
> > we still need to generate and upload patch file to JIRA for the record,
> > while using github (maybe in addition of review board, or in the future
> > with gerrit) to do code reviews?
> >
> >
> > On Wed, Sep 21, 2016 at 6:05 AM, Edward Ribeiro <
> edward.ribe...@gmail.com>
> > wrote:
> >
> >> Cool, just open https://issues.apache.org/jira/browse/ZOOKEEPER-2597
> >>
> >> PS: I removed the REPO_HOME global variable.
> >>
> >> On Wed, Sep 21, 2016 at 6:53 AM, Flavio Junqueira 
> wrote:
> >>
> >>> Better to have that in the form of a pull request or diff.
> >>>
> >>> REPO_HOME does seem to be unused.
> >>>
> >>> -Flavio
> >>>
>  On 20 Sep 2016, at 18:57, Edward Ribeiro 
> >>> wrote:
> 
>  Hey, I have started porting the kafka-merge.py to work on ZK repos. I
> >>> would
>  need someone to review it and help me test it now.
> 
>  The files were uploaded below, but I will create a github repo yet
> >> today.
> 
>  https://www.dropbox.com/sh/od8bet2574jttm3/
> >>> AADv1DXTb8vfyVCmelFbYCEha?dl=0
> 
>  I uploaded the kafka version script so that you can use diff or Meld
> to
>  spot my changes, but feel free to grasp the original file here:
>  https://github.com/apache/kafka/blob/trunk/kafka-merge-pr.py
> 
>  PS: It's just me or REPO_HOME env variable is not used anywhere in the
>  merge script???
> 
>  Cheers,
>  Eddie
> 
>  On Tue, Sep 20, 2016 at 12:19 PM, Patrick Hunt 
> >> wrote:
> 
> > On Mon, Sep 19, 2016 at 4:11 PM, Benjamin Reed 
> >>> wrote:
> >
> >> what you are suggesting sounds good, but i don't know how to do it?
> >>> since
> >> in the end we are still just accepting diffs on patches, the only
> >> thing
> >> that changes is that we use svn rather than git right?
> >>
> >>
> > Notice the workflow Kafka uses - which includes "git apply" and
> >>> specifying
> > the author tag when committers commit (so that the OP gets proper
> > attribution in the commit itself)
> >
> > https://cwiki.apache.org/confluence/display/KAFKA/
> >>> Manual+Commit+Workflow
> >
> > Patrick
> >
> >
> >
> >> i LOVE chris's idea! lets do it!
> >>
> >> ben
> >>
> >> On Sun, Sep 18, 2016 at 3:22 PM, Patrick Hunt 
> >>> wrote:
> >>
> >>> Ben, do you also want to update the "Applying a patch" section to
> >> make
> > it
> >>> git specific?
> >>>
> >>> We (committers) should move to a model where authors get proper
> >> credit
> > in
> >>> git. Our old workflow in svn resulted in only

Re: [VOTE] move Apache Zookeeper to git

2016-10-04 Thread Edward Ribeiro 
Hi,

The patch attached on ZOOKEEPER-2597 is a
​straightforward adaptation of
 Kafka's one. It takes care of merging Github PR into Apache git repo and
​ a​
subsequent closing of the PR on the GH side
​ among other things (rewriting of commit messages, etc)​
. The current status is: the script needs to be reviewed/validated by a
committer.
​It has been some time since I uploaded the patch, so I gonna do another
pass through it in the meantime.​


​T
here are some workflow issues beyond the scope of ZOOKEEPER-2597
​ that need to be sorted out (IMO)​
:

1. The normal workflow is to open a JIRA ticket before doing any GH PR
​, that is, no JIRA-less PRs.​
The PR should have a title of the form "ZOOKEEPER-: Title". This will
trigger the Apache JIRA-Github integration and it's opening show up in the
JIRA ticket.

2.
​OTOH, ​n
ot every Kafka PR needs a corresponding JIRA ticket
​. ​
There are a class of PR
​s​
with "MINOR"
​ title​
that represent trivial code changes
​ and "HOT-FIX" title that fix urgent, but simple bugs. Both​
 bypass the JIRA creation step
​, even tough they are still ​
subject to review
​.​
It's worth adopting a similar approach for ZK project?

3. IIRC
​ (didn't find any page to confirm)​
, Cassandra project encourages, but not demands, that contributors also
upload a patch file to JIRA even in the case of a GH PR
​ (as to leave a audit trail, I guess)​
​.​
Or
​,​
at
​ ​
least
​,​
​C* project ​
leave
​s​
 up to the contributor
​s​
to either open a GH PR or upload the patch file
​ to JIRA. In fact, Github allows the access to a raw patch or diff, it's
just a matter of adding the ".patch" or ".diff" suffix to the end of the
Pull Request URL.
​


+1 about having a 'paper trail'
​ of review comments​

​o​
n JIRA and
​/or​
mailing list (I
​ would​
prefer the mailing list tbh). But as Michael and Flavio pointed out, I
never seen
​GH ​
PR review
​**​
comments
​**​
being written back to JIRA, at least not in Kafka, Cassandra
​or​
 Solr projects
​, that I have followed more closely.​

Eddie


On Tue, Oct 4, 2016 at 6:40 PM, Michael Han  wrote:

> >> as long as the opening/closing/commenting all get sent to the mailing
> list or recorded in jira
> Yeah, this is my impression as well, that we need to keep certain paper
> trail regarding activities and comments on ASF side (JIRA or mail list).
> Infra page said:
>
>- Any Pull Request that gets opened, closed, reopened or **commented**
>on now gets recorded on the project's mailing list
>- If a project has a JIRA instance, any PRs or *comments* on PRs that
>include a JIRA ticket ID will trigger an update on that specific ticket
>
> I checked a couple Kafka and Spark JIRAs but I don't see any of the
> comments made in github PR were posted on JIRA, except the activities (open
> a PR, close a PR). Since both projects have been using github for a while I
> assume such practice of NOT integrating comments between github and ASF
> JIRA is acceptable? Though I feel it would be really useful if comments
> could converge in a single place as well, that will provide a clear history
> for a given technical issue.
>
> On Tue, Oct 4, 2016 at 12:06 PM, Flavio Junqueira  wrote:
>
> > Until ZOOKEEPER-2597  jira/browse/ZOOKEEPER-2597>
> > is fixed, we can't merge via github.
> >
> > For code reviews, we can use GH as long as the opening/closing/commenting
> > all get sent to the mailing list or recorded in jira. I don't think we
> have
> > that yet, but it is possible according to this:
> >
> > https://blogs.apache.org/infra/entry/improved_
> > integration_between_apache_and  > infra/entry/improved_integration_between_apache_and>
> >
> > For now, we do need to upload patches and converge using jira.
> >
> > I think Eddie has been looking at this process trying to replicate the
> > Kafka setup, so perhaps he can give an update if I'm right. Kafka doesn't
> > send every comment to the mailing list, though, but I'm not sure if
> that's
> > acceptable according to the ASF, I need to double-check.
> >
> > -Flavio
> >
> > > On 04 Oct 2016, at 19:42, Michael Han  wrote:
> > >
> > > Hi,
> > >
> > > Now we've moved to git, what is the policy for uploading patches and
> > doing
> > > code reviews? I am asking because I've seen recently there are git pull
> > > requests coming in without associated patch file uploaded to JIRA. I've
> > > checked
> > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/HowToContribute,
> > > looks like there is not much change regarding patch process - so
> > presumably
> > > we still need to generate and upload patch file to JIRA for the record,
> > > while using github (maybe in addition of review board, or in the future
> > > with gerrit) to do code reviews?
> > >
> > >
> > > On Wed, Sep 21, 2016 at 6:05 AM, Edward Ribeiro <
> > edward.ribe...@gmail.com>
> > > wrote:
> > >
> > >> Cool, just open https://issues.apache.org/jira/browse/ZOOKEEPER-2597
> > >>
> > >> PS: I

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/
---

(Updated Oct. 5, 2016, 4:08 a.m.)


Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul Gutierrez 
Segales.


Changes
---

Uploading new patch to address Michael's review comments.


Bugs: ZOOKEEPER-1045
https://issues.apache.org/jira/browse/ZOOKEEPER-1045


Repository: zookeeper-git


Description
---

Quorum mutual authentication using SASL mechanism - Digest/Kerberos


Diffs
-

  build.xml ee6834c 
  ivy.xml 95b0e5a 
  src/java/main/org/apache/zookeeper/Login.java aaa220c 
  src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
  src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
  src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
2fbd6ed 
  src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
  src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
  src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 8a748c7 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
20e5f16 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
0924ef6 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java e9c8007 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
 PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/README.md PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
 PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java 
PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
 PRE-CREATION 
  src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION 
  src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION 
  src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java 8db7fa8 
  
src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java
 c1259d1 
  src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java 
72e4fc9 
  src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java a4c0cb0 
  src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java 
39a53ca 
  src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce 
  src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java 
85817b2 
  src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosSecurityTestcase.java
 PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosTestUtils.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java 
PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java
 PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java 
PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java
 PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java
 PRE-CREATION 
  src/java/test/org/apache/zookeeper/test/FLEPredicateTest.java 8088505 
  src/zookeeper.jute 6521e54 

Diff: https://reviews.apache.org/r/47354/diff/


Testing
---

Added unit test cases to verify the changes.


File Attachments (updated)


New patch addressing Michael's review comments
  
https://reviews.apache.org/media/uploaded/files/2016/10/05/4dd9ed9a-817b-420b-bc6e-b638f6eaa7d9__ZOOKEEPER-1045-br-3-4-authz.patch


Thanks,

Rakesh R

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/
---

(Updated Oct. 5, 2016, 4:10 a.m.)


Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul Gutierrez 
Segales.


Bugs: ZOOKEEPER-1045
https://issues.apache.org/jira/browse/ZOOKEEPER-1045


Repository: zookeeper-git


Description
---

Quorum mutual authentication using SASL mechanism - Digest/Kerberos


Diffs
-

  build.xml ee6834c 
  ivy.xml 95b0e5a 
  src/java/main/org/apache/zookeeper/Login.java aaa220c 
  src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
  src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
  src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
2fbd6ed 
  src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
  src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
  src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 8a748c7 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
20e5f16 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
0924ef6 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java e9c8007 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
 PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/README.md PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
 PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java 
PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
 PRE-CREATION 
  src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION 
  src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION 
  src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java 8db7fa8 
  
src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java
 c1259d1 
  src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java 
72e4fc9 
  src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java a4c0cb0 
  src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java 
39a53ca 
  src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce 
  src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java 
85817b2 
  src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosSecurityTestcase.java
 PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosTestUtils.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java 
PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java
 PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java 
PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java
 PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java
 PRE-CREATION 
  src/java/test/org/apache/zookeeper/test/FLEPredicateTest.java 8088505 
  src/zookeeper.jute 6521e54 

Diff: https://reviews.apache.org/r/47354/diff/


Testing
---

Added unit test cases to verify the changes.


Thanks,

Rakesh R

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/
---

(Updated Oct. 5, 2016, 4:14 a.m.)


Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul Gutierrez 
Segales.


Changes
---

Uploading new patch to address Michael's review comments. Major change - 
provided separate code path to execute the auth based connection requests 
asynchronously and for non-auth requests will be processed in old fashion 
sequentially.


Bugs: ZOOKEEPER-1045
https://issues.apache.org/jira/browse/ZOOKEEPER-1045


Repository: zookeeper-git


Description
---

Quorum mutual authentication using SASL mechanism - Digest/Kerberos


Diffs (updated)
-

  build.xml ee6834c 
  ivy.xml 95b0e5a 
  src/java/main/org/apache/zookeeper/Login.java aaa220c 
  src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
  src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
  src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
2fbd6ed 
  src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
  src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
  src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 8a748c7 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
20e5f16 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
0924ef6 
  src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java e9c8007 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
 PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
PRE-CREATION 
  src/java/main/org/apache/zookeeper/server/quorum/auth/README.md PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
 PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java 
PRE-CREATION 
  
src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
 PRE-CREATION 
  src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION 
  src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION 
  src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java 8db7fa8 
  
src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java
 c1259d1 
  src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java 
72e4fc9 
  src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java a4c0cb0 
  src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java 
39a53ca 
  src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce 
  src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java 
85817b2 
  src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosSecurityTestcase.java
 PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosTestUtils.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java 
PRE-CREATION 
  src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java 
PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java
 PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java 
PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java
 PRE-CREATION 
  
src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java
 PRE-CREATION 
  src/java/test/org/apache/zookeeper/test/FLEPredicateTest.java 8088505 
  src/zookeeper.jute 6521e54 

Diff: https://reviews.apache.org/r/47354/diff/


Testing
---

Added unit test cases to verify the changes.


Thanks,

Rakesh R

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 


> On Sept. 20, 2016, 10:24 p.m., Michael Han wrote:
> > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java, line 106
> > 
> >
> > Should we move both ThreadPoolExecutor and inprogressConnections into 
> > QuorumCnxManager? Both are implementation details around managing 
> > connections, and QuorumPeer does not need to know about these details. 
> > Abstract such details seems exactly what QuorumCnxManager was designed for.
> 
> Rakesh R wrote:
> Agreed, I will change it.

Done


- Rakesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/#review149705
---


On Oct. 5, 2016, 4:14 a.m., Rakesh R wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47354/
> ---
> 
> (Updated Oct. 5, 2016, 4:14 a.m.)
> 
> 
> Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul 
> Gutierrez Segales.
> 
> 
> Bugs: ZOOKEEPER-1045
> https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> 
> 
> Repository: zookeeper-git
> 
> 
> Description
> ---
> 
> Quorum mutual authentication using SASL mechanism - Digest/Kerberos
> 
> 
> Diffs
> -
> 
>   build.xml ee6834c 
>   ivy.xml 95b0e5a 
>   src/java/main/org/apache/zookeeper/Login.java aaa220c 
>   src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
>   src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
>   
> src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
> 2fbd6ed 
>   src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
>   src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
>   src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 
> 8a748c7 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
> 20e5f16 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
> 0924ef6 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java 
> e9c8007 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/README.md 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION 
>   src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION 
>   src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java 
> 8db7fa8 
>   
> src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java
>  c1259d1 
>   src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java 
> 72e4fc9 
>   src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java 
> a4c0cb0 
>   src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java 
> 39a53ca 
>   src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce 
>   src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java 
> PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java 
> 85817b2 
>   src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosSecurityTestcase.java
>  PRE-CREATION 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosTestUtils.java 
> PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java 
> PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java 
> PRE-CREATION 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java 
> PRE-CREATION 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java
>  PRE-CREAT

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 


> On Sept. 27, 2016, 9:27 p.m., Michael Han wrote:
> > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java,
> >  line 131
> > 
> >
> > Right, I think the key is sc.isComplete == true does not imply the 
> > result is a success. Need an explicit check. Something like what they did 
> > in the example should work:
> > 
> > if (sc.isComplete() && res.status == SUCCESS) {
> >  LOG.info("Successfully completed the authentication using SASL.");
> > ...
> > }

Done


- Rakesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/#review150630
---


On Oct. 5, 2016, 4:14 a.m., Rakesh R wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47354/
> ---
> 
> (Updated Oct. 5, 2016, 4:14 a.m.)
> 
> 
> Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul 
> Gutierrez Segales.
> 
> 
> Bugs: ZOOKEEPER-1045
> https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> 
> 
> Repository: zookeeper-git
> 
> 
> Description
> ---
> 
> Quorum mutual authentication using SASL mechanism - Digest/Kerberos
> 
> 
> Diffs
> -
> 
>   build.xml ee6834c 
>   ivy.xml 95b0e5a 
>   src/java/main/org/apache/zookeeper/Login.java aaa220c 
>   src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
>   src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
>   
> src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
> 2fbd6ed 
>   src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
>   src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
>   src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 
> 8a748c7 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
> 20e5f16 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
> 0924ef6 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java 
> e9c8007 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/README.md 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION 
>   src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION 
>   src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java 
> 8db7fa8 
>   
> src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java
>  c1259d1 
>   src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java 
> 72e4fc9 
>   src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java 
> a4c0cb0 
>   src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java 
> 39a53ca 
>   src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce 
>   src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java 
> PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java 
> 85817b2 
>   src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosSecurityTestcase.java
>  PRE-CREATION 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosTestUtils.java 
> PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java 
> PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java 
> PRE-CREATION 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java 
> PRE-CREATION 
>   
> src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.ja

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 


> On Sept. 20, 2016, 10:24 p.m., Michael Han wrote:
> > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java,
> >  line 174
> > 
> >
> > The implementation of this is an almost identical copy of 
> > ZooKeeperSaslClient.createSaslToken (minors one logging changes). I suggest 
> > we add a TODO here about consolidating the createSaslToken implementation 
> > between ZooKeeperSaslClient and here , so we can refactor the code after 
> > the patch landed.
> 
> Rakesh R wrote:
> Agreed, I will add a TODO.

Done


> On Sept. 20, 2016, 10:24 p.m., Michael Han wrote:
> > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java,
> >  line 131
> > 
> >
> > This 'if' condition can be removed, because when we can't reach here 
> > unless the auth process finished successfully, which means we don't hit any 
> > exceptions plus the sc.isComplete would evaluate to true (otherwise we 
> > would not get out of the while loop.).
> 
> Rakesh R wrote:
> Good catch. Please refer 
> https://docs.oracle.com/javase/7/docs/api/javax/security/sasl/SaslClient.html 
> javadoc. In example, they have an additional if check after the looping. I 
> think I need to include additional check for ERROR after the loop, right? 
> like below,
> 
>if (sc.isComplete()) {
> if(qpStatus == QuorumAuth.Status.SUCCESS)
>  LOG.info("Successfully completed the authentication 
> using SASL. server addr: {}, status: {}",
> sock.getRemoteSocketAddress(), qpStatus);
> else {
> throw new SaslException(
> "Authentication failed against server addr: "
> + sock.getRemoteSocketAddress() + ", 
> qpStatus: " + qpStatus);
> }
> }

Done. Removed unused 'sc.isComplete()' check and checked the status code after 
the auth exchange.


- Rakesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/#review149705
---


On Oct. 5, 2016, 4:14 a.m., Rakesh R wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47354/
> ---
> 
> (Updated Oct. 5, 2016, 4:14 a.m.)
> 
> 
> Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul 
> Gutierrez Segales.
> 
> 
> Bugs: ZOOKEEPER-1045
> https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> 
> 
> Repository: zookeeper-git
> 
> 
> Description
> ---
> 
> Quorum mutual authentication using SASL mechanism - Digest/Kerberos
> 
> 
> Diffs
> -
> 
>   build.xml ee6834c 
>   ivy.xml 95b0e5a 
>   src/java/main/org/apache/zookeeper/Login.java aaa220c 
>   src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
>   src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
>   
> src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
> 2fbd6ed 
>   src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
>   src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
>   src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 
> 8a748c7 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
> 20e5f16 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
> 0924ef6 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java 
> e9c8007 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/README.md 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
>  PRE-CREATION 
>   sr

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 


> On Sept. 19, 2016, 11:52 p.m., Michael Han wrote:
> > src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java, 
> > line 219
> > 
> >
> > Should we put the check of in progress sid here, or up on the caller 
> > site (connectOne) who calls initateConnection? I am asking because I 
> > spotted there could be a potential socket leak if we put check here. 
> > Consider this case:
> > 
> > * In connectOne(long sid), we first open a new socket and then call 
> > initiateConnection(sock, sid).
> > * In side initiateConnection(sock, sid), we are doing this sid check 
> > and will return if we find out there is an ongoing outgoing connections to 
> > the same sid.
> > * Now, the opened socket in connectOne is a strayed socket, and will 
> > not get used, or closed.
> > 
> > If we put same check in connectOne, this problem can be fixed. Does 
> > this make sense for the case I am describing above?
> 
> Rakesh R wrote:
> Thanks Michael for pointing out this. Yes, its a connection leak, I will 
> do the necessary changes.

Done


- Rakesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/#review149566
---


On Oct. 5, 2016, 4:14 a.m., Rakesh R wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47354/
> ---
> 
> (Updated Oct. 5, 2016, 4:14 a.m.)
> 
> 
> Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul 
> Gutierrez Segales.
> 
> 
> Bugs: ZOOKEEPER-1045
> https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> 
> 
> Repository: zookeeper-git
> 
> 
> Description
> ---
> 
> Quorum mutual authentication using SASL mechanism - Digest/Kerberos
> 
> 
> Diffs
> -
> 
>   build.xml ee6834c 
>   ivy.xml 95b0e5a 
>   src/java/main/org/apache/zookeeper/Login.java aaa220c 
>   src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
>   src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
>   
> src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
> 2fbd6ed 
>   src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
>   src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
>   src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 
> 8a748c7 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
> 20e5f16 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
> 0924ef6 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java 
> e9c8007 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/README.md 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION 
>   src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION 
>   src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java 
> 8db7fa8 
>   
> src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java
>  c1259d1 
>   src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java 
> 72e4fc9 
>   src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java 
> a4c0cb0 
>   src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java 
> 39a53ca 
>   src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce 
>   src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java 
> PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java 
> 85817b2 
>   src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 
>   
> src/jav

Re: Review Request 47354: ZOOKEEPER-1045 : Quorum mutual authentication using SASL mechanism

2016-10-04 Thread Rakesh R 


> On Sept. 19, 2016, 7:21 p.m., Michael Han wrote:
> > src/java/main/org/apache/zookeeper/server/quorum/Learner.java, line 248
> > 
> >
> > This check seems redundant to me - when we are here we either already 
> > have a leader elected or we are asking a new leader election. Now during 
> > leader election the leader and the learners that participated should 
> > authenticate each other mutually (in QuorumCnxManager 
> > authServer.authenticate(sock, din), and authLearner.authenticate(sock)). 
> > 
> > Note that it is possible that the leader and this specific learner that 
> > asking to connect to leader has not been mutually verified during LE - 
> > because we don't have 1 to 1 connections between every pair of servers. 
> > This should be fine as the authentication / authz will be checked when the 
> > actual connection is being made, again in QuorumCnxManager.
> 
> Michael Han wrote:
> Chat with Rakesh more about this - the check here is required because not 
> all connections between peer are done through QuorumCnxManager - in 
> particular in reconfig case a new peer joining quorum will first query who 
> the leader is and once he gots the leader adddress he will attemp direct 
> connect to leader (which by pass QuorumCnxManager). So this is not an issue, 
> and existing code in patch is doing fine.

Done, I've provided separate paths for auth and non-auth(existing code) to give 
more confidence by not touching the existing code flow.


- Rakesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47354/#review149501
---


On Oct. 5, 2016, 4:14 a.m., Rakesh R wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47354/
> ---
> 
> (Updated Oct. 5, 2016, 4:14 a.m.)
> 
> 
> Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul 
> Gutierrez Segales.
> 
> 
> Bugs: ZOOKEEPER-1045
> https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> 
> 
> Repository: zookeeper-git
> 
> 
> Description
> ---
> 
> Quorum mutual authentication using SASL mechanism - Digest/Kerberos
> 
> 
> Diffs
> -
> 
>   build.xml ee6834c 
>   ivy.xml 95b0e5a 
>   src/java/main/org/apache/zookeeper/Login.java aaa220c 
>   src/java/main/org/apache/zookeeper/SaslClientCallbackHandler.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa 
>   src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce 
>   
> src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 
> 2fbd6ed 
>   src/java/main/org/apache/zookeeper/server/quorum/Leader.java c83d352 
>   src/java/main/org/apache/zookeeper/server/quorum/Learner.java 647b8a2 
>   src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java 
> 8a748c7 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java 
> 20e5f16 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java 
> 0924ef6 
>   src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java 
> e9c8007 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthLearner.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java 
> PRE-CREATION 
>   src/java/main/org/apache/zookeeper/server/quorum/auth/README.md 
> PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java
>  PRE-CREATION 
>   
> src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumServerCallbackHandler.java
>  PRE-CREATION 
>   src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION 
>   src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION 
>   src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION 
>   src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java 
> 8db7fa8 
>   
> src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java
>  c1259d1 
>   src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java 
> 72e4fc9 
>   src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java 
> a4c0cb0 
>   src/java/test/org/apache/zookeeper/serve

[jira] [Commented] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

2016-10-04 Thread Rakesh R (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15547736#comment-15547736
 ] 

Rakesh R commented on ZOOKEEPER-1045:
-

Reg this point there was a discussion in the review ticket and others please 
refer the same. Summary of the discussion is to keep the auth in both peer-peer 
and learner-leader quorum formation phase.

> Support Quorum Peer mutual authentication via SASL
> --
>
> Key: ZOOKEEPER-1045
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> Project: ZooKeeper
>  Issue Type: New Feature
>  Components: server
>Reporter: Eugene Koontz
>Assignee: Rakesh R
>Priority: Critical
> Fix For: 3.4.10, 3.5.3
>
> Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 
> 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, 
> TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, 
> ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045-00.patch, 
> ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045TestValidationDesign.pdf, 
> org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.testRollingUpgrade.log
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.
> Review board: https://reviews.apache.org/r/47354/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (ZOOKEEPER-1045) Support Quorum Peer mutual authentication via SASL

2016-10-04 Thread Rakesh R (JIRA) 

[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15547752#comment-15547752
 ] 

Rakesh R commented on ZOOKEEPER-1045:
-

Attached another patch in the [review ticket 
47354|https://reviews.apache.org/r/47354/] addressing [~hanm]'s comments. 
Majorly I've used the {{QuorumConnectionThread}} only if the 
'quorumSaslEnabled' to process the connection requests asynchronously. In the 
existing code path(non-auth) it will continue connecting to the peers 
sequentially. This change is basically done to give the confidence to all by 
not touching the existing code flow so as to improve the confidence in pushing 
this feature in.

[~fpj], [~cnauroth], [~rgs], do you have some cycles to review the latest 
patch. Appreciate your feedback. Thanks!

> Support Quorum Peer mutual authentication via SASL
> --
>
> Key: ZOOKEEPER-1045
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
> Project: ZooKeeper
>  Issue Type: New Feature
>  Components: server
>Reporter: Eugene Koontz
>Assignee: Rakesh R
>Priority: Critical
> Fix For: 3.4.10, 3.5.3
>
> Attachments: 0001-ZOOKEEPER-1045-br-3-4.patch, 
> 1045_failing_phunt.tar.gz, HOST_RESOLVER-ZK-1045.patch, 
> TEST-org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.txt, 
> ZK-1045-test-case-failure-logs.zip, ZOOKEEPER-1045-00.patch, 
> ZOOKEEPER-1045-Rolling Upgrade Design Proposal.pdf, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045-br-3-4.patch, ZOOKEEPER-1045-br-3-4.patch, 
> ZOOKEEPER-1045TestValidationDesign.pdf, 
> org.apache.zookeeper.server.quorum.auth.QuorumAuthUpgradeTest.testRollingUpgrade.log
>
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.
> Review board: https://reviews.apache.org/r/47354/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)