Hello, At a high level, the setup seems right to me. I believe this error can happen if the JAAS configuration file is not found or otherwise inaccessible, so it's good that you took care of chown'ing to the zookeeper user. Just to make sure, does "sudo -u zookeeper cat /opt/zookeeper/conf/jaas_server.conf" succeed? I'm wondering if there is a permission problem on an intermediate directory.
My only other thought is a potential syntax violation in the JAAS configuration file itself. For example, I don't know the syntax for comments in these files, so I don't know if the '#' in-line comment is problematic. Chris Nauroth On Sun, Mar 9, 2025 at 5:02 PM Pearson <[email protected]> wrote: > I should mention that I'm using zookeeper version 3.9.3 > > On 09/03/2025 23:57, Pearson wrote: > > > > Hello, > > > > I'm very new to Zookeeper, and even after reading a bunch of threads > > and forum posts I am unable to solve this problem. Would really > > appreciate your help. > > > > Let me begin with my zoo.cfg: > > > > |cat /opt/zookeeper/conf/zoo.cgf| > > > > |dataDir=/var/lib/zookeeper > > dataLogDir=/var/log/zookeeper > > > > clientPort=2181 > > > > initLimit=5 > > syncLimit=2 > > > > # Configure SASL authentication from Clients > > > authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider > > | > > > > |clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > > serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory| > > > > |# Configure SASL for Quorun > > # Reference: > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication > > quorum.auth.enableSasl=true > > quorum.auth.learnerRequireSasl=true > > quorum.auth.serverRequireSasl=true > > quorum.auth.learner.saslLoginContext=QuorumLearner > > quorum.auth.server.saslLoginContext=QuorumServer > > # quorum.auth.kerberos.servicePrincipal=servicename/_HOST > > quorum.cnxn.threads.size=20 > > > > autopurge.snapRetainCount=3 > > autopurge.purgeInterval=1 > > > > # Clients > > server.1=192.168.122.121:2888:3888 > > server.2=192.168.122.122:2888:3888 > > server.3=192.168.122.123:2888:3888| > > > > > > This is my jaas_server.conf: > > > > |cat /opt/zookeeper/conf/jaas_server.conf| > > > > |# Reference: > > > https://github.com/symat/zookeeper-docker-test/blob/master/conf/digest_jaas.conf > > # Reference: https://issues.apache.org/jira/browse/ZOOKEEPER-3743 > > Server { > > org.apache.zookeeper.server.auth.DigestLoginModule required > > user_zookeeper="test"; # Or use a different user/password as needed > > }; > > # This section is for ZooKeeper servers (QuorumServers) to authenticate > > QuorumServer { > > org.apache.zookeeper.server.auth.DigestLoginModule required > > user_zookeeper="test"; > > }; > > # This section is for Quorum Learners to authenticate > > QuorumLearner { > > org.apache.zookeeper.server.auth.DigestLoginModule required > > username="zookeeper" > > password="test"; > > };| > > > > > > And this is my jaas_client.conf: > > > > |cat /opt/zookeeper/conf/jaas_client.conf > > # Reference: https://issues.apache.org/jira/browse/ZOOKEEPER-3743 > > > > # This section is for ZooKeeper clients to authenticate > > Client { > > org.apache.zookeeper.server.auth.DigestLoginModule required > > username="zookeeper" > > password="test"; # Use the correct client credentials here > > };| > > > > > > Next, my java.env: > > > > |cat /opt/zookeeper/conf/java.env| > > > > |# Reference: > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication > > # Reference: https://issues.apache.org/jira/browse/ZOOKEEPER-3743 > > > > # Defining your server side JAAS config file path: > > > SERVER_JVMFLAGS="-Djava.security.auth.login.config=/opt/zookeeper/conf/jaas_server.conf" > > > > # REQUIRED SASL RELATED CONFIGS: > > # ==== java.security.auth.login.config: > > # Defining your client side JAAS config file path: > > CLIENT_JVMFLAGS="${CLIENT_JVMFLAGS} > > -Djava.security.auth.login.config=/opt/zookeeper/conf/jaas_client.conf" > > > > # OPTIONAL SASL RELATED CONFIGS: > > > > # ==== zookeeper.sasl.client: > > # You can disable SASL authentication on the client side (it is true > > by default): > > CLIENT_JVMFLAGS="${CLIENT_JVMFLAGS} -Dzookeeper.sasl.client=true"| > > > > > > Finally, my zookeeper.service: > > > > |cat /etc/systemd/system/zookeeper.service| > > > > |[Unit] > > Description=Zookeeper Server > > After=network.target > > > > [Service] > > User=zookeeper > > Group=zookeeper > > Type=forking > > EnvironmentFile=/opt/zookeeper/conf/java.env > > ExecStart=/opt/zookeeper/bin/zkServer.sh start > > ExecStop=/opt/zookeeper/bin/zkServer.sh stop > > ExecReload=/opt/zookeeper/bin/zkServer.sh restart > > Restart=on-failure > > > > [Install] > > WantedBy=multi-user.target| > > > > > > Coming to the error I see: > > > > |2025-03-09 19:22:12,539 [myid:1] - ERROR > > [main:o.a.z.s.ServerCnxnFactory@267] - No JAAS configuration section > > named 'Server' was found in '/opt/zookeeper/conf/jaas_server.conf'. > > 2025-03-09 19:22:12,541 [myid:1] - ERROR > > [main:o.a.z.s.q.QuorumPeerMain@114] - Unexpected exception, exiting > > abnormally > > java.io.IOException: No JAAS configuration section named 'Server' was > > found in '/opt/zookeeper/conf/jaas_server.conf'. > > at > > > org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:268) > > at > > > org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:623) > > at > > > org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:169) > > at > > > org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:137) > > at > > > org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:91) > > 2025-03-09 19:22:12,542 [myid:1] - INFO > > [main:o.a.z.a.ZKAuditProvider@42] - ZooKeeper audit is disabled. > > 2025-03-09 19:22:12,543 [myid:1] - ERROR > > [main:o.a.z.u.ServiceUtils@48] - Exiting JVM with code 1| > > > > I have looked at many forum posts - the config I posted above is > > directly from Mate Szalay-Beko's Github repo: > > > https://github.com/symat/zookeeper-docker-test/blob/master/conf/digest_jaas.conf > > > > Please tell me what I need to do to fix this. I have checked the > > permissions to the files, necessary ports are open and everything has > > been |chown|ed to the zookeeper user and group. > > > > Thank you for your help. > > > >
