Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-5839 Flink Security problem collection
  3. FLINK-6117

'zookeeper.sasl.disable' not takes effet when starting CuratorFramework

    XMLWordPrintableJSON

Details

    • Patch

    Description

      The value of 'zookeeper.sasl.disable' not used in the right way when starting CuratorFramework.

      Here are all the settings relevant to high-availability in my flink-conf.yaml:

      high-availability: zookeeper
      high-availability.zookeeper.quorum: localhost:2181
      high-availability.zookeeper.storageDir: hdfs:///flink/ha/

      Obviously, no explicit value is set for 'zookeeper.sasl.disable' so default value of 'true'(ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE) would be applied. But when FlinkYarnSessionCli & FlinkApplicationMasterRunner start,
      both logs show that they attempt connecting to zookeeper in 'SASL' mode.

      logs are like this:

      2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper - Initiating client connection, connectString=localhost:2181 sessionTimeout=60000 watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8
      2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper - Initiating client connection, connectString=localhost:2181 sessionTimeout=60000 watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8
      2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn - SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
      2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn - SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
      2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn - Opening socket connection to server localhost/127.0.0.1:2181
      2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn - Opening socket connection to server localhost/127.0.0.1:2181
      2017-03-18 23:53:10,534 ERROR org.apache.flink.shaded.org.apache.curator.ConnectionState - Authentication failed

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #3600

          Activity

            People

              canbinzheng CanBin Zheng
              canbinzheng CanBin Zheng
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 336h
                  336h
                  Remaining:
                  Remaining Estimate - 336h
                  336h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified