Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-5839 Flink Security problem collection
  3. FLINK-6117

'zookeeper.sasl.disable' not takes effet when starting CuratorFramework

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.3.0
    • Component/s: Client, JobManager
    • Labels:
    • Environment:

      Ubuntu, non-secured

    • Flags:
      Patch

      Description

      The value of 'zookeeper.sasl.disable' not used in the right way when starting CuratorFramework.

      Here are all the settings relevant to high-availability in my flink-conf.yaml:

      high-availability: zookeeper
      high-availability.zookeeper.quorum: localhost:2181
      high-availability.zookeeper.storageDir: hdfs:///flink/ha/

      Obviously, no explicit value is set for 'zookeeper.sasl.disable' so default value of 'true'(ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE) would be applied. But when FlinkYarnSessionCli & FlinkApplicationMasterRunner start,
      both logs show that they attempt connecting to zookeeper in 'SASL' mode.

      logs are like this:

      2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper - Initiating client connection, connectString=localhost:2181 sessionTimeout=60000 watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8
      2017-03-18 23:53:10,498 INFO org.apache.zookeeper.ZooKeeper - Initiating client connection, connectString=localhost:2181 sessionTimeout=60000 watcher=org.apache.flink.shaded.org.apache.curator.ConnectionState@5949eba8
      2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn - SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
      2017-03-18 23:53:10,522 WARN org.apache.zookeeper.ClientCnxn - SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/tmp/jaas-3047036396963510842.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
      2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn - Opening socket connection to server localhost/127.0.0.1:2181
      2017-03-18 23:53:10,530 INFO org.apache.zookeeper.ClientCnxn - Opening socket connection to server localhost/127.0.0.1:2181
      2017-03-18 23:53:10,534 ERROR org.apache.flink.shaded.org.apache.curator.ConnectionState - Authentication failed

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                canbinzheng CanBin Zheng
                Reporter:
                canbinzheng CanBin Zheng
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 336h
                  336h
                  Remaining:
                  Remaining Estimate - 336h
                  336h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified