Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3824

ZooKeeper dynamic reconfig doesn't work with GSSAPI/SASL enabled Quorum authn/z

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.5.6
    • Fix Version/s: None
    • Labels:
      None
    • Environment:

      O.S. :- RHEL7

      Description

      With 'DynamicReconfig' feature in v3.5.6, ideally the servers can be added and removed without restarting ZooKeeper service on any of the nodes.

      But, with Keberos (GSSAPI via SASL) enabled quorum authentication/authorization, this is not possible. Because, when you try to add a new server, it won't be able to connect to any of the members in the ensemble and the data won't be synced. This is because all the members reject it based on authorization. For this to make it work, we need to do 'reconfig', then restart leader, the new member and rest of the members.

      Is this the expected behavior with Quorum-auth + DynamicReconfig? Or am I missing something here.

      This is our basic quorum-auth config:

      quorum.auth.serverRequireSasl=true
      quorum.auth.kerberos.servicePrincipal=zookeeper/_HOST
      quorum.auth.enableSasl=true
      quorum.auth.learner.saslLoginContext=QuorumLearner
      quorum.auth.learnerRequireSasl=true
      quorum.cnxn.threads.size=20
      quorum.auth.server.saslLoginContext=QuorumServer

      FTR: I raised this question in ZooKeeper-user forum and both Mate and Enrico suspect this to be a bug.

      Also this is easily reproducible in a Kerbers (GSSAPI via SASL) enabled quorum based ensemble.

       

      Regards,

      Rajkiran

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              rajsura Rajkiran Sura
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: