Index: src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java =================================================================== --- src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java (revision 1442685) +++ src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java (working copy) @@ -86,7 +86,6 @@ zkw = new ZooKeeperWatcher( new Configuration(TEST_UTIL.getConfiguration()), TestZooKeeper.class.getName(), null); - ZKUtil.waitForZKConnectionIfAuthenticating(zkw); } /** Index: src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java =================================================================== --- src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java (revision 1442685) +++ src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java (working copy) @@ -71,10 +71,6 @@ private final List listeners = new CopyOnWriteArrayList(); - // Used by ZKUtil:waitForZKConnectionIfAuthenticating to wait for SASL - // negotiation to complete - public CountDownLatch saslLatch = new CountDownLatch(1); - // set of unassigned nodes watched private Set unassignedNodes = new HashSet(); @@ -354,34 +350,12 @@ LOG.debug(this.identifier + " connected"); break; - case SaslAuthenticated: - if (ZKUtil.isSecureZooKeeper(this.conf)) { - // We are authenticated, clients can proceed. - saslLatch.countDown(); - } - break; - - case AuthFailed: - if (ZKUtil.isSecureZooKeeper(this.conf)) { - // We could not be authenticated, but clients should proceed anyway. - // Only access to znodes that require SASL authentication will be - // denied. The client may never need to access them. - saslLatch.countDown(); - } - break; - // Abort the server if Disconnected or Expired case Disconnected: LOG.debug(prefix("Received Disconnected from ZooKeeper, ignoring")); break; case Expired: - if (ZKUtil.isSecureZooKeeper(this.conf)) { - // We consider Expired equivalent to AuthFailed for this - // connection. Authentication is never going to complete. The - // client should proceed to do cleanup. - saslLatch.countDown(); - } String msg = prefix(this.identifier + " received expired from " + "ZooKeeper, aborting"); // TODO: One thought is to add call to ZooKeeperListener so say, Index: src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java =================================================================== --- src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java (revision 1442685) +++ src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java (working copy) @@ -198,7 +198,13 @@ if (System.getProperty("java.security.auth.login.config") != null) return; + // No keytab specified, no auth String keytabFilename = conf.get(keytabFileKey); + if (keytabFilename == null) { + LOG.warn("no keytab specified for: " + keytabFileKey); + return; + } + String principalConfig = conf.get(userNameKey, System.getProperty("user.name")); String principalName = SecurityUtil.getServerPrincipal(principalConfig, hostname); @@ -903,7 +909,8 @@ return true; // Master & RSs uses hbase.zookeeper.client.* - return "kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")); + return("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")) && + conf.get("hbase.zookeeper.client.keytab.file") != null); } private static ArrayList createACL(ZooKeeperWatcher zkw, String node) { @@ -926,15 +933,6 @@ } } - public static void waitForZKConnectionIfAuthenticating(ZooKeeperWatcher zkw) - throws InterruptedException { - if (isSecureZooKeeper(zkw.getConfiguration())) { - LOG.debug("Waiting for ZooKeeperWatcher to authenticate"); - zkw.saslLatch.await(); - LOG.debug("Done waiting."); - } - } - // // Node creation // @@ -961,7 +959,6 @@ String znode, byte [] data) throws KeeperException { try { - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.EPHEMERAL); } catch (KeeperException.NodeExistsException nee) { @@ -1001,7 +998,6 @@ ZooKeeperWatcher zkw, String znode, byte [] data) throws KeeperException { try { - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT); } catch (KeeperException.NodeExistsException nee) { @@ -1039,7 +1035,6 @@ String znode, byte [] data) throws KeeperException, KeeperException.NodeExistsException { try { - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT); return zkw.getRecoverableZooKeeper().exists(znode, zkw).getVersion(); @@ -1067,13 +1062,8 @@ public static void asyncCreate(ZooKeeperWatcher zkw, String znode, byte [] data, final AsyncCallback.StringCallback cb, final Object ctx) { - try { - waitForZKConnectionIfAuthenticating(zkw); - zkw.getRecoverableZooKeeper().getZooKeeper().create(znode, data, - createACL(zkw, znode), CreateMode.PERSISTENT, cb, ctx); - } catch (InterruptedException e) { - zkw.interruptedException(e); - } + zkw.getRecoverableZooKeeper().getZooKeeper().create(znode, data, + createACL(zkw, znode), CreateMode.PERSISTENT, cb, ctx); } /** @@ -1098,7 +1088,6 @@ String znode = create.getPath(); try { RecoverableZooKeeper zk = zkw.getRecoverableZooKeeper(); - waitForZKConnectionIfAuthenticating(zkw); if (zk.exists(znode, false) == null) { zk.create(znode, create.getData(), create.getAcl(), CreateMode.fromFlag(create.getFlags())); } @@ -1135,7 +1124,6 @@ if(znode == null) { return; } - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, new byte[0], createACL(zkw, znode), CreateMode.PERSISTENT); } catch(KeeperException.NodeExistsException nee) { Index: src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperNodeTracker.java =================================================================== --- src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperNodeTracker.java (revision 1442685) +++ src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperNodeTracker.java (working copy) @@ -71,12 +71,6 @@ * or {@link #getData(boolean)} to get the data of the node if it is available. */ public synchronized void start() { - try { - ZKUtil.waitForZKConnectionIfAuthenticating(watcher); - } catch (InterruptedException e) { - throw new IllegalStateException("ZookeeperNodeTracker on " + this.node - + " interuppted while waiting for SASL Authentication", e); - } this.watcher.registerListener(this); try { if(ZKUtil.watchAndCheckExists(watcher, node)) {