I assume ZK is configured to use Kerberos. I would check few configurations on
the ZK side to make sure that Kerberos configurations are working fine.
On the ZK server side configurations, 1) authProvider is configured to use SASL
Authentication provider2) ZK server is using approptiate JAAS entries to run in
Kerberos mode
Validate if ZK is running properly in secure mode. Then using standard zkCli.sh
with proper JAAS configuration validate if it can connect to ZK, create/access
znode, set ACL on the node and validate if ACL is working properly.
Having verified this, we could then change the flink configuration to set ACL
to "creator" mode or "open" and enable/diable client SASL connection.
Hope this helps.
RegardsVijay
On Thursday, March 2, 2017 7:39 AM, Stephan Ewen <se...@apache.org> wrote:
Hi!
Is the ACL Kerberos-based? If yes, you need to make sure the Kerberos
module for ZooKeeper is loaded:
https://ci.apache.org/projects/flink/flink-docs-release-1.2/ops/security-kerberos.html
https://ci.apache.org/projects/flink/flink-docs-release-1.2/setup/jobmanager_high_availability.html#configuring-for-zookeeper-security
Stephan
On Thu, Mar 2, 2017 at 4:05 PM, Till Rohrmann <trohrm...@apache.org> wrote:
> Hi Zhangrucong,
>
> I don't exactly know what's needed to use the ACL of ZooKeeper. I'm pulling
> Vijay in who implemented this feature. He probably knows more about it.
>
> Cheers,
> Till
>
> On Thu, Mar 2, 2017 at 3:09 AM, Zhangrucong <zhangruc...@huawei.com>
> wrote:
>
> > Hi:
> >
> > I want to use the ACL of Zookeeper. So I configure the following
> > configurations:
> >
> >
> >
> > 1、 high-availability.zookeeper.path.root: flink234
> >
> > 2、 high-availability.zookeeper.client.acl: creator
> >
> > 3、 zookeeper.sasl.disable: false
> >
> >
> >
> > But, I use ZK client to get the ACL, the result is :
> >
> >
> >
> > It seems the acl policy “creator” is not excuted.
> >
> > May I miss anything to configure besides the above configurations.
> >
> >
> >
> > Thanks in advance!
> >
> >
> >
>
