Community Articles

Zookeeper does not allow listing or editing znodes if the current ACL doesn't have a set of permissions for the user or group. This is observed as a security authentication of znodes in all Cloudera Distros inherited from Apache Zookeeper. There are few references for the workaround, just compiling them together for Cloudera Managed clusters.

For the following error:

Authentication is not valid

There are two ways to address them:

1. Disable any ACL validation in Zookeeper (Not recommended):
   1. Add the following config in CM > Zookeeper config > Search for 'Java Configuration Options for Zookeeper Server':

      -Dzookeeper.skipACL=yes

   2. Then Restart and refresh the stale configs.
2. Add a Zookeeper super auth:
   1. Skip the part added in <SKIP> if you want to use ‘password' as the auth key.
      <SKIP>

      cd /opt/cloudera/parcels/CDH/lib/zookeeper/
      
      java -cp "./zookeeper.jar:lib/*" org.apache.zookeeper.server.auth.DigestAuthenticationProvider super:password

      Use the last line from the following  output on running the above command :

      SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
      SLF4J: Defaulting to no-operation (NOP) logger implementation
      SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
      super:password->super:DyNYQEQvajljsxlhf5uS4PJ9R28=

      </SKIP>
   2. Add the following config in CM > Zookeeper config > Search 'Java Configuration Options for Zookeeper Server':

      -Dzookeeper.DigestAuthenticationProvider.superDigest=super:DyNYQEQvajljsxlhf5uS4PJ9R28=

   3. Restart and refresh the stale configs.
   4. Once connected to zookeeper-client, add the following command before executing any further command:

      addauth digest super:password​

   5. You will be able to run any operation on any znode post this command.

NOTE: