Community Articles

Find and share helpful community-sourced technical articles.
avatar

Problem

There are time we would want to remove a ZK node in a secure cluster which is ACL protected. Something as below ACLs

[zk: xyz.com:2181(CONNECTED) 0] getAcl /infra-solr 'sasl,'infra-solr : cdrwa 'world,'anyone : r 

[zk: xyz.com:2181(CONNECTED) 0] rmr /test
Authentication is not valid : /test

Here only read privilege is available to rest.

Soln

  • Goto zookeeper home. for e.x cd /usr/hdp/current/zookeeper-server
  • Run below command
java -cp "./zookeeper.jar:lib/slf4j-api-1.6.1.jar" org.apache.zookeeper.server.auth.DigestAuthenticationProvider super:password SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. super:password->super:DyNYQEQvajljsxlhf5uS4PJ9R28= 
  • Copy the super:DyNYQEQvajljsxlhf5uS4PJ9R28= text and login to Ambari and goto zookeeper config.
  • Add below to zookeeper-env template config
export SERVER_JVMFLAGS="$SERVER_JVMFLAGS -Dzookeeper.DigestAuthenticationProvider.superDigest=super:DyNYQEQvajljsxlhf5uS4PJ9R28="
  • Save and Restart Zookeeper
  • Launch zookeeper cli ( /usr/hdp/current/zookeeper-client/bin/zkCli.sh -server xyz.com )
  • addauth as below
addauth digest super:password
  • Now try rmr /test -- This should work.

Note

Please be careful while running these on production systems.

10,420 Views
Comments
avatar
Cloudera Employee

It helped. Thanks !

avatar
Super Guru

@Santhosh B Gowda,

Thanks. This is very useful

avatar
New Contributor

thanks a lot

avatar
Master Mentor

@Santhosh B Gowda

Nice article. Very much needed.