Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Problem

There are time we would want to remove a ZK node in a secure cluster which is ACL protected. Something as below ACLs

[zk: xyz.com:2181(CONNECTED) 0] getAcl /infra-solr 'sasl,'infra-solr : cdrwa 'world,'anyone : r 

[zk: xyz.com:2181(CONNECTED) 0] rmr /test
Authentication is not valid : /test

Here only read privilege is available to rest.

Soln

  • Goto zookeeper home. for e.x cd /usr/hdp/current/zookeeper-server
  • Run below command
java -cp "./zookeeper.jar:lib/slf4j-api-1.6.1.jar" org.apache.zookeeper.server.auth.DigestAuthenticationProvider super:password SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. super:password->super:DyNYQEQvajljsxlhf5uS4PJ9R28= 
  • Copy the super:DyNYQEQvajljsxlhf5uS4PJ9R28= text and login to Ambari and goto zookeeper config.
  • Add below to zookeeper-env template config
export SERVER_JVMFLAGS="$SERVER_JVMFLAGS -Dzookeeper.DigestAuthenticationProvider.superDigest=super:DyNYQEQvajljsxlhf5uS4PJ9R28="
  • Save and Restart Zookeeper
  • Launch zookeeper cli ( /usr/hdp/current/zookeeper-client/bin/zkCli.sh -server xyz.com )
  • addauth as below
addauth digest super:password
  • Now try rmr /test -- This should work.

Note

Please be careful while running these on production systems.

4,523 Views
Comments
New Contributor

It helped. Thanks !

@Santhosh B Gowda,

Thanks. This is very useful

Not applicable

thanks a lot

Super Mentor

@Santhosh B Gowda

Nice article. Very much needed.

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-09-2017 09:55 AM
Updated by:
 
Contributors
Top Kudoed Authors