Problem
There are time we would want to remove a ZK node in a secure cluster which is ACL protected. Something as below ACLs
[zk: xyz.com:2181(CONNECTED) 0] getAcl /infra-solr 'sasl,'infra-solr : cdrwa 'world,'anyone : r [zk: xyz.com:2181(CONNECTED) 0] rmr /test Authentication is not valid : /test
Here only read privilege is available to rest.
Soln
- Goto zookeeper home. for e.x cd /usr/hdp/current/zookeeper-server
- Run below command
-
Copy the super:DyNYQEQvajljsxlhf5uS4PJ9R28= text and login to Ambari and goto zookeeper config.
java -cp "./zookeeper.jar:lib/slf4j-api-1.6.1.jar" org.apache.zookeeper.server.auth.DigestAuthenticationProvider super:password SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. super:password->super:DyNYQEQvajljsxlhf5uS4PJ9R28=
- Add below to zookeeper-env template config
export SERVER_JVMFLAGS="$SERVER_JVMFLAGS -Dzookeeper.DigestAuthenticationProvider.superDigest=super:DyNYQEQvajljsxlhf5uS4PJ9R28="
- Save and Restart Zookeeper
- Launch zookeeper cli ( /usr/hdp/current/zookeeper-client/bin/zkCli.sh -server xyz.com )
- addauth as below
addauth digest super:password
- Now try rmr /test -- This should work.
Note
Please be careful while running these on production systems.