diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java index 33697b53d25..3390773fd72 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java @@ -199,7 +199,13 @@ public class ZKUtil { if (System.getProperty("java.security.auth.login.config") != null) return; + // No keytab specified, no auth String keytabFilename = conf.get(keytabFileKey); + if (keytabFilename == null) { + LOG.warn("no keytab specified for: " + keytabFileKey); + return; + } + String principalConfig = conf.get(userNameKey, System.getProperty("user.name")); String principalName = SecurityUtil.getServerPrincipal(principalConfig, hostname); @@ -910,7 +916,8 @@ public class ZKUtil { return true; // Master & RSs uses hbase.zookeeper.client.* - return "kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")); + return("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")) && + conf.get("hbase.zookeeper.client.keytab.file") != null); } private static ArrayList createACL(ZooKeeperWatcher zkw, String node) { @@ -933,15 +940,6 @@ public class ZKUtil { } } - public static void waitForZKConnectionIfAuthenticating(ZooKeeperWatcher zkw) - throws InterruptedException { - if (isSecureZooKeeper(zkw.getConfiguration())) { - LOG.debug("Waiting for ZooKeeperWatcher to authenticate"); - zkw.saslLatch.await(); - LOG.debug("Done waiting."); - } - } - // // Node creation // @@ -968,7 +966,6 @@ public class ZKUtil { String znode, byte [] data) throws KeeperException { try { - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.EPHEMERAL); } catch (KeeperException.NodeExistsException nee) { @@ -1008,7 +1005,6 @@ public class ZKUtil { ZooKeeperWatcher zkw, String znode, byte [] data) throws KeeperException { try { - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT); } catch (KeeperException.NodeExistsException nee) { @@ -1046,7 +1042,6 @@ public class ZKUtil { String znode, byte [] data) throws KeeperException, KeeperException.NodeExistsException { try { - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT); Stat stat = zkw.getRecoverableZooKeeper().exists(znode, zkw); @@ -1080,13 +1075,8 @@ public class ZKUtil { public static void asyncCreate(ZooKeeperWatcher zkw, String znode, byte [] data, final AsyncCallback.StringCallback cb, final Object ctx) { - try { - waitForZKConnectionIfAuthenticating(zkw); - zkw.getRecoverableZooKeeper().getZooKeeper().create(znode, data, - createACL(zkw, znode), CreateMode.PERSISTENT, cb, ctx); - } catch (InterruptedException e) { - zkw.interruptedException(e); - } + zkw.getRecoverableZooKeeper().getZooKeeper().create(znode, data, + createACL(zkw, znode), CreateMode.PERSISTENT, cb, ctx); } /** @@ -1111,7 +1101,6 @@ public class ZKUtil { String znode = create.getPath(); try { RecoverableZooKeeper zk = zkw.getRecoverableZooKeeper(); - waitForZKConnectionIfAuthenticating(zkw); if (zk.exists(znode, false) == null) { zk.create(znode, create.getData(), create.getAcl(), CreateMode.fromFlag(create.getFlags())); } @@ -1148,7 +1137,6 @@ public class ZKUtil { if(znode == null) { return; } - waitForZKConnectionIfAuthenticating(zkw); zkw.getRecoverableZooKeeper().create(znode, new byte[0], createACL(zkw, znode), CreateMode.PERSISTENT); } catch(KeeperException.NodeExistsException nee) { diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperNodeTracker.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperNodeTracker.java index 723fd7713d7..907fe764e98 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperNodeTracker.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperNodeTracker.java @@ -74,12 +74,6 @@ public abstract class ZooKeeperNodeTracker extends ZooKeeperListener { * or {@link #getData(boolean)} to get the data of the node if it is available. */ public synchronized void start() { - try { - ZKUtil.waitForZKConnectionIfAuthenticating(watcher); - } catch (InterruptedException e) { - throw new IllegalStateException("ZookeeperNodeTracker on " + this.node - + " interuppted while waiting for SASL Authentication", e); - } this.watcher.registerListener(this); try { if(ZKUtil.watchAndCheckExists(watcher, node)) { diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java index af992791762..3b56e744258 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java @@ -342,34 +342,12 @@ public class ZooKeeperWatcher implements Watcher, Abortable, Closeable { LOG.debug(this.identifier + " connected"); break; - case SaslAuthenticated: - if (ZKUtil.isSecureZooKeeper(this.conf)) { - // We are authenticated, clients can proceed. - saslLatch.countDown(); - } - break; - - case AuthFailed: - if (ZKUtil.isSecureZooKeeper(this.conf)) { - // We could not be authenticated, but clients should proceed anyway. - // Only access to znodes that require SASL authentication will be - // denied. The client may never need to access them. - saslLatch.countDown(); - } - break; - // Abort the server if Disconnected or Expired case Disconnected: LOG.debug(prefix("Received Disconnected from ZooKeeper, ignoring")); break; case Expired: - if (ZKUtil.isSecureZooKeeper(this.conf)) { - // We consider Expired equivalent to AuthFailed for this - // connection. Authentication is never going to complete. The - // client should proceed to do cleanup. - saslLatch.countDown(); - } String msg = prefix(this.identifier + " received expired from " + "ZooKeeper, aborting"); // TODO: One thought is to add call to ZooKeeperListener so say, diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java index 80f9087bd67..fd94f72c35f 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java @@ -86,7 +86,6 @@ public class TestZooKeeperACL { zkw = new ZooKeeperWatcher( new Configuration(TEST_UTIL.getConfiguration()), TestZooKeeper.class.getName(), null); - ZKUtil.waitForZKConnectionIfAuthenticating(zkw); } /**