search

confluentinc / cp-docker-images

[DEPRECATED] Docker images for Confluent Platform.
Apache License 2.0
1.14k stars 704 forks source link

Certain environment variables not being picked up by Zookeeper #810

Open aditypandit opened 4 years ago

aditypandit commented 4 years ago

Was having trouble getting Kafka to set ACLs on Zookeeper (via zookeeper.set.acl=true).

Turns out that Zookeeper isn't picking up all the environment variables as expected. The following wouldn't work:

ZOOKEEPER_KERBEROS_REMOVEHOSTFROMPRINCIPAL: true
ZOOKEEPER_KERBEROS_REMOVEREALMFROMPRINCIPAL: true
ZOOKEEPER_AUTHPROVIDER_1: "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"
ZOOKEEPER_REQUIRECLIENTAUTHSCHEME: "sasl"

This, instead, did work:

-Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl

Has been tested with the 5.3.1 image.

rondagostino commented 4 years ago

Note that requireClientAuthScheme does nothing as per https://issues.apache.org/jira/browse/ZOOKEEPER-2668.