Zookeeper超级用户使用案例：How to remove ACL protected ZK Node

Problem

There are time we would want to remove a ZK node in a secure cluster which is ACL protected. Something as below ACLs

[zk: xyz.com:2181(CONNECTED) 0] getAcl /infra-solr 'sasl,'infra-solr : cdrwa 'world,'anyone : r 

[zk: xyz.com:2181(CONNECTED) 0] rmr /test
Authentication is not valid : /test

 

Here only read privilege is available to rest.

Soln

• Goto zookeeper home. for e.x cd /usr/hdp/current/zookeeper-server
• Run below command

• java -cp "./zookeeper.jar:lib/slf4j-api-1.6.1.jar" org.apache.zookeeper.server.auth.DigestAuthenticationProvider super:password SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. super:password->super:DyNYQEQvajljsxlhf5uS4PJ9R28= 

   

  Copy the super:DyNYQEQvajljsxlhf5uS4PJ9R28= text and login to Ambari and goto zookeeper config.
• Add below to zookeeper-env template config

export SERVER_JVMFLAGS="$SERVER_JVMFLAGS -Dzookeeper.DigestAuthenticationProvider.superDigest=super:DyNYQEQvajljsxlhf5uS4PJ9R28="

• Save and Restart Zookeeper
• Launch zookeeper cli ( /usr/hdp/current/zookeeper-client/bin/zkCli.sh -server xyz.com )
• addauth as below

addauth digest super:password

• Now try rmr /test -- This should work.

Note

Please be careful while running these on production systems.