From 926c80325639144e1d3d4d7fd44527feef8fc79c Mon Sep 17 00:00:00 2001 From: GuoHao Li Date: Thu, 18 Jan 2024 12:43:17 +0000 Subject: [PATCH] Feat: support meta_server connect to kerberos zookeeper which KDC configuration "rdns = false" --- src/zookeeper/zookeeper_session.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/zookeeper/zookeeper_session.cpp b/src/zookeeper/zookeeper_session.cpp index 9a467b64c7..0ff82094b6 100644 --- a/src/zookeeper/zookeeper_session.cpp +++ b/src/zookeeper/zookeeper_session.cpp @@ -30,6 +30,7 @@ #include #include "runtime/app_model.h" +#include "runtime/rpc/rpc_address.h" #include "utils/flags.h" #include "utils/fmt_logging.h" #include "zookeeper/proto.h" @@ -43,6 +44,10 @@ DSN_DEFINE_string(security, zookeeper_kerberos_service_name, "zookeeper", "zookeeper kerberos service name"); +DSN_DEFINE_string(security, + zookeeper_sasl_service_fqdn, + "", + "The fqdn of sasl server name which one connect to zookeeper service"); } // namespace security } // namespace dsn @@ -161,6 +166,11 @@ int zookeeper_session::attach(void *callback_owner, const state_callback &cb) zoo_sasl_params_t sasl_params = {0}; sasl_params.service = dsn::security::FLAGS_zookeeper_kerberos_service_name; sasl_params.mechlist = "GSSAPI"; + rpc_address addr; + CHECK(addr.from_string_ipv4(dsn::security::FLAGS_zookeeper_sasl_service_fqdn), + "zookeeper_sasl_service_fqdn {} is invalid", + dsn::security::FLAGS_zookeeper_sasl_service_fqdn); + sasl_params.host = dsn::security::FLAGS_zookeeper_sasl_service_fqdn; _handle = zookeeper_init_sasl(FLAGS_hosts_list, global_watcher, FLAGS_timeout_ms,