Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support pegasus connect zookeeper which one use kerberos #847

Closed
GehaFearless opened this issue Dec 6, 2021 · 1 comment
Closed

support pegasus connect zookeeper which one use kerberos #847

GehaFearless opened this issue Dec 6, 2021 · 1 comment
Labels
good-first-issue type/enhancement Indicates new feature requests

Comments

@GehaFearless
Copy link
Contributor

GehaFearless commented Dec 6, 2021
edited
Loading

Feature Request

Is your feature request related to a problem? Please describe:
In our business, pegasus cluster need to connect zookeeper which use kerberos protocol. I want support it.

Describe the feature you'd like:
Before version 2.3, we support it by customized zookeeper c client which convert java client use JNI. From version 3.7.0, zookeeper support c client use kerberos. I want to introduce it for pegasus.
Through my test, two parameter is required for 'zookeeper_init_sasl' different from 'zookeeper_init' which func get handle that represents a connection to the ZooKeeper service.

  • Current implementation
_handle = zookeeper_init(zookeeper_session_mgr::instance().zoo_hosts(),
                         global_watcher,
                         zookeeper_session_mgr::instance().timeout(),
                         nullptr,
                         this,
                         0);
  • Support Kerberos implementation
zoo_sasl_params_t sasl_params = { 0 };
sasl_params.service ="zookeeper"
sasl_params.mechlist = "GSSAPI";
_handle = zookeeper_init_sasl(zookeeper_session_mgr::instance().zoo_hosts(),
                              global_watcher,
                              zookeeper_session_mgr::instance().timeout(),
                              nullptr,
                              this,  
                              0,
                              NULL,
                              &sasl_params);

When we have completed the above initialization and own valid kerberos ticket, we finised this job. How to get valid kerberos ticket already implemented on our code (kinit_context.cpp: https://github.com/XiaoMi/rdsn/blob/fc41809ce1622a47a535a2316df91d4d626f35ed/src/runtime/security/kinit_context.cpp).

Finally, we need to add some configuration items:

  1. FLAGS_enable_zookeeper_kerberos
  2. FLAGS_zookeeper_kerberos_service_name: It's always zookeeper, but it can change more

by the way,this issue is same as XiaoMi/rdsn#85
@GehaFearless GehaFearless added the type/enhancement Indicates new feature requests label Dec 6, 2021
@Smityz
Copy link
Contributor

Smityz commented Dec 6, 2021

It's a good idea for pegasus to adapt to various environments. can you pull a request for the function?

This was referenced Mar 30, 2022
Closed
Closed
@foreverneverer foreverneverer mentioned this issue Apr 14, 2022
Merged
@GehaFearless GehaFearless mentioned this issue Apr 18, 2022
Merged
acelyc111 pushed a commit that referenced this issue Jun 23, 2022
@levy5307
feat: add partition guardian to keep one primary and two secondaries (#…
41b5d3d 
…847)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good-first-issue type/enhancement Indicates new feature requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@acelyc111 @Smityz @GehaFearless