How to connect two different kerberos zookeeper cluster
Closed this issue · 2 comments
For some reason,I have to connect two zk cluster in one jvm without restart jvm ,this is my example code:
import org.I0Itec.zkclient.ZkClient;
import sun.security.provider.ConfigFile;
public class test {
public static void main(String[] args) {
System.setProperty("sun.security.krb5.debug", "True");
System.setProperty("java.security.auth.login.config", "./resource/newKafka/kafka_client.jaas");
System.setProperty("java.security.krb5.conf", "./resource/newKafka/krb5.ini");
ZkClient z1= new ZkClient("hb21-dba-kfk-130-120:6181/kafka");
System.out.println(z1.exists("/ele"));
System.setProperty("java.security.auth.login.config", "./resource/testKafka/kafka_client.jaas");
System.setProperty("java.security.krb5.conf", "./resource/testKafka/krb5.ini");
ConfigFile.getConfiguration().refresh();
ZkClient z2= new ZkClient("tk01-dba-hadoopt-9-196:2181/kafka");
System.out.println(z2.exists("/brokers"));
}
}
But it turn out to be some wrong, at the second time connecting zk cluster, it will use old principle to connect new zkCluster。Really appreciate if somebody would help me .
zookeeper client looks for ZookeeperClient section in the jaas file. You can only pass one of file with one ZookeeperClient section in it to the JVM. Only way you can connect is to use headless principal in ZookeeperClient section which should be able to authenticate with two different zookeeper hosts.
zookeeper client looks for ZookeeperClient section in the jaas file. You can only pass one of file with one ZookeeperClient section in it to the JVM. Only way you can connect is to use headless principal in ZookeeperClient section which should be able to authenticate with two different zookeeper hosts.
Thank you verymuch ,the problem had been solve by configuring Kerberos cross realm trust.