zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rakesh R (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2793) [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers
Date Thu, 16 Nov 2017 10:19:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16255066#comment-16255066

Rakesh R commented on ZOOKEEPER-2793:

bq. My main remaining concern is that we could end up locking up the cluster and not being
able to recover.
bq. Perhaps there is a control somewhere else that enables/disables this feature? In the worst-case
scenario the admin could disable, recover the cluster, reset the "authzhosts" and then re-enable.
That seems like a copout though. Is there a better way?
Thanks for emphasising the recovery part. Yes, quorum auth feature already has enable/disable
via configuration. Admin can disable it and then allows to join new set of servers and form
the quorum. Then, {{/zookeeper/ensemble/authorized_hosts}} znode data can be corrected with
required host details. Later, they can enable the flag and re-form the quorum by restarting
the servers. 
Since there is no way to dynamically enable/disable this feature, admin has to restart the
server two times. One with disable the flag and secondly after enabling the flag. 

Does this make sense to you?
"quorum.auth.enableSasl=false" // If false, no authentication at all.

> [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers
> -----------------------------------------------------------------------------------------
>                 Key: ZOOKEEPER-2793
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: quorum, security
>            Reporter: Rakesh R
>            Assignee: Rakesh R
>             Fix For: 3.5.4, 3.6.0
> {{QuorumServer}} will do the authorization checks against configured authorized hosts.
During LE, QuorumLearner will send an authentication packet to QuorumServer. Now, QuorumServer
will check that the connecting QuorumLearner’s hostname exists in the authorized hosts.
If not exists then connecting peer is not authorized to join this ensemble and the request
will be rejected immediately. 
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward, can use the
ensemble server details in zoo.cfg file. But with dynamic reconfig, it has to consider the
dynamic add/remove/update servers and need to discuss the ways to handle dynamic cases.

This message was sent by Atlassian JIRA

View raw message