zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zara Parst <edotserv...@gmail.com>
Subject Solr and Zookeeper Security
Date Thu, 03 Mar 2016 14:42:33 GMT
I am sorry to ask this question. But really i need some light on bellow

I want to run solr in cloud mode . So obliviously I am going to use

My quorum are distributed on 3 server with static ip , lets say


With solr pointing to this ensemble. Now my concern is how should I protect
it to other unauthorized zkClient to connect above quorum. One way could be
don't open the port for the client but then how will solr connect ?
other problem is how to safeguard  quorum interconnection.  I observed a
weird behavior  that I can point a fourth zookeeper from my local to the
above quorum (i have to know only ip and port which is not tough to find)
and it will be absorbed as a part of quorum and then I can use my local
zkClient to connect my local zoookeeper and have access to quorum which we
don't want. I want to define quorum in a way that foreign zookeeper server
is not able to
become part already configured quorum.

Again one more strange behavior about znode of zookeeper, User A can set
ACL of a znode and  user B which can connect to zookeeper but can't see the
content as it will throw ACL error that is fine but strange thing is user B
can still  delete the znode of A which he cant see. :(

I think a hell lot of things is not clear about zoookeeper security.

Please can you help me ? And don't forget my thanks in advance.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message