zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Langille <...@langille.org>
Subject ACL - restricting connections by IP address
Date Thu, 08 Dec 2016 16:17:34 GMT
Is my conclusion correct?

We cannot tell zookeeper to only accept connections from a given IP range. Rather, we must
restrict access to znodes within zookeeper.  Each znode has its own ACL.

There is no inheriting from parent, no way to globally restrict access.  It must be done on
a znode by znode basis.

There's no configuration file where we can tell zookeeper to only accept connections from
10.0.0.0/16, for example.  If we want to do that on a global basis, a firewall rule is a better
solution than setting it on every node.

-- 
Dan Langille - BSDCan / PGCon
dan@langille.org



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message