zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Ta Keßler <Thomas.Ta.Kess...@deutschebahn.com>
Subject AW: ZooKeeper 3.4.9: ACL based on IPv6 addresses
Date Thu, 05 Oct 2017 06:17:02 GMT
Hi Patrick,

I was testing with ACLs on several Linux machines trying to allow access from localhost and
a remote address. The machines use both IPv4 and IPv6 on different network interfaces. Localhost
is being translated to IPv6 ::1.

I was trying to set an ACL allowing access from localhost and a remote machine. The remote
machine uses IPv4 in this case, but localhost is IPv6, so that the ACL declared for 127.0.0.1
is not recognized.

My workaround is currently enforcing the JVMs to use IPv4 in any case by setting the command
line argument -Djava.net.preferIPv4Stack=true on all zookeeper server and client instances.

ciao
  Thomas

-----Ursprüngliche Nachricht-----
Von: Patrick Hunt [mailto:phunt@apache.org] 
Gesendet: Mittwoch, 4. Oktober 2017 19:52
An: UserZooKeeper <user@zookeeper.apache.org>
Betreff: Re: ZooKeeper 3.4.9: ACL based on IPv6 addresses

Hi Thomas, I don't have any experience with this but I'm interested to know if you figured
this out? If so would you be able to submit a jira and patch with a doc change explaining
it? Or at the very least submit a jira explaining so that someone else can replicate/document?
Thanks!

Patrick

On Wed, Sep 27, 2017 at 2:57 AM, Thomas Ta Keßler < Thomas.Ta.Kessler@deutschebahn.com>
wrote:

> Hello,
>
> I would like to configure some ACL based on IPv6 addresses. 
> Unfortunately I do not find any documentation on this topic. The only 
> documentation refers to IPv4 addresses, a command would look like this using CLI:
> setAcl / ip:127.0.0.1:crdwa,ip:10.179.82.34:crdwa
>
> Does anyone know how to do it? Or maybe as a workaround how to 
> configure hostname based ACLs?
>
> Thank you...
>   Thomas
>
Mime
View raw message