zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: ACL implimentation
Date Thu, 13 Jun 2019 03:12:07 GMT
Hm. While formulating a response I re-discovered this, which I didn't find
earlier:
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication
really we should move the cli shell information in particular into the
"getting started" docs page of ZK.

Here are my notes from the testing session I did:
----
java -cp build/classes:build/lib/*
org.apache.zookeeper.server.auth.DigestAuthenticationProvider pat:test
pat:test->pat:KDzjoQ5VTKQfcjheJHwntPTKiXc=

zkCli.sh

addauth digest pat:test

create /mynode content digest:pat:KDzjoQ5VTKQfcjheJHwntPTKiXc=:cdrwa

setAcl / digest:pat:KDzjoQ5VTKQfcjheJHwntPTKiXc=:cdrwa

getAcl /foo

setAcl /foo2 digest:pat:KDzjoQ5VTKQfcjheJHwntPTKiXc=:cdrwa
----


On Mon, Jun 10, 2019 at 2:31 PM rammohan ganapavarapu <
rammohanganap@gmail.com> wrote:

> Can you guys share your learnings or exp so that i dont have to go through
> that pain if i want to enable ACL ?
>
> Ram
>
> On Mon, Jun 10, 2019 at 2:00 PM Andor Molnár <andor@apache.org> wrote:
>
> > Agreed. I had to dig a bunch of Hortonworks / Stackoverflow docs to
> > learn how ACLs work.
> >
> >
> > Andor
> >
> >
> >
> > On 2019. 06. 09. 17:03, Patrick Hunt wrote:
> > > I had to deal with some ACL issues myself recently and noticed the lack
> > of
> > > docs we have, both generally and best practices. I spent a bunch of
> time
> > > when testing the recent ACL changes from Andor just re-learning the
> shell
> > > commands and config necessary to exercise the patches. This would be a
> > > great area for contributions.
> > >
> > > Patrick
> > >
> > > On Fri, Jun 7, 2019 at 8:04 AM rammohan ganapavarapu <
> > > rammohanganap@gmail.com> wrote:
> > >
> > >> Enrico,
> > >>
> > >> Thank you.
> > >>
> > >> Ram
> > >>
> > >> On Fri, Jun 7, 2019 at 5:30 AM Enrico Olivelli <eolivelli@gmail.com>
> > >> wrote:
> > >>
> > >>> Ram
> > >>> Can you describe better your problem ?
> > >>> Usually you are activating auth on clients and then you apply the
> ACLs
> > >> this
> > >>> way all clients will be able to access data.
> > >>>
> > >>> Try our procedure in a staging environment before doing in in
> > production
> > >>>
> > >>> Enrico
> > >>>
> > >>> Il gio 6 giu 2019, 23:56 rammohan ganapavarapu <
> > rammohanganap@gmail.com>
> > >>> ha
> > >>> scritto:
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> Is there any recommendations or best practices on implementing
ACL
> on
> > >>>> existing zookeeper cluster with production data with out downtime?
> > >>>>
> > >>>> Thanks,
> > >>>> Ram
> > >>>>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message