zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Szalay-Bekő Máté <szalay.beko.m...@gmail.com>
Subject Re: Side affects of setting quorumListenOnAllIPs to true
Date Tue, 16 Jun 2020 07:55:03 GMT
Hi Ram,

> all i want to know is by enabling this property there are no side effects
or security risks.

well, this is something for you (or for your security team) to evaluate.
E.g. if your hosts have multiple network interfaces with both "private" and
"public" networks attached, then I can consider setting
quorumListenOnAllIPs=true to be a security risk. Of course you can block
the public access with proper firewall rules.

But usually ZooKeeper is deployed in some secure / core infrastructure,
well protected from DOS / other attacks, in which
case quorumListenOnAllIPs=true is not a real security risk.

This is something we (the ZooKeeper community) will not be able to tell, as
this depends on your network topology and your security protocols. We can
only help in explaining what this config is doing.

Kind regards,
Mate

On Mon, Jun 15, 2020 at 7:12 PM rammohan ganapavarapu <
rammohanganap@gmail.com> wrote:

> Mate,
>
> Thanks for explaining, all i want to know is by enabling this property
> there are no side effects or security risks.
>
> Ram
>
> On Sun, Jun 14, 2020 at 11:48 PM Szalay-Bekő Máté <
> szalay.beko.mate@gmail.com> wrote:
>
> > Hi Ram,
> >
> > I am not sure I understand your question. The config quorumListenOnAllIPs
> > is about to specify if the ports ZooKeeper uses for Server-to-server
> > communication should bind on the specified address/IP
> > (quorumListenOnAllIPs=false) or on 0.0.0.0 (quorumListenOnAllIPs=true).
> >
> > An example: You configure your server list using either static or dynamic
> > configuration like:
> > server.1=a.foo.com:2888:3888
> > server.2=b.foo.com:2888:3888
> > ...
> >
> > In this case when server.2 starts, it reads the config then initiates
> > connection (for ZK internal leader election protocol) to server.1 by
> > connecting to a.foo.com:3888 and sending it's own address (
> b.foo.com:3888)
> > enabling server.1 to connect back. However, if server.2 is behind a
> proxy /
> > using kubernetes / whatever, then it is possible that you can reach
> > server.2 as b.foo.com but the ZK process on server.2 can not actually
> bind
> > on b.foo.com:3888. In this case the easiest solution is to bind on
> > 0.0.0.0:3888. However, you can not set 0.0.0.0:3888 in the config file
> of
> > server 2, since in this case server.2 would send 0.0.0.0:3888 in the
> > initial message to server.1 and server.1 would try to connect back to
> > server.2 using 0.0.0.0:3888 what is a bad idea. So in this case it comes
> > handy to set quorumListenOnAllIPs=true which will cause ZooKeeper to bind
> > on 0.0.0.0:3888 and still send a 'valid' address in the initial message,
> > an
> > address where other servers can reach it.
> >
> > I hope the explanation made it more (and not less) clear :p
> >
> > Kind regards,
> > Mate
> >
> >
> > On Fri, Jun 12, 2020 at 7:42 PM rammohan ganapavarapu <
> > rammohanganap@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > I am trying to see what are the pros and cons of setting
> > > quorumListenOnAllIPs to true. Running zookeeper cluster in mtls or
> local
> > > proxy environments is not working by keeping default value (false). So
> > can
> > > someone please explain?
> > >
> > > Any way zookeeper will form quorum with the servers list from the
> > zoo.conf
> > > static file right? so by enabling this property can any server or IP
> out
> > of
> > > the zoo.conf can join the quorum?
> > >
> > > Ram
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message