ZooKeeper 3.4.9: ACL based on IPv6 addresses

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ZooKeeper 3.4.9: ACL based on IPv6 addresses

Thomas Ta Keßler
Hello,

I would like to configure some ACL based on IPv6 addresses. Unfortunately I do not find any documentation on this topic. The only documentation refers to IPv4 addresses, a command would look like this using CLI:
setAcl / ip:127.0.0.1:crdwa,ip:10.179.82.34:crdwa

Does anyone know how to do it? Or maybe as a workaround how to configure hostname based ACLs?

Thank you...
  Thomas
Reply | Threaded
Open this post in threaded view
|

Re: ZooKeeper 3.4.9: ACL based on IPv6 addresses

Patrick Hunt
Hi Thomas, I don't have any experience with this but I'm interested to know
if you figured this out? If so would you be able to submit a jira and patch
with a doc change explaining it? Or at the very least submit a jira
explaining so that someone else can replicate/document? Thanks!

Patrick

On Wed, Sep 27, 2017 at 2:57 AM, Thomas Ta Keßler <
[hidden email]> wrote:

> Hello,
>
> I would like to configure some ACL based on IPv6 addresses. Unfortunately
> I do not find any documentation on this topic. The only documentation
> refers to IPv4 addresses, a command would look like this using CLI:
> setAcl / ip:127.0.0.1:crdwa,ip:10.179.82.34:crdwa
>
> Does anyone know how to do it? Or maybe as a workaround how to configure
> hostname based ACLs?
>
> Thank you...
>   Thomas
>
Reply | Threaded
Open this post in threaded view
|

AW: ZooKeeper 3.4.9: ACL based on IPv6 addresses

Thomas Ta Keßler
Hi Patrick,

I was testing with ACLs on several Linux machines trying to allow access from localhost and a remote address. The machines use both IPv4 and IPv6 on different network interfaces. Localhost is being translated to IPv6 ::1.

I was trying to set an ACL allowing access from localhost and a remote machine. The remote machine uses IPv4 in this case, but localhost is IPv6, so that the ACL declared for 127.0.0.1 is not recognized.

My workaround is currently enforcing the JVMs to use IPv4 in any case by setting the command line argument -Djava.net.preferIPv4Stack=true on all zookeeper server and client instances.

ciao
  Thomas

-----Ursprüngliche Nachricht-----
Von: Patrick Hunt [mailto:[hidden email]]
Gesendet: Mittwoch, 4. Oktober 2017 19:52
An: UserZooKeeper <[hidden email]>
Betreff: Re: ZooKeeper 3.4.9: ACL based on IPv6 addresses

Hi Thomas, I don't have any experience with this but I'm interested to know if you figured this out? If so would you be able to submit a jira and patch with a doc change explaining it? Or at the very least submit a jira explaining so that someone else can replicate/document? Thanks!

Patrick

On Wed, Sep 27, 2017 at 2:57 AM, Thomas Ta Keßler < [hidden email]> wrote:

> Hello,
>
> I would like to configure some ACL based on IPv6 addresses.
> Unfortunately I do not find any documentation on this topic. The only
> documentation refers to IPv4 addresses, a command would look like this using CLI:
> setAcl / ip:127.0.0.1:crdwa,ip:10.179.82.34:crdwa
>
> Does anyone know how to do it? Or maybe as a workaround how to
> configure hostname based ACLs?
>
> Thank you...
>   Thomas
>