You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@zookeeper.apache.org by Thomas Ta Keßler <Th...@deutschebahn.com> on 2017/09/27 09:57:32 UTC

ZooKeeper 3.4.9: ACL based on IPv6 addresses

Hello,

I would like to configure some ACL based on IPv6 addresses. Unfortunately I do not find any documentation on this topic. The only documentation refers to IPv4 addresses, a command would look like this using CLI:
setAcl / ip:127.0.0.1:crdwa,ip:10.179.82.34:crdwa

Does anyone know how to do it? Or maybe as a workaround how to configure hostname based ACLs?

Thank you...
  Thomas

AW: ZooKeeper 3.4.9: ACL based on IPv6 addresses

Posted by Thomas Ta Keßler <Th...@deutschebahn.com>.

Hi Patrick,

I was testing with ACLs on several Linux machines trying to allow access from localhost and a remote address. The machines use both IPv4 and IPv6 on different network interfaces. Localhost is being translated to IPv6 ::1.

I was trying to set an ACL allowing access from localhost and a remote machine. The remote machine uses IPv4 in this case, but localhost is IPv6, so that the ACL declared for 127.0.0.1 is not recognized.

My workaround is currently enforcing the JVMs to use IPv4 in any case by setting the command line argument -Djava.net.preferIPv4Stack=true on all zookeeper server and client instances.

ciao
  Thomas

-----Ursprüngliche Nachricht-----
Von: Patrick Hunt [mailto:phunt@apache.org] 
Gesendet: Mittwoch, 4. Oktober 2017 19:52
An: UserZooKeeper <us...@zookeeper.apache.org>
Betreff: Re: ZooKeeper 3.4.9: ACL based on IPv6 addresses

Hi Thomas, I don't have any experience with this but I'm interested to know if you figured this out? If so would you be able to submit a jira and patch with a doc change explaining it? Or at the very least submit a jira explaining so that someone else can replicate/document? Thanks!

Patrick

On Wed, Sep 27, 2017 at 2:57 AM, Thomas Ta Keßler < Thomas.Ta.Kessler@deutschebahn.com> wrote:

> Hello,
>
> I would like to configure some ACL based on IPv6 addresses. 
> Unfortunately I do not find any documentation on this topic. The only 
> documentation refers to IPv4 addresses, a command would look like this using CLI:
> setAcl / ip:127.0.0.1:crdwa,ip:10.179.82.34:crdwa
>
> Does anyone know how to do it? Or maybe as a workaround how to 
> configure hostname based ACLs?
>
> Thank you...
>   Thomas
>

Re: ZooKeeper 3.4.9: ACL based on IPv6 addresses

Posted by Patrick Hunt <ph...@apache.org>.

Hi Thomas, I don't have any experience with this but I'm interested to know
if you figured this out? If so would you be able to submit a jira and patch
with a doc change explaining it? Or at the very least submit a jira
explaining so that someone else can replicate/document? Thanks!

Patrick

On Wed, Sep 27, 2017 at 2:57 AM, Thomas Ta Keßler <
Thomas.Ta.Kessler@deutschebahn.com> wrote:

> Hello,
>
> I would like to configure some ACL based on IPv6 addresses. Unfortunately
> I do not find any documentation on this topic. The only documentation
> refers to IPv4 addresses, a command would look like this using CLI:
> setAcl / ip:127.0.0.1:crdwa,ip:10.179.82.34:crdwa
>
> Does anyone know how to do it? Or maybe as a workaround how to configure
> hostname based ACLs?
>
> Thank you...
>   Thomas
>