You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@zookeeper.apache.org by "Proctor, Janet [USA]" <pr...@bah.com> on 2013/05/29 22:09:25 UTC

Ip ACL

Hello,



I am trying to use ACLs to lock down znodes to a specific Ip Address. I am getting a NoAuth error when I try create the sturcture /testkeystore/certs/somecert.pem.  I create the node /testkeystore with an ACL of cdrwa with no problem. When I try to attach certs to /testkeystore (/testkeystore/certs), I get an the NoAuth error on the create method below.  I had to type this code in email, beacuse it lives a different network. Please excuse mistabbling. It should compile. I've tried to account for all of the braces. Also, please forgive the catch all exceptions, I'm just trying to get things to work.





My code is as follows:



DataStore mystore = new DataStore();

mystore.connect();

mystore.create("testkeystore", null);

mystore.copyFolder(new File("home/hadoop/testkeystore/certs"), "/testkeystore/certs");

mystore.close();





public class DataStore implements Watcher {



private ZooKeeper zk;

List <ACL> aclLst = new ArrayList<ACL> (1);



public void connect throws IOException, InterruptedException {



zk = new Zookeeper("localhost", SESSION_TIMEOUT, this);

zk.addAuthInfo("ip", "#.#.#.#) //the #s are the ip address of the server that i'm running zookeeper on and executing this code on

aclLst.add(new ACL(Perms.ALL, new Id("ip", "#.#.#.#")));

connectedSignal.await()



}



public void create(String path, byte [] fileBytes) throws KeeperException, InterruptedException, Exception

{

Stat stat = zk.exists(path, false);



    if(stat == null){

        zk.create(path, fileBytes, aclLst, CreateMode.PERSISTENT);

    }



    else

    {

        zk.setData(path, fileBytes, -1);

    }

}





public void copyFolder(File srcFolder, String dst) throws Exception

{

    String dstFolder = dst;





        if(srcFolder.isDirectory())

        {

            Stat stat = zk.exists(dst, false);



        if(stat == null){

            zk.create(dst, new byte[0], aclLst, CreateMode.PERSISTENT);

        }

        String files [] = srcFolder.list();

        for(String file:files)

        {

            File srcFile = new File(srcFolder, file);

            dstFolder = dst + "/" + file;



        //recursive copy

        copyFolder(srcFile, dstFolder);

        }



    }

    else

    {



        copyFromLocal(srcFolder.getPath, dstFolder);

    }



}



public void copyFromLocal(String src, String dst) throws Exception

{

File srcFile = new File (src);

file byte [] fileBytes;



InputStream in = null;



    try{



         in = new FileInputStream(srcFile);

         fileBytes = readFully(in)_;

        create(dst, fileBytes);

        }



    finally {

    if(in != null)

        try {

        in.close();

        }



        catch(Exception ignore) {

        }

    }



}



private static byte [] readFully(final InputStream in ) throws IOException {



final ByteArrayOutputStream buf1 = new ByteArrayOutputStream();

final byte [] buf2 = new byte[8*1024];

for(int read; (read = in.read(buf2)) >0;){

    buf1.write(buf2, 0, read);

    }

return buf1.toByteArray();

}



}







Janet Proctor, PMP
Booz Allen Hamilton
301-617-2565 (Booz Allen)
410-854-3559(Client Site)

Re: Ip ACL

Posted by Michi Mutsuzaki <mi...@cs.stanford.edu>.

Hi Janet,

I'm guessing the client IP address the server sees is 127.0.0.1 (which
is probably different from the ip address you specify in addAuthInfo)
if the client and the server are running on a same host. You can try
passing 127.0.0.1 to addAuthInfo and see if it works.

--Michi

On Wed, May 29, 2013 at 1:09 PM, Proctor, Janet [USA]
<pr...@bah.com> wrote:
> Hello,
>
>
>
> I am trying to use ACLs to lock down znodes to a specific Ip Address. I am getting a NoAuth error when I try create the sturcture /testkeystore/certs/somecert.pem.  I create the node /testkeystore with an ACL of cdrwa with no problem. When I try to attach certs to /testkeystore (/testkeystore/certs), I get an the NoAuth error on the create method below.  I had to type this code in email, beacuse it lives a different network. Please excuse mistabbling. It should compile. I've tried to account for all of the braces. Also, please forgive the catch all exceptions, I'm just trying to get things to work.
>
>
>
>
>
> My code is as follows:
>
>
>
> DataStore mystore = new DataStore();
>
> mystore.connect();
>
> mystore.create("testkeystore", null);
>
> mystore.copyFolder(new File("home/hadoop/testkeystore/certs"), "/testkeystore/certs");
>
> mystore.close();
>
>
>
>
>
> public class DataStore implements Watcher {
>
>
>
> private ZooKeeper zk;
>
> List <ACL> aclLst = new ArrayList<ACL> (1);
>
>
>
> public void connect throws IOException, InterruptedException {
>
>
>
> zk = new Zookeeper("localhost", SESSION_TIMEOUT, this);
>
> zk.addAuthInfo("ip", "#.#.#.#) //the #s are the ip address of the server that i'm running zookeeper on and executing this code on
>
> aclLst.add(new ACL(Perms.ALL, new Id("ip", "#.#.#.#")));
>
> connectedSignal.await()
>
>
>
> }
>
>
>
> public void create(String path, byte [] fileBytes) throws KeeperException, InterruptedException, Exception
>
> {
>
> Stat stat = zk.exists(path, false);
>
>
>
>     if(stat == null){
>
>         zk.create(path, fileBytes, aclLst, CreateMode.PERSISTENT);
>
>     }
>
>
>
>     else
>
>     {
>
>         zk.setData(path, fileBytes, -1);
>
>     }
>
> }
>
>
>
>
>
> public void copyFolder(File srcFolder, String dst) throws Exception
>
> {
>
>     String dstFolder = dst;
>
>
>
>
>
>         if(srcFolder.isDirectory())
>
>         {
>
>             Stat stat = zk.exists(dst, false);
>
>
>
>         if(stat == null){
>
>             zk.create(dst, new byte[0], aclLst, CreateMode.PERSISTENT);
>
>         }
>
>         String files [] = srcFolder.list();
>
>         for(String file:files)
>
>         {
>
>             File srcFile = new File(srcFolder, file);
>
>             dstFolder = dst + "/" + file;
>
>
>
>         //recursive copy
>
>         copyFolder(srcFile, dstFolder);
>
>         }
>
>
>
>     }
>
>     else
>
>     {
>
>
>
>         copyFromLocal(srcFolder.getPath, dstFolder);
>
>     }
>
>
>
> }
>
>
>
> public void copyFromLocal(String src, String dst) throws Exception
>
> {
>
> File srcFile = new File (src);
>
> file byte [] fileBytes;
>
>
>
> InputStream in = null;
>
>
>
>     try{
>
>
>
>          in = new FileInputStream(srcFile);
>
>          fileBytes = readFully(in)_;
>
>         create(dst, fileBytes);
>
>         }
>
>
>
>     finally {
>
>     if(in != null)
>
>         try {
>
>         in.close();
>
>         }
>
>
>
>         catch(Exception ignore) {
>
>         }
>
>     }
>
>
>
> }
>
>
>
> private static byte [] readFully(final InputStream in ) throws IOException {
>
>
>
> final ByteArrayOutputStream buf1 = new ByteArrayOutputStream();
>
> final byte [] buf2 = new byte[8*1024];
>
> for(int read; (read = in.read(buf2)) >0;){
>
>     buf1.write(buf2, 0, read);
>
>     }
>
> return buf1.toByteArray();
>
> }
>
>
>
> }
>
>
>
>
>
>
>
> Janet Proctor, PMP
> Booz Allen Hamilton
> 301-617-2565 (Booz Allen)
> 410-854-3559(Client Site)