[jira] [Commented] (ZOOKEEPER-2793) [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers

Wed, 18 Oct 2017 12:07:41 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16209830#comment-16209830
 ] 

Patrick Hunt commented on ZOOKEEPER-2793:
-----------------------------------------

/zookeeper/authorized_hosts is very broad. Can we name it something that 
identifies it as a quorum peer related configuration parameter? Perhaps it 
should be /zookeeper/ensemble/authorized_hosts ? I'm not sure if that's the 
right name ("ensemble") to use, thoughts? I forget, what are we using in the 
configs? 

Can you be more explicit in the definition of a valid value. e.g. do we allow 
IP addresses or just host names or....

"Admin can update" - what specifically will that map to (acl/id/...) and will 
operators be able to change this? (say they want to delegate to other parties)

What will happen if the authorized_hosts scope is reduced, say a host that's 
already part of the quorum is removed from this list, what (if anything, 
perhaps nothing) will happen?

Is it possible to log changes to this znode in particular? So that we capture 
in the server logs. auditing purposes, etc...

This is a good start from what I see. Let's make sure to capture all these 
details in the docs as well (zk admin guide).


> [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic 
> reconfig servers
> -----------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2793
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: quorum, security
>            Reporter: Rakesh R
>            Assignee: Rakesh R
>             Fix For: 3.5.4, 3.6.0
>
>
> {{QuorumServer}} will do the authorization checks against configured 
> authorized hosts. During LE, QuorumLearner will send an authentication packet 
> to QuorumServer. Now, QuorumServer will check that the connecting 
> QuorumLearner’s hostname exists in the authorized hosts. If not exists then 
> connecting peer is not authorized to join this ensemble and the request will 
> be rejected immediately. 
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward, 
> can use the ensemble server details in zoo.cfg file. But with dynamic 
> reconfig, it has to consider the dynamic add/remove/update servers and need 
> to discuss the ways to handle dynamic cases.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to