Hm. While formulating a response I re-discovered this, which I didn't find earlier: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authentication really we should move the cli shell information in particular into the "getting started" docs page of ZK.
Here are my notes from the testing session I did: ---- java -cp build/classes:build/lib/* org.apache.zookeeper.server.auth.DigestAuthenticationProvider pat:test pat:test->pat:KDzjoQ5VTKQfcjheJHwntPTKiXc= zkCli.sh addauth digest pat:test create /mynode content digest:pat:KDzjoQ5VTKQfcjheJHwntPTKiXc=:cdrwa setAcl / digest:pat:KDzjoQ5VTKQfcjheJHwntPTKiXc=:cdrwa getAcl /foo setAcl /foo2 digest:pat:KDzjoQ5VTKQfcjheJHwntPTKiXc=:cdrwa ---- On Mon, Jun 10, 2019 at 2:31 PM rammohan ganapavarapu < [email protected]> wrote: > Can you guys share your learnings or exp so that i dont have to go through > that pain if i want to enable ACL ? > > Ram > > On Mon, Jun 10, 2019 at 2:00 PM Andor Molnár <[email protected]> wrote: > > > Agreed. I had to dig a bunch of Hortonworks / Stackoverflow docs to > > learn how ACLs work. > > > > > > Andor > > > > > > > > On 2019. 06. 09. 17:03, Patrick Hunt wrote: > > > I had to deal with some ACL issues myself recently and noticed the lack > > of > > > docs we have, both generally and best practices. I spent a bunch of > time > > > when testing the recent ACL changes from Andor just re-learning the > shell > > > commands and config necessary to exercise the patches. This would be a > > > great area for contributions. > > > > > > Patrick > > > > > > On Fri, Jun 7, 2019 at 8:04 AM rammohan ganapavarapu < > > > [email protected]> wrote: > > > > > >> Enrico, > > >> > > >> Thank you. > > >> > > >> Ram > > >> > > >> On Fri, Jun 7, 2019 at 5:30 AM Enrico Olivelli <[email protected]> > > >> wrote: > > >> > > >>> Ram > > >>> Can you describe better your problem ? > > >>> Usually you are activating auth on clients and then you apply the > ACLs > > >> this > > >>> way all clients will be able to access data. > > >>> > > >>> Try our procedure in a staging environment before doing in in > > production > > >>> > > >>> Enrico > > >>> > > >>> Il gio 6 giu 2019, 23:56 rammohan ganapavarapu < > > [email protected]> > > >>> ha > > >>> scritto: > > >>> > > >>>> Hi, > > >>>> > > >>>> Is there any recommendations or best practices on implementing ACL > on > > >>>> existing zookeeper cluster with production data with out downtime? > > >>>> > > >>>> Thanks, > > >>>> Ram > > >>>> > > >
