[
https://issues.apache.org/jira/browse/ZOOKEEPER-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15507142#comment-15507142
]
Arshad Mohammad commented on ZOOKEEPER-2589:
--------------------------------------------
Theoretically, the reason for this problem is same as the ZOOKEEPER-2547. As
you have enabled the SSL, you must have configured serverCnxnFactory=
org.apache.zookeeper.server.NettyServerCnxnFactory in server.
NettyServerCnxnFactory is not adding the client IP as authorized ip which leads
to this problem.
May be, you can take ZOOKEEPER-2547 latest patch, verify it and give feedback
here.
> Not able to access znode if IP ACL is set on a znode when zookeeper started
> in ssl mode
> ----------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2589
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2589
> Project: ZooKeeper
> Issue Type: Bug
> Affects Versions: 3.5.1
> Reporter: Rakesh Kumar Singh
>
> Not able to access znode if IP ACL is set on a znode when zookeeper started
> in ssl mode.
> Steps to reproduce:-
> 1. Start zookeeper in SSL (standalone) mode
> 2. Create a znode
> 3. set ip ACL and connect the zkCli and try to access, it does not allow.
> [zk: localhost:2181(CONNECTED) 3] setAcl /test ip:127.0.0.1:crdwa
> [zk: localhost:2181(CONNECTED) 5] quit
> >> start the zkCli with 127.0.0.1 and trying access the znode
> [zk: 127.0.0.1:2181(CONNECTED) 0] get -s /test
> Authentication is not valid : /test
> [zk: 127.0.0.1:2181(CONNECTED) 1] getAcl /test
> 'ip,'127.0.0.1
> : cdrwa
> [zk: 127.0.0.1:2181(CONNECTED) 2] get /test
> Authentication is not valid : /test
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
