[jira] [Commented] (ZOOKEEPER-2793) [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic reconfig servers

Thu, 16 Nov 2017 02:19:27 -0800 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16255066#comment-16255066
 ] 

Rakesh R commented on ZOOKEEPER-2793:
-------------------------------------

bq. My main remaining concern is that we could end up locking up the cluster 
and not being able to recover.
bq. Perhaps there is a control somewhere else that enables/disables this 
feature? In the worst-case scenario the admin could disable, recover the 
cluster, reset the "authzhosts" and then re-enable. That seems like a copout 
though. Is there a better way?
Thanks for emphasising the recovery part. Yes, quorum auth feature already has 
enable/disable via configuration. Admin can disable it and then allows to join 
new set of servers and form the quorum. Then, 
{{/zookeeper/ensemble/authorized_hosts}} znode data can be corrected with 
required host details. Later, they can enable the flag and re-form the quorum 
by restarting the servers. 
Since there is no way to dynamically enable/disable this feature, admin has to 
restart the server two times. One with disable the flag and secondly after 
enabling the flag. 

Does this make sense to you?
{code}
"quorum.auth.enableSasl=false" // If false, no authentication at all.
{code}

> [QP MutualAuth]: Implement a mechanism to build "authzHosts" for dynamic 
> reconfig servers
> -----------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2793
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2793
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: quorum, security
>            Reporter: Rakesh R
>            Assignee: Rakesh R
>             Fix For: 3.5.4, 3.6.0
>
>
> {{QuorumServer}} will do the authorization checks against configured 
> authorized hosts. During LE, QuorumLearner will send an authentication packet 
> to QuorumServer. Now, QuorumServer will check that the connecting 
> QuorumLearner’s hostname exists in the authorized hosts. If not exists then 
> connecting peer is not authorized to join this ensemble and the request will 
> be rejected immediately. 
> In {{branch-3.4}} building {{authzHosts}} list is pretty straight forward, 
> can use the ensemble server details in zoo.cfg file. But with dynamic 
> reconfig, it has to consider the dynamic add/remove/update servers and need 
> to discuss the ways to handle dynamic cases.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to