Hello, I am working on a project implementing Zookeeper and Solr cloud on a cluster with 3 servers. I need to secure my zookeeper nodes so that they can only communicate among themselves, I tried implementing ACLs according to the documentation (https://lucene.apache.org/solr/guide/7_2/zookeeper-access-control.html) but I am still able to update a file on the cluster from another server outside the cluster, which means ACLs are not working properly. Here are the changes I made: solr-7.2.1/server/solr/solr.xml <solrcloud> <str name="host">${host:}</str> <int name="hostPort">${jetty.port:8983}</int> <str name="hostContext">${hostContext:solr}</str> <bool name="genericCoreNodeNames">${genericCoreNodeNames:true}</bool> <int name="zkClientTimeout">${zkClientTimeout:30000}</int> <int name="distribUpdateSoTimeout">${distribUpdateSoTimeout:600000}</int> <int name="distribUpdateConnTimeout">${distribUpdateConnTimeout:60000}</int> #<str name="zkCredentialsProvider">${zkCredentialsProvider:org.apache.solr.common.cloud.DefaultZkCredentialsProvider}</str> <str name="zkCredentialsProvider">${zkCredentialsProvider:org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider}</str> #<str name="zkACLProvider">${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider}</str> <str name="zkACLProvider">${zkACLProvider:org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider}</str> /solr-7.2.1/server/scripts/cloud-scripts/zkcli.sh: # Settings for ZK ACL SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider \ -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider \ -DzkDigestUsername=admin -DzkDigestPassword=CHANGE" # -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD"
/solr-7.2.1/bin/solr.in.sh: # Settings for ZK ACL SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider \ -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider \ -DzkDigestUsername=admin -DzkDigestPassword=CHANGE" # -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD" SOLR_OPTS="$SOLR_OPTS $SOLR_ZK_CREDS_AND_ACLS" I would appreciate some input as to enabling ACLs and securing the zookeeper cluster. Thank you,Ana
