New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support zookeeper authentication #1336

Closed
stevendborrelli opened this Issue Mar 26, 2015 · 1 comment

Comments

Projects
None yet
4 participants
@stevendborrelli

stevendborrelli commented Mar 26, 2015

Looking at the zookeeper client code in Main.scala, it does not look like zookeeper authentication is used, even if a zk://user:pass@zk:2181/marathon URL is used. This means we are unable to apply any ACLs on the /marathon znode.

  val client = new ZooKeeperClient(
      Amount.of(conf.zooKeeperTimeout().toInt, Time.MILLISECONDS),
      conf.zooKeeperHostAddresses.asJavaCollection
    )

The library supports passing in credentials: http://twitter.github.io/commons/apidocs/com/twitter/common/zookeeper/ZooKeeperClient.html

stevendborrelli added a commit to mantl/mantl that referenced this issue Mar 26, 2015

Open up ACLs for marathon due
This is due to marathon not supporting zk authentication:

mesosphere/marathon#1336

@kolloch kolloch added this to the 0.9.0 milestone May 18, 2015

@kolloch kolloch added the ready label May 22, 2015

@aquamatthias aquamatthias modified the milestones: Backlog, 0.9.0 Jun 8, 2015

@kolloch kolloch removed the ready label Jun 9, 2015

carlanton added a commit to carlanton/marathon that referenced this issue Jan 26, 2016

carlanton added a commit to carlanton/marathon that referenced this issue Mar 7, 2016

@TalonOne

This comment has been minimized.

TalonOne commented Apr 12, 2016

Any ETA on this ? This would really help secure the cluster better.

sttts added a commit that referenced this issue Apr 29, 2016

tgermain pushed a commit to tgermain/marathon that referenced this issue Nov 23, 2016

WIP: ZooKeeper digest authentication support (mesosphere#3847)
* Fixes mesosphere#1336 - Add support for ZK authentication

* Add curator zk authentication

* Set acls for leader election

* Add integration test for digest zk authentication

unterstein added a commit that referenced this issue Jan 23, 2017

WIP: ZooKeeper digest authentication support (#3847)
* Fixes #1336 - Add support for ZK authentication

* Add curator zk authentication

* Set acls for leader election

* Add integration test for digest zk authentication

@mesosphere mesosphere locked and limited conversation to collaborators Mar 27, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.