[SOLR-7889] Secure ZooKeeper should be easy and the default - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:
- security
- zookeeper

Description

ZooKeeper security is documented at https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control but is not trivial to setup, see http://search-lucene.com/m/eHNlqr6EnMrP6O

As we enable more and more security stuff, securing ZK should be easier to do and ideally the default. This is an umbrella for such improvements.

When all of this is in place and working, perhaps even Solr should refuse to start if Auth/Autz plugins are in use and ZK communication is not properly protected, e.g. require bin/solr start --insecure to override.

Attachments

Issue Links

depends upon

SOLR-8346 Upgrade Zookeeper to version 3.5.5

Closed

Is contained by

SOLR-7236 Securing Solr (umbrella issue)

Closed

Sub-Tasks

1.	By default require admin rights to access /security.json in ZK	Resolved	Jan Høydahl
2.	Start scripts to enable secure ZK by default	Open	Unassigned
3.	Allow configuring ZK credentials and ACL outside of solr.xml	Open	Unassigned
4.	Document ZooKeeper SSL support	Reopened	Jan Høydahl
5.	Easy setup of ZooKeeper SSL in bin/solr	Open	Jan Høydahl
6.	zkcli.sh support for SSL enabled ZK communication	Open	Unassigned

Activity

People

Assignee:: Unassigned

Reporter:: Jan Høydahl

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 07/Aug/15 00:09

Updated:: 29/Jul/19 12:21