Web Application Platform uses Zookeeper to coordinate the work of its services (e.g., Resources, Cameo Collaborator for Teamwork Cloud, Reports, etc.). Zookeeper stores the data that services must share in a hierarchical structure called a Zookeeper data tree. By default, anyone with access to the Zookeeper server can read or change the data tree nodes. However, you can limit access to Zookeeper, by configuring it to use ACLs (Access Contol Lists) which provide fine-grained control over who can access and modify data stored in Zookeeper. Learn more about Zookeeper ACLs>>
To enable and configure access to Zookeeper using ACLs
- Go to the <install_root>/WebAppPlatform/shared/conf directory and open for editing the webappplatform.properties file.
In the file, uncomment and specify the following properties:
zookeeper.acl.enable=true zookeeper.acl.username=<user_name> zookeeper.acl.password=<password> zookeeper.acl.user.permissions=all
The valid values of the zookeeper.acl.user.permissions property are all, read, write, create, delete, admin. If the property is not specified, the all value is used.
- Restart Web Application Platform.
After enabling access to Zookeeper using ACLs, you can define and/or change ACLs for Zookeeper nodes and this way determine which entities have access to specific nodes within the ZooKeeper distributed file system.
For example, you can configure Zookeeper to use digest authentication by running the addauth digest user:password command. Then you can authenticate yourself to the server using the addauth command in the ZooKeeper CLI. The addauth command sends the password hash to the ZooKeeper server, which validates it and grants you access to its nodes. Once you have authenticated yourself, you can use the ZooKeeper CLI to manage Zookeeper nodes. Learn how to use Zookeeper CLI >>