AQL - Setting whitelist of of over 32 IPs gives AEROSPIKE_INVALID_WHITELIST

jonathan · April 17, 2020, 9:33pm

I’m trying to set a whitelist for a role using AQL.

$ aql -U root -P root -c "set whitelist $WHITELIST for $ROLE"
OK

This works fine until the whitelist contains over 32 IP addresses.

$ aql -U root -P root -c "set whitelist $BIGGER_WHITELIST for $ROLE"
Error: (73) AEROSPIKE_INVALID_WHITELIST

The logs show that this behavior is expected.

Apr 17 2020 23:04:59 GMT: WARNING (security): (security_role.c:629) too many IP-nets in whitelist
Apr 17 2020 23:04:59 GMT: WARNING (security): (security.c:3534) set whitelist - bad whitelist

What is the correct way to create a whitelist for a role with a whitelist of over 32 IP addresses?

Tony_Chung · April 24, 2020, 7:24pm

Currently, there is a max limit of 32 entries but you can specify CIDR notations. So you could have 32 subnets (e.g. 192.168.10.0/24).

In addition, you can assign multiple roles to a user. So with 5 roles, you could have 5*32 = 160 entries.

Topic		Replies	Views
Aql client overwhelmed by "WARN AEROSPIKE_ERR_TIMEOUT" AQL	29	5916	February 8, 2017
Error: (11) AEROSPIKE_ERR_CLUSTER AQL	2	3036	March 6, 2015
Not able to login using "admin":"admin" password in AQL AQL aql	6	2939	July 29, 2018
Aerospike_err_cluster AQL	2	1948	July 6, 2017
Client timeout error on Ubuntu 14.04 AQL	4	3392	April 9, 2015

AQL - Setting whitelist of of over 32 IPs gives AEROSPIKE_INVALID_WHITELIST

Related Topics