Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-15200

ZooKeeper znode ACL checks should only compare the shortname

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.2.0, 1.0.3, 1.1.3, 0.98.17, 2.0.0
    • Fix Version/s: 1.2.0, 1.3.0, 1.1.4, 1.0.4, 0.98.18, 2.0.0
    • Component/s: security
    • Labels:
      None

      Description

      After HBASE-13768 we check at startup in secure configurations if our znodes have the correct ACLs. However when checking the ACL we compare the Kerberos fullname, which includes the host component. We should only compare the shortname, the principal. Otherwise in a multimaster configuration we will unnecessarily reset ACLs whenever any master running on a host other than the one that initialized the ACLs makes the check. You can imagine this happening multiple times in a rolling restart scenario.

        Attachments

        1. HBASE-15200-branch-1.1.patch
          6 kB
          Andrew Kyle Purtell
        2. HBASE-15200-branch-1.0.patch
          7 kB
          Andrew Kyle Purtell
        3. HBASE-15200.patch
          5 kB
          Andrew Kyle Purtell
        4. HBASE-15200.patch
          4 kB
          Andrew Kyle Purtell

          Activity

            People

            • Assignee:
              apurtell Andrew Kyle Purtell
              Reporter:
              apurtell Andrew Kyle Purtell
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: