Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
1.1.8
-
None
-
None
Description
Enabling user table region replication and meta region replication on a secured HBase cluster using a secured ZK quorum results in incorrect ACL on the secondary ZNodes created for meta replica.
– ACL on Primary ZNode
getAcl /hbase/meta-region-server 'sasl,'hbase : cdrwa 'world,'anyone : r 'sasl,'hbase : cdrwa
– ACL on a secondary ZNode
getAcl /hbase/meta-region-server-2 'sasl,'hbase : cdrwa 'sasl,'hbase : cdrwa
Since there is no world:read access on the secondary, client fail with org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /hbase/meta-region-server-2
The fix is to manually update the ACL on the ZNodes for the secondary replicas.