Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-19353

Enabling meta region replication sets incorrect ACL on the ZK Znode

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 1.1.8
    • None
    • master, read replicas
    • None

    Description

      Enabling user table region replication and meta region replication on a secured HBase cluster using a secured ZK quorum results in incorrect ACL on the secondary ZNodes created for meta replica.
      – ACL on Primary ZNode

       getAcl /hbase/meta-region-server
'sasl,'hbase
: cdrwa
'world,'anyone
: r
'sasl,'hbase
: cdrwa

      – ACL on a secondary ZNode

      getAcl /hbase/meta-region-server-2
'sasl,'hbase
: cdrwa
'sasl,'hbase
: cdrwa

      Since there is no world:read access on the secondary, client fail with org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /hbase/meta-region-server-2

      The fix is to manually update the ACL on the ZNodes for the secondary replicas.

      Attachments

        Activity

          People

            Unassigned Unassigned
            gsbiju Biju Nair
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: