Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2014

Only admin should be allowed to reconfig a cluster

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 3.5.0
    • 3.5.3, 3.6.0
    • server
    • None

    Description

      ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We should, at the very least, ensure that only the Admin can reconfigure a cluster. Perhaps restricting access to /zookeeper/config as well, though this is debatable. Surely one could ensure Admin only access via an ACL, but that would leave everyone who doesn't use ACLs unprotected. We could also force a default ACL to make it a bit more consistent (maybe).

      Finally, making reconfig() only available to Admins means they have to run with zookeeper.DigestAuthenticationProvider.superDigest (which I am not sure if everyone does, or how would it work with other authentication providers).

      Review board https://reviews.apache.org/r/51546/

      Attachments

        1. ZOOKEEPER-2014.patch
          131 kB
          Michael Han
        2. ZOOKEEPER-2014.patch
          131 kB
          Michael Han
        3. ZOOKEEPER-2014.patch
          159 kB
          Michael Han
        4. ZOOKEEPER-2014.patch
          159 kB
          Michael Han
        5. ZOOKEEPER-2014.patch
          123 kB
          Michael Han
        6. ZOOKEEPER-2014.patch
          121 kB
          Michael Han
        7. ZOOKEEPER-2014.patch
          118 kB
          Michael Han
        8. ZOOKEEPER-2014.patch
          118 kB
          Michael Han
        9. ZOOKEEPER-2014.patch
          110 kB
          Michael Han
        10. ZOOKEEPER-2014.patch
          104 kB
          Michael Han
        11. ZOOKEEPER-2014.patch
          104 kB
          Michael Han
        12. ZOOKEEPER-2014.patch
          94 kB
          Michael Han
        13. ZOOKEEPER-2014.patch
          94 kB
          Michael Han
        14. ZOOKEEPER-2014.patch
          78 kB
          Michael Han
        15. ZOOKEEPER-2014.patch
          2 kB
          Raúl Gutiérrez Segalés

        Issue Links

        is broken by

        Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-2642 ZooKeeper reconfig API backward compatibility fix

        • Blocker - Blocks development and/or testing work, production could not run
        • Closed
        is related to

        Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-107 Allow dynamic changes to server cluster membership

        • Major - Major loss of function.
        • Resolved
        links to

        Web Link GitHub Pull Request #94

        Web Link GitHub Pull Request #96

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            hanm Michael Han
            rgs Raúl Gutiérrez Segalés
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment