This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/accumulo-website.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 010f8f92 Automatic Site Publish by Buildbot
010f8f92 is described below
commit 010f8f92e0a1197c4f0bc813073f903416c7640b
Author: buildbot <[email protected]>
AuthorDate: Mon Feb 6 19:27:59 2023 +0000
Automatic Site Publish by Buildbot
---
output/docs/2.x/administration/upgrading.html | 2 ++
output/docs/2.x/troubleshooting/tools.html | 35 ++++++++++++++++++++++
output/docs/2.x/troubleshooting/zookeeper.html | 41 +++++++++++++++++++++++++-
output/feed.xml | 4 +--
output/search_data.json | 6 ++--
5 files changed, 82 insertions(+), 6 deletions(-)
diff --git a/output/docs/2.x/administration/upgrading.html
b/output/docs/2.x/administration/upgrading.html
index 919d8965..d62ece8c 100644
--- a/output/docs/2.x/administration/upgrading.html
+++ b/output/docs/2.x/administration/upgrading.html
@@ -446,7 +446,9 @@ this writing and is recommended).</p>
<li>stop Accumulo 1.10 or 2.0</li>
<li>prepare your installation of Accumulo 2.1 through whatever means you
obtain the binaries and
configure it in your environment</li>
+ <li>start ZooKeeper and HDFS.</li>
<li>(optional - but recommended) create a ZooKeeper snapshot</li>
+ <li>(optional - but recommended) validate the ZooKeeper ACLs. See <a
href="/docs/2.x/troubleshooting/ZooKeeper#ACLs">ZooKeeper ACLs</a></li>
<li>(required if not using the provided scripts to start 2.1) run the <code
class="language-plaintext highlighter-rouge">RenameMasterDirInZK</code>
utility</li>
<li>(optional) run the pre-upgrade utility to convert the configuration in
ZooKeeper</li>
<li>start Accumulo 2.1 for the first time to complete the upgrade</li>
diff --git a/output/docs/2.x/troubleshooting/tools.html
b/output/docs/2.x/troubleshooting/tools.html
index 40b01ce8..b8f0bf70 100644
--- a/output/docs/2.x/troubleshooting/tools.html
+++ b/output/docs/2.x/troubleshooting/tools.html
@@ -719,6 +719,7 @@ mode options:
--print-instances
--print-id-map
--print-props [--system] [-ns | --namespaces list] [-t | --tables list]
+--print-acls
</code></pre></div></div>
<h2 id="mode-print-instances">mode: print instances</h2>
@@ -821,6 +822,40 @@
table.iterator.majc.vers=20,org.apache.accumulo.core.iterators.user.VersioningIt
-----------------------------------------------
</code></pre></div></div>
+<h2 id="mode-print-acls-new-in-211">mode: print ACLs (new in 2.1.1)</h2>
+
+<p>With 2.1.1, the <code class="language-plaintext
highlighter-rouge">zoo-info-viewer</code> option <code
class="language-plaintext highlighter-rouge">--print-acls</code> will print the
ZooKeeper ACLs for all nodes under
+the <code class="language-plaintext
highlighter-rouge">/accumulo/INSTANCE_ID]</code> path.</p>
+
+<p>See <a href="/docs/2.x/troubleshooting/zookeeper">troubleshooting
ZooKeeper</a> for more information on the tool output and expected ACLs.</p>
+
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre
class="highlight"><code>$ accumulo zoo-info-viewer --print-acls
+
+-----------------------------------------------
+Report Time: 2023-01-27T23:00:26.079546Z
+-----------------------------------------------
+Output format:
+ACCUMULO_PERM:OTHER_PERM path user_acls...
+
+ZooKeeper acls for instance ID: f491223b-1413-494e-b75a-c2ca018db00f
+
+ACCUMULO_OKAY:NOT_PRIVATE /accumulo/f491223b-1413-494e-b75a-c2ca018db00f
cdrwa:accumulo, r:anyone
+ACCUMULO_OKAY:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/bulk_failed_copyq
cdrwa:accumulo, r:anyone
+ACCUMULO_OKAY:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/bulk_failed_copyq/locks
cdrwa:accumulo, r:anyone
+ACCUMULO_OKAY:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/compactors cdrwa:accumulo,
r:anyone
+ACCUMULO_OKAY:PRIVATE /accumulo/f491223b-1413-494e-b75a-c2ca018db00f/config
cdrwa:accumulo
+ACCUMULO_OKAY:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/coordinators cdrwa:accumulo,
r:anyone
+...
+ERROR_ACCUMULO_MISSING_SOME:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/users/root/Namespaces
r:accumulo, r:anyone
+...
+ACCUMULO_OKAY:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/wals/localhost:9997[100003d35cc0004]/643b14db-b929-4570-b226-620bc5ac85ff
cdrwa:accumulo, r:anyone
+ACCUMULO_OKAY:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/wals/localhost:9997[100003d35cc0004]/ad26be2a-dc52-4e0e-8e78-8fc8c3323d51
cdrwa:accumulo, r:anyone
+ACCUMULO_OKAY:NOT_PRIVATE /accumulo/instances cdrwa:anyone
+ACCUMULO_OKAY:NOT_PRIVATE /accumulo/instances/uno cdrwa:accumulo, r:anyone
+
+</code></pre></div></div>
+
+
<div class="row" style="margin-top: 20px;">
<div class="col-md-10"><strong>Find documentation for all releases in
the <a href="/docs-archive">archive</strong></div>
diff --git a/output/docs/2.x/troubleshooting/zookeeper.html
b/output/docs/2.x/troubleshooting/zookeeper.html
index b2eabb1f..8030f051 100644
--- a/output/docs/2.x/troubleshooting/zookeeper.html
+++ b/output/docs/2.x/troubleshooting/zookeeper.html
@@ -430,7 +430,46 @@
</div>
- <h2 id="acl-errors-during-upgrade">ACL errors during upgrade</h2>
+ <h2 id="zookeeper-acls">ZooKeeper ACLs</h2>
+
+<p>Accumulo requires full access to nodes in ZooKeeper under the /accumulo
path. The ACLs can be examined using the
+ZooKeeper cli <code class="language-plaintext highlighter-rouge">getAcl</code>
and modified with <code class="language-plaintext
highlighter-rouge">setAcl</code> commands. With 2.1.1, the zoo-info-viewer
utility has an option
+that will print all of the ACLs for the nodes under <code
class="language-plaintext highlighter-rouge">/accumulo/[INSTANCE_ID]</code>
(See [zoo-info-viewer]).<br />
+To run the utility, only ZooKeeper needs to be running. If hdfs is running,
the instance id can be read from hdfs,
+or it can be entered with the zoo-info-viewer command –instanceId option.
Accumulo management processes
+<em>do not</em> need to be running. This allows checking the ACLs before
starting an upgrade.</p>
+
+<p>The utility also prints the same permissions and user strings as the
ZooKeeper cli getAcl command, so you can
+fully evaluate the permissions in the context of your needs.</p>
+
+<p>Sample output (See the [zoo-info-viewer] tools documentation for a more
complete sample):</p>
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre
class="highlight"><code>ACCUMULO_OKAY:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f cdrwa:accumulo, r:anyone
+ACCUMULO_OKAY:PRIVATE /accumulo/f491223b-1413-494e-b75a-c2ca018db00f/config
cdrwa:accumulo
+ERROR_ACCUMULO_MISSING_SOME:NOT_PRIVATE
/accumulo/f491223b-1413-494e-b75a-c2ca018db00f/users/root/Namespaces
r:accumulo, r:anyone
+</code></pre></div></div>
+<p>The utility prints out a line for each znode that contains two fields
related to ZooKeeper ACL permissions:</p>
+<ul>
+ <li><code class="language-plaintext highlighter-rouge">[ACCUMULO_OKAY |
ERROR_ACCUMULO_MISSING_SOME]</code> - Are the permissions sufficient for
Accumulo to operate</li>
+ <li><code class="language-plaintext highlighter-rouge">[PRIVATE |
NOT_PRIVATE]</code> - Can other users can read data from the ZooKeeper
nodes.</li>
+</ul>
+
+<p>Nodes marked with <code class="language-plaintext
highlighter-rouge">ERROR_ACCUMULO_MISSING_SOME</code> shows that Accumulo does
not have <code class="language-plaintext highlighter-rouge">cdrwa</code>
permissions.
+Without full permissions, the upgrade will fail checks. The node permissions
need to be corrected with the ZooKeeper
+<code class="language-plaintext highlighter-rouge">setAcl</code> command. If
you do not have sufficient permissions to change the ACLs on a node, see the
section
+below, <a
href="/docs/2.x/troubleshooting/zookeeper/ACL#errors#during#upgrade">ACL errors
during upgrade</a>.</p>
+
+<p>Most Accumulo nodes do not contain sensitive data. Allowing unauthenticated
ZooKeeper client(s) to read values is
+not unusual in typical deployments. The exception to a permissive read policy
are the nodes that store configuration
+and properties (generally, nodes named <code class="language-plaintext
highlighter-rouge">../config</code>). Because property values may be sensitive,
access should be
+restricted to authenticated Accumulo clients. The tool will mark those nodes
as <code class="language-plaintext highlighter-rouge">PRIVATE</code>.</p>
+
+<p>Allowing users other than authenticated Accumulo clients to write or modify
nodes is not recommended.</p>
+
+<p>The utility also prints the same permissions and user strings as the
ZooKeeper cli getAcl command, so you can
+fully evaluate the permissions in the context of your needs. See the
[zoo-info-viewer] tools documentation
+for sample output.</p>
+
+<h2 id="acl-errors-during-upgrade">ACL errors during upgrade</h2>
<p>Manual intervention is required in the event that an upgrade fails due to
unexpected znode ACLs. To resolve this issue ZooKeeper will need to be
restarted with an additional property to bypass existing ACLs so that the ACLs
can be fixed. Specifically, the <code class="language-plaintext
highlighter-rouge">DigestAuthenticationProvider.superDigest</code> ZooKeeper
Authentication <a
href="https://zookeeper.apache.org/doc/r3.5.2-alpha/zookeeperAdmin.html#sc_authOptions";>option</a>
needs t [...]
diff --git a/output/feed.xml b/output/feed.xml
index e76e4487..5af5bd1c 100644
--- a/output/feed.xml
+++ b/output/feed.xml
@@ -6,8 +6,8 @@
</description>
<link>https://accumulo.apache.org/</link>
<atom:link href="https://accumulo.apache.org/feed.xml"; rel="self"
type="application/rss+xml"/>
- <pubDate>Thu, 02 Feb 2023 17:21:51 +0000</pubDate>
- <lastBuildDate>Thu, 02 Feb 2023 17:21:51 +0000</lastBuildDate>
+ <pubDate>Mon, 06 Feb 2023 19:27:52 +0000</pubDate>
+ <lastBuildDate>Mon, 06 Feb 2023 19:27:52 +0000</lastBuildDate>
<generator>Jekyll v4.3.1</generator>
diff --git a/output/search_data.json b/output/search_data.json
index 6e4c975d..703028f9 100644
--- a/output/search_data.json
+++ b/output/search_data.json
@@ -65,7 +65,7 @@
"docs-2-x-administration-upgrading": {
"title": "Upgrading Accumulo",
- "content": "Upgrading from 1.10 or 2.0 to 2.1Please read these
directions in their entirety before beginning. Please contact us with
anyquestions you have about this process.IMPORTANT! Before running any Accumulo
2.1 upgrade utilities or services, you will need toupgrade to Java 11, Hadoop
3, and at least ZooKeeper 3.5 (at least 3.8 was current at the time ofthis
writing and is recommended).The basic upgrade sequence is: upgrade to at least
Accumulo 1.10 first (if necessary) stop [...]
+ "content": "Upgrading from 1.10 or 2.0 to 2.1Please read these
directions in their entirety before beginning. Please contact us with
anyquestions you have about this process.IMPORTANT! Before running any Accumulo
2.1 upgrade utilities or services, you will need toupgrade to Java 11, Hadoop
3, and at least ZooKeeper 3.5 (at least 3.8 was current at the time ofthis
writing and is recommended).The basic upgrade sequence is: upgrade to at least
Accumulo 1.10 first (if necessary) stop [...]
"url": " /docs/2.x/administration/upgrading",
"categories": "administration"
},
@@ -296,7 +296,7 @@
"docs-2-x-troubleshooting-tools": {
"title": "Troubleshooting Tools",
- "content": "The accumulo command can be used to run various tools and
classes from the command line.RFileInfoThe rfile-info tool will examine an
Accumulo storage file and print out basic metadata.$ accumulo rfile-info
/accumulo/tables/1/default_tablet/A000000n.rf2013-07-16 08:17:14,778
[util.NativeCodeLoader] INFO : Loaded the native-hadoop libraryLocality group
: &lt;DEFAULT&gt; Start block : 0 Num
blocks : 1 Index level 0 [...]
+ "content": "The accumulo command can be used to run various tools and
classes from the command line.RFileInfoThe rfile-info tool will examine an
Accumulo storage file and print out basic metadata.$ accumulo rfile-info
/accumulo/tables/1/default_tablet/A000000n.rf2013-07-16 08:17:14,778
[util.NativeCodeLoader] INFO : Loaded the native-hadoop libraryLocality group
: &lt;DEFAULT&gt; Start block : 0 Num
blocks : 1 Index level 0 [...]
"url": " /docs/2.x/troubleshooting/tools",
"categories": "troubleshooting"
},
@@ -310,7 +310,7 @@
"docs-2-x-troubleshooting-zookeeper": {
"title": "ZooKeeper",
- "content": "ACL errors during upgradeManual intervention is required in
the event that an upgrade fails due to unexpected znode ACLs. To resolve this
issue ZooKeeper will need to be restarted with an additional property to bypass
existing ACLs so that the ACLs can be fixed. Specifically, the
DigestAuthenticationProvider.superDigest ZooKeeper Authentication option needs
to be set so that you can log into the ZooKeeper shell and fix the ACLs. The
steps for this are:1. Stop ZooKeeper2 [...]
+ "content": "ZooKeeper ACLsAccumulo requires full access to nodes in
ZooKeeper under the /accumulo path. The ACLs can be examined using
theZooKeeper cli getAcl and modified with setAcl commands. With 2.1.1, the
zoo-info-viewer utility has an optionthat will print all of the ACLs for the
nodes under /accumulo/[INSTANCE_ID] (See [zoo-info-viewer]).To run the utility,
only ZooKeeper needs to be running. If hdfs is running, the instance id can be
read from hdfs, or it can be entered w [...]
"url": " /docs/2.x/troubleshooting/zookeeper",
"categories": "troubleshooting"
},
