[
https://issues.apache.org/jira/browse/CASSANDRA-19394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17817411#comment-17817411
]
Stefan Miklosovic commented on CASSANDRA-19394:
-----------------------------------------------
The existence of nodetool cms dump command is not necessary then? I do not like
that we would make exceptions like "well but here nodetool just has to run on
the same machine where your node runs".
Could we at least provide some way how these files are cleaned up? Like they
would be removed after 1 hour? Giving how busy operators are with other stuff,
they will most probably just forget to remove it. Sure, you say that "well but
node will be restarted so it will be removed" but in real life they might just
inspect the file and never restart. We are clearly making assumptions around
how this is going to be used and I think that it is safer to do it bullet-proof
as possible.
> Rethink dumping of cluster metadata via CMSOperationsMBean
> ----------------------------------------------------------
>
> Key: CASSANDRA-19394
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19394
> Project: Cassandra
> Issue Type: Improvement
> Components: Tool/nodetool, Transactional Cluster Metadata
> Reporter: Stefan Miklosovic
> Priority: Normal
>
> I think there are two problems in the implementation of dumping
> ClusterMetadata in CMSOperationsMBean
> 1) A dump is saved in a file and dumpClusterMetadata methods will return just
> a file name where that dump is. However, nodetool / JMX call to MBean (or any
> place this method is invoked from, we would like to offer a command in
> nodetool which returns the dump) is meant to be used from anywhere, remotely,
> so what happens when we execute nodetool or call these methods on a machine
> different from a machine a node runs on? E.g. admins can just have some
> jumpbox to a cluster they manage, they do not necessarily have access to
> nodes themselves. So they would not be able to read it.
> 2) It creates temp file which is not deleted so /tmp will be populated with
> these dumps until node is turned off which might take a lot of time and can
> consume a lot of disk space if dumps are done frequently and they are big. An
> adversary might just dump cluster metadata until no disk space is left.
> What I propose is that we would return all dump string, not just a filename
> where we save it. We can also format the output on the client or we can tell
> server what format we want the dump to be returned in.
> If there is a concern about size of data to be returned, we might optionally
> allow dumps to be returned as compressed by simple zipping on server and
> unzipping on client where "zipper" is a standard java.util.zip so it
> basically doesn't matter what jvm runs on client and server.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
