[
https://issues.apache.org/jira/browse/KNOX-1187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phil Zampino updated KNOX-1187:
-------------------------------
Description:
Given the ability to manage provider configurations and descriptors in
ZooKeeper, it would also be good to employ ZooKeeper for managing aliases since
descriptors reference them for discovery authentication.
The benefits of ZooKeeper-managed descriptors is limited by the current need to
individually define the associated aliases at each and every Knox instance. Any
Knox instance for which the referenced alias has not been defined will fail to
generate/deploy the topology because service discovery will fail.
The resolution of this issue will provide a Knox administrator the ability to
define aliases in ZooKeeper, which will be consumed and applied by any Knox
instance configured to monitor that same ZooKeeper, similar to the way provider
configurations and descriptors are supported.
In fact, the alias-related CLI commands could leverage the remote configuration
monitor config to determine whether the aliases should be persisted to / read
from ZooKeeper or locally. Knox could use the remote configuration client
service to monitor the remote alias configuration, and apply changes locally.
This will also require some kind of coordination of Knox master secrets; at a
minimum, each participating Knox instance will have to have been configured
with the same master secret.
was:
Given the ability to manage provider configurations and descriptors in
ZooKeeper, it would also be good to employ ZooKeeper for managing aliases since
descriptors reference them for discovery authentication.
The benefits of ZooKeeper-managed descriptors is limited by the current need to
individually define the associated aliases at each and every Knox instance. Any
Knox instance for which the referenced alias has not been defined will fail to
generate/deploy the topology because service discovery will fail.
The resolution of this issue will provide a Knox administrator the ability to
define aliases in ZooKeeper, which will be consumed and applied by any Knox
instance configured to monitor that same ZooKeeper, similar to the way provider
configurations and descriptors are supported.
In fact, the alias-related CLI commands could leverage the remote configuration
monitor config to determine whether the aliases should be persisted to / read
from ZooKeeper or locally. Knox could use the remote configuration client
service to monitor the remote alias configuration, and apply changes locally.
This will also likely require some kind of coordination of Knox master secrets;
at a minimum, each participating Knox instance will have to have been
configured with the same master secret.
> Distributed Alias Service
> -------------------------
>
> Key: KNOX-1187
> URL: https://issues.apache.org/jira/browse/KNOX-1187
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0, 1.0.0
> Reporter: Phil Zampino
> Priority: Major
> Fix For: 1.1.0
>
>
> Given the ability to manage provider configurations and descriptors in
> ZooKeeper, it would also be good to employ ZooKeeper for managing aliases
> since descriptors reference them for discovery authentication.
> The benefits of ZooKeeper-managed descriptors is limited by the current need
> to individually define the associated aliases at each and every Knox
> instance. Any Knox instance for which the referenced alias has not been
> defined will fail to generate/deploy the topology because service discovery
> will fail.
> The resolution of this issue will provide a Knox administrator the ability to
> define aliases in ZooKeeper, which will be consumed and applied by any Knox
> instance configured to monitor that same ZooKeeper, similar to the way
> provider configurations and descriptors are supported.
> In fact, the alias-related CLI commands could leverage the remote
> configuration monitor config to determine whether the aliases should be
> persisted to / read from ZooKeeper or locally. Knox could use the remote
> configuration client service to monitor the remote alias configuration, and
> apply changes locally.
> This will also require some kind of coordination of Knox master secrets; at a
> minimum, each participating Knox instance will have to have been configured
> with the same master secret.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
