Sandeep More updated KNOX-1187:
Status: Resolved (was: Patch Available)
[~lmccay] - Thanks for pointing it out ! I updated the patch to use the
ConfigurableEncryptor class, this is much better, sorry was not aware of it.
[~pzampino] - Many thanks for taking a second look ! I updated
RemoteAliasService#getAliasesForCluster(String) method to make it cleaner and
choose remote alias over local. Also, updated the names of methods and
variables to make them more generic.
> Distributed Alias Service
> Key: KNOX-1187
> URL: https://issues.apache.org/jira/browse/KNOX-1187
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0, 1.0.0
> Reporter: Phil Zampino
> Assignee: Sandeep More
> Priority: Major
> Fix For: 1.1.0
> Attachments: KNOX-1187.001.patch, KNOX-1187.002.patch
> Given the ability to manage provider configurations and descriptors in
> ZooKeeper, it would also be good to employ ZooKeeper for managing aliases
> since descriptors reference them for discovery authentication.
> The benefits of ZooKeeper-managed descriptors is limited by the current need
> to individually define the associated aliases at each and every Knox
> instance. Any Knox instance for which the referenced alias has not been
> defined will fail to generate/deploy the topology because service discovery
> will fail.
> The resolution of this issue will provide a Knox administrator the ability to
> define aliases in ZooKeeper, which will be consumed and applied by any Knox
> instance configured to monitor that same ZooKeeper, similar to the way
> provider configurations and descriptors are supported.
> In fact, the alias-related CLI commands could leverage the remote
> configuration monitor config to determine whether the aliases should be
> persisted to / read from ZooKeeper or locally. Knox could use the remote
> configuration client service to monitor the remote alias configuration, and
> apply changes locally.
> This will also require some kind of coordination of Knox master secrets; at a
> minimum, each participating Knox instance will have to have been configured
> with the same master secret.
This message was sent by Atlassian JIRA