[
https://issues.apache.org/jira/browse/MESOS-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14045088#comment-14045088
]
Benjamin Mahler commented on MESOS-1546:
----------------------------------------
>From an operator's perspective, this ticket just represents a flag that
>specifies the ensemble {{\-\-masters=A:1,B:2,C:3}} which obviates the need to
>specify the {{\-\-quorum}} (error prone). We can make the transition to make
>{{\-\-masters}} required and {{\-\-quorum}} optional over time per MESOS-1465.
> Introduce an optional master whitelist for replicated log based registrar.
> --------------------------------------------------------------------------
>
> Key: MESOS-1546
> URL: https://issues.apache.org/jira/browse/MESOS-1546
> Project: Mesos
> Issue Type: Improvement
> Components: master, replicated log
> Reporter: Jie Yu
>
> When using replicated log as the storage back-end for registrar, we currently
> rely on ZooKeeper to discover replicas (see ZooKeeperNetwork in
> src/log/network.hpp). We simply broadcast Paxos messages to all replicas in
> the ZooKeeperNetwork.
> There is a security concern using this approach. For example, say initially
> there are 3 masters and the quorum size is 2. Now, if a 4th master is
> accidentally added and joined the ZooKeeperNetwork, we will then operate at 4
> replicas with quorum size 2. This could lead to inconsistency in the
> replicated log (and thus registrar).
> The idea here is to introduce a whitelist for masters. We still use
> ZooKeeperNetwork to discover replicas. However, when broadcasting Paxos
> messages in the replicated log, we check the whitelist and make sure we don't
> send Paxos messages to a master that is not in this whitelist.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
