[
https://issues.apache.org/jira/browse/STORM-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14309271#comment-14309271
]
Derek Dagit commented on STORM-617:
-----------------------------------
For what it's worth, I think the original design here assumed that nimbus and
supervisors would both use a common (privileged) cluster user. If we want to
support supervisors and nimbus running as different users, we can add another
ACL entry to the znodes?
> In Storm secure mode re-deploying trident topology causes zookeeper ACL issue
> -----------------------------------------------------------------------------
>
> Key: STORM-617
> URL: https://issues.apache.org/jira/browse/STORM-617
> Project: Apache Storm
> Issue Type: Bug
> Reporter: Sriharsha Chintalapani
> Assignee: Sriharsha Chintalapani
>
> This issue is caused by this line
> https://github.com/apache/storm/blob/master/storm-core/src/jvm/backtype/storm/transactional/state/TransactionalState.java#L67
> If the storm cluster nimbus is running with a kerberos principal named
> "nimbus"
> and supervisors are running with principal "storm" . Storm puts the acl on
> trident spout using principal "nimbus" and this won't be able to accessed or
> modified by supervisor since they are logging into zookeeper as user "storm".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
