[ https://issues.apache.org/jira/browse/STORM-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14309271#comment-14309271 ]
Derek Dagit commented on STORM-617: ----------------------------------- For what it's worth, I think the original design here assumed that nimbus and supervisors would both use a common (privileged) cluster user. If we want to support supervisors and nimbus running as different users, we can add another ACL entry to the znodes? > In Storm secure mode re-deploying trident topology causes zookeeper ACL issue > ----------------------------------------------------------------------------- > > Key: STORM-617 > URL: https://issues.apache.org/jira/browse/STORM-617 > Project: Apache Storm > Issue Type: Bug > Reporter: Sriharsha Chintalapani > Assignee: Sriharsha Chintalapani > > This issue is caused by this line > https://github.com/apache/storm/blob/master/storm-core/src/jvm/backtype/storm/transactional/state/TransactionalState.java#L67 > If the storm cluster nimbus is running with a kerberos principal named > "nimbus" > and supervisors are running with principal "storm" . Storm puts the acl on > trident spout using principal "nimbus" and this won't be able to accessed or > modified by supervisor since they are logging into zookeeper as user "storm". -- This message was sent by Atlassian JIRA (v6.3.4#6332)