Github user revans2 commented on the issue:
https://github.com/apache/storm/pull/2433
@HeartSaVioR
Perhaps we should have a call on the Metrics V2 work and what is its status
for storm 2.0 because I don't totally know myself.
What I think is mandatory for this patch is.
1) wait for delegation token work to go in so we can authenticate
connections between the worker and nimbus/supervisors.
2) Add in some form of authorization to the newly added APIs.
- getSupervisorAssignments should only be allowed from a supervisor
- sendSupervisorWorkerHeartbeats should only be allowed from a
supervisor.
- sendSupervisorWorkerHeartbeat should verify that it has come from the
owner of the topology the heartbeat is for
- sendSupervisorAssignments needs to verify that it came from nimbus.
- getLocalAssignmentForStorm needs to verify that it came from the owner
of the topology.
- sendSupervisorWorkerHeartbeat needs to verify that it came from the
owner of the topology.
3) supervisor needs to pick a port from a configured allowable range of
ports and get that information to everyone who is going to need it.
If someone wants to drop the old heartbeat mechanisms for talking to nimbus
and the supervisors that is fine with me. However, if we do drop it I really
would love to have a way to maintain backwards compatibility because otherwise
I will have to add it back in myself.
If we don't drop it now I would like to see a follow on JIRA to remove it,
but for that to work as part of a rolling upgrade we would need to support both
mechanisms at the same time.
---
