[jira] [Commented] (ZOOKEEPER-2014) Only admin should be allowed to reconfig a cluster

Mon, 22 Aug 2016 21:41:18 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15432124#comment-15432124
 ] 

Alexander Shraer commented on ZOOKEEPER-2014:
---------------------------------------------

I think that the general idea is that clients should be able to track the 
latest configuration and do something when it changes. For example if the 
server to which the client is connected goes away, it should have a way to 
query the system for the new list of servers and connect to one of them. The 
method you described is one option, outlined in the reconfig manual (right at 
the end there's some code for this). 

It would be nice to automate these steps for the user and to support a user 
defined policy instead of these steps (see some ideas in ZOOKEEPER-2016). For 
example, if you want the user to only connect to near-by servers, you'd need to 
filter the new list of servers before calling updateServerList. This can be 
done as part of a user-supplied policy.

> Only admin should be allowed to reconfig a cluster
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-2014
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2014
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.0
>            Reporter: Raul Gutierrez Segales
>            Assignee: Michael Han
>            Priority: Blocker
>             Fix For: 3.5.3
>
>         Attachments: ZOOKEEPER-2014.patch
>
>
> ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We 
> should, at the very least, ensure that only the Admin can reconfigure a 
> cluster. Perhaps restricting access to /zookeeper/config as well, though this 
> is debatable. Surely one could ensure Admin only access via an ACL, but that 
> would leave everyone who doesn't use ACLs unprotected. We could also force a 
> default ACL to make it a bit more consistent (maybe).
> Finally, making reconfig() only available to Admins means they have to run 
> with zookeeper.DigestAuthenticationProvider.superDigest (which I am not sure 
> if everyone does, or how would it work with other authentication providers). 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to