Biju Nair created HBASE-19353:
---------------------------------
Summary: Enabling meta region replication sets incorrect ACL on
the ZK Znode
Key: HBASE-19353
URL: https://issues.apache.org/jira/browse/HBASE-19353
Project: HBase
Issue Type: Bug
Components: master
Affects Versions: 1.1.8
Reporter: Biju Nair
Priority: Minor
Enabling user table region replication and meta region replication on a secured
HBase cluster using a secured ZK quorum results in incorrect ACL on the
secondary ZNodes created for meta replica.
-- ACL on Primary ZNode
{{{
getAcl /hbase/meta-region-server
'sasl,'hbase
: cdrwa
'world,'anyone
: r
'sasl,'hbase
: cdrwa
}}}
-- ACL on a secondary ZNode
{{{
getAcl /hbase/meta-region-server-2
'sasl,'hbase
: cdrwa
'sasl,'hbase
: cdrwa
}}}
Since there is no {{world:read}} access on the secondary, client fail with
{{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /hbase/meta-region-server-2}}
The fix is to manually update the ACL on the ZNodes for the secondary replicas.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
