[jira] [Updated] (HBASE-19353) Enabling meta region replication sets incorrect ACL on the ZK Znode

[Biju Nair (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HBASE-19353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Biju Nair updated HBASE-19353:
------------------------------
    Description: 
Enabling user table region replication and meta region replication on a secured 
HBase cluster using a secured ZK quorum results in incorrect ACL on the 
secondary ZNodes created for meta replica.  
 -- ACL on Primary ZNode
```

{code}
 getAcl /hbase/meta-region-server
'sasl,'hbase
: cdrwa
'world,'anyone
: r
'sasl,'hbase
: cdrwa
{code}

-- ACL on a secondary ZNode

{code}
getAcl /hbase/meta-region-server-2
'sasl,'hbase
: cdrwa
'sasl,'hbase
: cdrwa
{code}

Since there is no {{world:read}} access on the secondary, client fail with 
{{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = 
NoAuth for /hbase/meta-region-server-2}}

The fix is to manually update the ACL on the ZNodes for the secondary replicas.

  was:
Enabling user table region replication and meta region replication on a secured 
HBase cluster using a secured ZK quorum results in incorrect ACL on the 
secondary ZNodes created for meta replica.  
 -- ACL on Primary ZNode
```
 getAcl /hbase/meta-region-server
'sasl,'hbase
: cdrwa
'world,'anyone
: r
'sasl,'hbase
: cdrwa
```

-- ACL on a secondary ZNode
```
getAcl /hbase/meta-region-server-2
'sasl,'hbase
: cdrwa
'sasl,'hbase
: cdrwa
```

Since there is no {{world:read}} access on the secondary, client fail with 
{{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = 
NoAuth for /hbase/meta-region-server-2}}

The fix is to manually update the ACL on the ZNodes for the secondary replicas.


> Enabling meta region replication sets incorrect ACL on the ZK Znode
> -------------------------------------------------------------------
>
>                 Key: HBASE-19353
>                 URL: https://issues.apache.org/jira/browse/HBASE-19353
>             Project: HBase
>          Issue Type: Bug
>          Components: master
>    Affects Versions: 1.1.8
>            Reporter: Biju Nair
>            Priority: Minor
>
> Enabling user table region replication and meta region replication on a 
> secured HBase cluster using a secured ZK quorum results in incorrect ACL on 
> the secondary ZNodes created for meta replica.  
>  -- ACL on Primary ZNode
> ```
> {code}
>  getAcl /hbase/meta-region-server
> 'sasl,'hbase
> : cdrwa
> 'world,'anyone
> : r
> 'sasl,'hbase
> : cdrwa
> {code}
> -- ACL on a secondary ZNode
> {code}
> getAcl /hbase/meta-region-server-2
> 'sasl,'hbase
> : cdrwa
> 'sasl,'hbase
> : cdrwa
> {code}
> Since there is no {{world:read}} access on the secondary, client fail with 
> {{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = 
> NoAuth for /hbase/meta-region-server-2}}
> The fix is to manually update the ACL on the ZNodes for the secondary 
> replicas.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)