[
https://issues.apache.org/jira/browse/HBASE-19353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Biju Nair updated HBASE-19353:
------------------------------
Description:
Enabling user table region replication and meta region replication on a secured
HBase cluster using a secured ZK quorum results in incorrect ACL on the
secondary ZNodes created for meta replica.
-- ACL on Primary ZNode
{code}
getAcl /hbase/meta-region-server
'sasl,'hbase
: cdrwa
'world,'anyone
: r
'sasl,'hbase
: cdrwa
{code}
-- ACL on a secondary ZNode
{code}
getAcl /hbase/meta-region-server-2
'sasl,'hbase
: cdrwa
'sasl,'hbase
: cdrwa
{code}
Since there is no {{world:read}} access on the secondary, client fail with
{{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /hbase/meta-region-server-2}}
The fix is to manually update the ACL on the ZNodes for the secondary replicas.
was:
Enabling user table region replication and meta region replication on a secured
HBase cluster using a secured ZK quorum results in incorrect ACL on the
secondary ZNodes created for meta replica.
-- ACL on Primary ZNode
```
{code}
getAcl /hbase/meta-region-server
'sasl,'hbase
: cdrwa
'world,'anyone
: r
'sasl,'hbase
: cdrwa
{code}
-- ACL on a secondary ZNode
{code}
getAcl /hbase/meta-region-server-2
'sasl,'hbase
: cdrwa
'sasl,'hbase
: cdrwa
{code}
Since there is no {{world:read}} access on the secondary, client fail with
{{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
NoAuth for /hbase/meta-region-server-2}}
The fix is to manually update the ACL on the ZNodes for the secondary replicas.
> Enabling meta region replication sets incorrect ACL on the ZK Znode
> -------------------------------------------------------------------
>
> Key: HBASE-19353
> URL: https://issues.apache.org/jira/browse/HBASE-19353
> Project: HBase
> Issue Type: Bug
> Components: master
> Affects Versions: 1.1.8
> Reporter: Biju Nair
> Priority: Minor
>
> Enabling user table region replication and meta region replication on a
> secured HBase cluster using a secured ZK quorum results in incorrect ACL on
> the secondary ZNodes created for meta replica.
> -- ACL on Primary ZNode
> {code}
> getAcl /hbase/meta-region-server
> 'sasl,'hbase
> : cdrwa
> 'world,'anyone
> : r
> 'sasl,'hbase
> : cdrwa
> {code}
> -- ACL on a secondary ZNode
> {code}
> getAcl /hbase/meta-region-server-2
> 'sasl,'hbase
> : cdrwa
> 'sasl,'hbase
> : cdrwa
> {code}
> Since there is no {{world:read}} access on the secondary, client fail with
> {{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
> NoAuth for /hbase/meta-region-server-2}}
> The fix is to manually update the ACL on the ZNodes for the secondary
> replicas.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
