[
https://issues.apache.org/jira/browse/HBASE-19353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Biju Nair updated HBASE-19353:
------------------------------
Component/s: read replicas
> Enabling meta region replication sets incorrect ACL on the ZK Znode
> -------------------------------------------------------------------
>
> Key: HBASE-19353
> URL: https://issues.apache.org/jira/browse/HBASE-19353
> Project: HBase
> Issue Type: Bug
> Components: master, read replicas
> Affects Versions: 1.1.8
> Reporter: Biju Nair
> Priority: Minor
>
> Enabling user table region replication and meta region replication on a
> secured HBase cluster using a secured ZK quorum results in incorrect ACL on
> the secondary ZNodes created for meta replica.
> -- ACL on Primary ZNode
> {code}
> getAcl /hbase/meta-region-server
> 'sasl,'hbase
> : cdrwa
> 'world,'anyone
> : r
> 'sasl,'hbase
> : cdrwa
> {code}
> -- ACL on a secondary ZNode
> {code}
> getAcl /hbase/meta-region-server-2
> 'sasl,'hbase
> : cdrwa
> 'sasl,'hbase
> : cdrwa
> {code}
> Since there is no {{world:read}} access on the secondary, client fail with
> {{org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
> NoAuth for /hbase/meta-region-server-2}}
> The fix is to manually update the ACL on the ZNodes for the secondary
> replicas.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
