[jira] [Commented] (ZOOKEEPER-4570) Admin server API for taking snapshot and stream out the data

Wed, 13 Jul 2022 11:06:05 -0700 


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17566449#comment-17566449
 ] 

Li Wang commented on ZOOKEEPER-4570:
------------------------------------

{quote}it's something which needs to be considered if we're expanding the scope 
from "read some stats from the server" to "run operations on the server".{quote}

Totally agree. The feature can only enabled if HTTPs is enforced. Also some 
sort of auth control on admin server APIs is needed. I have some ideas and will 
be shared via the design doc. I also posted a message in the dev community a 
while ago for more discussion on the topic. Thanks for bringing it up and 
looking forward to more discussions.

{quote}That said - there isn't much detail on the semantics of the "backup" - 
eg, what "version" am I getting? How do I know which version is the backup 
representing? For example, the return value from the curl call could (imo 
should) include some indication of the zxid corresponding to the snapshot. That 
would allow me to eg correlate btw. IMO likely the snapshot directory itself 
should include this information prominently - I don't see anything detailing 
the naming of the backup dir.{quote}

I saw last_zxid is returned in the response payload in the 
https://github.com/apache/zookeeper/pull/1044.[~maoling] can probably comment 
more on this. 

When streaming snapshot data back to client, how to include the "metadata" is 
something we can discuss more too.

{quote}I think allowing "# the parameter: snapDir which can specify the 
directory to store the snapshot" is probably a major security hole as well. Is 
this limited to a particular subdirectory? If not then there's all kinds of bad 
stuff an attacker could do....{quote}

Looking at the https://github.com/apache/zookeeper/pull/1044, it doesn't look 
like there is any restriction the snapDir.

> Admin server API for taking snapshot and stream out the data
> ------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4570
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4570
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Li Wang
>            Assignee: Li Wang
>            Priority: Major
>
> Providing an admin server command API for taking a snapshot and stream out 
> the data to client.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to