[jira] [Commented] (ACCUMULO-4415) Tracer requires instance.secret

[Josh Elser (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-4415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15427308#comment-15427308
 ] 

Josh Elser commented on ACCUMULO-4415:
--------------------------------------

bq. . Don't think trace contains anything sensitive.

It's arbitrary now. Users can provide anything. I don't believe we can safely 
make that assumption.

bq. If we really want to lock this down, we should deprecate the trace user, 
and treat it like a proper Accumulo service, using the system credentials, and 
moving the /tracer registration into /accumulo/<instanceID>/.

I would *ecstatically* in favor of this.

> Tracer requires instance.secret
> -------------------------------
>
>                 Key: ACCUMULO-4415
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4415
>             Project: Accumulo
>          Issue Type: Bug
>            Reporter: Christopher Tubbs
>             Fix For: 1.8.1
>
>
> Tracer incorrectly uses instance.secret for its /tracers area in ZooKeeper.
> The tracer does not use the Accumulo system credentials, and instead uses a 
> specific tracer username and password. It should also not use the 
> instance.secret (which is for the system credentials).
> A side effect of this bug is that ChangeSecret does not update the /tracers 
> ACLs in ZooKeeper, preventing the tracer from working entirely after the 
> instance.secret is changed.
> The following error will be seen in the monitor after the ChangeSecret tool 
> is run.
> {code}
> Thread 'tracer' died.
>       org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = 
> NoAuth for /tracers/trace-
>               at 
> org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
>               at 
> org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
>               at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783)
>               at 
> org.apache.accumulo.fate.zookeeper.ZooUtil.putEphemeralSequential(ZooUtil.java:464)
>               at 
> org.apache.accumulo.fate.zookeeper.ZooReaderWriter.putEphemeralSequential(ZooReaderWriter.java:99)
>               at 
> org.apache.accumulo.tracer.TraceServer.registerInZooKeeper(TraceServer.java:318)
>               at 
> org.apache.accumulo.tracer.TraceServer.<init>(TraceServer.java:255)
>               at 
> org.apache.accumulo.tracer.TraceServer.main(TraceServer.java:360)
>               at 
> org.apache.accumulo.tracer.TracerExecutable.execute(TracerExecutable.java:33)
>               at org.apache.accumulo.start.Main$1.run(Main.java:120)
>               at java.lang.Thread.run(Thread.java:745)
> {code}
> This affects at least the current 1.8 branch (1.8.0-SNAPSHOT), but I haven't 
> checked earlier versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)