[jira] [Commented] (ACCUMULO-4415) Tracer requires instance.secret

[Josh Elser (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-4415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15427312#comment-15427312
 ] 

Josh Elser commented on ACCUMULO-4415:
--------------------------------------

bq. It's arbitrary now. Users can provide anything. I don't believe we can 
safely make that assumption.

And to be clear, it's not that I think we cannot do this, I just believe we 
need to inform users of this change if it is made and instructions on how to 
restore the previous functionality. Metrics ideally should not be sensitive, 
but we cannot know all possible cases. Given the security-minded-ness of 
Accumulo, I think this is important for us.

> Tracer requires instance.secret
> -------------------------------
>
>                 Key: ACCUMULO-4415
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4415
>             Project: Accumulo
>          Issue Type: Bug
>            Reporter: Christopher Tubbs
>             Fix For: 1.8.1
>
>
> Tracer incorrectly uses instance.secret for its /tracers area in ZooKeeper.
> The tracer does not use the Accumulo system credentials, and instead uses a 
> specific tracer username and password. It should also not use the 
> instance.secret (which is for the system credentials).
> A side effect of this bug is that ChangeSecret does not update the /tracers 
> ACLs in ZooKeeper, preventing the tracer from working entirely after the 
> instance.secret is changed.
> The following error will be seen in the monitor after the ChangeSecret tool 
> is run.
> {code}
> Thread 'tracer' died.
>       org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = 
> NoAuth for /tracers/trace-
>               at 
> org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
>               at 
> org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
>               at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783)
>               at 
> org.apache.accumulo.fate.zookeeper.ZooUtil.putEphemeralSequential(ZooUtil.java:464)
>               at 
> org.apache.accumulo.fate.zookeeper.ZooReaderWriter.putEphemeralSequential(ZooReaderWriter.java:99)
>               at 
> org.apache.accumulo.tracer.TraceServer.registerInZooKeeper(TraceServer.java:318)
>               at 
> org.apache.accumulo.tracer.TraceServer.<init>(TraceServer.java:255)
>               at 
> org.apache.accumulo.tracer.TraceServer.main(TraceServer.java:360)
>               at 
> org.apache.accumulo.tracer.TracerExecutable.execute(TracerExecutable.java:33)
>               at org.apache.accumulo.start.Main$1.run(Main.java:120)
>               at java.lang.Thread.run(Thread.java:745)
> {code}
> This affects at least the current 1.8 branch (1.8.0-SNAPSHOT), but I haven't 
> checked earlier versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)