Return-Path: X-Original-To: apmail-accumulo-dev-archive@www.apache.org Delivered-To: apmail-accumulo-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9878B17F03 for ; Mon, 30 Mar 2015 21:43:15 +0000 (UTC) Received: (qmail 20623 invoked by uid 500); 30 Mar 2015 21:43:02 -0000 Delivered-To: apmail-accumulo-dev-archive@accumulo.apache.org Received: (qmail 20590 invoked by uid 500); 30 Mar 2015 21:43:02 -0000 Mailing-List: contact dev-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list dev@accumulo.apache.org Received: (qmail 20578 invoked by uid 99); 30 Mar 2015 21:43:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Mar 2015 21:43:02 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of josh.elser@gmail.com designates 209.85.192.53 as permitted sender) Received: from [209.85.192.53] (HELO mail-qg0-f53.google.com) (209.85.192.53) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Mar 2015 21:42:55 +0000 Received: by qgfa8 with SMTP id a8so194713922qgf.0 for ; Mon, 30 Mar 2015 14:42:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=50kUWL4GlVvb9NIi2v+eKr26WxvKoQua2hkemW/s3ak=; b=uxvbjz6tZH8JNlcy5YGnbBs7IluA76ZYdIezjHXn94ivdpawt7EqlYkYkNMwkLapBZ SW5X1DWuUQ0B//LpCU0YbzmwayU3pvykLbZ/4SS7uk+8jBvgitLh8VSZdkPULWeldN2X VWGMYoVyZUAPtvKlqrXVkw5/ZbowRu2ck6tpgti+hqnw8JPwJl582ymlpwdHD9b3hnRW hIy3HudELZxiE1nNpnJRCJ6vOBIllc8JZCILke8bqLeMp96QjC8JEK/WXqJmeAa+wsoP dRsHz/e+iDAIFAsZxKNoUW6WI+n8Njtg8ABjVFFss/YCeSC+4XkS0cEVir3Pu7evxcOM GctQ== X-Received: by 10.140.31.181 with SMTP id f50mr18222619qgf.23.1427751755076; Mon, 30 Mar 2015 14:42:35 -0700 (PDT) Received: from hw10447.local (pool-72-81-135-153.bltmmd.fios.verizon.net. [72.81.135.153]) by mx.google.com with ESMTPSA id f125sm8534154qhe.47.2015.03.30.14.42.32 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 30 Mar 2015 14:42:33 -0700 (PDT) Message-ID: <5519C346.9040109@gmail.com> Date: Mon, 30 Mar 2015 17:42:30 -0400 From: Josh Elser User-Agent: Postbox 3.0.11 (Macintosh/20140602) MIME-Version: 1.0 To: dev@accumulo.apache.org Subject: Re: [DISCUSS] Not Deploying Monitor as a WAR References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org I don't recall the exact ticket either (despite owning it at least at one point), but the intent wasn't to force users to only deploy the monitor in some server as a WAR, but enable users who wish to do that to be able to. The default would still be launching a standalone webserver as is done presently via Jetty. Some more inline: Mike Drob wrote: > Hey Accumulators, > > I was thinking about this, and couldn't find the appropriate JIRA, so I'm > brining it up on the mailing list. > > I think I'm opposed to packaging the monitor as a WAR and trusting users to > figure out how to make that work. > - We'll have to develop community knowledge on several technologies to > provide support. Some users will prefer Tomcat, some Jetty, others JBoss, > etc... When a problem is reported, it will be hard to tell if it's a > container issue or an Accumulo issue, all adding to our support burden. Relying on Servlet3 should alleviate most of the concerns for implementation specifics. I think wiring up a security layer to the monitor is very specific. Given that we don't have anything presently, I think that's a minor concern (and would need to be addressed if/when we get there). > - We'll have to seriously rework a bunch of tests to set up containers for > the Monitor. What monitor tests? We have next to none that test much anything meaningful. I don't see testing burden as a reason to not make a change that (is intended) to also make things more testable. > - I don't think this would gain us anything in terms of security, and > might make things like KRB trickier to use. I'm not sure if the authentication Filter classes fall into any defined specification, but enabling SPNEGO is already a todo. Running on a Kerberos-enabled cluster doesn't require SPENGO to be enabled as we are already banking on nothing (overly) sensitive being displayed in the monitor (whereas HDFS has the ability to traverse the filesystem). > This isn't a complete list, but I would be interested in having this > conversation. I don't know how much work has already been done on the topic > (Christopher?). > > > Thanks, > Mike >