accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3147) Replication table should be user-controlled or live in accumulo namespace
Date Fri, 31 Oct 2014 20:32:34 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14192426#comment-14192426
] 

Josh Elser commented on ACCUMULO-3147:
--------------------------------------

bq. You just want to be able to specify to use a different (user-created) table

Yeah, I wanted to focus less on the specifics of where the table came from and just make it
dynamic. I don't want this to be an issue if we make a replication namespace and suddenly
decide we want the replication table over the instead of the accumulo namespace (for example).

bq. some other config, but ZK makes sense

Yeah, the normal site+ZK configuration is what I meant.

bq. I'd have preferred all the replication stuff sit outside Accumulo, as an add-on, and just
provide the internal hooks necessary for that external system to operate.

I will leave you to that to expose all of those scary internals out the clients :). I'm not
convinced you can actually do this and properly track the replication status; however, you
are more the free to investigate it yourself.

bq. the problematic logic in the master and in the tests that arbitrarily create/delete/scan/alter
permissions on the replication table

How is it arbitrarily doing anything? There are a number of things that are always checked
on the replication table and configured if not present. This doesn't change with what I suggested.
The name of the table being used is simple not hard-coded. The assumptions on how that table
must be configured are still the same regardless of the name.

Yes, while some of the permissions granted are not entirely necessary, giving the root user
permission to read/write/alter the table is 100% normal and expected. It would be nice if
it's done up front (I'm assuming this is something you've done), but it doesn't mean we can't
check it later to make sure that is still the case.

> Replication table should be user-controlled or live in accumulo namespace
> -------------------------------------------------------------------------
>
>                 Key: ACCUMULO-3147
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3147
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: replication
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>            Priority: Blocker
>             Fix For: 1.7.0
>
>
> At present, it looks like the replication table is managed by/written to by the system
user, yet the table lives in the default namespace, which is where user tables live.
> This appears to violate the namespace model of segregating system tables from user tables.
> There's a few options for resolution:
> # Move the replication table into the reserved accumulo system namespace (there's some
complication with this, because the system namespace is currently static, and the replication
table may be created at any time; additionally, if users are expected to interact with this
table... and I'm not sure if they are at all, the system namespace is probably not appropriate).
> # Create an additional reserved system namespace for replication (my least preferred
option).
> # Use user credentials to manage/write to this table, rather than the system user (this
is what the tracer/trace table does, and this is my preferred solution.)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message