accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-4415) Tracer requires instance.secret
Date Thu, 18 Aug 2016 22:43:21 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-4415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15427305#comment-15427305
] 

Christopher Tubbs commented on ACCUMULO-4415:
---------------------------------------------

Yes, like you said above, metrics could be "stolen" if another tracer registers itself there,
but I'm not sure that matters. Don't think trace contains anything sensitive.

If we really want to lock this down, we should deprecate the trace user, and treat it like
a proper Accumulo service, using the system credentials, and moving the /tracer registration
into {{/accumulo/<instanceID>/}}.

> Tracer requires instance.secret
> -------------------------------
>
>                 Key: ACCUMULO-4415
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4415
>             Project: Accumulo
>          Issue Type: Bug
>            Reporter: Christopher Tubbs
>             Fix For: 1.8.1
>
>
> Tracer incorrectly uses instance.secret for its /tracers area in ZooKeeper.
> The tracer does not use the Accumulo system credentials, and instead uses a specific
tracer username and password. It should also not use the instance.secret (which is for the
system credentials).
> A side effect of this bug is that ChangeSecret does not update the /tracers ACLs in ZooKeeper,
preventing the tracer from working entirely after the instance.secret is changed.
> The following error will be seen in the monitor after the ChangeSecret tool is run.
> {code}
> Thread 'tracer' died.
> 	org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /tracers/trace-
> 		at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
> 		at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
> 		at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783)
> 		at org.apache.accumulo.fate.zookeeper.ZooUtil.putEphemeralSequential(ZooUtil.java:464)
> 		at org.apache.accumulo.fate.zookeeper.ZooReaderWriter.putEphemeralSequential(ZooReaderWriter.java:99)
> 		at org.apache.accumulo.tracer.TraceServer.registerInZooKeeper(TraceServer.java:318)
> 		at org.apache.accumulo.tracer.TraceServer.<init>(TraceServer.java:255)
> 		at org.apache.accumulo.tracer.TraceServer.main(TraceServer.java:360)
> 		at org.apache.accumulo.tracer.TracerExecutable.execute(TracerExecutable.java:33)
> 		at org.apache.accumulo.start.Main$1.run(Main.java:120)
> 		at java.lang.Thread.run(Thread.java:745)
> {code}
> This affects at least the current 1.8 branch (1.8.0-SNAPSHOT), but I haven't checked
earlier versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message