accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-4415) Tracer requires instance.secret
Date Fri, 19 Aug 2016 16:29:21 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-4415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15428399#comment-15428399
] 

Josh Elser commented on ACCUMULO-4415:
--------------------------------------

bq. I wonder if it should just be its own project, independent of Accumulo, with independent
configuration, to make it easier for other HTrace users to be able to use it as a sink. Maybe
under htrace (htrace-accumulo), if that PMC will have it, or at the very least, a subproject
of Accumulo with independent releases, and independent configuration.

o.O what would be comprised in this project? The SpanReceiver which can pull Accumulo Trace
server locations from ZK and send the spans to it? This seems like an orthogonal discussion
to the permissions on registration of Accumulo Trace Servers in ZK.

I think we should stick to figuring out whether or not Spans (comprised of a description,
timeline annotations, and key-value annotations) might contain sensitive information, and
thus, if we need to control the users which are allowed to register in {{/tracers}}.

> Tracer requires instance.secret
> -------------------------------
>
>                 Key: ACCUMULO-4415
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4415
>             Project: Accumulo
>          Issue Type: Bug
>          Components: trace
>            Reporter: Christopher Tubbs
>             Fix For: 1.8.1
>
>
> Tracer incorrectly uses instance.secret for its /tracers area in ZooKeeper.
> The tracer does not use the Accumulo system credentials, and instead uses a specific
tracer username and password. It should also not use the instance.secret (which is for the
system credentials).
> A side effect of this bug is that ChangeSecret does not update the /tracers ACLs in ZooKeeper,
preventing the tracer from working entirely after the instance.secret is changed.
> The following error will be seen in the monitor after the ChangeSecret tool is run.
> {code}
> Thread 'tracer' died.
> 	org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /tracers/trace-
> 		at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
> 		at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
> 		at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783)
> 		at org.apache.accumulo.fate.zookeeper.ZooUtil.putEphemeralSequential(ZooUtil.java:464)
> 		at org.apache.accumulo.fate.zookeeper.ZooReaderWriter.putEphemeralSequential(ZooReaderWriter.java:99)
> 		at org.apache.accumulo.tracer.TraceServer.registerInZooKeeper(TraceServer.java:318)
> 		at org.apache.accumulo.tracer.TraceServer.<init>(TraceServer.java:255)
> 		at org.apache.accumulo.tracer.TraceServer.main(TraceServer.java:360)
> 		at org.apache.accumulo.tracer.TracerExecutable.execute(TracerExecutable.java:33)
> 		at org.apache.accumulo.start.Main$1.run(Main.java:120)
> 		at java.lang.Thread.run(Thread.java:745)
> {code}
> This affects at least the current 1.8 branch (1.8.0-SNAPSHOT), but I haven't checked
earlier versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message