Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
Reply-To: jira@apache.org
Date: Sat, 1 Oct 2016 05:10:20 +0000 (UTC)
From: "Christopher Tubbs (JIRA)" <jira@apache.org>
To: notifications@accumulo.apache.org
Message-ID: <JIRA.12998329.1471559162000.714236.1475298620734@Atlassian.JIRA>
In-Reply-To: <JIRA.12998329.1471559162000@Atlassian.JIRA>
References: <JIRA.12998329.1471559162000@Atlassian.JIRA> <JIRA.12998329.1471559162378@arcas>
Subject: [jira] [Commented] (ACCUMULO-4415) Tracer requires instance.secret
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
archived-at: Sat, 01 Oct 2016 05:10:23 -0000


    [ https://issues.apache.org/jira/browse/ACCUMULO-4415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15537908#comment-15537908 ] 

Christopher Tubbs commented on ACCUMULO-4415:
---------------------------------------------

Thanks. I'm not sure that's a critical use case, but I understand that we don't really need to restrict it either. I hadn't thought of it as a regression.

Solving this issue properly should open up support for that use case. It's unfortunate this issue has been around for as long as it has, but was only recently discovered by the close scrutiny over a relatively obscure tool ({{ChangeSecret}}).

> Tracer requires instance.secret
> -------------------------------
>
>                 Key: ACCUMULO-4415
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4415
>             Project: Accumulo
>          Issue Type: Bug
>          Components: trace
>            Reporter: Christopher Tubbs
>            Priority: Critical
>             Fix For: 2.0.0
>
>
> Tracer incorrectly uses instance.secret for its /tracers area in ZooKeeper.
> The tracer does not use the Accumulo system credentials, and instead uses a specific tracer username and password. It should also not use the instance.secret (which is for the system credentials).
> A side effect of this bug is that ChangeSecret does not update the /tracers ACLs in ZooKeeper, preventing the tracer from working entirely after the instance.secret is changed.
> The following error will be seen in the monitor after the ChangeSecret tool is run.
> {code}
> Thread 'tracer' died.
> 	org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /tracers/trace-
> 		at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
> 		at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
> 		at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783)
> 		at org.apache.accumulo.fate.zookeeper.ZooUtil.putEphemeralSequential(ZooUtil.java:464)
> 		at org.apache.accumulo.fate.zookeeper.ZooReaderWriter.putEphemeralSequential(ZooReaderWriter.java:99)
> 		at org.apache.accumulo.tracer.TraceServer.registerInZooKeeper(TraceServer.java:318)
> 		at org.apache.accumulo.tracer.TraceServer.<init>(TraceServer.java:255)
> 		at org.apache.accumulo.tracer.TraceServer.main(TraceServer.java:360)
> 		at org.apache.accumulo.tracer.TracerExecutable.execute(TracerExecutable.java:33)
> 		at org.apache.accumulo.start.Main$1.run(Main.java:120)
> 		at java.lang.Thread.run(Thread.java:745)
> {code}
> This affects at least the current 1.8 branch (1.8.0-SNAPSHOT), but I haven't checked earlier versions.


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)