hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13437) KMS should reload whitelist and default key ACLs when hot-reloading
Date Mon, 15 Aug 2016 17:45:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15421342#comment-15421342
] 

Arun Suresh commented on HADOOP-13437:
--------------------------------------

bq. ..Is this an expected behavior (so we need to keep compatible behavior), or is this a
bug (so we can fix it here)? Thanks in advance...
IIRC, this is actually expected behavior. This way, the default and whitelists are specified
only once at startup, based on some deployment policy. New KeyACLs for individual users/groups
and keys can be added / removed as users / keys are created.

bq. After the replacement (suppose there was no backup), how could the admin figure out what
exactly the whitelist/defaults are?
I feel this outside the scope of what KMS should worry about (Or we should build config management
features that supports stuff like rollback etc. into KMS). The deployment environment / admin
should ensure backups of the files are maintained.

> KMS should reload whitelist and default key ACLs when hot-reloading
> -------------------------------------------------------------------
>
>                 Key: HADOOP-13437
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13437
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13437.01.patch, HADOOP-13437.02.patch, HADOOP-13437.03.patch,
HADOOP-13437.04.patch
>
>
> When hot-reloading, {{KMSACLs#setKeyACLs}} ignores whitelist and default key entries
if they're present in memory.
> We should reload them, hot-reload and cold-start should not have any difference in behavior.
> Credit to [~dilaver] for finding this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message