hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <els...@apache.org>
Subject Re: [DISCUSS] Plan to avoid backup/restore removal from 2.0
Date Wed, 15 Nov 2017 21:05:36 GMT
On 11/14/17 4:54 PM, Mike Drob wrote:
>> I can see a small section on the documentation update I've already been
>> hacking on to include details on the issue "We can't help you secure where
>> you put the data". Given how many instances of "globally readable S3
>> bucket" I've seen recently, this strikes me as prudent.
> I would prefer this to be a giant, hard to miss, red letters, all caps
> warning; not a small section. I do think it is our responsibility for
> telling users how to configure the backup/restore process for communicating
> with secure systems. Or, at a minimum, documenting how we pass arbitrary
> configuration options that can then be used to communicate with said
> systems.


> For example, if we support writing backups to S3, then we should have a way
> to specify an Auth string and maybe even some of the custom headers like
> x-amz-acl. We don't have to explicitly enumerate best practices, but if the
> only option is to write to a globally open bucket, then I don't think we
> should advertise writing to S3 as an available option.
> Similarly, if we tell people that they can send backups to HDFS, then we
> should give them the hooks to correctly interface with a kerberized HDFS.
> Maybe this is already in the proposed patch, I haven't gone looking yet.

Nope. I actually meant to include this in the patch I re-rolled today 
but forgot. Let me update once more.

Thanks again, Mike. Good questions/feedback!

View raw message