hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Liu Shaohui (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12641) Grant all permissions of hbase zookeeper node to hbase superuser in a secure cluster
Date Tue, 16 Dec 2014 12:17:13 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14248192#comment-14248192
] 

Liu Shaohui commented on HBASE-12641:
-------------------------------------

[~apurtell]
{quote}
Why the 'if (!node.startsWith(zkw.baseZNode))' shortcut?
{quote}
See HBASE-7258: HBase will create the baseZNode recursively if the parent node does not exist.
if zookeeper.znode.parent is /service/hbase/, we don't want set acl on node /service when
hbase creates this node.
So we add this shortcut.


> Grant all permissions of hbase zookeeper node to hbase superuser in a secure cluster
> ------------------------------------------------------------------------------------
>
>                 Key: HBASE-12641
>                 URL: https://issues.apache.org/jira/browse/HBASE-12641
>             Project: HBase
>          Issue Type: Improvement
>          Components: Zookeeper
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>            Priority: Minor
>             Fix For: 1.0.0
>
>         Attachments: HBASE-12641-v1.diff
>
>
> Currently in a secure cluster, only the master/regionserver kerberos user can manage
the znode of hbase. But he master/regionserver kerberos user is for rpc connection and we
usually use another super user to manage the cluster.
> In some special scenarios, we need to manage the data of znode with the supper user.
> eg: 
> a, To get the data of the znode for debugging.
> b, HBASE-8253: We need to delete the znode for the corrupted hlog to avoid it block the
replication.
> So we grant all permissions of hbase zookeeper node to hbase superuser during creating
these znodes.
> Suggestions are welcomed.
> [~apurtell]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message