zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2014) Only admin should be allowed to reconfig a cluster
Date Sun, 13 Nov 2016 20:31:58 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15662042#comment-15662042
] 

Hudson commented on ZOOKEEPER-2014:
-----------------------------------

FAILURE: Integrated in Jenkins build ZooKeeper-trunk #3155 (See [https://builds.apache.org/job/ZooKeeper-trunk/3155/])
ZOOKEEPER-2014: Only admin should be allowed to reconfig a cluster. (fpj: rev 73e102a58d01b27bc6208bbfbde2d12f0deba1f4)
* (edit) src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
* (edit) src/java/test/org/apache/zookeeper/server/quorum/ReconfigLegacyTest.java
* (edit) src/java/main/org/apache/zookeeper/ZooKeeper.java
* (edit) src/java/main/org/apache/zookeeper/cli/CliCommand.java
* (edit) src/java/test/org/apache/zookeeper/TestableZooKeeper.java
* (edit) src/java/systest/org/apache/zookeeper/test/system/BaseSysTest.java
* (edit) src/java/test/org/apache/zookeeper/server/quorum/ReconfigDuringLeaderSyncTest.java
* (edit) src/java/test/org/apache/zookeeper/server/quorum/ReconfigBackupTest.java
* (edit) src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java
* (edit) src/java/main/org/apache/zookeeper/KeeperException.java
* (edit) src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java
* (edit) src/java/test/org/apache/zookeeper/server/DataTreeTest.java
* (edit) src/c/tests/ZooKeeperQuorumServer.h
* (add) src/java/test/org/apache/zookeeper/test/ReconfigMisconfigTest.java
* (edit) src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
* (edit) src/java/main/org/apache/zookeeper/cli/ReconfigCommand.java
* (edit) src/c/tests/TestReconfigServer.cc
* (add) src/java/test/org/apache/zookeeper/test/ReconfigExceptionTest.java
* (edit) src/c/include/zookeeper.h
* (edit) src/java/test/org/apache/zookeeper/server/quorum/RaceConditionTest.java
* (add) src/java/main/org/apache/zookeeper/admin/ZooKeeperAdmin.java
* (edit) src/java/test/org/apache/zookeeper/test/ACLTest.java
* (edit) build.xml
* (edit) src/java/main/org/apache/zookeeper/ZooKeeperMain.java
* (edit) src/java/main/org/apache/zookeeper/server/DataTree.java
* (edit) src/java/test/org/apache/zookeeper/server/quorum/ReconfigFailureCasesTest.java
* (edit) src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java
* (edit) src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java
* (edit) src/java/main/org/apache/zookeeper/server/ZooKeeperServerMain.java
* (edit) src/java/test/org/apache/zookeeper/test/ReconfigTest.java
* (edit) src/docs/src/documentation/content/xdocs/zookeeperReconfig.xml
* (edit) src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java
* (edit) src/java/test/org/apache/zookeeper/server/quorum/StandaloneDisabledTest.java
* (edit) src/java/test/org/apache/zookeeper/test/StandaloneTest.java
* (edit) src/c/tests/ZooKeeperQuorumServer.cc
* (edit) src/java/main/org/apache/zookeeper/ClientCnxn.java


> Only admin should be allowed to reconfig a cluster
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-2014
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2014
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.0
>            Reporter: Raul Gutierrez Segales
>            Assignee: Michael Han
>            Priority: Blocker
>             Fix For: 3.5.3, 3.6.0
>
>         Attachments: ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch,
ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch,
ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch,
ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch
>
>
> ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We should,
at the very least, ensure that only the Admin can reconfigure a cluster. Perhaps restricting
access to /zookeeper/config as well, though this is debatable. Surely one could ensure Admin
only access via an ACL, but that would leave everyone who doesn't use ACLs unprotected. We
could also force a default ACL to make it a bit more consistent (maybe).
> Finally, making reconfig() only available to Admins means they have to run with zookeeper.DigestAuthenticationProvider.superDigest
(which I am not sure if everyone does, or how would it work with other authentication providers).

> Review board https://reviews.apache.org/r/51546/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message