storm-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Joseph Evans (JIRA)" <j...@apache.org>
Subject [jira] [Created] (STORM-224) Storm should use stricter ACLs whin zookeeper
Date Fri, 07 Feb 2014 16:48:22 GMT
Robert Joseph Evans created STORM-224:
-----------------------------------------

             Summary: Storm should use stricter ACLs whin zookeeper
                 Key: STORM-224
                 URL: https://issues.apache.org/jira/browse/STORM-224
             Project: Apache Storm (Incubating)
          Issue Type: Sub-task
            Reporter: Robert Joseph Evans


In a stand alone environment storm stores everything wide open in ZK.  We really should lock
this down with ACLs so that individual topologies cannot modify data that the storm system
uses, and so that other topologies cannot modify/interfere with each other.

The current code from Yahoo will generate a random username/password for each topology that
is launched.  This works great for most topologies, but for trident topologies because they
store long lived data in ZK the user has to keep the credentials around themselves.  We would
love to switch ZK access over to use a forwarded TGT, but have not finished the work to do
this yet.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message