Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2014

Only admin should be allowed to reconfig a cluster

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 3.5.0
    • 3.5.3, 3.6.0
    • server
    • None

    Description

      ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We should, at the very least, ensure that only the Admin can reconfigure a cluster. Perhaps restricting access to /zookeeper/config as well, though this is debatable. Surely one could ensure Admin only access via an ACL, but that would leave everyone who doesn't use ACLs unprotected. We could also force a default ACL to make it a bit more consistent (maybe).

      Finally, making reconfig() only available to Admins means they have to run with zookeeper.DigestAuthenticationProvider.superDigest (which I am not sure if everyone does, or how would it work with other authentication providers).

      Review board https://reviews.apache.org/r/51546/

      Attachments

        1. ZOOKEEPER-2014.patch
          131 kB
          Michael Han
        2. ZOOKEEPER-2014.patch
          131 kB
          Michael Han
        3. ZOOKEEPER-2014.patch
          159 kB
          Michael Han
        4. ZOOKEEPER-2014.patch
          159 kB
          Michael Han
        5. ZOOKEEPER-2014.patch
          123 kB
          Michael Han
        6. ZOOKEEPER-2014.patch
          121 kB
          Michael Han
        7. ZOOKEEPER-2014.patch
          118 kB
          Michael Han
        8. ZOOKEEPER-2014.patch
          118 kB
          Michael Han
        9. ZOOKEEPER-2014.patch
          110 kB
          Michael Han
        10. ZOOKEEPER-2014.patch
          104 kB
          Michael Han
        11. ZOOKEEPER-2014.patch
          104 kB
          Michael Han
        12. ZOOKEEPER-2014.patch
          94 kB
          Michael Han
        13. ZOOKEEPER-2014.patch
          94 kB
          Michael Han
        14. ZOOKEEPER-2014.patch
          78 kB
          Michael Han
        15. ZOOKEEPER-2014.patch
          2 kB
          Raúl Gutiérrez Segalés

        Issue Links

          is broken by

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-2642 ZooKeeper reconfig API backward compatibility fix

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-107 Allow dynamic changes to server cluster membership

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #94

          Web Link GitHub Pull Request #96

          Activity

            People

              hanm Michael Han
              rgs Raúl Gutiérrez Segalés
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: