Accumulo requires a couple of sensitive pieces of information to be
provided when it is starting up (including the Accumulo root user's
password). Those are currently provided in the appConfig.json file.
Hadoop common is adding a CredentialProvider (HADOOP-10607) that allows you
to enter passwords into a Java KeyStore (the storage mechanism is
pluggable) and to retrieve them. This is in branch-2 and trunk, though I'm
not sure which branch-2 release it will make it into. I'd like to add a
capability into Slider to prompt the user for needed passwords and store
them using CredentialProvider so they can be retrieved by an app later.
We could add a new "credentials" section to the appConfig.json, with
entries that map CredentialProvider URLs to a list of credentials to store
in that CP.
+ "credentials": {
+ "jceks://hdfs/slider/accumulo.jceks": ["root", "instance.secret"]
+ },
One thing I'm not sure about is where to do the CredentialProvider
creation. The best place I have thought of so far is in
SliderClient.actionCreate, between building and starting a cluster.
