[ https://issues.apache.org/jira/browse/HBASE-15200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15131822#comment-15131822 ]
Hudson commented on HBASE-15200: -------------------------------- FAILURE: Integrated in HBase-1.3 #532 (See [https://builds.apache.org/job/HBase-1.3/532/]) HBASE-15200 ZooKeeper znode ACL checks should only compare the shortname (apurtell: rev 360bb62469a80147eb248996373fdb0a79d3f066) * hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java > ZooKeeper znode ACL checks should only compare the shortname > ------------------------------------------------------------ > > Key: HBASE-15200 > URL: https://issues.apache.org/jira/browse/HBASE-15200 > Project: HBase > Issue Type: Bug > Affects Versions: 2.0.0, 1.2.0, 1.0.3, 1.1.3, 0.98.17 > Reporter: Andrew Purtell > Assignee: Andrew Purtell > Priority: Minor > Fix For: 2.0.0, 1.3.0, 1.2.1, 1.1.4, 1.0.4, 0.98.18 > > Attachments: HBASE-15200-branch-1.0.patch, > HBASE-15200-branch-1.1.patch, HBASE-15200.patch, HBASE-15200.patch > > > After HBASE-13768 we check at startup in secure configurations if our znodes > have the correct ACLs. However when checking the ACL we compare the Kerberos > fullname, which includes the host component. We should only compare the > shortname, the principal. Otherwise in a multimaster configuration we will > unnecessarily reset ACLs whenever any master running on a host other than the > one that initialized the ACLs makes the check. You can imagine this happening > multiple times in a rolling restart scenario. -- This message was sent by Atlassian JIRA (v6.3.4#6332)