[
https://issues.apache.org/jira/browse/HBASE-22253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16819413#comment-16819413
]
Esteban Gutierrez commented on HBASE-22253:
-------------------------------------------
bq. related: if we are leader and the leader znode is deleted we should step
down
Yeah, probably we should make sure that the session timeout for the keymaster
znode is shorter than the sleep interval for the LeaderElector.
> An AuthenticationTokenSecretManager leader won't step down if another RS
> claims to be a leader
> ----------------------------------------------------------------------------------------------
>
> Key: HBASE-22253
> URL: https://issues.apache.org/jira/browse/HBASE-22253
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 3.0.0, 2.1.0, 2.2.0
> Reporter: Esteban Gutierrez
> Assignee: Esteban Gutierrez
> Priority: Critical
>
> We ran into a situation were a rogue Lily HBase Indexer [SEP
> Consumer|https://github.com/NGDATA/hbase-indexer/blob/master/hbase-sep/hbase-sep-impl/src/main/java/com/ngdata/sep/impl/SepConsumer.java#L169]
> sharing the same {{zookeeper.znode.parent}} claimed to be
> AuthenticationTokenSecretManager for an HBase cluster. This situation
> undesirable since the leader running on the HBase cluster doesn't steps down
> when the rogue leader registers in the HBase cluster and both will start
> rolling keys with the same IDs causing authentication errors. Even a
> reasonable "fix" is to point to a different {{zookeeper.znode.parent}}, we
> should make sure that we step down as leader correctly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
