[jira] [Commented] (ACCUMULO-4728) Allow tserver to reject migration
[ https://issues.apache.org/jira/browse/ACCUMULO-4728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16221593#comment-16221593 ] Josh Elser commented on ACCUMULO-4728: -- bq. An otherwise well functioning tserver may fail to load a tablet indefinitely Can you provide some context about how you've seen this in practice? Understanding why we're stuck indefinitely here would help significantly in picking the best solution. > Allow tserver to reject migration > - > > Key: ACCUMULO-4728 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4728 > Project: Accumulo > Issue Type: Improvement > Components: tserver >Reporter: Charles Williams >Assignee: Charles Williams >Priority: Minor > > An otherwise well functioning tserver may fail to load a tablet indefinitely > without the master re-assigning the tablet to another tserver. In some cases > the tserver may be miss configured in some way that prevents loading a set of > specific tablets from a specific set of tables. > If the tserver could respond to the master with a failure to load a tablet > and abort the master could then re-assign the tablet somewhere else. In some > instances this could prevent an outage. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ACCUMULO-4732) No APIs to configure iterators and locality groups for new table
[ https://issues.apache.org/jira/browse/ACCUMULO-4732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16221297#comment-16221297 ] Keith Turner commented on ACCUMULO-4732: This problem was identified while trying to use NewTableConfiguration in Fluo. In the following PR tried to create a table with locality groups and iterator preconfigured and had to copy code from Accumulo to do this with NewTableConfiguration. https://github.com/apache/fluo/pull/960 > No APIs to configure iterators and locality groups for new table > > > Key: ACCUMULO-4732 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4732 > Project: Accumulo > Issue Type: Improvement >Reporter: Keith Turner > Fix For: 2.0.0 > > > In Accumulo 1.7 the ability to set table properties at table creation time > was added. For existing tables there are APIs in table operations that allow > setting locality groups and iterators for existing tables. When setting > table properties at table creation time there is not good API for iterators > and locality groups. There should be some way in the API to do this. There > may be other things besides iterators and locality groups that should also be > supported at table creation time. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ACCUMULO-4732) No APIs to configure iterators and locality groups for new table
[ https://issues.apache.org/jira/browse/ACCUMULO-4732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16221293#comment-16221293 ] Keith Turner commented on ACCUMULO-4732: May also be useful to support configuring constraints in new table config. > No APIs to configure iterators and locality groups for new table > > > Key: ACCUMULO-4732 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4732 > Project: Accumulo > Issue Type: Improvement >Reporter: Keith Turner > Fix For: 2.0.0 > > > In Accumulo 1.7 the ability to set table properties at table creation time > was added. For existing tables there are APIs in table operations that allow > setting locality groups and iterators for existing tables. When setting > table properties at table creation time there is not good API for iterators > and locality groups. There should be some way in the API to do this. There > may be other things besides iterators and locality groups that should also be > supported at table creation time. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ACCUMULO-4732) No APIs to configure iterators and locality groups for new table
[ https://issues.apache.org/jira/browse/ACCUMULO-4732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Keith Turner updated ACCUMULO-4732: --- Description: In Accumulo 1.7 the ability to set table properties at table creation time was added. For existing tables there are APIs in table operations that allow setting locality groups and iterators for existing tables. When setting table properties at table creation time there is not good API for iterators and locality groups. There should be some way in the API to do this. There may be other things besides iterators and locality groups that should also be supported at table creation time. was:In Accumulo 1.7 the ability to set table properties at table creation time was added. For existing tables there are APIs in table operations that allow setting locality groups and iterators for existing tables. There may be other API > No APIs to configure iterators and locality groups for new table > > > Key: ACCUMULO-4732 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4732 > Project: Accumulo > Issue Type: Improvement >Reporter: Keith Turner > Fix For: 2.0.0 > > > In Accumulo 1.7 the ability to set table properties at table creation time > was added. For existing tables there are APIs in table operations that allow > setting locality groups and iterators for existing tables. When setting > table properties at table creation time there is not good API for iterators > and locality groups. There should be some way in the API to do this. There > may be other things besides iterators and locality groups that should also be > supported at table creation time. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ACCUMULO-4732) No APIs to configure iterators and locality groups for new table
[ https://issues.apache.org/jira/browse/ACCUMULO-4732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Keith Turner updated ACCUMULO-4732: --- Description: In Accumulo 1.7 the ability to set table properties at table creation time was added. For existing tables there are APIs in table operations that allow setting locality groups and iterators for existing tables. There may be other API > No APIs to configure iterators and locality groups for new table > > > Key: ACCUMULO-4732 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4732 > Project: Accumulo > Issue Type: Improvement >Reporter: Keith Turner > Fix For: 2.0.0 > > > In Accumulo 1.7 the ability to set table properties at table creation time > was added. For existing tables there are APIs in table operations that allow > setting locality groups and iterators for existing tables. There may be > other API -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (ACCUMULO-4732) No APIs to configure iterators and locality groups for new table
Keith Turner created ACCUMULO-4732: -- Summary: No APIs to configure iterators and locality groups for new table Key: ACCUMULO-4732 URL: https://issues.apache.org/jira/browse/ACCUMULO-4732 Project: Accumulo Issue Type: Improvement Reporter: Keith Turner Fix For: 2.0.0 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (ACCUMULO-4714) Create landing page for new developers
[ https://issues.apache.org/jira/browse/ACCUMULO-4714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Owens reassigned ACCUMULO-4714: Assignee: Mark Owens > Create landing page for new developers > -- > > Key: ACCUMULO-4714 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4714 > Project: Accumulo > Issue Type: Improvement > Components: website >Reporter: Michael Miller >Assignee: Mark Owens > > The website has a lot of good information for contributing to Accumulo but it > is scattered across multiple pages. There is no clear, concise page that can > be sent as a link to developers interested in committing to the project. I > feel like this is a turn off for someone who is interested in contributing to > Accumulo. > This page would be a good place but it is just a bunch of links: > https://accumulo.apache.org/contributor/ > As a recent newcomer I would tend to go here: > https://accumulo.apache.org/contributor/source > But this page is confusing. The first instructions you get (after more > links) explain how to build the website. Then when you get to the developers > guide the the very first thing is a paragraph about activating the Thrift > profile. While this information is all very useful, the first 2 scenarios > are edge cases of development and it does not ease a new developer into > writing code for Accumulo. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ACCUMULO-3816) rpc.sasl.qop not mentioned in Kerberos server-configuration user manual section
[
https://issues.apache.org/jira/browse/ACCUMULO-3816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16220914#comment-16220914
]
Josh Elser commented on ACCUMULO-3816:
--
Please ask questions on the mailing list.
> rpc.sasl.qop not mentioned in Kerberos server-configuration user manual
> section
> ---
>
> Key: ACCUMULO-3816
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3816
> Project: Accumulo
> Issue Type: Task
> Components: docs
>Reporter: Josh Elser
>Assignee: Josh Elser
> Fix For: 1.7.1, 1.8.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Was looking through the server-configuration section of the user manual, and
> noticed that I forgot to call out {{rpc.sasl.qop}}. This deserves as a
> mention as its the only way to configure wire encryption w/ Kerberos enabled.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[GitHub] PircDef opened a new pull request #315: Accumulo 4731
PircDef opened a new pull request #315: Accumulo 4731 URL: https://github.com/apache/accumulo/pull/315 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Created] (ACCUMULO-4731) Improve exception handling if a key encryption key cannot be loaded
Nick Felts created ACCUMULO-4731: Summary: Improve exception handling if a key encryption key cannot be loaded Key: ACCUMULO-4731 URL: https://issues.apache.org/jira/browse/ACCUMULO-4731 Project: Accumulo Issue Type: Improvement Reporter: Nick Felts Assignee: Nick Felts Priority: Critical -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ACCUMULO-3816) rpc.sasl.qop not mentioned in Kerberos server-configuration user manual section
[
https://issues.apache.org/jira/browse/ACCUMULO-3816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16220758#comment-16220758
]
Jorge Machado commented on ACCUMULO-3816:
-
can you explain this please ? I'm trying to connect a application to accumulo
via kerberos but the docs are very bad...
> rpc.sasl.qop not mentioned in Kerberos server-configuration user manual
> section
> ---
>
> Key: ACCUMULO-3816
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3816
> Project: Accumulo
> Issue Type: Task
> Components: docs
>Reporter: Josh Elser
>Assignee: Josh Elser
> Fix For: 1.7.1, 1.8.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Was looking through the server-configuration section of the user manual, and
> noticed that I forgot to call out {{rpc.sasl.qop}}. This deserves as a
> mention as its the only way to configure wire encryption w/ Kerberos enabled.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[GitHub] keith-turner commented on a change in pull request #300: ACCUMULO-4708 Limit RFile block size to 2GB
keith-turner commented on a change in pull request #300: ACCUMULO-4708 Limit
RFile block size to 2GB
URL: https://github.com/apache/accumulo/pull/300#discussion_r147172071
##
File path:
core/src/main/java/org/apache/accumulo/core/security/crypto/RFileCipherOutputStream.java
##
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * see the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.core.security.crypto;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.crypto.Cipher;
+import javax.crypto.CipherOutputStream;
+
+/**
+ *
+ * This class extends {@link CipherOutputStream} to include a way to track the
number of bytes that have
+ * been encrypted by the stream. The write method also includes a mechanism to
stop writing and
+ * throw an exception if exceeding a maximum number of bytes is attempted.
+ *
+ */
+public class RFileCipherOutputStream extends CipherOutputStream {
+
+ // This is the maximum size encrypted stream that can be written. Attempting
to write anything larger
+ // will cause an exception. Given that each block in an rfile is encrypted
separately, and blocks
+ // should be written such that a block cannot ever reach 16GiB, this is
believed to be a safe number.
+ // If this does cause an exception, it is an issue best addressed elsewhere.
+ private final long maxOutputSize = 1L << 34; //16GiB
+
+ // the cipher engine to use to process stream data
+ private Cipher cipher;
+
+ // the underlying output stream
+ private OutputStream output;
+
+ // the buffer holding data ready to be written out
+ private byte[] obuffer;
+
+ // The total number of bytes that have been written out
+ private long count = 0;
+
+ /**
+ *
+ * Constructs a RFileCipherOutputStream
+ *
+ * @param os
+ * the OutputStream object
+ * @param c
+ * an initialized Cipher object
+ */
+ public RFileCipherOutputStream(OutputStream os, Cipher c) {
+super(os, c);
+output = os;
+cipher = c;
+ }
+
+ /**
+ * Override of CipherOutputStream's write to count the number of bytes that
have been encrypted.
+ * This method now throws an exception if an attempt to write bytes beyond a
maximum is made.
+ *
+ * Writes len bytes from the specified byte array starting at
offset off to this output stream.
+ *
+ * @param b
+ * the data.
+ * @param off
+ * the start offset in the data.
+ * @param len
+ * the number of bytes to write.
+ * @exception IOException
+ * if an I/O error occurs.
+ * @since JCE1.2
+ */
+ @Override
+ public void write(byte b[], int off, int len) throws IOException {
+count += len;
+if (count > maxOutputSize) {
+ throw new IOException("Attempt to write " + count + " bytes was made. A
maximum of " + maxOutputSize + " is allowed for an encryption stream.");
+}
+obuffer = cipher.update(b, off, len);
Review comment:
can you call super.write here?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
