Andrew Purtell created HBASE-15200:
--------------------------------------
Summary: ZooKeeper znode ACL checks should only compare the
shortname
Key: HBASE-15200
URL: https://issues.apache.org/jira/browse/HBASE-15200
Project: HBase
Issue Type: Bug
Affects Versions: 0.98.17, 1.1.3, 1.0.3, 2.0.0, 1.2.0
Reporter: Andrew Purtell
Assignee: Andrew Purtell
Priority: Minor
Fix For: 2.0.0, 1.3.0, 1.1.4, 0.98.18
After HBASE-13768 we check at startup in secure configurations if our znodes
have the correct ACLs. However when checking the ACL we compare the Kerberos
fullname, which includes the host component. We should only compare the
shortname, the principal. Otherwise in a multimaster configuration we will
unnecessarily reset ACLs whenever any master running on a host other than the
one that initialized the ACLs makes the check. You can imagine this happening
multiple times in a rolling restart scenario.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
