You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Yingchun Lai (JIRA)" <ji...@apache.org> on 2019/03/23 02:10:00 UTC
[jira] [Commented] (KUDU-1948) Client-side configuration of cluster
details
[ https://issues.apache.org/jira/browse/KUDU-1948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799491#comment-16799491 ]
Yingchun Lai commented on KUDU-1948:
------------------------------------
Agree with [~danburkert] .
But I want to introduce a simple cluster name resolver for CLI tools. CLI tool is an application right? I think it's reasonable to introduce a simple configuration file for it.
As a Kudu administrator, I'm boring to type multi-masters ip:port when I use CLI tools to access a cluster, they are long and not easy to remember, instead, it's easy to use it like:
{code:java}
kudu table list cluster_name{code}
We can use either master address list or cluster name to access a cluster.
Of course, there should be a way to distinguish them:
eg.
* cluster name should not contain any ':' or ','
* master address list string must contain ':' or ','
* default port should not omit master in address list string
We can reuse most code of JsonReader, and introduce a new class JsonFileReader to read configurations from a JSON config file, place it in a path like $KUDU_HOME, so it's not needed to add any new gflags.
> Client-side configuration of cluster details
> --------------------------------------------
>
> Key: KUDU-1948
> URL: https://issues.apache.org/jira/browse/KUDU-1948
> Project: Kudu
> Issue Type: New Feature
> Components: client, security
> Affects Versions: 1.3.0
> Reporter: Todd Lipcon
> Assignee: Grant Henke
> Priority: Major
>
> In the beginning, Kudu clients were configured with only the address of the single Kudu master. This was nice and simple, and there was no need for a client "configuration file".
> Then, we added multi-masters, and the client API had to take a list of master addresses. This wasn't awful, but started to be a bit aggravating when trying to use tools on a multi-master cluster (who wants to type out three long hostnames in a 'ksck' command line every time?).
> Now with security, we have a couple more bits of configuration for the client. Namely:
> - "require SSL" and "require authentication" booleans -- necessary to prevent MITM downgrade attacks
> - custom Kerberos principal -- if the server wants to use a principal other than 'kudu/<HOST>@REALM' then the client needs to know to expect it and fetch the appropriate service ticket. (Note this isn't yet supported but would like to be!)
> In the future, there are other items that might be best specified as part of a client configuration as well (e.g. CA cert for BYO PKI, wire compression options, etc).
> For the above use cases it would be nicer to allow the various options to be specified in a configuration file rather than adding specific APIs for all options.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)