You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Dan Burkert (JIRA)" <ji...@apache.org> on 2017/05/11 17:31:04 UTC
[jira] [Updated] (KUDU-2006) Detect when security flags are
misconfigured
[ https://issues.apache.org/jira/browse/KUDU-2006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Burkert updated KUDU-2006:
------------------------------
Description:
In many cases servers could detect when they have different security configurations ({{--rpc-encryption}} and {{--rpc-authentication}}) than other servers, or at least between tablet servers and masters. We designed these features expressly so that clusters could support a mix of {{optional}} and {{required}}, however this should only be the case while in the middle of a rolling restart to upgrade or downgrade the cluster's security.
So, we should detect these situations and either log loudly, or present some information in the web UI saying the cluster is in an inconsistent state. Admins who are in the midst of a rolling restart could ignore this, but it would give a heads up to everyone else that security configs are wrong.
was:
In many cases servers could detect when they have different security configurations ({{--rpc-encryption}} and {{--rpc-authentication}}) than other servers, or at least between tablet servers and masters. We designed these features expressly so that clusters could support a mix of {{optional}} and {{required}} servers, however this should only be the case while in the middle of a rolling restart to upgrade or downgrade the cluster's security.
So, we should detect these situations and either log loudly, or present some information in the web UI saying the cluster is in an inconsistent state. Admins who are in the midst of a rolling restart could ignore this, but it would give a heads up to everyone else that security configs are wrong.
> Detect when security flags are misconfigured
> --------------------------------------------
>
> Key: KUDU-2006
> URL: https://issues.apache.org/jira/browse/KUDU-2006
> Project: Kudu
> Issue Type: Improvement
> Components: server
> Affects Versions: 1.3.1
> Reporter: Dan Burkert
>
> In many cases servers could detect when they have different security configurations ({{--rpc-encryption}} and {{--rpc-authentication}}) than other servers, or at least between tablet servers and masters. We designed these features expressly so that clusters could support a mix of {{optional}} and {{required}}, however this should only be the case while in the middle of a rolling restart to upgrade or downgrade the cluster's security.
> So, we should detect these situations and either log loudly, or present some information in the web UI saying the cluster is in an inconsistent state. Admins who are in the midst of a rolling restart could ignore this, but it would give a heads up to everyone else that security configs are wrong.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)