You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Robert Kanter (JIRA)" <ji...@apache.org> on 2013/11/08 04:27:17 UTC
[jira] [Commented] (OOZIE-1491) Make sure HA works with a secure
ZooKeeper
[ https://issues.apache.org/jira/browse/OOZIE-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13816960#comment-13816960 ]
Robert Kanter commented on OOZIE-1491:
--------------------------------------
I've mostly finished the patch for this. I may decide to make a separate JIRA to do the unit tests because that might be a lot of work to do properly (we'll have to use the MiniKDC from Hadoop); though I have tested it manually.
The only remaining issue is that the znodes created for the locks always have open ACLs. With help from Jordan Zimmerman on the on the Curator-User list, I'm fairly certain the problem is due to CURATOR-58, which I'll see if I can fix. Even if I fix that, we won't have it until the next Curator release, so until then, there will be a small security hole here where a malicious user could acquire a lock to prevent Oozie from processing that job.
> Make sure HA works with a secure ZooKeeper
> ------------------------------------------
>
> Key: OOZIE-1491
> URL: https://issues.apache.org/jira/browse/OOZIE-1491
> Project: Oozie
> Issue Type: Improvement
> Components: HA
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
>
> We need to make sure that HA works with a secure ZooKeeper. This includes the SASL ACL setting that will prevent someone else from deleting the oozie znodes.
--
This message was sent by Atlassian JIRA
(v6.1#6144)