eolivelli
commented
5 years ago @TisonKun would you be interested in working on this improvement?
It should be quite easy and do not take much cycles
Open eolivelli opened 5 years ago
eolivelli
commented
5 years ago @TisonKun would you be interested in working on this improvement?
It should be quite easy and do not take much cycles
eolivelli
commented
4 years ago @Ghatage this can be a good starting point.
Ghatage
commented
4 years ago Thanks for the tag @eolivelli I'd like to work on this, I'll open a PR soon.
eolivelli
commented
4 years ago I expect this change to be mostly in ZookeeperMetadataStorageManager.java
We can just create tests around that class, there is no need to start the server.
We also have to add a property (just a couple of constants) in ServerConfiguration.
In order to protect metadata on zookeeper in case of shared zk cluster we should at least give the ability to write useful ACLs in znodes.
There is no need for a procedure for migration of an existing cluster, it can be implemented easily at a later stage.
The idea is to add a new boolean configuration flag server.zookeeper.writeacls (see ServerConfiguration.java). With this flag we will set the proper ACLs, CREATOR_ALL_ACL on every znode created by the server.
It is the same work as I did in Bookkeeper
https://github.com/apache/bookkeeper/pull/76 https://github.com/apache/bookkeeper/pull/185