/** * On master start, we check the znode ACLs under the root directory and set the ACLs properly * if needed. If the cluster goes from an unsecure setup to a secure setup, this step is needed * so that the existing znodes created with open permissions are now changed with restrictive * perms. */ public void checkAndSetZNodeAcls() { if (!ZKUtil.isSecureZooKeeper(getConfiguration())) { LOG.info("not a secure deployment, proceeding"); return; } // Check the base znodes permission first. Only do the recursion if base znode's perms are not // correct. try { List<ACL> actualAcls = recoverableZooKeeper.getAcl(znodePaths.baseZNode, new Stat()); if (!isBaseZnodeAclSetup(actualAcls)) { LOG.info("setting znode ACLs"); setZnodeAclsRecursive(znodePaths.baseZNode); } } catch(KeeperException.NoNodeException nne) { return; } catch(InterruptedException ie) { interruptedExceptionNoThrow(ie, false); } catch (IOException|KeeperException e) { LOG.warn("Received exception while checking and setting zookeeper ACLs", e); } }
/** * On master start, we check the znode ACLs under the root directory and set the ACLs properly * if needed. If the cluster goes from an unsecure setup to a secure setup, this step is needed * so that the existing znodes created with open permissions are now changed with restrictive * perms. */ public void checkAndSetZNodeAcls() { if (!ZKUtil.isSecureZooKeeper(getConfiguration())) { LOG.info("not a secure deployment, proceeding"); return; } // Check the base znodes permission first. Only do the recursion if base znode's perms are not // correct. try { List<ACL> actualAcls = recoverableZooKeeper.getAcl(znodePaths.baseZNode, new Stat()); if (!isBaseZnodeAclSetup(actualAcls)) { LOG.info("setting znode ACLs"); setZnodeAclsRecursive(znodePaths.baseZNode); } } catch(KeeperException.NoNodeException nne) { return; } catch(InterruptedException ie) { interruptedExceptionNoThrow(ie, false); } catch (IOException|KeeperException e) { LOG.warn("Received exception while checking and setting zookeeper ACLs", e); } }