Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Zookeeper, mail # user - Deprecated AuthFastLeaderElection


Copy link to this message
-
RE: Deprecated AuthFastLeaderElection
Flavio Junqueira 2013-12-19, 02:18
Hi Leo,

AuthFLE implements a simple challenge-response protocol and if I remember
correctly it uses UDP. We haven't been maintaining that LE implementation
because no one at the time seemed interested in having that implementation
of leader election and making sure that all flavors work is a pain, that's
why it is deprecated.

Are you convinced that it does what you need or you're just exploring at
this point? I'm not aware of folks securing leader election communication,
but that doesn't mean no one is doing it.

-Flavio

-----Original Message-----
From: Leonard Kramer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 17, 2013 5:55 PM
To: [EMAIL PROTECTED]
Subject: Deprecated AuthFastLeaderElection

Hello everybody,

I want to deploy a zookeeper-ensemble in a non-secure environment where
every instance is connected over non-seucre channels. So far I've
successfully added TLS-support to the inter-server communication.
My naive approch for upgrading the leader-communication to secure
tls-sockets fails and is also unacceptable slow.

My next guess was using the "AuthFastLeaderElection", but I can't find any
information why this class is deprecated.

So I have basically two questions:
1. Why is AuthFastLeaderElection deprecated?
2. Are there currently any alternatives for securing the LeaderElection? My
basic requirements are integrity and authencity not necessarily encryption.
Has somebody successfully secured the leaderelection by using tools like
stunnel?

Thanks and happy holidays
Leo