You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/11/23 11:52:11 UTC
[jira] [Commented] (HBASE-14865) Support passing multiple QOPs to
SaslClient/Server via hbase.rpc.protection
[ https://issues.apache.org/jira/browse/HBASE-14865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15021940#comment-15021940 ]
Hadoop QA commented on HBASE-14865:
-----------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12773783/HBASE-14865-master.patch
against master branch at commit 55087ce8887b5be38b0fda0dda3fbf2f92c13778.
ATTACHMENT ID: 12773783
{color:green}+1 @author{color}. The patch does not contain any @author tags.
{color:green}+1 tests included{color}. The patch appears to include 27 new or modified tests.
{color:green}+1 hadoop versions{color}. The patch compiles with all supported hadoop versions (2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1)
{color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings.
{color:green}+1 protoc{color}. The applied patch does not increase the total number of protoc compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages.
{color:red}-1 checkstyle{color}. The applied patch generated 18689 checkstyle errors (more than the master's current 18686 errors).
{color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines longer than 100
{color:green}+1 site{color}. The mvn post-site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
org.apache.hadoop.hbase.security.TestAsyncSecureIPC
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/16638//testReport/
Release Findbugs (version 2.0.3) warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/16638//artifact/patchprocess/newFindbugsWarnings.html
Checkstyle Errors: https://builds.apache.org/job/PreCommit-HBASE-Build/16638//artifact/patchprocess/checkstyle-aggregate.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/16638//console
This message is automatically generated.
> Support passing multiple QOPs to SaslClient/Server via hbase.rpc.protection
> ---------------------------------------------------------------------------
>
> Key: HBASE-14865
> URL: https://issues.apache.org/jira/browse/HBASE-14865
> Project: HBase
> Issue Type: Improvement
> Components: security
> Reporter: Appy
> Assignee: Appy
> Attachments: HBASE-14865-master.patch
>
>
> Currently, we can set the value of hbase.rpc.protection to one of authentication/integrity/privacy. It is the used to set {{javax.security.sasl.qop}} in SaslUtil.java.
> The problem is, if a cluster wants to switch from one qop to another, it'll have to take a downtime. Rolling upgrade will create a situation where some nodes have old value and some have new, which'll prevent any communication between them. There will be similar issue when clients will try to connect.
> {{javax.security.sasl.qop}} can take in a list of QOP in preferences order. So a transition from qop1 to qop2 can be easily done like this
> "qop1" --> "qop2,qop1" --> rolling restart --> "qop2" --> rolling restart
> Need to change hbase.rpc.protection to accept a list too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)