You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by Wei-Chiu Chuang <we...@cloudera.com.INVALID> on 2018/12/14 22:53:35 UTC
Changing RPC SASL options without full cluster restart?
Hi fellow Hadoop developers,
Do you know a way to change RPC SASL options without full cluster restart?
(that is, rolling restart)? For example, enabling RPC encryption? Currently
if you try to do rolling restart after enabling RPC encryption,
applications such as HBase would fail to connect to NameNode because both
side use different SASL configurations during the rolling restart.
Would HDFS-13566 (Add configurable additional RPC listener to NameNode) and
HDFS-13547 (Add ingress port based sasl resolver) help address this issue?
I imagine some hack can be developed along the line, but I don't know if
that use case is considered in the design.
Best,
Wei-Chiu
Re: Changing RPC SASL options without full cluster restart?
Posted by Chen Liang <va...@gmail.com>.
Hi Wei-Chiu,
HDFS-13566 and HDFS-13547 do allow different SASL configurations to coexist
on different NameNode ports, but for the whole feature to work, a upgrade
on the client jar is still required. I'm not too familiar with how HBase
accesses HDFS, based on your description, for this particular case you
mentioned here, I imagine a restart of HBase is still needed, unless the
client jar can be upgrade separately from HBase upgrade.
Chen
Wei-Chiu Chuang <we...@cloudera.com.invalid> 于2018年12月14日周五 下午2:54写道:
> Hi fellow Hadoop developers,
>
> Do you know a way to change RPC SASL options without full cluster restart?
> (that is, rolling restart)? For example, enabling RPC encryption? Currently
> if you try to do rolling restart after enabling RPC encryption,
> applications such as HBase would fail to connect to NameNode because both
> side use different SASL configurations during the rolling restart.
>
> Would HDFS-13566 (Add configurable additional RPC listener to NameNode) and
> HDFS-13547 (Add ingress port based sasl resolver) help address this issue?
> I imagine some hack can be developed along the line, but I don't know if
> that use case is considered in the design.
>
> Best,
> Wei-Chiu
>
Re: Changing RPC SASL options without full cluster restart?
Posted by Chen Liang <va...@gmail.com>.
Hi Wei-Chiu,
HDFS-13566 and HDFS-13547 do allow different SASL configurations to coexist
on different NameNode ports, but for the whole feature to work, a upgrade
on the client jar is still required. I'm not too familiar with how HBase
accesses HDFS, based on your description, for this particular case you
mentioned here, I imagine a restart of HBase is still needed, unless the
client jar can be upgrade separately from HBase upgrade.
Chen
Wei-Chiu Chuang <we...@cloudera.com.invalid> 于2018年12月14日周五 下午2:54写道:
> Hi fellow Hadoop developers,
>
> Do you know a way to change RPC SASL options without full cluster restart?
> (that is, rolling restart)? For example, enabling RPC encryption? Currently
> if you try to do rolling restart after enabling RPC encryption,
> applications such as HBase would fail to connect to NameNode because both
> side use different SASL configurations during the rolling restart.
>
> Would HDFS-13566 (Add configurable additional RPC listener to NameNode) and
> HDFS-13547 (Add ingress port based sasl resolver) help address this issue?
> I imagine some hack can be developed along the line, but I don't know if
> that use case is considered in the design.
>
> Best,
> Wei-Chiu
>