github-actions[bot] commented on code in PR #65551:
URL: https://github.com/apache/doris/pull/65551#discussion_r3592429995
##########
fe/fe-common/src/main/java/org/apache/doris/common/Config.java:
##########
@@ -818,6 +818,18 @@ public class Config extends ConfigBase {
// check token when download image file.
@ConfField public static boolean enable_token_check = true;
+ @ConfField(sensitive = true, description = {"Cluster token for FE
meta-service internal HTTP authentication. "
Review Comment:
[P2] Document or support rolling token changes
This static value controls both what an FE sends and what it accepts, so a
mixed rollout cannot keep checkpoint meta calls working. With empty -> `T`, an
empty master is rejected by a `T` follower on `/put`; if the `T` FE is master,
the empty follower accepts `/put` but its nested tokenless `/image` fetch is
rejected. Any such follower prevents `Checkpoint` from counting every push, so
`/journal_id` and journal deletion are skipped until convergence. Rotating
non-empty `X` -> `Y` rejects cross-state requests in both directions; helper
bootstrap likewise fails when client and helper use different non-empty values
(and empty -> `T` is rejected, while `T` -> empty is accepted). Existing FEs
with local ROLE/VERSION still restart and serve, so this is failed image
propagation and potentially indefinite journal retention if rollout stalls, not
immediate data loss. Please either document that activation/rotation requires a
coordinated restart, or add a staged send/accept/enforce transiti
on; if rolling changes are supported, add mixed-FE checkpoint/bootstrap tests
and remove legacy/previous-token acceptance after convergence.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]