github-actions[bot] commented on code in PR #65551:
URL: https://github.com/apache/doris/pull/65551#discussion_r3592429995


##########
fe/fe-common/src/main/java/org/apache/doris/common/Config.java:
##########
@@ -818,6 +818,18 @@ public class Config extends ConfigBase {
     // check token when download image file.
     @ConfField public static boolean enable_token_check = true;
 
+    @ConfField(sensitive = true, description = {"Cluster token for FE 
meta-service internal HTTP authentication. "

Review Comment:
   [P2] Document or support rolling token changes
   
   This static value controls both what an FE sends and what it accepts, so a 
mixed rollout cannot keep checkpoint meta calls working. With empty -> `T`, an 
empty master is rejected by a `T` follower on `/put`; if the `T` FE is master, 
the empty follower accepts `/put` but its nested tokenless `/image` fetch is 
rejected. Any such follower prevents `Checkpoint` from counting every push, so 
`/journal_id` and journal deletion are skipped until convergence. Rotating 
non-empty `X` -> `Y` rejects cross-state requests in both directions; helper 
bootstrap likewise fails when client and helper use different non-empty values 
(and empty -> `T` is rejected, while `T` -> empty is accepted). Existing FEs 
with local ROLE/VERSION still restart and serve, so this is failed image 
propagation and potentially indefinite journal retention if rollout stalls, not 
immediate data loss. Please either document that activation/rotation requires a 
coordinated restart, or add a staged send/accept/enforce transiti
 on; if rolling changes are supported, add mixed-FE checkpoint/bootstrap tests 
and remove legacy/previous-token acceptance after convergence.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to