Hi Wei-Chiu, HDFS-13566 and HDFS-13547 do allow different SASL configurations to coexist on different NameNode ports, but for the whole feature to work, a upgrade on the client jar is still required. I'm not too familiar with how HBase accesses HDFS, based on your description, for this particular case you mentioned here, I imagine a restart of HBase is still needed, unless the client jar can be upgrade separately from HBase upgrade.
Chen Wei-Chiu Chuang <weic...@cloudera.com.invalid> 于2018年12月14日周五 下午2:54写道: > Hi fellow Hadoop developers, > > Do you know a way to change RPC SASL options without full cluster restart? > (that is, rolling restart)? For example, enabling RPC encryption? Currently > if you try to do rolling restart after enabling RPC encryption, > applications such as HBase would fail to connect to NameNode because both > side use different SASL configurations during the rolling restart. > > Would HDFS-13566 (Add configurable additional RPC listener to NameNode) and > HDFS-13547 (Add ingress port based sasl resolver) help address this issue? > I imagine some hack can be developed along the line, but I don't know if > that use case is considered in the design. > > Best, > Wei-Chiu >
