+1 on the log4j2 2.17.0 -Stephen
On Sat, Dec 18, 2021 at 10:14 PM 张铎(Duo Zhang) <palomino...@gmail.com> wrote: > Let's also update log4j2 to 2.17.0 for hbase-oeprator-tools? > > Thanks. > > 张铎(Duo Zhang) <palomino...@gmail.com> 于2021年12月18日周六 17:07写道: > > > +1 (binding) > > > > Checked sigs and sums: Matched > > Rat check: Passed > > Built from src: Succeeded > > Run UTs: Passed > > CHANGES and RELEASENOTES: Missed two issues, for generating these two > > files and change version in pom. This is not an actual code problem so I > > always do not want to sink an RC due to the problems on these two files. > In > > the future hbase-operator-tools should consider removing these two files > > from git too. > > Log4j2: Checked the lib directory, the log4j2 version is 2.16.0, which is > > good. > > Run it against a hbase cluster: Use it with the cluster deployed by me > for > > testing HBASE-26233, the default command failed because of can > > not recognize the 'hdfs' protocol. I needed to manually prepend > > 'INTERNAL_CLASSPATH=true' when executing the command, like this > > INTERNAL_CLASSPATH=true ./bin/hbase hbck -j > > > /home/sa/disk1/hbase-operator-tools-1.2.0/hbase-hbck2/hbase-hbck2-1.2.0.jar > > extraRegionsInMeta default:IntegrationTestRegionReplicaReplication > > But this is not a problem of hbase-operator-tools, it is because we do > > not shade hadoop-hdfs in our shaded jar. And it is strange that why hbck > > uses hbase-shaded-client instead of hbase-shaded-mapreduce. > > The stacktrace > > 17:04:41.024 [main] ERROR org.apache.hbase.HBCK2 - Error on checking > extra > > regions: > > org.apache.hadoop.fs.UnsupportedFileSystemException: No FileSystem for > > scheme "hdfs" > > at > > org.apache.hadoop.fs.FileSystem.getFileSystemClass(FileSystem.java:3281) > > ~[hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:3301) > > ~[hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:124) > > ~[hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at > org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:3352) > > ~[hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:3320) > > ~[hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:479) > > ~[hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hadoop.fs.Path.getFileSystem(Path.java:361) > > ~[hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hbase.HBCKFsUtils.getRootDir(HBCKFsUtils.java:106) > > ~[hbase-hbck2-1.2.0.jar:1.2.0] > > at > > > org.apache.hbase.FsRegionsMetaRecoverer.<init>(FsRegionsMetaRecoverer.java:66) > > ~[hbase-hbck2-1.2.0.jar:1.2.0] > > at org.apache.hbase.HBCK2.extraRegionsInMeta(HBCK2.java:268) > > [hbase-hbck2-1.2.0.jar:1.2.0] > > at org.apache.hbase.HBCK2.doCommandLine(HBCK2.java:1020) > > [hbase-hbck2-1.2.0.jar:1.2.0] > > at org.apache.hbase.HBCK2.run(HBCK2.java:830) > [hbase-hbck2-1.2.0.jar:1.2.0] > > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) > > [hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:90) > > [hbase-shaded-client-3.0.0-alpha-2.jar:3.0.0-alpha-2] > > at org.apache.hbase.HBCK2.main(HBCK2.java:1145) > > [hbase-hbck2-1.2.0.jar:1.2.0 > > > > 张铎(Duo Zhang) <palomino...@gmail.com> 于2021年12月18日周六 16:36写道: > > > >> The readme of the project says we have two tools, one is HBCK2, the > other > >> is TableReporter, but in the binary I can only see HBCK2... > >> > >> But anyway, checking the previous release, we did not include > >> TableReporter either, so not this release's fault... > >> > >> Josh Elser <els...@apache.org> 于2021年12月17日周五 23:03写道: > >> > >>> +1 (binding) > >>> > >>> Thanks for putting this together, Guangxu! > >>> > >>> * xsums/sigs are great > >>> * RAT check passes on src release > >>> * Can run unit tests (against 2.3.7, 2.4.4, 2.4.8) > >>> * Can build from source > >>> * CHANGES and RELEASENOTES look fine at a glance > >>> * Public key published in KEYS > >>> * Verified log4j2.16 is in the binary release (both as a jar and shaded > >>> inside hbase-hbck) > >>> > >>> - Josh > >>> > >>> On 12/14/21 10:32 PM, Guangxu Cheng wrote: > >>> > Please vote on this Apache hbase operator tools release candidate, > >>> > hbase-operator-tools-1.2.0RC0 > >>> > > >>> > The VOTE will remain open for at least 72 hours. > >>> > > >>> > [ ] +1 Release this package as Apache hbase operator tools 1.2.0 > >>> > [ ] -1 Do not release this package because ... > >>> > > >>> > The tag to be voted on is 1.2.0RC0: > >>> > > >>> > https://github.com/apache/hbase-operator-tools/tree/1.2.0RC0 > >>> > > >>> > This tag currently points to git reference > >>> > > >>> > 76d68624cebb66ec0e509b0a4c0d96445a601685 > >>> > > >>> > The release files, including signatures, digests, as well as > CHANGES.md > >>> > and RELEASENOTES.md included in this RC can be found at: > >>> > > >>> > > >>> > > >>> > https://dist.apache.org/repos/dist/dev/hbase/hbase-operator-tools-1.2.0RC0/ > >>> > > >>> > Maven artifacts are available in a staging repository at: > >>> > > >>> > > >>> > https://repository.apache.org/content/repositories/orgapachehbase-1474/ > >>> > Artifacts were signed with the 5EF3A66D57EC647A key which can be > found > >>> in: > >>> > > >>> > https://dist.apache.org/repos/dist/release/hbase/KEYS > >>> > > >>> > hbase-operator-tools 1.2.0 contains a critical security fix for > >>> addressing > >>> > the log4j2 > >>> > CVE-2021-44228. All users who use hbase-operator-tools should upgrade > >>> > to hbase-operator-tools 1.2.0 ASAP. > >>> > > >>> > To learn more about Apache hbase operator tools, please see > >>> > > >>> > http://hbase.apache.org/ > >>> > > >>> > Thanks, > >>> > Your HBase Release Manager > >>> > > >>> > ------ > >>> > Best Regards, > >>> > Guangxu > >>> > > >>> > >> >
