We resolved HBASE-28010, so we should be good to go there now. On Sun, Aug 20, 2023 at 7:22 AM Bryan Beaudreault <[email protected]> wrote:
> I made > https://issues.apache.org/jira/browse/HBASE-28010 a blocker so we don’t > release a broken new feature. We will have it fixed early this week. > > On Fri, Aug 18, 2023 at 11:08 AM Andrew Purtell <[email protected]> > wrote: > >> Let’s do it. We can use the new branch to stabilize for release. >> >> I am back from vacation in two weeks and can then lend time and AWS >> resources for testing (and presumably fixing). >> >> > On Aug 18, 2023, at 10:53 AM, 张铎 <[email protected]> wrote: >> > >> > HBASE-27947 has been resolved. >> > >> > So I think now we are good to cut branch-2.6? >> > >> > Another good news is we are also close to fix the WAL value >> > compression issue in HBASE-28028. >> > >> > Thanks. >> > >> > Bryan Beaudreault <[email protected]> 于2023年6月23日周五 02:47写道: >> >> >> >> Thanks! >> >> >> >> We're looking into one other emergent issue that we uncovered during >> the >> >> rollout of server side TLS on RegionServers. It seems >> nettyDirectMemory has >> >> increased substantially when under load with it enabled. Details in >> >> https://issues.apache.org/jira/browse/HBASE-27947. >> >> >> >> >> >>> On Thu, Jun 22, 2023 at 12:02 PM 张铎(Duo Zhang) <[email protected] >> > >> >>> wrote: >> >>> >> >>> PR is ready >> >>> >> >>> https://github.com/apache/hbase/pull/5305 >> >>> >> >>> PTAL. >> >>> >> >>> Thanks. >> >>> >> >>> 张铎(Duo Zhang) <[email protected]> 于2023年6月22日周四 21:40写道: >> >>>> >> >>>> Ah, missed your last comment on HBASE-27782. >> >>>> >> >>>> Let me take a look. >> >>>> >> >>>> Netty has some rules about how the exceptions are passed through the >> >>>> pipeline(especially the order, forward or backward...) but honestly I >> >>>> always forget it just a day later after I finished the code... >> >>>> >> >>>> Bryan Beaudreault <[email protected]> 于2023年6月17日周六 00:43写道: >> >>>>> >> >>>>> In terms of TLS: >> >>>>> >> >>>>> - All of our clients (many thousands) in production are using the >> >>>>> NettyRpcConnection with TLS enabled. However, these clients are >> >>> currently >> >>>>> connecting to the RegionServer/HMaster through an haproxy process >> >>> local to >> >>>>> each server which handles SSL termination. So not quite end-to-end >> yet. >> >>>>> - On the server side, most of our QA environment (a thousand >> >>> regionservers >> >>>>> and ~200 hmasters) are running it. So these are accepting TLS from >> >>> clients >> >>>>> and using TLS for intra-cluster communication. >> >>>>> >> >>>>> The migration is tricky for us due to the scale and the fact that we >> >>> need >> >>>>> to migrate off haproxy at the same time. Hopefully we should have >> some >> >>> of >> >>>>> production running end-to-end TLS within the next month or so. >> >>>>> >> >>>>> From what we've seen in QA so far, there have not been any major >> >>> issues. We >> >>>>> also couldn't discern any performance issues in testing, though we >> were >> >>>>> comparing against our legacy haproxy setup and can't really compare >> >>> against >> >>>>> kerberos. >> >>>>> >> >>>>> One outstanding issue is >> >>> https://issues.apache.org/jira/browse/HBASE-27782, >> >>>>> which we still see periodically. It doesn't seem to cause actual >> >>> issues, >> >>>>> since the RpcClient still handles it gracefully, but it does cause >> >>> noise >> >>>>> and may have implications. >> >>>>> >> >>>>> On Fri, Jun 16, 2023 at 11:41 AM 张铎(Duo Zhang) < >> [email protected]> >> >>>>> wrote: >> >>>>> >> >>>>>> So any updates here? >> >>>>>> >> >>>>>> Do we have any good news about the TLS usage in production so we >> can >> >>>>>> move forward on release 2.6.x? >> >>>>>> >> >>>>>> Thanks. >> >>>>>> >> >>>>>> Andrew Purtell <[email protected]> 于2023年4月7日周五 09:37写道: >> >>>>>>> >> >>>>>>> Agreed, that sounds like a good plan. >> >>>>>>> >> >>>>>>> On Wed, Mar 29, 2023 at 7:31 AM 张铎(Duo Zhang) < >> >>> [email protected]> >> >>>>>> wrote: >> >>>>>>> >> >>>>>>>> I think we could follow the old pattern when we cut a new release >> >>>>>> branch. >> >>>>>>>> That is, after the new release branch is cut and the new minor >> >>> release >> >>>>>> is >> >>>>>>>> out, we will do a final release of the oldest release line and >> >>> then >> >>>>>> mark it >> >>>>>>>> as EOL. >> >>>>>>>> >> >>>>>>>> So here, I think once we cut branch-2.6 and release 2.6.0, we >> >>> can do a >> >>>>>>>> final release for 2.4.x and mark 2.4.x as EOL. >> >>>>>>>> >> >>>>>>>> Thanks. >> >>>>>>>> >> >>>>>>>> Bryan Beaudreault <[email protected]> 于2023年3月27日周一 >> >>> 09:57写道: >> >>>>>>>> >> >>>>>>>>> Primary development on hbase-backup and TLS is complete. There >> >>> are a >> >>>>>>>> couple >> >>>>>>>>> minor things I may want to add to TLS in the future, such as >> >>>>>> pluggable >> >>>>>>>> cert >> >>>>>>>>> verification. But those are not needed for initial release IMO. >> >>>>>>>>> >> >>>>>>>>> We are almost ready integrating hbase-backup in production. >> >>> We’ve >> >>>>>> fixed a >> >>>>>>>>> few minor things (all committed) but otherwise it’s worked >> >>> well so >> >>>>>> far in >> >>>>>>>>> tests. >> >>>>>>>>> >> >>>>>>>>> We are a bit delayed in integrating TLS. I’m hopeful it will >> >>> happen >> >>>>>> in >> >>>>>>>> the >> >>>>>>>>> next 2-3 months. It’s a big project for us, so not quick, but >> >>>>>> definitely >> >>>>>>>> on >> >>>>>>>>> the roadmap. >> >>>>>>>>> >> >>>>>>>>> It seems like cloudera may be closer to integrating TLS in >> >>>>>> production. >> >>>>>>>>> Balazs recently filed and fixed HBASE-27673 related to mTLS. >> >>> Maybe >> >>>>>> he can >> >>>>>>>>> chime in on his status, or let me know if I am totally off >> >>> base :) >> >>>>>>>>> >> >>>>>>>>> On Sun, Mar 26, 2023 at 9:25 PM Andrew Purtell < >> >>>>>> [email protected] >> >>>>>>>>> >> >>>>>>>>> wrote: >> >>>>>>>>> >> >>>>>>>>>> Before we open a new code line should we discuss EOL of 2.4? >> >>> After >> >>>>>> the >> >>>>>>>>>> first 2.6 release? It’s not required of course but cuts down >> >>> the >> >>>>>> amount >> >>>>>>>>> of >> >>>>>>>>>> labor to have two 2.x code lines (presumably, one as stable >> >>> and >> >>>>>> one as >> >>>>>>>>>> next) rather than three. Perhaps even before that, should we >> >>> move >> >>>>>> the >> >>>>>>>>>> stable pointer to the latest 2.5 release? >> >>>>>>>>>> >> >>>>>>>>>>> >> >>>>>>>>>>> On Mar 26, 2023, at 5:59 PM, 张铎 <[email protected]> >> >>> wrote: >> >>>>>>>>>>> >> >>>>>>>>>>> Bump. >> >>>>>>>>>>> >> >>>>>>>>>>> I believe the mTLS and backup related code have all been >> >>>>>> finished on >> >>>>>>>>>>> branch-2? >> >>>>>>>>>>> >> >>>>>>>>>>> Are there any other things which block us making the >> >>> branch-2.6 >> >>>>>>>> branch? >> >>>>>>>>>>> >> >>>>>>>>>>> Thanks. >> >>>>>>>>>>> >> >>>>>>>>>>> Mallikarjun <[email protected]> 于2022年10月17日周一 >> >>> 02:09写道: >> >>>>>>>>>>> >> >>>>>>>>>>>> On hbase-backup, we are using in production for more then >> >>> 1 >> >>>>>> year. I >> >>>>>>>>> can >> >>>>>>>>>>>> vouch for it to be stable enough to be in a release >> >>> version so >> >>>>>> that >> >>>>>>>>> more >> >>>>>>>>>>>> people can use it and polished it further. >> >>>>>>>>>>>> >> >>>>>>>>>>>>> On Sun, Oct 16, 2022, 11:25 PM Andrew Purtell < >> >>>>>>>>>> [email protected]> >> >>>>>>>>>>>>> wrote: >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> My understanding is some folks evaluating and polishing >> >>> TLS for >> >>>>>>>> their >> >>>>>>>>>>>>> production are also considering hbase-backup in the same >> >>> way, >> >>>>>> which >> >>>>>>>>> is >> >>>>>>>>>>>> why >> >>>>>>>>>>>>> I linked them together. If that is incorrect then they >> >>> both are >> >>>>>>>> still >> >>>>>>>>>>>> worth >> >>>>>>>>>>>>> considering in my opinion but would have a more tenuous >> >>> link. >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> Where we are with hbase-backup is it should probably be >> >>> ported >> >>>>>> to >> >>>>>>>>> where >> >>>>>>>>>>>>> more people would be inclined to evaluate it, in order >> >>> for it >> >>>>>> to >> >>>>>>>> make >> >>>>>>>>>>>> more >> >>>>>>>>>>>>> progress. A new minor releasing line would fit. On the >> >>> other >> >>>>>> hand >> >>>>>>>> if >> >>>>>>>>> it >> >>>>>>>>>>>> is >> >>>>>>>>>>>>> too unpolished then the experience would be poor. >> >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> >>>>>>>>>>>>>> On Oct 16, 2022, at 5:35 AM, 张铎 <[email protected]> >> >>>>>> wrote: >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>>> I believe the second one is still ongoing? >> >>>>>>>>>>>>>> >> >>>>>>>>>>>>>> Andrew Purtell <[email protected]> 于2022年10月14日周五 >> >>> 05:37写道: >> >>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>> We will begin releasing activity for the 2.6 code line >> >>> and >> >>>>>> as a >> >>>>>>>>>>>>>>> prerequisite to that we shall need to make a new branch >> >>>>>>>> branch-2.6 >> >>>>>>>>>>>> from >> >>>>>>>>>>>>>>> branch-2. >> >>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>> Before we do that let's make sure all commits for the >> >>> key >> >>>>>>>> features >> >>>>>>>>> of >> >>>>>>>>>>>>> 2.6 >> >>>>>>>>>>>>>>> are settled in branch-2 before the branching point. >> >>> Those key >> >>>>>>>>>> features >> >>>>>>>>>>>>> are: >> >>>>>>>>>>>>>>> - mTLS RPC >> >>>>>>>>>>>>>>> - hbase-backup backport >> >>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>> -- >> >>>>>>>>>>>>>>> Best regards, >> >>>>>>>>>>>>>>> Andrew >> >>>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> -- >> >>>>>>> Best regards, >> >>>>>>> Andrew >> >>>>>>> >> >>>>>>> Unrest, ignorance distilled, nihilistic imbeciles - >> >>>>>>> It's what we’ve earned >> >>>>>>> Welcome, apocalypse, what’s taken you so long? >> >>>>>>> Bring us the fitting end that we’ve been counting on >> >>>>>>> - A23, Welcome, Apocalypse >> >>>>>> >> >>> >> >
