[
https://issues.apache.org/jira/browse/HBASE-28321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Duo Zhang resolved HBASE-28321.
-------------------------------
Fix Version/s: 2.6.0
3.0.0-beta-2
Hadoop Flags: Reviewed
Release Note:
Introduced a preamble security call to let server respond its server principal
so client knows which one to use if there are multiple server principal
candidates.
This requires changing the SecurityInfo to accept a list of server principal
patterns for a given rpc service.
Altough SecurityInfo is marked as IA.Private, since it is leaked in
SaslClientAuthenticationProvider, we still keep the getServerPrincipal method
and only mark it as deprecated since 2.6.0, and plan to remove it in 4.0.0.
In SaslClientAuthenticationProvider, we marked the old createClient method as
deprecated since 2.6.0 and plan to remove in 4.0.0. Now you should prefer the
method which passes a String server principal, instead of passing a
SecurityInfo.
And notice that, if you do use different server principals for master and
region server, then if you use 2.6.0+ hbase client, you can not connect a
2.6.0- cluster now, as we do not implement the fallback logic since it is not
easy as the server will close the connection directly with unexpected header
error. But anyway, you can not connect to the cluster with 2.6.0- client
either, because there is no to provide two candidates in the old code base, and
this is just what this issue fixes.
Resolution: Fixed
Pushed to branch-2.6+.
Thanks [~bbeaudreault] for reviewing!
> RpcConnectionRegistry is broken when security is enabled and we use different
> principal for master and region server
> --------------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-28321
> URL: https://issues.apache.org/jira/browse/HBASE-28321
> Project: HBase
> Issue Type: Sub-task
> Components: Client, IPC/RPC, security
> Reporter: Duo Zhang
> Assignee: Duo Zhang
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.6.0, 3.0.0-beta-2
>
>
> After introducing RpcConnectionRegistry, we let master and region server both
> implement ClientMetaService.
> In our current client architecture, when security is enabled, we rely on the
> record in SecurityInfo to determine the server principal to use,
> unfortunately there is only one principal can be specified, so if we use
> different principal for master and region server, either we can not connect
> to master, or we can not connect to region server.
> And just changing the server principal field in SecurityInfo to an array can
> not solve the problem, as when connecting, we do not know whether the remote
> server is a master or region server, so we still can not determine which
> principal to use...
> Anyway, since this has been in our code base since 2.5.0, it is not a new
> problem, so just set it as critical, not a blocker. But we should find out
> the solution ASAP.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
