[
https://issues.apache.org/jira/browse/HBASE-14865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15099095#comment-15099095
]
Appy commented on HBASE-14865:
------------------------------
[~tedyu] I can't reproduce your error. Here are my run details. Anything am
missing?
{noformat}
root @ ~ → java -version
java version "1.7.0_60"
Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
Java HotSpot(TM) 64-Bit Server VM (build 24.60-b09, mixed mode)
root @ ~ → cat /proc/version
Linux version 3.13.0-24-generic (buildd@panlong) (gcc version 4.8.2 (Ubuntu
4.8.2-19ubuntu1) ) #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014
# With master branch
root @ ~/git/hbase (master) → git status
On branch master
Your branch is ahead of 'origin/master' by 1 commit.
(use "git push" to publish your local commits)
root @ ~/git/hbase (master) → git log | head -n 10
commit d2860e642743f302cc5321fdd1bd05f5d5de930f
Author: root <[email protected]>
Date: Thu Jan 14 14:10:12 2016 -0800
.
commit ae7cc0c8487dd10f72c64c898ddfec6f2ceca643
Author: Matteo Bertozzi <[email protected]>
Date: Thu Jan 14 13:45:17 2016 -0800
root @ ~/git/hbase (master) → mvn clean test -Dtest=TestSecureIPC
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.apache.hadoop.hbase.security.TestSecureIPC
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 27.009 sec - in
org.apache.hadoop.hbase.security.TestSecureIPC
Results :
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0
# With branch-1
root @ ~/git/hbase (branch-1) → git status
On branch branch-1
Your branch is ahead of 'origin/branch-1' by 1 commit.
(use "git push" to publish your local commits)
root @ ~/git/hbase (branch-1) → git log | head -n 20
commit cd86d1b4f9dac4227e23e6ef43dd04b644112379
Author: root <[email protected]>
Date: Thu Jan 14 14:47:38 2016 -0800
HBASE-14865 Support passing multiple QOPs to
SaslClient/Server via hbase.rpc.protection - Added tests to check for rpc
success/failure when server and client configuration matches/not-matches. -
Added TestSaslUtil - Remove static (global) SaslUtil.SASL_PROPS. Was
impossible to unittest with different settings for server and client as
they
ended up sharing it. - Moved TestHBaseSaslRpcClient from hbase-server to
hbase-client. - Removed not helpful javadocs. Most were just rewording of
function/parameter name. (Apekshit)
commit f8427aba2bed9aef3fe9473dc9b2ff2bd60229e3
Author: Matteo Bertozzi <[email protected]>
Date: Thu Jan 14 13:45:17 2016 -0800
HBASE-15105 Procedure V2 - Procedure Queue with Namespaces
root @ ~/git/hbase (branch-1) → mvn clean test -Dtest=TestSecureIPC
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.apache.hadoop.hbase.security.TestSecureIPC
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 22.955 sec - in
org.apache.hadoop.hbase.security.TestSecureIPC
Results :
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0
{noformat}
> Support passing multiple QOPs to SaslClient/Server via hbase.rpc.protection
> ---------------------------------------------------------------------------
>
> Key: HBASE-14865
> URL: https://issues.apache.org/jira/browse/HBASE-14865
> Project: HBase
> Issue Type: Improvement
> Components: security
> Reporter: Appy
> Assignee: Appy
> Attachments: 14865-master-v7.patch, HBASE-14865-branch-1.2.patch,
> HBASE-14865-branch-1.patch, HBASE-14865-branch-1.patch,
> HBASE-14865-master-v2.patch, HBASE-14865-master-v3.patch,
> HBASE-14865-master-v4.patch, HBASE-14865-master-v5.patch,
> HBASE-14865-master-v6.patch, HBASE-14865-master-v7.patch,
> HBASE-14865-master.patch
>
>
> Currently, we can set the value of hbase.rpc.protection to one of
> authentication/integrity/privacy. It is the used to set
> {{javax.security.sasl.qop}} in SaslUtil.java.
> The problem is, if a cluster wants to switch from one qop to another, it'll
> have to take a downtime. Rolling upgrade will create a situation where some
> nodes have old value and some have new, which'll prevent any communication
> between them. There will be similar issue when clients will try to connect.
> {{javax.security.sasl.qop}} can take in a list of QOP in preferences order.
> So a transition from qop1 to qop2 can be easily done like this
> "qop1" --> "qop2,qop1" --> rolling restart --> "qop2" --> rolling restart
> Need to change hbase.rpc.protection to accept a list too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
