[
https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261312#comment-13261312
]
Andrew Purtell commented on HBASE-5732:
---------------------------------------
TokenProvider is an interesting issue. On the one hand it pulls in new runtime
dependencies on ZooKeeper (it will abort the RS if shared private keys for
creating MR job tokens cannot be synced or rolled); on the other,
authentication for HBase clients in MR jobs when HBase RPC security is enabled
must happen via a token based mechanism such as TokenProvider provides.
In production we've found that sharing state in ZK as TokenProvider does
introduces new cases of RS aborts when the network has issues. Whether the RS
would have gone down anyway is a good possibility.
We could leave it aside as a CP that people must use if they want to run MR
jobs with secure RPC, or consider folding it in as well as a follow on JIRA,
along with possible design changes. However I think the design is pretty good,
and it's proven in production, and ZK disconnects are an issue elsewhere as
well. But increasing the cases where ZK disconnects can be a problem should be
considered.
> Remove the SecureRPCEngine and merge the security-related logic in the core
> engine
> ----------------------------------------------------------------------------------
>
> Key: HBASE-5732
> URL: https://issues.apache.org/jira/browse/HBASE-5732
> Project: HBase
> Issue Type: Improvement
> Reporter: Devaraj Das
> Assignee: Devaraj Das
> Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch
>
>
> Remove the SecureRPCEngine and merge the security-related logic in the core
> engine. Follow up to HBASE-5727.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
