Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/9722 )
Change subject: [delete_table-itest] fix flake in TestUnknownTabletsAreNotDeleted ...................................................................... Patch Set 1: (6 comments) http://gerrit.cloudera.org:8080/#/c/9722/1//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/9722/1//COMMIT_MSG@10 PS1, Line 10: OS X > nit: s/OS X/ macOS/g Done http://gerrit.cloudera.org:8080/#/c/9722/1//COMMIT_MSG@10 PS1, Line 10: every second : run of the test would fail > Wait, was the flake that it would fail every second run? Or you mean that's I meant it was failing in 50% of all runs. I removed this useless information. http://gerrit.cloudera.org:8080/#/c/9722/1//COMMIT_MSG@13 PS1, Line 13: the > nit: remove Done http://gerrit.cloudera.org:8080/#/c/9722/1//COMMIT_MSG@15 PS1, Line 15: However, with 10ms : heartbeat interval in the tserver is able to get a response from the : restarted master before the master re-generated its IPKI records. > I'm having trouble parsing this sentence. I think you mean "However, with a I added the comment from the test. It should be clearer now. http://gerrit.cloudera.org:8080/#/c/9722/1/src/kudu/integration-tests/delete_table-itest.cc File src/kudu/integration-tests/delete_table-itest.cc: http://gerrit.cloudera.org:8080/#/c/9722/1/src/kudu/integration-tests/delete_table-itest.cc@1097 PS1, Line 1097: NOTE on disabled RPC authentication and encryption: > Ah ok, I understand the issue based on this comment. Could you add an abbre Done http://gerrit.cloudera.org:8080/#/c/9722/1/src/kudu/integration-tests/delete_table-itest.cc@1104 PS1, Line 1104: CA private key. > If the tserver does heartbeat before the master regenerates the IPKI stuff, Because that's how connection negotiation works in case of --rpc-authentication=optional and --rpc-encryption=optional: the client and the server negotiates on the common 'maximum' to have the most secure connection, and CA-signed cert is preferred over other means of authentication. Once connection is established, all RPC calls are considered legit if they pass the blanket-style authz checks. So, we cannot and should not refuse to register in that situation. If it's necessary to secure the cluster, just set --rpc-authentication=required and --rpc-encryption=required for masters and tablet servers. -- To view, visit http://gerrit.cloudera.org:8080/9722 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ib6fd439c0ef5fb66b752f7f49175e4c2d818412e Gerrit-Change-Number: 9722 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Will Berkeley <[email protected]> Gerrit-Comment-Date: Tue, 20 Mar 2018 15:53:04 +0000 Gerrit-HasComments: Yes
