[GitHub] [hbase] Apache-HBase commented on pull request #4949: HBASE-27559 Update releaseTarget for JDK11+
Apache-HBase commented on PR #4949: URL: https://github.com/apache/hbase/pull/4949#issuecomment-1375220333 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 0m 42s | Docker mode activated. | | -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck | ||| _ Prechecks _ | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 2m 59s | master passed | | +1 :green_heart: | compile | 1m 52s | master passed | | +1 :green_heart: | shadedjars | 4m 14s | branch has no errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 1m 50s | master passed | ||| _ Patch Compile Tests _ | | -1 :x: | mvninstall | 0m 38s | root in the patch failed. | | +1 :green_heart: | compile | 1m 52s | the patch passed | | -0 :warning: | javac | 1m 52s | root generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) | | -1 :x: | shadedjars | 0m 8s | patch has 10 errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 1m 56s | the patch passed | ||| _ Other Tests _ | | -1 :x: | unit | 226m 22s | root in the patch failed. | | | | 247m 9s | | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile | | GITHUB PR | https://github.com/apache/hbase/pull/4949 | | Optional Tests | javac javadoc unit shadedjars compile | | uname | Linux 100366bef3d7 5.4.0-1092-aws #100~18.04.2-Ubuntu SMP Tue Nov 29 08:39:52 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/hbase-personality.sh | | git revision | master / 3f1087fe82 | | Default Java | Eclipse Adoptium-11.0.17+8 | | mvninstall | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-jdk11-hadoop3-check/output/patch-mvninstall-root.txt | | javac | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-jdk11-hadoop3-check/output/diff-compile-javac-root.txt | | shadedjars | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-jdk11-hadoop3-check/output/patch-shadedjars.txt | | unit | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-jdk11-hadoop3-check/output/patch-unit-root.txt | | Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/testReport/ | | Max. process+thread count | 2658 (vs. ulimit of 3) | | modules | C: . U: . | | Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/console | | versions | git=2.34.1 maven=3.8.6 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4940: HBASE-27227 Long running heavily filtered scans hold up too many ByteBuffAllocator buffers
Apache-HBase commented on PR #4940: URL: https://github.com/apache/hbase/pull/4940#issuecomment-1375118055 :confetti_ball: **+1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 1m 4s | Docker mode activated. | | -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck | ||| _ Prechecks _ | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 2m 28s | master passed | | +1 :green_heart: | compile | 0m 47s | master passed | | +1 :green_heart: | shadedjars | 3m 50s | branch has no errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 0m 26s | master passed | ||| _ Patch Compile Tests _ | | +1 :green_heart: | mvninstall | 2m 33s | the patch passed | | +1 :green_heart: | compile | 0m 47s | the patch passed | | +1 :green_heart: | javac | 0m 47s | the patch passed | | +1 :green_heart: | shadedjars | 3m 48s | patch has no errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 0m 26s | the patch passed | ||| _ Other Tests _ | | +1 :green_heart: | unit | 219m 6s | hbase-server in the patch passed. | | | | 239m 10s | | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4940/16/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile | | GITHUB PR | https://github.com/apache/hbase/pull/4940 | | Optional Tests | javac javadoc unit shadedjars compile | | uname | Linux c3791e1b3eeb 5.4.0-135-generic #152-Ubuntu SMP Wed Nov 23 20:19:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/hbase-personality.sh | | git revision | master / 3f1087fe82 | | Default Java | Eclipse Adoptium-11.0.17+8 | | Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4940/16/testReport/ | | Max. process+thread count | 2354 (vs. ulimit of 3) | | modules | C: hbase-server U: hbase-server | | Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4940/16/console | | versions | git=2.34.1 maven=3.8.6 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (HBASE-27559) Update releaseTarget for JDK11+
[ https://issues.apache.org/jira/browse/HBASE-27559?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] tianhang tang resolved HBASE-27559. --- Resolution: Won't Do > Update releaseTarget for JDK11+ > --- > > Key: HBASE-27559 > URL: https://issues.apache.org/jira/browse/HBASE-27559 > Project: HBase > Issue Type: Improvement >Reporter: tianhang tang >Assignee: tianhang tang >Priority: Minor > > For now the default value of releaseTarget is 8, but I think it is a little > strange, It should be unlikely that it will be compiled with JDK11+ and then > run on an 8 JVM. > So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [hbase] thangTang closed pull request #4949: HBASE-27559 Update releaseTarget for JDK11+
thangTang closed pull request #4949: HBASE-27559 Update releaseTarget for JDK11+ URL: https://github.com/apache/hbase/pull/4949 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (HBASE-27559) Update releaseTarget for JDK11+
[ https://issues.apache.org/jira/browse/HBASE-27559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655909#comment-17655909 ] tianhang tang commented on HBASE-27559: --- Got it. Then close this issue. Thank you. > Update releaseTarget for JDK11+ > --- > > Key: HBASE-27559 > URL: https://issues.apache.org/jira/browse/HBASE-27559 > Project: HBase > Issue Type: Improvement >Reporter: tianhang tang >Assignee: tianhang tang >Priority: Minor > > For now the default value of releaseTarget is 8, but I think it is a little > strange, It should be unlikely that it will be compiled with JDK11+ and then > run on an 8 JVM. > So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-27559) Update releaseTarget for JDK11+
[ https://issues.apache.org/jira/browse/HBASE-27559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655906#comment-17655906 ] Duo Zhang commented on HBASE-27559: --- Unless we drop jdk8 support on some branches, we always need to keep the releaseTarget as 8. This is by design, no matter what is the JDK used when compiling. > Update releaseTarget for JDK11+ > --- > > Key: HBASE-27559 > URL: https://issues.apache.org/jira/browse/HBASE-27559 > Project: HBase > Issue Type: Improvement >Reporter: tianhang tang >Assignee: tianhang tang >Priority: Minor > > For now the default value of releaseTarget is 8, but I think it is a little > strange, It should be unlikely that it will be compiled with JDK11+ and then > run on an 8 JVM. > So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [hbase] Apache-HBase commented on pull request #4949: HBASE-27559 Update releaseTarget for JDK11+
Apache-HBase commented on PR #4949: URL: https://github.com/apache/hbase/pull/4949#issuecomment-1375079196 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 3m 18s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 2m 40s | master passed | | +1 :green_heart: | compile | 4m 35s | master passed | | +1 :green_heart: | spotless | 0m 39s | branch has no errors when running spotless:check. | ||| _ Patch Compile Tests _ | | -1 :x: | mvninstall | 0m 38s | root in the patch failed. | | +1 :green_heart: | compile | 4m 39s | the patch passed | | -0 :warning: | javac | 4m 39s | root generated 1 new + 908 unchanged - 0 fixed = 909 total (was 908) | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | xml | 0m 1s | The patch has no ill-formed XML file. | | -1 :x: | hadoopcheck | 0m 32s | The patch causes 10 errors with Hadoop v3.2.4. | | -1 :x: | hadoopcheck | 1m 4s | The patch causes 10 errors with Hadoop v3.3.4. | | +1 :green_heart: | spotless | 0m 37s | patch has no errors when running spotless:check. | ||| _ Other Tests _ | | +1 :green_heart: | asflicense | 0m 11s | The patch does not generate ASF License warnings. | | | | 19m 43s | | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-general-check/output/Dockerfile | | GITHUB PR | https://github.com/apache/hbase/pull/4949 | | Optional Tests | dupname asflicense javac hadoopcheck spotless xml compile | | uname | Linux ff9889a57fe7 5.4.0-1088-aws #96~18.04.1-Ubuntu SMP Mon Oct 17 02:57:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/hbase-personality.sh | | git revision | master / 3f1087fe82 | | Default Java | Eclipse Adoptium-11.0.17+8 | | mvninstall | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-general-check/output/patch-mvninstall-root.txt | | javac | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-general-check/output/diff-compile-javac-root.txt | | hadoopcheck | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-general-check/output/patch-javac-3.2.4.txt | | hadoopcheck | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/artifact/yetus-general-check/output/patch-javac-3.3.4.txt | | Max. process+thread count | 76 (vs. ulimit of 3) | | modules | C: . U: . | | Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4949/1/console | | versions | git=2.34.1 maven=3.8.6 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (HBASE-27559) Update releaseTarget for JDK11+
[ https://issues.apache.org/jira/browse/HBASE-27559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655899#comment-17655899 ] tianhang tang commented on HBASE-27559: --- I mean, do "release binaries" mean the jars that are deployed onto the nexus? If yes, then it should have been compiled using "build-with-jdk8", so this change will not affect "release binaries" for this semantic. > Update releaseTarget for JDK11+ > --- > > Key: HBASE-27559 > URL: https://issues.apache.org/jira/browse/HBASE-27559 > Project: HBase > Issue Type: Improvement >Reporter: tianhang tang >Assignee: tianhang tang >Priority: Minor > > For now the default value of releaseTarget is 8, but I think it is a little > strange, It should be unlikely that it will be compiled with JDK11+ and then > run on an 8 JVM. > So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-27559) Update releaseTarget for JDK11+
[ https://issues.apache.org/jira/browse/HBASE-27559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655897#comment-17655897 ] tianhang tang commented on HBASE-27559: --- [~zhangduo] Thanks for update me this msg. I think the "release binaries" should be compiled by the "build-with-jdk8" profile?(Which means compiled by JDK8)? Does the meaning of "Release" also include using "build-with-jdk11"? > Update releaseTarget for JDK11+ > --- > > Key: HBASE-27559 > URL: https://issues.apache.org/jira/browse/HBASE-27559 > Project: HBase > Issue Type: Improvement >Reporter: tianhang tang >Assignee: tianhang tang >Priority: Minor > > For now the default value of releaseTarget is 8, but I think it is a little > strange, It should be unlikely that it will be compiled with JDK11+ and then > run on an 8 JVM. > So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-27559) Update releaseTarget for JDK11+
[ https://issues.apache.org/jira/browse/HBASE-27559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655895#comment-17655895 ] Duo Zhang commented on HBASE-27559: --- No, our release binaries should be able to run on JVM 8, no matter whether it is compiled with JDK8. > Update releaseTarget for JDK11+ > --- > > Key: HBASE-27559 > URL: https://issues.apache.org/jira/browse/HBASE-27559 > Project: HBase > Issue Type: Improvement >Reporter: tianhang tang >Assignee: tianhang tang >Priority: Minor > > For now the default value of releaseTarget is 8, but I think it is a little > strange, It should be unlikely that it will be compiled with JDK11+ and then > run on an 8 JVM. > So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (HBASE-27559) Update releaseTarget for JDK11+
[ https://issues.apache.org/jira/browse/HBASE-27559?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] tianhang tang updated HBASE-27559: -- Priority: Minor (was: Major) > Update releaseTarget for JDK11+ > --- > > Key: HBASE-27559 > URL: https://issues.apache.org/jira/browse/HBASE-27559 > Project: HBase > Issue Type: Improvement >Reporter: tianhang tang >Assignee: tianhang tang >Priority: Minor > > For now the default value of releaseTarget is 8, but I think it is a little > strange, It should be unlikely that it will be compiled with JDK11+ and then > run on an 8 JVM. > So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (HBASE-27559) Update releaseTarget for JDK11+
tianhang tang created HBASE-27559: - Summary: Update releaseTarget for JDK11+ Key: HBASE-27559 URL: https://issues.apache.org/jira/browse/HBASE-27559 Project: HBase Issue Type: Improvement Reporter: tianhang tang Assignee: tianhang tang For now the default value of releaseTarget is 8, but I think it is a little strange, It should be unlikely that it will be compiled with JDK11+ and then run on an 8 JVM. So maybe we can update the default value. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [hbase] Apache-HBase commented on pull request #4948: HBASE-27557 [JDK17] Update shade plugin version
Apache-HBase commented on PR #4948: URL: https://github.com/apache/hbase/pull/4948#issuecomment-1375042638 :confetti_ball: **+1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 1m 40s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | ||| _ master Compile Tests _ | | +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for branch | | +1 :green_heart: | mvninstall | 4m 10s | master passed | | +1 :green_heart: | compile | 1m 26s | master passed | | +1 :green_heart: | spotless | 0m 55s | branch has no errors when running spotless:check. | ||| _ Patch Compile Tests _ | | +0 :ok: | mvndep | 0m 15s | Maven dependency ordering for patch | | +1 :green_heart: | mvninstall | 4m 25s | the patch passed | | +1 :green_heart: | compile | 1m 25s | the patch passed | | +1 :green_heart: | javac | 1m 25s | the patch passed | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | xml | 0m 4s | The patch has no ill-formed XML file. | | +1 :green_heart: | hadoopcheck | 13m 48s | Patch does not cause any errors with Hadoop 3.2.4 3.3.4. | | +1 :green_heart: | spotless | 1m 6s | patch has no errors when running spotless:check. | ||| _ Other Tests _ | | +1 :green_heart: | asflicense | 0m 21s | The patch does not generate ASF License warnings. | | | | 37m 56s | | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/artifact/yetus-general-check/output/Dockerfile | | GITHUB PR | https://github.com/apache/hbase/pull/4948 | | Optional Tests | dupname asflicense javac hadoopcheck spotless xml compile | | uname | Linux 27c5e2ee7de5 5.4.0-135-generic #152-Ubuntu SMP Wed Nov 23 20:19:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/hbase-personality.sh | | git revision | master / 3f1087fe82 | | Default Java | Eclipse Adoptium-11.0.17+8 | | Max. process+thread count | 77 (vs. ulimit of 3) | | modules | C: hbase-protocol-shaded hbase-shaded U: . | | Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/console | | versions | git=2.34.1 maven=3.8.6 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4948: HBASE-27557 [JDK17] Update shade plugin version
Apache-HBase commented on PR #4948: URL: https://github.com/apache/hbase/pull/4948#issuecomment-1375037144 :confetti_ball: **+1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 0m 43s | Docker mode activated. | | -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck | ||| _ Prechecks _ | ||| _ master Compile Tests _ | | +0 :ok: | mvndep | 0m 19s | Maven dependency ordering for branch | | +1 :green_heart: | mvninstall | 2m 51s | master passed | | +1 :green_heart: | compile | 0m 51s | master passed | | +1 :green_heart: | shadedjars | 4m 8s | branch has no errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 0m 19s | master passed | ||| _ Patch Compile Tests _ | | +0 :ok: | mvndep | 0m 12s | Maven dependency ordering for patch | | +1 :green_heart: | mvninstall | 2m 40s | the patch passed | | +1 :green_heart: | compile | 0m 52s | the patch passed | | +1 :green_heart: | javac | 0m 52s | the patch passed | | +1 :green_heart: | shadedjars | 4m 1s | patch has no errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 0m 18s | the patch passed | ||| _ Other Tests _ | | +1 :green_heart: | unit | 0m 34s | hbase-protocol-shaded in the patch passed. | | +1 :green_heart: | unit | 0m 42s | hbase-shaded in the patch passed. | | | | 19m 46s | | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile | | GITHUB PR | https://github.com/apache/hbase/pull/4948 | | Optional Tests | javac javadoc unit shadedjars compile | | uname | Linux 771b2d3057f7 5.4.0-1085-aws #92~18.04.1-Ubuntu SMP Wed Aug 31 17:21:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/hbase-personality.sh | | git revision | master / 3f1087fe82 | | Default Java | Eclipse Adoptium-11.0.17+8 | | Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/testReport/ | | Max. process+thread count | 419 (vs. ulimit of 3) | | modules | C: hbase-protocol-shaded hbase-shaded U: . | | Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/console | | versions | git=2.34.1 maven=3.8.6 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4948: HBASE-27557 [JDK17] Update shade plugin version
Apache-HBase commented on PR #4948: URL: https://github.com/apache/hbase/pull/4948#issuecomment-1375036112 :confetti_ball: **+1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 0m 24s | Docker mode activated. | | -0 :warning: | yetus | 0m 2s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck | ||| _ Prechecks _ | ||| _ master Compile Tests _ | | +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for branch | | +1 :green_heart: | mvninstall | 2m 18s | master passed | | +1 :green_heart: | compile | 0m 48s | master passed | | +1 :green_heart: | shadedjars | 3m 46s | branch has no errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 0m 22s | master passed | ||| _ Patch Compile Tests _ | | +0 :ok: | mvndep | 0m 14s | Maven dependency ordering for patch | | +1 :green_heart: | mvninstall | 2m 7s | the patch passed | | +1 :green_heart: | compile | 0m 48s | the patch passed | | +1 :green_heart: | javac | 0m 48s | the patch passed | | +1 :green_heart: | shadedjars | 3m 50s | patch has no errors when building our shaded downstream artifacts. | | +1 :green_heart: | javadoc | 0m 21s | the patch passed | ||| _ Other Tests _ | | +1 :green_heart: | unit | 0m 30s | hbase-protocol-shaded in the patch passed. | | +1 :green_heart: | unit | 0m 46s | hbase-shaded in the patch passed. | | | | 17m 36s | | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile | | GITHUB PR | https://github.com/apache/hbase/pull/4948 | | Optional Tests | javac javadoc unit shadedjars compile | | uname | Linux 0dc0eb03a720 5.4.0-131-generic #147-Ubuntu SMP Fri Oct 14 17:07:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/hbase-personality.sh | | git revision | master / 3f1087fe82 | | Default Java | Temurin-1.8.0_352-b08 | | Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/testReport/ | | Max. process+thread count | 404 (vs. ulimit of 3) | | modules | C: hbase-protocol-shaded hbase-shaded U: . | | Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4948/1/console | | versions | git=2.34.1 maven=3.8.6 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4940: HBASE-27227 Long running heavily filtered scans hold up too many ByteBuffAllocator buffers
Apache-HBase commented on PR #4940: URL: https://github.com/apache/hbase/pull/4940#issuecomment-1375008408 :confetti_ball: **+1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | +0 :ok: | reexec | 0m 44s | Docker mode activated. | ||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | | +1 :green_heart: | hbaseanti | 0m 0s | Patch does not have any anti-patterns. | | +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | ||| _ master Compile Tests _ | | +1 :green_heart: | mvninstall | 2m 20s | master passed | | +1 :green_heart: | compile | 2m 23s | master passed | | +1 :green_heart: | checkstyle | 0m 31s | master passed | | +1 :green_heart: | spotless | 0m 38s | branch has no errors when running spotless:check. | | +1 :green_heart: | spotbugs | 1m 21s | master passed | ||| _ Patch Compile Tests _ | | +1 :green_heart: | mvninstall | 2m 21s | the patch passed | | +1 :green_heart: | compile | 2m 26s | the patch passed | | +1 :green_heart: | javac | 2m 26s | the patch passed | | -0 :warning: | checkstyle | 0m 34s | hbase-server: The patch generated 2 new + 26 unchanged - 0 fixed = 28 total (was 26) | | +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. | | +1 :green_heart: | hadoopcheck | 8m 48s | Patch does not cause any errors with Hadoop 3.2.4 3.3.4. | | +1 :green_heart: | spotless | 0m 38s | patch has no errors when running spotless:check. | | +1 :green_heart: | spotbugs | 1m 28s | the patch passed | ||| _ Other Tests _ | | +1 :green_heart: | asflicense | 0m 8s | The patch does not generate ASF License warnings. | | | | 29m 47s | | | Subsystem | Report/Notes | |--:|:-| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4940/16/artifact/yetus-general-check/output/Dockerfile | | GITHUB PR | https://github.com/apache/hbase/pull/4940 | | Optional Tests | dupname asflicense javac spotbugs hadoopcheck hbaseanti spotless checkstyle compile | | uname | Linux a6eff4e7227d 5.4.0-1092-aws #100~18.04.2-Ubuntu SMP Tue Nov 29 08:39:52 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/hbase-personality.sh | | git revision | master / 3f1087fe82 | | Default Java | Eclipse Adoptium-11.0.17+8 | | checkstyle | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4940/16/artifact/yetus-general-check/output/diff-checkstyle-hbase-server.txt | | Max. process+thread count | 79 (vs. ulimit of 3) | | modules | C: hbase-server U: hbase-server | | Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4940/16/console | | versions | git=2.34.1 maven=3.8.6 spotbugs=4.7.3 | | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (HBASE-27528) log duplication issues in MasterRpcServices
[
https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated HBASE-27528:
Description:
MasterRpcServices record audit log in privileged operations (grant, revoke) and
vital apis like "execMasterService".
{code:java}
public RevokeResponse revoke(RpcController controller, RevokeRequest request)
throws ServiceException {
try {
..
server.cpHost.preRevoke(userPermission); // has audit log in
AccessChecker
.. // removeUserPermission
User caller = RpcServer.getRequestUser().orElse(null);
if (AUDITLOG.isTraceEnabled()) {
// audit log should record all permission changes
String remoteAddress =
RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
AUDITLOG.trace("User {} (remote address: {}) revoked permission {}",
caller,
remoteAddress, userPermission);
}
..
}
{code}
but I found a path from *server.cpHost.preRevoke(userPermission);* to
{*}AccessChecker audit log{*}, which caused {*}log duplication{*}.
{code:java}
public void requireGlobalPermission(User user, String request, Action perm,
String namespace)
throws IOException {
AuthResult authResult;
if (authManager.authorizeUserGlobal(user, perm)) {
authResult = AuthResult.allow(request, "Global check allowed", user,
perm, null);
authResult.getParams().setNamespace(namespace);
logResult(authResult);
} else {
authResult = AuthResult.deny(request, "Global check failed", user, perm,
null);
authResult.getParams().setNamespace(namespace);
logResult(authResult);
throw new AccessDeniedException(
"Insufficient permissions for user '" + (user != null ?
user.getShortName() : "null")
+ "' (global, action=" + perm.toString() + ")");
}
}
public static void logResult(AuthResult result) {
if (AUDITLOG.isTraceEnabled()) {
User user = result.getUser();
UserGroupInformation ugi = user != null ? user.getUGI() : null;
AUDITLOG.trace(
"Access {} for user {}; reason: {}; remote address: {}; request: {};
context: {};"
+ "auth method: {}",
(result.isAllowed() ? "allowed" : "denied"),
(user != null ? user.getShortName() : "UNKNOWN"), result.getReason(),
RpcServer.getRemoteAddress().map(InetAddress::toString).orElse(""),
result.getRequest(),
result.toContextString(), ugi != null ? ugi.getAuthenticationMethod() :
"UNKNOWN");
}
}
{code}
Since *AccessChecker* integrates auditlogs for permission check, I'll delete
the log in MasterRpcServices.
There must be more problems like this, I' ll check it later and commit the code.
-There are many "write" operations like "deleteTable", which may cause security
problems, should also record an audit log.-
was:
MasterRpcServices record audit log in privileged operations (grant, revoke) and
vital apis like "execMasterService".
{code:java}
public ClientProtos.CoprocessorServiceResponse execMasterService(final
RpcController controller,
..
String remoteAddress =
RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
User caller = RpcServer.getRequestUser().orElse(null);
AUDITLOG.info("User {} (remote address: {}) master service request for
{}.{}", caller,
remoteAddress, serviceName, methodName);
return CoprocessorRpcUtils.getResponse(execResult,
HConstants.EMPTY_BYTE_ARRAY);
} catch (IOException ie) {
throw new ServiceException(ie);
}
}
{code}
There are many "write" operations like "deleteTable", which may cause security
problems, should also record an audit log.
{code:java}
public DeleteTableResponse deleteTable(RpcController controller,
DeleteTableRequest request)
throws ServiceException {
try {
long procId =
server.deleteTable(ProtobufUtil.toTableName(request.getTableName()),
request.getNonceGroup(), request.getNonce());
// an audit log is required here.
return DeleteTableResponse.newBuilder().setProcId(procId).build();
} catch (IOException ioe) {
throw new ServiceException(ioe);
}
}
{code}
> log duplication issues in MasterRpcServices
> ---
>
> Key: HBASE-27528
> URL: https://issues.apache.org/jira/browse/HBASE-27528
> Project: HBase
> Issue Type: Bug
> Components: logging, master, rpc, security
>Reporter: Beibei Zhao
>Priority: Major
>
> MasterRpcServices record audit log in privileged operations (grant, revoke)
> and vital apis like "execMasterService".
> {code:java}
> public RevokeResponse revoke(RpcController controller, RevokeRequest
> request)
> throws ServiceException {
> try {
> ..
> server.cpHost.preRevoke(userPermission); //
[jira] [Updated] (HBASE-27526) NettyHBaseSaslRpcServerHandler.channelRead0 forget to record "AUTH_FAILED_FOR" auditlog for an exception.
[
https://issues.apache.org/jira/browse/HBASE-27526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated HBASE-27526:
Issue Type: Brainstorming (was: Improvement)
> NettyHBaseSaslRpcServerHandler.channelRead0 forget to record
> "AUTH_FAILED_FOR" auditlog for an exception.
> -
>
> Key: HBASE-27526
> URL: https://issues.apache.org/jira/browse/HBASE-27526
> Project: HBase
> Issue Type: Brainstorming
>Reporter: Beibei Zhao
>Priority: Minor
>
> In other methods such as SimpleServerRpcConnection.saslReadAndProcess, they
> always record "AUTH_FAILED_FOR" for an exception, and "AUTH_SUCCESSFUL_FOR"
> after task is completed like this:
> {code:java}
> private void saslReadAndProcess(ByteBuff saslToken) throws IOException,
> InterruptedException {
> ..
> } catch (IOException e) {
> ..
> // attempting user could be null
> RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR,
> clientIP,
> saslServer.getAttemptingUser());
> throw e;
> }
> ..
> if (saslServer.isComplete()) {
> ..
> RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi);
> ..
> }
> }
> }
> {code}
> but NettyHBaseSaslRpcServerHandler.channelRead0 only record
> "AUTH_SUCCESSFUL_FOR" in finishSaslNegotiation, and just throw Exception
> without record "AUTH_FAILED_FOR":
> {code:java}
> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws
> Exception {
> ..
> if (saslServer.isComplete()) {
> conn.finishSaslNegotiation();
> ..
> }
> }
> void finishSaslNegotiation() throws IOException {
> ..
> RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi);
> }
> {code}
> So I think an exceptionCaught should be called here:
> {code:java}
> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause)
> throws Exception {
> LOG.error("Error when doing SASL handshade, provider={}", conn.provider,
> cause);
> Throwable sendToClient = HBaseSaslRpcServer.unwrap(cause);
> doResponse(ctx, SaslStatus.ERROR, null, sendToClient.getClass().getName(),
> sendToClient.getLocalizedMessage());
> rpcServer.metrics.authenticationFailure();
> String clientIP = this.toString();
> // attempting user could be null
> RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR, clientIP,
> conn.saslServer != null ? conn.saslServer.getAttemptingUser() :
> "Unknown");
> NettyFutureUtils.safeClose(ctx);
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-27528) log duplication issues in MasterRpcServices
[
https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated HBASE-27528:
Issue Type: Bug (was: Improvement)
> log duplication issues in MasterRpcServices
> ---
>
> Key: HBASE-27528
> URL: https://issues.apache.org/jira/browse/HBASE-27528
> Project: HBase
> Issue Type: Bug
> Components: logging, master, rpc, security
>Reporter: Beibei Zhao
>Priority: Major
>
> MasterRpcServices record audit log in privileged operations (grant, revoke)
> and vital apis like "execMasterService".
>
> {code:java}
> public ClientProtos.CoprocessorServiceResponse execMasterService(final
> RpcController controller,
> ..
> String remoteAddress =
> RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
> User caller = RpcServer.getRequestUser().orElse(null);
> AUDITLOG.info("User {} (remote address: {}) master service request for
> {}.{}", caller,
> remoteAddress, serviceName, methodName);
> return CoprocessorRpcUtils.getResponse(execResult,
> HConstants.EMPTY_BYTE_ARRAY);
> } catch (IOException ie) {
> throw new ServiceException(ie);
> }
> }
> {code}
> There are many "write" operations like "deleteTable", which may cause
> security problems, should also record an audit log.
> {code:java}
> public DeleteTableResponse deleteTable(RpcController controller,
> DeleteTableRequest request)
> throws ServiceException {
> try {
> long procId =
> server.deleteTable(ProtobufUtil.toTableName(request.getTableName()),
> request.getNonceGroup(), request.getNonce());
> // an audit log is required here.
> return DeleteTableResponse.newBuilder().setProcId(procId).build();
> } catch (IOException ioe) {
> throw new ServiceException(ioe);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-27526) NettyHBaseSaslRpcServerHandler.channelRead0 forget to record "AUTH_FAILED_FOR" auditlog for an exception.
[
https://issues.apache.org/jira/browse/HBASE-27526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated HBASE-27526:
Issue Type: Improvement (was: Bug)
> NettyHBaseSaslRpcServerHandler.channelRead0 forget to record
> "AUTH_FAILED_FOR" auditlog for an exception.
> -
>
> Key: HBASE-27526
> URL: https://issues.apache.org/jira/browse/HBASE-27526
> Project: HBase
> Issue Type: Improvement
>Reporter: Beibei Zhao
>Priority: Minor
>
> In other methods such as SimpleServerRpcConnection.saslReadAndProcess, they
> always record "AUTH_FAILED_FOR" for an exception, and "AUTH_SUCCESSFUL_FOR"
> after task is completed like this:
> {code:java}
> private void saslReadAndProcess(ByteBuff saslToken) throws IOException,
> InterruptedException {
> ..
> } catch (IOException e) {
> ..
> // attempting user could be null
> RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR,
> clientIP,
> saslServer.getAttemptingUser());
> throw e;
> }
> ..
> if (saslServer.isComplete()) {
> ..
> RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi);
> ..
> }
> }
> }
> {code}
> but NettyHBaseSaslRpcServerHandler.channelRead0 only record
> "AUTH_SUCCESSFUL_FOR" in finishSaslNegotiation, and just throw Exception
> without record "AUTH_FAILED_FOR":
> {code:java}
> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws
> Exception {
> ..
> if (saslServer.isComplete()) {
> conn.finishSaslNegotiation();
> ..
> }
> }
> void finishSaslNegotiation() throws IOException {
> ..
> RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi);
> }
> {code}
> So I think an exceptionCaught should be called here:
> {code:java}
> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause)
> throws Exception {
> LOG.error("Error when doing SASL handshade, provider={}", conn.provider,
> cause);
> Throwable sendToClient = HBaseSaslRpcServer.unwrap(cause);
> doResponse(ctx, SaslStatus.ERROR, null, sendToClient.getClass().getName(),
> sendToClient.getLocalizedMessage());
> rpcServer.metrics.authenticationFailure();
> String clientIP = this.toString();
> // attempting user could be null
> RpcServer.AUDITLOG.warn("{}{}: {}", RpcServer.AUTH_FAILED_FOR, clientIP,
> conn.saslServer != null ? conn.saslServer.getAttemptingUser() :
> "Unknown");
> NettyFutureUtils.safeClose(ctx);
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [hbase] curie71 closed pull request #4920: HBASE-27526 NettyHBaseSaslRpcServerHandler.channelRead0 forget to record "AUTH_FAILED_FOR" auditlog for an exception.
curie71 closed pull request #4920: HBASE-27526 NettyHBaseSaslRpcServerHandler.channelRead0 forget to record "AUTH_FAILED_FOR" auditlog for an exception. URL: https://github.com/apache/hbase/pull/4920 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [hbase] curie71 commented on pull request #4920: HBASE-27526 NettyHBaseSaslRpcServerHandler.channelRead0 forget to record "AUTH_FAILED_FOR" auditlog for an exception.
curie71 commented on PR #4920: URL: https://github.com/apache/hbase/pull/4920#issuecomment-1374865265 > The exceptionCaught should be called by the netty framework? Thanks for your reply! I see, I' ll close the pr. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (HBASE-27528) Add audit logs in MasterRpcServices
[
https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655803#comment-17655803
]
Beibei Zhao edited comment on HBASE-27528 at 1/8/23 3:38 PM:
-
[~bbeaudreault]
Thanks for your reply! You are right!
I found a path from *revoke* to *AccessChecker* (log for deny or allow for a
request). So there is a *log duplication* issue, I' ll commit the code later.
was (Author: JIRAUSER296385):
[~bbeaudreault]
Thanks for your reply! You are right!
I found a path from *revoke* to *AccessChecker * (log for deny or allow for a
request). So there is a log duplication issue, I' ll commit the code later.
> Add audit logs in MasterRpcServices
> ---
>
> Key: HBASE-27528
> URL: https://issues.apache.org/jira/browse/HBASE-27528
> Project: HBase
> Issue Type: Improvement
> Components: logging, master, rpc, security
>Reporter: Beibei Zhao
>Priority: Major
>
> MasterRpcServices record audit log in privileged operations (grant, revoke)
> and vital apis like "execMasterService".
>
> {code:java}
> public ClientProtos.CoprocessorServiceResponse execMasterService(final
> RpcController controller,
> ..
> String remoteAddress =
> RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
> User caller = RpcServer.getRequestUser().orElse(null);
> AUDITLOG.info("User {} (remote address: {}) master service request for
> {}.{}", caller,
> remoteAddress, serviceName, methodName);
> return CoprocessorRpcUtils.getResponse(execResult,
> HConstants.EMPTY_BYTE_ARRAY);
> } catch (IOException ie) {
> throw new ServiceException(ie);
> }
> }
> {code}
> There are many "write" operations like "deleteTable", which may cause
> security problems, should also record an audit log.
> {code:java}
> public DeleteTableResponse deleteTable(RpcController controller,
> DeleteTableRequest request)
> throws ServiceException {
> try {
> long procId =
> server.deleteTable(ProtobufUtil.toTableName(request.getTableName()),
> request.getNonceGroup(), request.getNonce());
> // an audit log is required here.
> return DeleteTableResponse.newBuilder().setProcId(procId).build();
> } catch (IOException ioe) {
> throw new ServiceException(ioe);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (HBASE-27528) log duplication issues in MasterRpcServices
[
https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated HBASE-27528:
Summary: log duplication issues in MasterRpcServices (was: Add audit logs
in MasterRpcServices)
> log duplication issues in MasterRpcServices
> ---
>
> Key: HBASE-27528
> URL: https://issues.apache.org/jira/browse/HBASE-27528
> Project: HBase
> Issue Type: Improvement
> Components: logging, master, rpc, security
>Reporter: Beibei Zhao
>Priority: Major
>
> MasterRpcServices record audit log in privileged operations (grant, revoke)
> and vital apis like "execMasterService".
>
> {code:java}
> public ClientProtos.CoprocessorServiceResponse execMasterService(final
> RpcController controller,
> ..
> String remoteAddress =
> RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
> User caller = RpcServer.getRequestUser().orElse(null);
> AUDITLOG.info("User {} (remote address: {}) master service request for
> {}.{}", caller,
> remoteAddress, serviceName, methodName);
> return CoprocessorRpcUtils.getResponse(execResult,
> HConstants.EMPTY_BYTE_ARRAY);
> } catch (IOException ie) {
> throw new ServiceException(ie);
> }
> }
> {code}
> There are many "write" operations like "deleteTable", which may cause
> security problems, should also record an audit log.
> {code:java}
> public DeleteTableResponse deleteTable(RpcController controller,
> DeleteTableRequest request)
> throws ServiceException {
> try {
> long procId =
> server.deleteTable(ProtobufUtil.toTableName(request.getTableName()),
> request.getNonceGroup(), request.getNonce());
> // an audit log is required here.
> return DeleteTableResponse.newBuilder().setProcId(procId).build();
> } catch (IOException ioe) {
> throw new ServiceException(ioe);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (HBASE-27528) Add audit logs in MasterRpcServices
[
https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655803#comment-17655803
]
Beibei Zhao commented on HBASE-27528:
-
[~bbeaudreault]
Thanks for your reply! You are right!
I found a path from *revoke* to *AccessChecker * (log for deny or allow for a
request). So there is a log duplication issue, I' ll commit the code later.
> Add audit logs in MasterRpcServices
> ---
>
> Key: HBASE-27528
> URL: https://issues.apache.org/jira/browse/HBASE-27528
> Project: HBase
> Issue Type: Improvement
> Components: logging, master, rpc, security
>Reporter: Beibei Zhao
>Priority: Major
>
> MasterRpcServices record audit log in privileged operations (grant, revoke)
> and vital apis like "execMasterService".
>
> {code:java}
> public ClientProtos.CoprocessorServiceResponse execMasterService(final
> RpcController controller,
> ..
> String remoteAddress =
> RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
> User caller = RpcServer.getRequestUser().orElse(null);
> AUDITLOG.info("User {} (remote address: {}) master service request for
> {}.{}", caller,
> remoteAddress, serviceName, methodName);
> return CoprocessorRpcUtils.getResponse(execResult,
> HConstants.EMPTY_BYTE_ARRAY);
> } catch (IOException ie) {
> throw new ServiceException(ie);
> }
> }
> {code}
> There are many "write" operations like "deleteTable", which may cause
> security problems, should also record an audit log.
> {code:java}
> public DeleteTableResponse deleteTable(RpcController controller,
> DeleteTableRequest request)
> throws ServiceException {
> try {
> long procId =
> server.deleteTable(ProtobufUtil.toTableName(request.getTableName()),
> request.getNonceGroup(), request.getNonce());
> // an audit log is required here.
> return DeleteTableResponse.newBuilder().setProcId(procId).build();
> } catch (IOException ioe) {
> throw new ServiceException(ioe);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [hbase] Apache9 commented on pull request #4945: HBASE-27551 Add config options to delay assignment to retain last region location
Apache9 commented on PR #4945: URL: https://github.com/apache/hbase/pull/4945#issuecomment-1374835837 Will take a look in the next few days. Please give me some time~ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4947: HBASE-27216 Revisit the ReplicationSyncUp tool
Apache9 commented on PR #4947: URL: https://github.com/apache/hbase/pull/4947#issuecomment-1374835660 Thanks @2005hithlj for putting this up. Let's convert this PR to draft. I will try to help here next week. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (HBASE-27227) Long running heavily filtered scans hold up too many ByteBuffAllocator buffers
[
https://issues.apache.org/jira/browse/HBASE-27227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17655788#comment-17655788
]
Bryan Beaudreault commented on HBASE-27227:
---
Pull request is ready for review. Tests have been added and all checks passing.
> Long running heavily filtered scans hold up too many ByteBuffAllocator buffers
> --
>
> Key: HBASE-27227
> URL: https://issues.apache.org/jira/browse/HBASE-27227
> Project: HBase
> Issue Type: Improvement
>Reporter: Bryan Beaudreault
>Assignee: Bryan Beaudreault
>Priority: Major
> Labels: patch-available
> Attachments: Screen Shot 2022-07-20 at 10.52.40 AM.png, Screen Shot
> 2022-12-27 at 4.25.31 PM.png
>
>
> We have a workload which is launching long running scans searching for a
> needle in a haystack. They have a timeout of 60s, so are allowed to run on
> the server for 30s. Most of the rows are filtered, and the final result is
> usually only a few kb.
> When these scans are running, we notice our ByteBuffAllocator pool usage goes
> to 100% and we start seeing 100+ MB/s of heap allocations. When the scans
> finish, the pool goes back to normal and heap allocations go away.
> My working theory here is that we are only releasing ByteBuff's once we call
> {{shipper.shipped(),}} which only happens once a response is returned to the
> user. This works fine for normal scans which are likely to quickly find
> enough results to return, but for long running scans in which most of the
> results are filtered we end up holding on to more and more buffers until the
> scan finally returns.
> We should consider whether it's possible to release buffers for blocks whose
> cells have been completely skipped by a scan.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
