Description
Currently, we can set the value of hbase.rpc.protection to one of authentication/integrity/privacy. It is the used to set javax.security.sasl.qop in SaslUtil.java.
The problem is, if a cluster wants to switch from one qop to another, it'll have to take a downtime. Rolling upgrade will create a situation where some nodes have old value and some have new, which'll prevent any communication between them. There will be similar issue when clients will try to connect.
javax.security.sasl.qop can take in a list of QOP in preferences order. So a transition from qop1 to qop2 can be easily done like this
"qop1" --> "qop2,qop1" --> rolling restart --> "qop2" --> rolling restart
Need to change hbase.rpc.protection to accept a list too.
Attachments
Attachments
Issue Links
- links to