Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-14865

Support passing multiple QOPs to SaslClient/Server via hbase.rpc.protection

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      With this patch, hbase.rpc.protection can now take multiple comma-separate QOP values. Accepted QOP values remain unchanged and are 'authentication', 'integrity', and 'privacy'. Server or client can use this configuration to specify their preference (in decreasing order) while negotiating QOP.
      This feature can be used to upgrade or downgrade QOP in an online cluster without compromising availability (i.e. taking cluster offline). For e.g. to change qop from A to B, typical steps would be:
      "A" --> "B,A" --> rolling restart --> "B" --> rolling restart

      Sidenote: Based on experimentation, server's choice is given higher preference than client's choice. i.e. if server's choices are "A,B,C" and client's choices are "B,C,A", both A and B are acceptable, but A is chosen.
      Show
      With this patch, hbase.rpc.protection can now take multiple comma-separate QOP values. Accepted QOP values remain unchanged and are 'authentication', 'integrity', and 'privacy'. Server or client can use this configuration to specify their preference (in decreasing order) while negotiating QOP. This feature can be used to upgrade or downgrade QOP in an online cluster without compromising availability (i.e. taking cluster offline). For e.g. to change qop from A to B, typical steps would be: "A" --> "B,A" --> rolling restart --> "B" --> rolling restart Sidenote: Based on experimentation, server's choice is given higher preference than client's choice. i.e. if server's choices are "A,B,C" and client's choices are "B,C,A", both A and B are acceptable, but A is chosen.

      Description

      Currently, we can set the value of hbase.rpc.protection to one of authentication/integrity/privacy. It is the used to set javax.security.sasl.qop in SaslUtil.java.
      The problem is, if a cluster wants to switch from one qop to another, it'll have to take a downtime. Rolling upgrade will create a situation where some nodes have old value and some have new, which'll prevent any communication between them. There will be similar issue when clients will try to connect.

      javax.security.sasl.qop can take in a list of QOP in preferences order. So a transition from qop1 to qop2 can be easily done like this
      "qop1" --> "qop2,qop1" --> rolling restart --> "qop2" --> rolling restart

      Need to change hbase.rpc.protection to accept a list too.

        Attachments

        1. 14865-master-v7.patch
          70 kB
          Ted Yu
        2. HBASE-14865-branch-1.patch
          70 kB
          Appy
        3. HBASE-14865-master-v7.patch
          70 kB
          Appy
        4. HBASE-14865-branch-1.2.patch
          70 kB
          Appy
        5. HBASE-14865-branch-1.patch
          70 kB
          Appy
        6. HBASE-14865-master-v6.patch
          70 kB
          Appy
        7. HBASE-14865-master-v5.patch
          71 kB
          Appy
        8. HBASE-14865-master-v4.patch
          71 kB
          Appy
        9. HBASE-14865-master-v3.patch
          70 kB
          Appy
        10. HBASE-14865-master-v2.patch
          71 kB
          Appy
        11. HBASE-14865-master.patch
          67 kB
          Appy

          Issue Links

            Activity

              People

              • Assignee:
                appy Appy
                Reporter:
                appy Appy
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: