Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Clients are required to connect to ZooKeeper to find the location of the regionserver hosting the meta table region. Site configuration provides the client a list of ZK quorum peers and the client uses an embedded ZK client to query meta location. Timeouts and retry behavior of this embedded ZK client are managed orthogonally to HBase layer settings and in some cases the ZK cannot manage what in theory the HBase client can, i.e. fail fast upon outage or network partition.
We should consider new configuration settings that provide a list of well-known master and backup master locations, and with this information the client can contact any of the master processes directly. Any master in either active or passive state will track meta location and respond to requests for it with its cached last known location. If this location is stale, the client can ask again with a flag set that requests the master refresh its location cache and return the up-to-date location. Every client interaction with the cluster thus uses only HBase RPC as transport, with appropriate settings applied to the connection. The configuration toggle that enables this alternative meta location lookup should be false by default.
This removes the requirement that HBase clients embed the ZK client and contact the ZK service directly at the beginning of the connection lifecycle. This has several benefits. ZK service need not be exposed to clients, and their potential abuse, yet no benefit ZK provides the HBase server cluster is compromised. Normalizing HBase client and ZK client timeout settings and retry behavior - in some cases, impossible, i.e. for fail-fast - is no longer necessary.
And, from Gary Helmling: There is an additional complication here for token-based authentication. When a delegation token is used for SASL authentication, the client uses the cluster ID obtained from Zookeeper to select the token identifier to use. So there would also need to be some Zookeeper-less, unauthenticated way to obtain the cluster ID as well.
Attachments
Attachments
Issue Links
- breaks
-
HBASE-23881 Netty SASL implementation does not wait for challenge response causing TestShadeSaslAuthenticationProvider failures
- Resolved
-
HBASE-23889 Switch back to ZKConnectionRegistry by default at least in test
- Resolved
- is a parent of
-
PHOENIX-6523 Support for HBase Registry Implementations through Phoenix connection URL
- Resolved
- relates to
-
HBASE-23836 Race condition in Master startup can ignore shutdown RPC
- Open
-
HBASE-23259 Ability to run mini cluster using pre-determined available random ports
- Resolved
-
HBASE-23055 Alter hbase:meta
- Resolved
- links to