Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
HBase >> mail # dev >> Security patches: HBASE-2742 and HBASE-3025


+
Gary Helmling 2011-11-17, 18:33
+
Ted Yu 2011-11-17, 18:40
+
Stack 2011-11-17, 18:44
+
Gary Helmling 2011-11-17, 18:47
+
Ted Yu 2011-11-17, 18:58
+
Andrew Purtell 2011-11-17, 21:31
+
Ted Yu 2011-11-17, 21:38
+
Andrew Purtell 2011-11-17, 21:50
Copy link to this message
-
Re: Security patches: HBASE-2742 and HBASE-3025
HBASE-2742 and HBASE-3025 have both been committed to 0.92 and trunk.

Now that we have those and the "security" profile in place, we need to
setup additional Jenkins builds using the security profile, one for
0.92 and one for trunk.

These would be the same as the existing builds, just with the addition
of "-P security" to the build command.

Once we get to maven modules, security can just be part of the normal
build, running it's own subset of tests, with some additional IPC
related tests for exercising SecureRpcEngine.

--gh
On Thu, Nov 17, 2011 at 1:50 PM, Andrew Purtell <[EMAIL PROTECTED]> wrote:
> Also 2418 needs to go in.
>
> There are three patches:
>
>   - HBASE-2742: Secure RPC engine
>
>   - HBASE-3025: Access controller
>
>   - HBASE-2418: Prevents subversion of 3025 via direct ZK client access.
>
> I have no objection to using HadoopQA.
>
>
>
>>________________________________
>>From: Ted Yu <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED]; Andrew Purtell <[EMAIL PROTECTED]>
>>Sent: Thursday, November 17, 2011 1:38 PM
>>Subject: Re: Security patches: HBASE-2742 and HBASE-3025
>>
>>
>>My assumption is that 0.92 RC0 would be released after:
>>1. 2742 and 3025 get checked in
>>2. we have a good Jenkins build after that
>>
>>We can iron out build issues between #1 and #2 above.
>>HadoopQA would make this easier by telling us which tests may fail.
>>
>>This is my personal opinion.
>>
>>
>>On Thu, Nov 17, 2011 at 1:31 PM, Andrew Purtell <[EMAIL PROTECTED]> wrote:
>>
>>Hi Ted,
>>>
>>>Integration of security is holding up an 0.92 RC.
>>>
>>>I'd like clean Hudson reports too, but that seems thin justification.
>>>
>>>Best regards,
>>>
>>>
>>>  - Andy
>>>
>>>Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
>>>
>>>
>>>
>>>----- Original Message -----
>>>> From: Ted Yu <[EMAIL PROTECTED]>
>>>> To: [EMAIL PROTECTED]
>>>> Cc:
>>>> Sent: Thursday, November 17, 2011 10:58 AM
>>>> Subject: Re: Security patches: HBASE-2742 and HBASE-3025
>>>>
>>>> I am still going over changes in 2742. But I don't expect to find much.
>>>>
>>>> 2742 and 3025 haven't gone through HadoopQA yet.
>>>> 0.92 and TRUNK builds on Jenkins have been unstable lately. I think we
>>>> shouldn't make a successful build further.
>>>>
>>>> Cheers
>>>>
>>>> On Thu, Nov 17, 2011 at 10:47 AM, Gary Helmling <[EMAIL PROTECTED]>
>>>> wrote:
>>>>
>>>>>  Yes, the ZK authentication in 2418 is the final piece of the puzzle.
>>>>>
>>>>>
>>>>>  On Thu, Nov 17, 2011 at 10:44 AM, Stack <[EMAIL PROTECTED]> wrote:
>>>>>  > On Thu, Nov 17, 2011 at 10:33 AM, Gary Helmling
>>>> <[EMAIL PROTECTED]>
>>>>>  wrote:
>>>>>  >> Hi all,
>>>>>  >>
>>>>>  >> I intend to commit the following patches for HBase security to the
>>>>>  >> 0.92 branch and trunk at the end of day today:
>>>>>  >>
>>>>>  >> HBASE-2742: Provide a secure RPC engine for HBase
>>>>>  >> https://reviews.apache.org/r/1991/
>>>>>  >>
>>>>>  >> HBASE-3025: Coprocessor based simple access control
>>>>>  >> https://reviews.apache.org/r/2041/
>>>>>  >>
>>>>>  >> If you have not reviewed and want to, or feel like you need more
>>>> time,
>>>>>  >> please take a look today or speak up now.
>>>>>  >>
>>>>>  >
>>>>>  > Am reviewing now.
>>>>>  >
>>>>>  > That would leave Andrew's secure zk issue to complete our security
>>>> story?
>>>>>  >
>>>>>  > St.Ack
>>>>>  >
>>>>>
>>>>
>>>
>>
>>
>>
+
Stack 2011-11-19, 23:17
+
Stack 2011-11-19, 23:21
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB