flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maximilian Michels <...@apache.org>
Subject Re: [DISCUSS] Schedule and Scope for Flink 1.2
Date Mon, 12 Dec 2016 11:30:08 GMT
Hi Vijay,

Thank you for updating the pull request. I appreciate your work in the
security realm of Flink and value your contributions so far. It would
be great to merge the authorization pull request for the release.
However, I don't feel comfortable about the network stack (i.e. Netty)
related changes because they touch a very critical part of the Flink
engine. While the code has already been iterated over in the lifetime
of the pull request, I still think somebody extremely familiar with
Netty and the Flink network layer should check out the changes
(thinking about Ufuk here). Apart from that, I would like to further
test the changes to harden the code.

It seems like we lack the resources for now to properly to take care
of your pull request before the release. Unless someone from the
community is really eager to help out here, I would be in favor of
merging the pull request to the master after the release branch has
been forked off. We should make sure it gets the attention it deserves


On Mon, Dec 12, 2016 at 8:09 AM, Vijay <vijikarthi@yahoo.com> wrote:
> On FLINK-3930, almost all of the feedback has been addressed. The only pending review
is Netty cookie authorization part which I have moved the cookie validation from message level
to a separate channel handler. I have just rebased the code with master for final review.
> Regards,
> Vijay
> Sent from my iPhone
>> On Dec 8, 2016, at 1:17 AM, Robert Metzger <rmetzger@apache.org> wrote:
>> Thank you for your responses Max and Vijay.
>> So I understand that Mesos is basically ready for the 1.2 release.
>> Regarding the security changes: Having Hadoop, Kafka and Zookeeper
>> integration is a big improvement and a much requested feature. I'm super
>> excited to have that in :)
>> Are all the other security changes useless without authorization, or could
>> we consider releasing 1.2 without it? (Another way to think about it: How
>> close is the PR to being merged. If its just a final review & we are done,
>> I would actually try to get it in. But if there's a lot of uncertainty, I
>> would prefer to move it to the next release)
>> I agree regarding FLINK-2821, that's important for many deployments.
>> The updated list:
>> - RESOLVED dynamic Scaling / Key Groups (FLINK-3755)
>> - RESOLVED Add Rescalable Non-Partitioned State (FLINK-4379)
>> - RESOLVED [Split for 1.3] Add Flink 1.1 savepoint backwards compatability
>> (FLINK-4797)
>> - RESOLVED [Split for 1.3] Integrate Flink with Apache Mesos (FLINK-1984)
>> - UNRESOLVED Secure Data Access (FLINK-3930)
>> - RESOLVED Queryable State (FLINK-3779)
>> - RESOLVED Metrics in Webinterface (FLINK-4389)
>> - RESOLVED Kafka 0.10 support (FLINK-4035)
>> - RESOLVED Table API: Group Window Aggregates (FLINK-4691, FLIP-11)
>> - RESOLVED Table API: Scalar Functions (FLINK-3097)
>> Added by Stephan:
>> - NON-BLOCKING [Pending PR] Provide support for asynchronous operations
>> over streams (FLINK-4391)
>> - ONGOING [beginning of next week] Unify Savepoints and Checkpoints
>> (FLINK-4484)
>> Added by Fabian:
>> - ONGOING [Pending PR] Clean up the packages of the Table API (FLINK-4704)
>> - UNRESOLVED Move Row to flink-core (FLINK-5186)
>> Added by Max:
>> - ONGOING [Pending PR] Change Akka configuration to allow accessing actors
>> from different URLs (FLINK-2821)
>> On Wed, Dec 7, 2016 at 12:40 PM, Maximilian Michels <mxm@apache.org> wrote:
>>>> - UNRESOLVED Integrate Flink with Apache Mesos (FLINK-1984)
>>> The initial integration is already completed with the last issues
>>> being resolved in the Mesos component:
>>> https://issues.apache.org/jira/browse/FLINK/component/12331068/ The
>>> implementation will be further refined after the next release and with
>>> the merge of FLIP-6. We're missing documentation on how to deploy a
>>> Flink Mesos cluster.
>>>> - UNRESOLVED Secure Data Access (FLINK-3930)
>>> We have support for Kerberos authentication with Haddop, Kafka,
>>> Zookeper, and all services supporting JAAS. Additionally, we
>>> implemented SSL encryption for all communications paths, i.e. web
>>> interface, Akka, Netty, BlobServer. We still lack support for
>>> authorization: Vijay's PR is blocked because we haven't found time to
>>> properly review the sensitive network changes.
>>> I'd like to add the Akka changes for containered environments which
>>> should be ready by the end of the week:
>>> https://issues.apache.org/jira/browse/FLINK-2821
>>> -Max
>>> On Tue, Dec 6, 2016 at 8:57 PM, Vijay <vijikarthi@yahoo.com.invalid>
>>> wrote:
>>>>>> Secure Data Access (FLINK-3930)
>>>> The PR for the work is still under review and I hope this could be
>>> included in the release.
>>>> Regards,
>>>> Vijay
>>>> Sent from my iPhone
>>>>> On Dec 6, 2016, at 11:51 AM, Robert Metzger <rmetzger@apache.org>
>>> wrote:
>>>>> UNRESOLVED Secure Data Access (FLINK-3930)

View raw message