Return-Path: <issues-return-293052-archive-asf-public=cust-asf.ponee.io@hbase.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 44705200CB8
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sat, 17 Jun 2017 04:07:05 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 43503160BEB; Sat, 17 Jun 2017 02:07:05 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 8945B160BDD
	for <archive-asf-public@cust-asf.ponee.io>; Sat, 17 Jun 2017 04:07:04 +0200 (CEST)
Received: (qmail 11566 invoked by uid 500); 17 Jun 2017 02:07:03 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 11549 invoked by uid 99); 17 Jun 2017 02:07:02 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Jun 2017 02:07:02 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 7C0EB1A050E
	for <issues@hbase.apache.org>; Sat, 17 Jun 2017 02:07:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -99.202
X-Spam-Level: 
X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001,
	SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 8oc6CwWqqbyt for <issues@hbase.apache.org>;
	Sat, 17 Jun 2017 02:07:01 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 042065FBBF
	for <issues@hbase.apache.org>; Sat, 17 Jun 2017 02:07:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 59801E06C6
	for <issues@hbase.apache.org>; Sat, 17 Jun 2017 02:07:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 100F123FFE
	for <issues@hbase.apache.org>; Sat, 17 Jun 2017 02:07:00 +0000 (UTC)
Date: Sat, 17 Jun 2017 02:07:00 +0000 (UTC)
From: "Josh Elser (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.13080492.1497640088000.38501.1497665220064@Atlassian.JIRA>
In-Reply-To: <JIRA.13080492.1497640088000@Atlassian.JIRA>
References: <JIRA.13080492.1497640088000@Atlassian.JIRA> <JIRA.13080492.1497640088174@jira-lw-us.apache.org>
Subject: [jira] [Commented] (HBASE-18226) Disable reverse DNS lookup at
 HMaster and use default hostname provided by RegionServer
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Sat, 17 Jun 2017 02:07:05 -0000


    [ https://issues.apache.org/jira/browse/HBASE-18226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16052635#comment-16052635 ] 

Josh Elser commented on HBASE-18226:
------------------------------------

bq. We do not want HMaster to do reverse DNS lookup because HMaster VM's /etc/hosts does not have regionserver VM's FQDN mappings

bq. it uses FQDN names here but on HMaster side, it will do reverse DNS lookup which cannot be resolved.

bq. The patch simply stops HMaster doing reverse DNS lookup.

Without yet looking at the patch, this is a little worrisome. The rDNS lookup by the Master is to prevent RS's from joining the cluster which don't have a "stable" DNS. That is, if the Master cannot perform a DNS lookup on the IP of the RS that is reporting for duty and get the same hostname that the RS *thinks* it has, a client would also be very likely to get a different hostname.

Like Nick points out, when Kerberos is enabled, inconsistent DNS means the cluster is unusable. RPCs over SASL with GSSAPI(krb5) require that the instance component of the Kerberos principal match the hostname that a client used to connect to a server. For example, if a RS has a principal {{hbase/host1.domain.com}}, any RPC to that RS with a hostname *other than* {{host1.domain.com}} is guaranteed to fail with an authentication error.

This all leads me to wonder how the Master presently sends RPCs to RegionServers with Kerberos enabled on Azure. Maybe the master can only do forward DNS lookups and not reverse DNS lookups? I think that would be a plausible explanation.

Will try to take a look at the patch and give it some more thought.

> Disable reverse DNS lookup at HMaster and use default hostname provided by RegionServer
> ---------------------------------------------------------------------------------------
>
>                 Key: HBASE-18226
>                 URL: https://issues.apache.org/jira/browse/HBASE-18226
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Duo Xu
>         Attachments: HBASE-18226.001.patch
>
>
> This JIRA is to address the similar problem as HBASE-12954, but there are some little differences,
> 1. HBASE-12954 provides the configuration "hbase.regionserver.hostname" so users can configure it on every regionserver with preferred hostnames. However, this configuration cannot be set through Ambari or other configuration management tools because each regionserver has a different value of this setting, which means each node needs a different hbase-site.xml.
> 2. In Azure HDInsight clusters, we want to give each RegionServer/workernode a FQDN by modifying /etc/hosts on that node. We do not want HMaster to do reverse DNS lookup because HMaster VM's /etc/hosts does not have regionserver VM's FQDN mappings. In current implementation when regionserver starts, 
> {code}
> String hostName = shouldUseThisHostnameInstead() ? useThisHostnameInstead :
>       rpcServices.isa.getHostName();
> {code}
> it uses FQDN names here but on HMaster side, it will do reverse DNS lookup which cannot be resolved.
> {code}
>  // if regionserver passed hostname to use,
>  // then use it instead of doing a reverse DNS lookup
>  ServerName rs = master.getServerManager().regionServerStartup(request, ia);
> {code}
> My proposed fix is to add a new configuration "*hbase.regionserver.hostname.auto*". If it is set to true, then Regionserver will use the value returned by *rpcServices.isa.getHostName()* as the hostname overwriting whatever users specifies in "*hbase.regionserver.hostname*" and send to HMaster as part of RegionServerStartupRequest. HMaster will not do reverse DNS lookup, which has been implemented in HBASE-12954. If users want to provide their own hostnames in "*hbase.regionserver.hostname*", "*hbase.regionserver.hostname.auto*" must be false.
> I will submit a patch later today.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)