-
Notifications
You must be signed in to change notification settings - Fork 475
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HDDS-2950. Upgrade jetty to the latest 9.4 release #508
Conversation
@smengcl can you take a look at this pull request? This is forking the I think long term it makes sense to fork the Hadoop HttpWebServer. |
Sure. Looking at this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did a quick review of this. Overall looks good. Most classes are straight from Hadoop 3.2 (and mostly the same as 3.3 trunk). The only potential questions are in HttpServer2
class.
As in the comment, there are a few advancements from Hadoop 3.2. e.g. HADOOP-16718, HADOOP-16727, HADOOP-16398. Please take a look if we need those new commits as well. (Maybe not)
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
Outdated
Show resolved
Hide resolved
|
||
public static final String FILTER_INITIALIZER_PROPERTY | ||
= "ozone.http.filter.initializers"; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hadoop.http.sni.host.check.enabled
is added in HADOOP-16718 in trunk. We might want it here as well?
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
Show resolved
Hide resolved
Thank you very much @smengcl As a background: as of now we use hadoop 3.2. The most safest import is to use exactly the same I tried to use trunk HttpServer2 from the Hadoop trunk but found multiple changes related the authorization broke S3 gateway. After that I decided to keep the same Therefore (as a rule of thumb) I prefer to import here just minimal changes and import newer patches in separated jira (where we can carefully test s3g). I checked the suggested patches (thanks for the suggestions):
|
Thanks for digging into this. I'm good with using same The two new commits lgtm. As for HADOOP-16718, I believe the scope is larger than WebHDFS. Web UIs with HTTPS using jetty may all be impacted under certain cases. In short, this can cause connection failure in some circumstances:
For details, please take a look at the link I sent over to you on Slack. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 lgtm. Thanks @smengcl for the review.
I am good with backporting HADOOP-16718 in another jira. So far lgtm+1 |
Thanks @elek for the update. The latest change LGTM, +1. |
What changes were proposed in this pull request?
The jetty which is used by web interfaces of Ozone is from the September of 2018.
Since then many bug and security fixes added to the Jetty project. I would suggest to use the latest jetty (from January of 2020).
As
HttpServer2
(hadoop 3.2 class) has a strong dependency on the older version of Jetty (it uses SessionManager which is removed), it seems to be easier to clone HttpServer2 and move it to the Ozone project.It provides us the flexibility:
What is included in this patch
HttpServer2
and lightweight dependencies are cloned from Hadoop 3.2What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-2950
How was this patch tested?
There are related unit tests, but also checked with docker-compose based cluster + checking the ui pages from browser.