[
https://issues.apache.org/jira/browse/HBASE-30172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Somogyi updated HBASE-30172:
----------------------------------
Description:
When `hbase.rpc.tls.useOpenSsl` is set to `false`, `OpenSsl.isAvailable()` is
still invoked unnecessarily. This static method triggers native library loading
and class initialization of netty-tcnative, which can cause unwanted side
effects even when the user has explicitly disabled OpenSSL.
For example similar log is polluting Shell when OpenSSL is disabled and the
/tmp is mounted with noexec.
{noformat}
26/05/21 10:45:53 INFO internal.NativeLibraryLoader:
[RPCClient-NioEventLoopGroup-1-1]:
/tmp/liborg_apache_hbase_thirdparty_netty_tcnative_linux_x86_6414037627418698320486.so
exists but cannot be executed
even when execute permissions set; check volume for "noexec" flag;
use -Dorg.apache.hbase.thirdparty.io.netty.native.workdir=[path] to set native
working directory separately.{noformat}
was:
When `hbase.rpc.tls.useOpenSsl` is set to `false`, `OpenSsl.isAvailable()` is
still invoked unnecessarily. This static method triggers native library loading
and class initialization of netty-tcnative, which can cause unwanted side
effects even when the user has explicitly disabled OpenSSL.
For example similar log is polluting Shell when OpenSSL is disabled and the
/tmp is mounted with noexec.
{noformat}
26/05/21 10:45:53 INFO internal.NativeLibraryLoader:
[RPCClient-NioEventLoopGroup-1-1]:
/tmp/liborg_apache_hbase_thirdparty_netty_tcnative_linux_x86_6414037627418698320486.so
exists but cannot be executed even when execute permissions set; check volume
for "noexec" flag; use
-Dorg.apache.hbase.thirdparty.io.netty.native.workdir=[path] to set native
working directory separately.{noformat}
> Avoid invoking OpenSsl.isAvailable() when TLS_USE_OPENSSL config is false
> -------------------------------------------------------------------------
>
> Key: HBASE-30172
> URL: https://issues.apache.org/jira/browse/HBASE-30172
> Project: HBase
> Issue Type: Improvement
> Components: netty, security
> Reporter: Peter Somogyi
> Assignee: Peter Somogyi
> Priority: Major
>
> When `hbase.rpc.tls.useOpenSsl` is set to `false`, `OpenSsl.isAvailable()` is
> still invoked unnecessarily. This static method triggers native library
> loading and class initialization of netty-tcnative, which can cause unwanted
> side effects even when the user has explicitly disabled OpenSSL.
> For example similar log is polluting Shell when OpenSSL is disabled and the
> /tmp is mounted with noexec.
> {noformat}
> 26/05/21 10:45:53 INFO internal.NativeLibraryLoader:
> [RPCClient-NioEventLoopGroup-1-1]:
> /tmp/liborg_apache_hbase_thirdparty_netty_tcnative_linux_x86_6414037627418698320486.so
> exists but cannot be executed
> even when execute permissions set; check volume for "noexec" flag;
> use -Dorg.apache.hbase.thirdparty.io.netty.native.workdir=[path] to set
> native working directory separately.{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
