Cloudera Docs

What's New in Apache HBase

Learn about the new features of HBase in Cloudera Runtime 7.2.17.

The initial corePoolSize in HBase is configurable for ChoreService

The hbase.choreservice.initial.pool.size configuration property is added to HBase to set the initial number of threads for the ChoreService. The default value is 1.

The related Apache HBase JIRA: HBASE-27565.

Disable sorting the directories by size in HBase CleanerChore service

The hbase.cleaner.directory.sorting configuration property is added to HBase so that the CleanerChore service can be disabled and sort the sub directories by the consumed space, and start the cleaning with the largest sub directory. The property is enabled by default.

The related Apache HBase JIRA: HBASE-27506.

Port FileWatcher from Zookeeper to detect keystore or truststore changes in TLS connections automatically

HBase detects the changes in the filesystem to refresh the keystore or truststore automatically during runtime. Now you do not need to restart the HBase instances manually when certificates are refreshed.

The related Apache HBase JIRA: HBASE-27347.

Automatically detect the keystore or trustore file types using file extension

HBase detects the keystore or truststore file types using the file extension if it is not explicitly specified in the configuration. If the file type cannot be detected, JKS is used by default.

The related Apache HBase JIRA: HBASE-27346.

Add mutual authentication support to TLS

By default, when TLS is enabled, mutual authentication of certificates is enabled. This means, during handshake, the client authenticates the server's certificate (as usual) and also the server authenticates the client's certificate. Additionally, each side validates that the hostname presented by the certificate matches the address of the connection.

  • hbase.server.netty.tls.client.auth.mode: Default value is NEED. Possible values are, NEED, WANT, NONE.
  • hbase.server.netty.tls.verify.client.hostname: Default value is true.
  • hbase.client.netty.tls.verify.server.hostname: Default value is true.

Additionally, during hostname verification, if required a fallback on reverse lookup is supported. The reverse lookup can be disabled using hbase.rpc.tls.host-verification.reverse-dns.enabled property. The default value is true.

The related Apache HBase JIRA: HBASE-27280.