[AMBARI-22981] Update Hadoop RPC Encryption Properties During Upgrade - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.7.0
Fix Version/s: 2.7.0
Component/s: ambari-server
Labels:
- pull-request-available

Description

When HDP 3.0.0 is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are:

core-site.xml : hadoop.rpc.protection = authentication
hdfs-site.xml : dfs.data.transfer.protection = authentication

The new value of privacy enables clients to choose an encrypted means of communication. By keeping authentication first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident.

The following properties should be changed to add privacy:

core-site.xml : hadoop.rpc.protection = authentication,privacy
hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy

The following are cases when this needs to be performed:

During Kerberization (this case is covered by ~~AMBARI-22803~~)
During a stack upgrade to any version of HDP 3.0.0, they should be automatically merged

Blueprint deployment is not a scenario being covered here.

Attachments

Issue Links

is a clone of

AMBARI-22803 Update Hadoop RPC Encryption Properties During Kerberization

Resolved

is blocked by

HDFS-13081 Datanode#checkSecureConfig should allow SASL and privileged HTTP

Resolved

links to

GitHub Pull Request #546

Activity

People

Assignee:: Sandor Molnar

Reporter:: Sandor Molnar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Feb/18 07:53

Updated:: 09/Mar/18 16:03

Resolved:: 09/Mar/18 16:03

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 50m