Hadoop Common
  1. Hadoop Common
  2. HADOOP-6584

Provide Kerberized SSL encryption for webservices

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Some web services should be authenticated via SSL backed by Kerberos, both to provide cross-cluster secure communication and to provide intra-cluster server authentication for services such as the

      {Name,SecondaryName,Backup,Checkpoint}

      node's image transfer and balancer.

      1. HADOOP-6584.patch
        15 kB
        Jakob Homan
      2. HADOOP-6584-Y20-1.patch
        22 kB
        Jakob Homan
      3. HADOOP-6584-Y20-2.patch
        22 kB
        Jakob Homan
      4. HADOOP-6584-Y20-3.patch
        22 kB
        Jakob Homan
      5. HADOOP-6584-Y20-4.patch
        22 kB
        Jakob Homan
      6. HADOOP-6584-FixJavadoc-Y20.patch
        1 kB
        Jakob Homan
      7. c6584-02.patch
        13 kB
        Kan Zhang

        Issue Links

          Activity

          Hide
          Jakob Homan added a comment -

          Patch for review.

          Show
          Jakob Homan added a comment - Patch for review.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12437138/HADOOP-6584.patch
          against trunk revision 916529.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 1 new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12437138/HADOOP-6584.patch against trunk revision 916529. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 1 new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/391/console This message is automatically generated.
          Hide
          Jakob Homan added a comment -

          Prelim Y20 patch for review, not for commit.

          Show
          Jakob Homan added a comment - Prelim Y20 patch for review, not for commit.
          Hide
          Jakob Homan added a comment -

          oh, and the prelim Y20 patch incorporates HDFS-1004, which is the HDFS component of this patch... life in a post-split world...

          Show
          Jakob Homan added a comment - oh, and the prelim Y20 patch incorporates HDFS-1004 , which is the HDFS component of this patch... life in a post-split world...
          Hide
          Jakob Homan added a comment -

          updated prelim patch.

          Show
          Jakob Homan added a comment - updated prelim patch.
          Hide
          Devaraj Das added a comment -

          Looks good.

          Show
          Devaraj Das added a comment - Looks good.
          Hide
          Jakob Homan added a comment -

          small iteration

          Show
          Jakob Homan added a comment - small iteration
          Hide
          Jakob Homan added a comment -

          Already went stale...

          Show
          Jakob Homan added a comment - Already went stale...
          Hide
          Jakob Homan added a comment -

          Small patch to fix javadoc warnings introduced into Y20 branch. Not to be committed.

          Show
          Jakob Homan added a comment - Small patch to fix javadoc warnings introduced into Y20 branch. Not to be committed.
          Hide
          Kan Zhang added a comment -

          uploading a Common patch for the current trunk

          Show
          Kan Zhang added a comment - uploading a Common patch for the current trunk
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12447891/c6584-02.patch
          against trunk revision 957074.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12447891/c6584-02.patch against trunk revision 957074. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/594/console This message is automatically generated.
          Hide
          Kan Zhang added a comment -

          Patch c6584-02.patch was simply a port of Jakob's original patch for Y20. The javadoc warnings are unrelated since they are due to KerberosName.java and SecurityUtil.java, neither of which this patch modifies. This patch adds a Kerberos functionality and we currently don't have a framework to unit test it. However, I have manually verified it by deploying a single host cluster with suitable Kerberos infrastructure. I also ran "ant test" and it passed.

          Show
          Kan Zhang added a comment - Patch c6584-02.patch was simply a port of Jakob's original patch for Y20. The javadoc warnings are unrelated since they are due to KerberosName.java and SecurityUtil.java, neither of which this patch modifies. This patch adds a Kerberos functionality and we currently don't have a framework to unit test it. However, I have manually verified it by deploying a single host cluster with suitable Kerberos infrastructure. I also ran "ant test" and it passed.
          Hide
          Jakob Homan added a comment -

          This looks good to me - thanks, Kan for the forward port! - but should be reviewed by another committer before commit to get a fresh pair of eyes on it.

          Show
          Jakob Homan added a comment - This looks good to me - thanks, Kan for the forward port! - but should be reviewed by another committer before commit to get a fresh pair of eyes on it.
          Hide
          Devaraj Das added a comment -

          Looks good. +1

          Show
          Devaraj Das added a comment - Looks good. +1
          Hide
          Jakob Homan added a comment -

          I've committed this. Resolving as fixed.

          Show
          Jakob Homan added a comment - I've committed this. Resolving as fixed.
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk-Commit #319 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/319/)
          HADOOP-6584. Provide Kerberized SSL encryption for webservices.

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #319 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/319/ ) HADOOP-6584 . Provide Kerberized SSL encryption for webservices.
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Hdfs-trunk-Commit #328 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Hdfs-trunk-Commit/328/)
          HDFS-1004. Update NN to support Kerberized SSL from HADOOP-6584.

          Show
          Hudson added a comment - Integrated in Hadoop-Hdfs-trunk-Commit #328 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Hdfs-trunk-Commit/328/ ) HDFS-1004 . Update NN to support Kerberized SSL from HADOOP-6584 .
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk #385 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/385/)
          HADOOP-6584. Provide Kerberized SSL encryption for webservices.

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk #385 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/385/ ) HADOOP-6584 . Provide Kerberized SSL encryption for webservices.

            People

            • Assignee:
              Jakob Homan
              Reporter:
              Jakob Homan
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development