Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7182

Impala does not allow the use of insecure clusters with public IPs by default

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • Impala 2.12.0
    • Impala 3.1.0
    • Security
    • ghx-label-2

    Description

      We made Impala more secure by using KRPC which doesn't allow the usage of insecure clusters (no auth or no encryption) with public IPs by default.

      We have a workaround which is to add the subnet to this flag 'trusted_subnets':
      https://github.com/apache/impala/blob/master/be/src/kudu/rpc/server_negotiation.cc#L70-L80

      Although we don't expect users to run production environments with this configuration, we need to document this as it's a slight behavioral change from Impala 2.11 to Impala 2.12.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            arodoni Alexandra Rodoni
            sailesh Sailesh Mukil
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment