Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1948

Client-side configuration of cluster details


    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.3.0
    • Fix Version/s: None
    • Component/s: client, security
    • Labels:


      In the beginning, Kudu clients were configured with only the address of the single Kudu master. This was nice and simple, and there was no need for a client "configuration file".

      Then, we added multi-masters, and the client API had to take a list of master addresses. This wasn't awful, but started to be a bit aggravating when trying to use tools on a multi-master cluster (who wants to type out three long hostnames in a 'ksck' command line every time?).

      Now with security, we have a couple more bits of configuration for the client. Namely:

      • "require SSL" and "require authentication" booleans – necessary to prevent MITM downgrade attacks
      • custom Kerberos principal – if the server wants to use a principal other than 'kudu/<HOST>@REALM' then the client needs to know to expect it and fetch the appropriate service ticket. (Note this isn't yet supported but would like to be!)

      In the future, there are other items that might be best specified as part of a client configuration as well (e.g. CA cert for BYO PKI, wire compression options, etc).

      For the above use cases it would be nicer to allow the various options to be specified in a configuration file rather than adding specific APIs for all options.




            • Assignee:
              granthenke Grant Henke
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              5 Start watching this issue


              • Created: