[AMBARI-22803] Update Hadoop RPC Encryption Properties During Kerberization - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.7.0
Fix Version/s: 2.7.0
Component/s: ambari-server
Labels:
None

Description

When HDP 3.0.0 is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are:

core-site.xml : hadoop.rpc.protection = authentication
hdfs-site.xml : dfs.data.transfer.protection = authentication

The new value of privacy enables clients to choose an encrypted means of communication. By keeping authentication first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident.

The following properties should be changed to add privacy:

core-site.xml : hadoop.rpc.protection = authentication,privacy
hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy

The following are cases when this needs to be performed:

During Kerberization, the above two properties should be automatically reconfigured.
During a stack upgrade to any version of HDP 3.0.0 is covered by ~~AMBARI-22981~~

Blueprint deployment is not a scenario being covered here.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-22803.patch
06/Feb/18 16:08
9 kB
Jonathan Hurley

Issue Links

Blocked

AMBARI-22725 Expose Conditional Elements For Tasks on Upgrade

Resolved

is cloned by

AMBARI-22981 Update Hadoop RPC Encryption Properties During Upgrade

Resolved

is related to

HDFS-6859 Allow dfs.data.transfer.protection default to hadoop.rpc.protection

Resolved

Activity

People

Assignee:: Sandor Molnar

Reporter:: Jonathan Hurley

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Jan/18 18:27

Updated:: 09/Mar/18 16:00

Resolved:: 09/Mar/18 16:00