You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Kihwal Lee (Jira)" <ji...@apache.org> on 2019/08/21 18:38:00 UTC
[jira] [Comment Edited] (HADOOP-16524) Automatic keystore reloading
for HttpServer2
[ https://issues.apache.org/jira/browse/HADOOP-16524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16912590#comment-16912590 ]
Kihwal Lee edited comment on HADOOP-16524 at 8/21/19 6:37 PM:
--------------------------------------------------------------
This does not cover DataNode, since its front-end is netty-based. The HttpServer2/jetty based server is internal. Unlike HttpServer2, the netty-based DatanodeHttpServer still uses SSLFactory. We have internally modified SSLFactory to enable automatic reloading of cert. This will also make secure mapreduce shuffle server to reload cert. I can add it to this patch if people are interested. We have used it for several years in production.
was (Author: kihwal):
This does not cover DataNode, since its front-end is netty-based. The HttpServer2/jetty based server is internal. Unlike HttpServer2, the netty-based DatanodeHttpServer still uses SSLFactory. We have internally modified SSLFactory to enable automatic reloading of cert. This will also make secure mapreduce shuffle server to reload cert. I can add it to this patch if people are interested.
> Automatic keystore reloading for HttpServer2
> --------------------------------------------
>
> Key: HADOOP-16524
> URL: https://issues.apache.org/jira/browse/HADOOP-16524
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kihwal Lee
> Assignee: Kihwal Lee
> Priority: Major
> Attachments: HADOOP-16524.patch
>
>
> Jetty 9 simplified reloading of keystore. This allows hadoop daemon's SSL cert to be updated in place without having to restart the service.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org