You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Erik Bergenholtz (JIRA)" <ji...@apache.org> on 2015/04/29 12:28:06 UTC

[jira] [Created] (AMBARI-10825) Missed Support for Wire Encyption

Erik Bergenholtz created AMBARI-10825:
-----------------------------------------

             Summary: Missed Support for Wire Encyption
                 Key: AMBARI-10825
                 URL: https://issues.apache.org/jira/browse/AMBARI-10825
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.1.0
            Reporter: Erik Bergenholtz
            Assignee: Antonenko Alexander
             Fix For: 2.1.0



I noticed the following things that I believe need to get fixed:

*ssl-client.xml*
# We're missing the ability to track ssl.client.truststore.password
# (New Requirement) We're missing the ability to track the following:
* ssl.client.truststore.password=bigdata
* ssl.client.truststore.reload.interval=10000
* ssl.client.keystore.type=jks
* ssl.client.keystore.location=/etc/security/clientKeys/keystore.jks
* ssl.client.keystore.password=bigdata

The additions (New Requirement) to ssl-client.xml is from some discrepancies I've just noticed between [our documentation|http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.2.0/HDP_Security_Guide_v22/index.html#Item1.3.4.4] and [Apache's|http://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/EncryptedShuffle.html].

*ssl-server.xml*
# The passwords are in clear text and should be 'password' type input fields for ssl.server.keystore.password, and ssl.server.keystore.keypassword.
# We need to add management of ssl.server.truststore.reload.interval with a default value of 10000 with a tooltip value of: "Truststore reload interval, in milliseconds"
# We are missing management of the ssl.server.truststore.password 'password' field.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)