You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Steve Loughran (Jira)" <ji...@apache.org> on 2023/11/13 11:25:00 UTC

[jira] [Commented] (HADOOP-18967) Allow secure mode to be enabled with no downtime

    [ https://issues.apache.org/jira/browse/HADOOP-18967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17785460#comment-17785460 ] 

Steve Loughran commented on HADOOP-18967:
-----------------------------------------

this will need hdfs and yarn tickets to match, assuming it spans them all. If it is HDFS only, then this JIRA can be moved to that project

> Allow secure mode to be enabled with no downtime
> ------------------------------------------------
>
>                 Key: HADOOP-18967
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18967
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Charles Connell
>            Priority: Minor
>
> My employer (HubSpot) recently completed transitioning all of the Hadoop clusters underlying our HBase databases into secure mode. It was important to us that we be able to make this change without impacting the functionality of our SaaS product. To accomplish this, we added some new settings to our fork of Hadoop, and fixed a latent bug. This ticket is my intention to contribute these changes back to the mainline code, so others can benefit. A patch will be incoming.
> The basic theme of the new functionality is the ability to accept incoming secure connections without requiring them or making them outgoing. Secure mode enablement will then be done in two stages.
>  * First, all nodes are given configuration to accept secure connections, and are gracefully rolling-restarted to adopt this new functionality. I'll be adding the new settings to make this stage possible.
>  * Second, all nodes are told to require incoming connections be secure, and to make secure outgoing connections, and the settings added in the first stage are removed. Nodes are again rolling-restarted to adopt this functionality. The settings in this final state will look the same as in any secure Hadoop cluster today.
> I'll include documentation changes explaining how to do this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org