You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Jonathan Hurley (JIRA)" <ji...@apache.org> on 2018/01/17 18:28:00 UTC
[jira] [Created] (AMBARI-22803) Update Hadoop RPC Encryption
Properties During Kerberization and Upgrade
Jonathan Hurley created AMBARI-22803:
----------------------------------------
Summary: Update Hadoop RPC Encryption Properties During Kerberization and Upgrade
Key: AMBARI-22803
URL: https://issues.apache.org/jira/browse/AMBARI-22803
Project: Ambari
Issue Type: Task
Components: ambari-server
Affects Versions: 3.0.0
Reporter: Jonathan Hurley
Assignee: Jonathan Hurley
Fix For: 3.0.0
Clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are:
- {{core-site.xml : hadoop.rpc.protection = authentication}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident.
The following properties should be changed to add {{privacy}}:
- {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
The following are cases when this needs to be performed:
- During Kerberization, the above two properties should be automatically reconfigured.
- During a stack upgrade to any version of HDP 2.6, they should be automatically merged
Blueprint deployment is not a scenario being covered here.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)