You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2015/05/01 04:31:06 UTC

[jira] [Commented] (AMBARI-10825) Missed Support for Wire Encyption

    [ https://issues.apache.org/jira/browse/AMBARI-10825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14522676#comment-14522676 ] 

Hudson commented on AMBARI-10825:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #2496 (See [https://builds.apache.org/job/Ambari-trunk-Commit/2496/])
AMBARI-10825. Missed Support for Wire Encyption (alexantonenko) (hiveww: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=8e39a705c390d2a442c5b0ceeb2c64092e48e601)
* ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml
* ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
* ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml
* ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
* ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml
* ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml


> Missed Support for Wire Encyption
> ---------------------------------
>
>                 Key: AMBARI-10825
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10825
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Erik Bergenholtz
>            Assignee: Antonenko Alexander
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-10825.patch
>
>
> I noticed the following things that I believe need to get fixed:
> *ssl-client.xml*
> # We're missing the ability to track ssl.client.truststore.password
> # (New Requirement) We're missing the ability to track the following:
> * ssl.client.truststore.password=bigdata
> * ssl.client.truststore.reload.interval=10000
> * ssl.client.keystore.type=jks
> * ssl.client.keystore.location=/etc/security/clientKeys/keystore.jks
> * ssl.client.keystore.password=bigdata
> The additions (New Requirement) to ssl-client.xml is from some discrepancies I've just noticed between [our documentation|http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.2.0/HDP_Security_Guide_v22/index.html#Item1.3.4.4] and [Apache's|http://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/EncryptedShuffle.html].
> *ssl-server.xml*
> # The passwords are in clear text and should be 'password' type input fields for ssl.server.keystore.password, and ssl.server.keystore.keypassword.
> # We need to add management of ssl.server.truststore.reload.interval with a default value of 10000 with a tooltip value of: "Truststore reload interval, in milliseconds"
> # We are missing management of the ssl.server.truststore.password 'password' field.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)