You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/02/14 08:54:00 UTC
[jira] [Updated] (AMBARI-22981) Update Hadoop RPC Encryption
Properties During Upgrade
[ https://issues.apache.org/jira/browse/AMBARI-22981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar updated AMBARI-22981:
-----------------------------------
Description:
When *HDP 3.0.0* is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are:
- {{core-site.xml : hadoop.rpc.protection = authentication}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident.
The following properties should be changed to add {{privacy}}:
- {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
The following are cases when this needs to be performed:
- During Kerberization (this case is covered by AMBARI-22803)
- During a stack upgrade to any version of *HDP 3.0.0*, they should be automatically merged
Blueprint deployment is not a scenario being covered here.
was:
When *HDP 3.0.0* is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are:
- {{core-site.xml : hadoop.rpc.protection = authentication}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident.
The following properties should be changed to add {{privacy}}:
- {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
The following are cases when this needs to be performed:
- During Kerberization, the above two properties should be automatically reconfigured.
- During a stack upgrade to any version of *HDP 3.0.0*, they should be automatically merged
Blueprint deployment is not a scenario being covered here.
> Update Hadoop RPC Encryption Properties During Upgrade
> ------------------------------------------------------
>
> Key: AMBARI-22981
> URL: https://issues.apache.org/jira/browse/AMBARI-22981
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 2.7.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.7.0
>
>
> When *HDP 3.0.0* is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are:
> - {{core-site.xml : hadoop.rpc.protection = authentication}}
> - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
> The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident.
> The following properties should be changed to add {{privacy}}:
> - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
> - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
> The following are cases when this needs to be performed:
> - During Kerberization (this case is covered by AMBARI-22803)
> - During a stack upgrade to any version of *HDP 3.0.0*, they should be automatically merged
> Blueprint deployment is not a scenario being covered here.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)