You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2018/01/05 08:51:00 UTC

[jira] [Commented] (AMBARI-22725) Update Hadoop RPC Encryption Properties During Kerberization and Upgrade

    [ https://issues.apache.org/jira/browse/AMBARI-22725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312724#comment-16312724 ] 

Hadoop QA commented on AMBARI-22725:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12904672/AMBARI-22725.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 3 new or modified test files.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:red}-1 core tests{color}.  The test build failed in [ambari-server|https://builds.apache.org/job/Ambari-trunk-test-patch/12927//artifact/patch-work/testrun_ambari-server.txt] 

Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/12927//console

This message is automatically generated.

> Update Hadoop RPC Encryption Properties During Kerberization and Upgrade
> ------------------------------------------------------------------------
>
>                 Key: AMBARI-22725
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22725
>             Project: Ambari
>          Issue Type: Task
>    Affects Versions: 2.6.2
>            Reporter: Jonathan Hurley
>            Assignee: Jonathan Hurley
>            Priority: Critical
>             Fix For: 2.6.2
>
>         Attachments: AMBARI-22725.patch
>
>
> Clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are:
> - {{core-site.xml : hadoop.rpc.protection = authentication}}
> - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
> The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident.
> The following properties should be changed to add {{privacy}}:
> - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
> - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
> The following are cases when this needs to be performed:
> - During Kerberization, the above two properties should be automatically reconfigured.
> - During a stack upgrade to any version of HDP 2.6, they should be automatically merged
> Blueprint deployment is not a scenario being covered here.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)