[
https://issues.apache.org/jira/browse/HADOOP-15980?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489100#comment-17489100
]
Narayanan Venkateswaran edited comment on HADOOP-15980 at 2/8/22, 8:20 PM:
---------------------------------------------------------------------------
1 HADOOP-15980 : Enable TLS in RPC client/server
================================================
The [pull request|https://github.com/apache/hadoop/pull/3966] integrates the
work done in the JIRAs for,
- HADOOP-15978 : Add Netty support to the RPC server
- HADOOP-15979 : Add Netty support to the RPC client
and then creates a prototype for enabling the SSL Handler over the
channel peipeline created in the above JIRAs. Specifically the
following work has been done,
1.1 HADOOP-15978 : Add Netty Support to the RPC Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Integrating the inital patch submitted by Daryn
- Integrating the patch for JAR shading provided by Wei-Chiu Chuang.
- Fixes for unit test failures
- Adding comments and Javadoc.
1.2 HADOOP-15979 : Add Netty support to the RPC client
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Integrating the initial patch submitted by Daryn.
- Addressing the initial comments given by Wei-Chiu Chuang on the
patch.
- Enabling the Netty Client flag in the unit tests.
1.3 HADOOP-15980 : Enable TLS in RPC client/server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Post the above changes we added the SSLHandlers to the Server and
Client Channel pipelines and building the SSLContext from a
SelfSignedCertificate class.
- We had to change NettyOutputStream::write to use
Channel::writeAndFlush. We had to do this because the connection
context packet was not being flushed when a tez session was being
opened. The packet sent after the connection context packet was
being parsed as the header packet causing an error.
- We have a prototype internally using which Hive insert queries are
running successfully.
- There are unit test failures that we are working on fixing.
- I have discussed the changes with [~aajisaka] offline. I highly respect
his opinion to share early versions of the patches and solicit
feedback on the changes continuously.
- I am also taking Akira's advice and tagging [~daryn] and [~weichiu] for the
changes.
was (Author: vnhive):
1 HADOOP-15980 : Enable TLS in RPC client/server
================================================
The [pull request|https://github.com/apache/hadoop/pull/3966] integrates the
work done in the JIRAs for,
- HADOOP-15978 : Add Netty support to the RPC server
- HADOOP-15979 : Add Netty support to the RPC client
and then creates a prototype for enabling the SSL Handler over the
channel peipeline created in the above JIRAs. Specifically the
following work has been done,
1.1 HADOOP-15978 : Add Netty Support to the RPC Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Integrating the inital patch submitted by Daryn
- Integrating the patch for JAR shading provided by Wei-Chiu Chuang.
- Fixes for unit test failures
- Adding comments and Javadoc.
1.2 HADOOP-15979 : Add Netty support to the RPC client
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Integrating the initial patch submitted by Daryn.
- Addressing the initial comments given by Wei-Chiu Chuang on the
patch.
- Enabling the Netty Client flag in the unit tests.
1.3 HADOOP-15980 : Enable TLS in RPC client/server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Post the above changes we added the SSLHandlers to the Server and
Client Channel pipelines and building the SSLContext from a
SelfSignedCertificate class.
- We had to change NettyOutputStream::write to use
Channel::writeAndFlush. We had to do this because the connection
context packet was not being flushed when a tez session was being
opened. The packet sent after the connection context packet was
being parsed as the header packet causing an error.
- We have a prototype internally using which Hive insert queries are
running successfully.
- There are unit test failures that we are working on fixing.
- I have discussed the changes with Akira offline. I highly respect
his opinion to share early versions of the patches and solicity
feedback on the changes continuously.
- I am also taking Akira's advice and tagging
> Enable TLS in RPC client/server
> -------------------------------
>
> Key: HADOOP-15980
> URL: https://issues.apache.org/jira/browse/HADOOP-15980
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc, security
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Once the RPC client and server can be configured to use Netty, the TLS engine
> can be added to the channel pipeline. The server should allow QoS-like
> functionality to determine if TLS is mandatory or optional for a client.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
