[jira] [Commented] (HADOOP-18709) Add curator based ZooKeeper communication support over SSL/TLS into the common library

Thu, 11 May 2023 16:49:08 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-18709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721950#comment-17721950
 ] 

ASF GitHub Bot commented on HADOOP-18709:
-----------------------------------------

szilard-nemeth commented on PR #5638:
URL: https://github.com/apache/hadoop/pull/5638#issuecomment-1544898512

   Thanks for the patch @ferdelyi, good job.
   Added some comments / questions.
   Could you please add testing evidence to the Jira? 
   To document how this was tested on a real cluster environment.
   Also, is there a ZK config page among Hadooop documentation that need to be 
updated?
   
   Thanks




> Add curator based ZooKeeper communication support over SSL/TLS into the 
> common library
> --------------------------------------------------------------------------------------
>
>                 Key: HADOOP-18709
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18709
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Ferenc Erdelyi
>            Assignee: Ferenc Erdelyi
>            Priority: Major
>              Labels: pull-request-available
>
> With HADOOP-16579 the ZooKeeper client is capable of securing communication 
> with SSL. 
> To follow the convention introduced in HADOOP-14741, proposing to add to the 
> core-default.xml the following configurations, as the groundwork for the 
> components to enable encrypted communication between the individual 
> components and ZooKeeper:
>  * hadoop.zk.ssl.keystore.location
>  * hadoop.zk.ssl.keystore.password
>  * hadoop.zk.ssl.truststore.location
>  * hadoop.zk.ssl.truststore.password
> These parameters along with the component-specific ssl.client.enable option 
> (e.g. yarn.zookeeper.ssl.client.enable) should be passed to the 
> ZKCuratorManager to build the CuratorFramework. The ZKCuratorManager needs a 
> new overloaded start() method to build the encrypted communication.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to