[jira] [Updated] (HADOOP-18967) Allow secure mode to be enabled with no downtime

Wed, 22 Nov 2023 11:47:33 -0800 


     [ 
https://issues.apache.org/jira/browse/HADOOP-18967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Connell updated HADOOP-18967:
-------------------------------------
    Fix Version/s: 3.4.0
           Status: Patch Available  (was: Open)

> Allow secure mode to be enabled with no downtime
> ------------------------------------------------
>
>                 Key: HADOOP-18967
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18967
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Charles Connell
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 3.4.0
>
>
> My employer (HubSpot) recently completed transitioning all of the Hadoop 
> clusters underlying our HBase databases into secure mode. It was important to 
> us that we be able to make this change without impacting the functionality of 
> our SaaS product. To accomplish this, we added some new settings to our fork 
> of Hadoop, and fixed a latent bug (HADOOP-18972). This ticket is my intention 
> to contribute these changes back to the mainline code, so others can benefit. 
> A patch will be incoming.
> The basic theme of the new functionality is the ability to accept incoming 
> secure connections without requiring them or making them outgoing. Secure 
> mode enablement will then be done in two stages.
>  * First, all nodes are given configuration to accept secure connections, and 
> are gracefully rolling-restarted to adopt this new functionality. I'll be 
> adding the new settings to make this stage possible.
>  * Second, all nodes are told to require incoming connections be secure, and 
> to make secure outgoing connections, and the settings added in the first 
> stage are removed. Nodes are again rolling-restarted to adopt this 
> functionality. The settings in this final state will look the same as in any 
> secure Hadoop cluster today.
> I'll include documentation changes explaining how to do this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to