[ https://issues.apache.org/jira/browse/HADOOP-18967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Charles Connell updated HADOOP-18967: ------------------------------------- Fix Version/s: 3.4.0 Status: Patch Available (was: Open) > Allow secure mode to be enabled with no downtime > ------------------------------------------------ > > Key: HADOOP-18967 > URL: https://issues.apache.org/jira/browse/HADOOP-18967 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Charles Connell > Priority: Minor > Labels: pull-request-available > Fix For: 3.4.0 > > > My employer (HubSpot) recently completed transitioning all of the Hadoop > clusters underlying our HBase databases into secure mode. It was important to > us that we be able to make this change without impacting the functionality of > our SaaS product. To accomplish this, we added some new settings to our fork > of Hadoop, and fixed a latent bug (HADOOP-18972). This ticket is my intention > to contribute these changes back to the mainline code, so others can benefit. > A patch will be incoming. > The basic theme of the new functionality is the ability to accept incoming > secure connections without requiring them or making them outgoing. Secure > mode enablement will then be done in two stages. > * First, all nodes are given configuration to accept secure connections, and > are gracefully rolling-restarted to adopt this new functionality. I'll be > adding the new settings to make this stage possible. > * Second, all nodes are told to require incoming connections be secure, and > to make secure outgoing connections, and the settings added in the first > stage are removed. Nodes are again rolling-restarted to adopt this > functionality. The settings in this final state will look the same as in any > secure Hadoop cluster today. > I'll include documentation changes explaining how to do this. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org