[
https://issues.apache.org/jira/browse/HADOOP-18967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17790108#comment-17790108
]
ASF GitHub Bot commented on HADOOP-18967:
-----------------------------------------
charlesconnell commented on PR #6293:
URL: https://github.com/apache/hadoop/pull/6293#issuecomment-1827965345
@Hexiaoqiao Thanks for having a looking. This PR should only impact HDFS.
There are changes in the IPC layer code, but I do not expect this will impact
other components in practice. I should have been more clear from the start that
this only changes HDFS, because other Hadoop components already allow
no-downtime migration into secure mode. I've updated the ticket and the
documentation in this PR to be more clear about this.
> Allow no-downtime migration of HDFS clusters into secure mode
> -------------------------------------------------------------
>
> Key: HADOOP-18967
> URL: https://issues.apache.org/jira/browse/HADOOP-18967
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Charles Connell
> Priority: Minor
> Labels: pull-request-available
> Fix For: 3.4.0
>
>
> My employer (HubSpot) recently completed transitioning all of the Hadoop
> clusters underlying our HBase databases into secure mode. It was important to
> us that we be able to make this change without impacting the functionality of
> our SaaS product. To accomplish this, we added some new settings to our fork
> of Hadoop, and fixed a latent bug (HADOOP-18972). This ticket is my intention
> to contribute these changes back to the mainline code, so others can benefit.
> A patch will be incoming.
> It was only necessary to change the HDFS code, because other Hadoop
> components are already able to seamlessly switch into secure mode.
> The basic theme of the new functionality is the ability to accept incoming
> secure connections without requiring them or making them outgoing. Secure
> mode enablement will then be done in two stages.
> * First, all nodes are given configuration to accept secure connections, and
> are gracefully rolling-restarted to adopt this new functionality. I'll be
> adding the new settings to make this stage possible.
> * Second, all nodes are told to require incoming connections be secure, and
> to make secure outgoing connections, and the settings added in the first
> stage are removed. Nodes are again rolling-restarted to adopt this
> functionality. The settings in this final state will look the same as in any
> secure Hadoop cluster today.
> I'll include documentation changes explaining how to do this.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
