Karthik Palanisamy created HDFS-17775:
-----------------------------------------
Summary: Support for cluster-specific encryption-in-transit
settings in DistCp and CLI
Key: HDFS-17775
URL: https://issues.apache.org/jira/browse/HDFS-17775
Project: Hadoop HDFS
Issue Type: New Feature
Reporter: Karthik Palanisamy
We have a scenario in Kerberized clusters where copying data from unencrypted
zone to encrypted zone is only supporting if both the source and target
clusters have matching encryption-in-transit configurations - specifically, the
{{{}hadoop.rpc.protection{}}}, {{{}dfs.data.transfer.protection{}}}, and
{{dfs.encrypt.data.transfer}} settings must align.
However, user may not have the same configuration so we need to use an
alternative to this like {{{}WebHDFS{}}}.
We need to enhance {{DistCp}} and CLI to allow optionally specifying separate
configurations for the source and target clusters. This way, each cluster could
use its own encryption-in-transit settings during the transfer.
*Error: javax.security.sasl.SaslException: No common protection layer between
client and server*
Note: To test this, I did override the source conf in the code which transfer
worked. **
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
