[
https://issues.apache.org/jira/browse/HDFS-13699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799351#comment-16799351
]
Chen Liang commented on HDFS-13699:
-----------------------------------
Post v007 patch with various refactoring. The logic remains the same. To make
it less confusing for review, I want to mention that part of the logic is to
enable overwriting downstream inter-DN QOP. Namely, we want to allow client
talking to first DN with QOP1, but the DN themselves talk to each other using
QOP2, and QOP1 and QOP2 can be different. This is useful when client is
external and has security requirement different from DNs which are all in the
same cluster. The way the patch works is by configuring QOP2 which overwrites
QOP1 at run-time.
> Add DFSClient sending handshake token to DataNode, and allow DataNode
> overwrite downstream QOP
> ----------------------------------------------------------------------------------------------
>
> Key: HDFS-13699
> URL: https://issues.apache.org/jira/browse/HDFS-13699
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Chen Liang
> Assignee: Chen Liang
> Priority: Major
> Attachments: HDFS-13699.001.patch, HDFS-13699.002.patch,
> HDFS-13699.003.patch, HDFS-13699.004.patch, HDFS-13699.005.patch,
> HDFS-13699.006.patch, HDFS-13699.007.patch, HDFS-13699.WIP.001.patch
>
>
> Given the other Jiras under HDFS-13541, this Jira is to allow DFSClient to
> redirect the encrypt secret to DataNode. The encrypted message is the QOP
> that client and NameNode have used. DataNode decrypts the message and enforce
> the QOP for the client connection. Also, this Jira will also include
> overwriting downstream QOP, as mentioned in the HDFS-13541 design doc.
> Namely, this is to allow inter-DN QOP that is different from client-DN QOP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
