[
https://issues.apache.org/jira/browse/HDFS-17775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karthik Palanisamy updated HDFS-17775:
--------------------------------------
Description:
We have a scenario in Kerberized clusters where copying data from unencrypted
zone to encrypted zone is only supporting if both the source and target
clusters have matching encryption-in-transit configurations - specifically, the
{{{}hadoop.rpc.protection{}}}, {{{}dfs.data.transfer.protection{}}}, and
{{dfs.encrypt.data.transfer}} settings must align.
However, user may not have the same configuration so we need to use an
alternative to this like {{{}WebHDFS{}}}.
We need to enhance {{DistCp}} and CLI to allow optionally specifying separate
configurations for the source and target clusters. This way, each cluster could
use its own encryption-in-transit settings during the transfer.
*Error: javax.security.sasl.SaslException: No common protection layer between
client and server*
Note: To test this, I did override the source conf in the code which transfer
worked.
was:
We have a scenario in Kerberized clusters where copying data from unencrypted
zone to encrypted zone is only supporting if both the source and target
clusters have matching encryption-in-transit configurations - specifically, the
{{{}hadoop.rpc.protection{}}}, {{{}dfs.data.transfer.protection{}}}, and
{{dfs.encrypt.data.transfer}} settings must align.
However, user may not have the same configuration so we need to use an
alternative to this like {{{}WebHDFS{}}}.
We need to enhance {{DistCp}} and CLI to allow optionally specifying separate
configurations for the source and target clusters. This way, each cluster could
use its own encryption-in-transit settings during the transfer.
*Error: javax.security.sasl.SaslException: No common protection layer between
client and server*
Note: To test this, I did override the source conf in the code which transfer
worked. **
> Support for cluster-specific encryption-in-transit settings in DistCp and CLI
> -----------------------------------------------------------------------------
>
> Key: HDFS-17775
> URL: https://issues.apache.org/jira/browse/HDFS-17775
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: distcp
> Reporter: Karthik Palanisamy
> Priority: Major
>
> We have a scenario in Kerberized clusters where copying data from unencrypted
> zone to encrypted zone is only supporting if both the source and target
> clusters have matching encryption-in-transit configurations - specifically,
> the {{{}hadoop.rpc.protection{}}}, {{{}dfs.data.transfer.protection{}}}, and
> {{dfs.encrypt.data.transfer}} settings must align.
> However, user may not have the same configuration so we need to use an
> alternative to this like {{{}WebHDFS{}}}.
> We need to enhance {{DistCp}} and CLI to allow optionally specifying separate
> configurations for the source and target clusters. This way, each cluster
> could use its own encryption-in-transit settings during the transfer.
> *Error: javax.security.sasl.SaslException: No common protection layer between
> client and server*
> Note: To test this, I did override the source conf in the code which transfer
> worked.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
