[
https://issues.apache.org/jira/browse/HDFS-5536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837267#comment-13837267
]
Jing Zhao commented on HDFS-5536:
---------------------------------
The patch looks great to me. Some comments (most of them are minor):
# Shall we deprecate the configuration "hadoop.ssl.enabled"?
# Could you explain why here we need to create an HdfsConfiguration instead of
the original Configuration (in both DN and NN)?
{code}
+ Configuration sslConf = new HdfsConfiguration(false);
sslConf.addResource(conf.get(
DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY,
DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_DEFAULT));
{code}
# It will be better to state the same meaning in the javadoc of
SecureDataNodeStarter:
{code}
+ // Obtain a listener for web server. The code intends to bind HTTP server
to
+ // privileged port only, as the client can authenticate the server using
+ // certificates if they are communicating through SSL.
{code}
# It will be better to have some unit tests to test the mapping between
different policies and http server connectors in NN/DN.
# Both NameNode.java and DataNode.java have a lot of changes in the import
section. Let's still use * in the import to avoid these changes.
# HttpServer.java only has a change with an empty line.
# Is the following document correct?
{code}
+*-------------------------+-------------------------+------------------------+
+| <<<dfs.http.policy>>> | <HTTPS_ONLY> or <HTTP_AND_HTTPS_ONLY| |
+| | | HTTPS_ONLY turns off http access |
{code}
# In the following document you mean "this property equals to setting ... for
..."? But this is only true if we do not set/load hadoop.ssl.enabled. Besides
maybe we should also deprecate dfs.https.enabled.
{code}
+ This property will map to "dfs.https.policy" of HTTP_AND_HTTPS.
{code}
# The following code
{code}
+ int port = infoSocAddr.getPort();
+ builder.addEndpoint(new URI("http", "", infoHost,
+ infoSocAddr.getPort(), "", "", ""));
+ if (port == 0) {
+ builder.setFindPort(true);
+ }
{code}
can be simplified to something like
{code}
int port = infoSocAddr.getPort();
builder.addEndpoint(new URI("http", "", infoHost, port, "", "",
"")).setFindPort(port == 0);
{code}
so that we do not need to call getPort twice. This also applies to
SecureDataNodeStarter and NameNodeHttpServer.
> Implement HTTP policy for Namenode and DataNode
> -----------------------------------------------
>
> Key: HDFS-5536
> URL: https://issues.apache.org/jira/browse/HDFS-5536
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Haohui Mai
> Assignee: Haohui Mai
> Attachments: HDFS-5536.000.patch, HDFS-5536.001.patch,
> HDFS-5536.002.patch, HDFS-5536.003.patch, HDFS-5536.004.patch,
> HDFS-5536.005.patch, HDFS-5536.006.patch
>
>
> this jira implements the http and https policy in the namenode and the
> datanode.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
