[jira] [Commented] (AMBARI-22725) Update Hadoop RPC Encryption Properties During Kerberization and Upgrade

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/AMBARI-22725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16321324#comment-16321324
 ] 

ASF GitHub Bot commented on AMBARI-22725:
-----------------------------------------

jonathan-hurley commented on issue #84: AMBARI-22725 - Update Hadoop RPC 
Encryption Properties During Kerberization and Upgrade (jonathanhurley)
URL: https://github.com/apache/ambari/pull/84#issuecomment-356770459
 
 
   One thing that bothers me is that this seems to only work with secure ports 
below 1024 - I think it should work on all ports. Checking with HDFS to see 
what the deal is there ... 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Update Hadoop RPC Encryption Properties During Kerberization and Upgrade
> ------------------------------------------------------------------------
>
>                 Key: AMBARI-22725
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22725
>             Project: Ambari
>          Issue Type: Task
>    Affects Versions: 2.6.2
>            Reporter: Jonathan Hurley
>            Assignee: Jonathan Hurley
>            Priority: Critical
>             Fix For: 2.6.2
>
>         Attachments: AMBARI-22725.patch
>
>
> Clients should have the ability to choose encrypted communication over RPC 
> when talking to core hadoop components. Today, the properties that control 
> this are:
> - {{core-site.xml : hadoop.rpc.protection = authentication}}
> - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
> The new value of {{privacy}} enables clients to choose an encrypted means of 
> communication. By keeping {{authentication}} first, it will be taken as the 
> default mechanism so that wire encryption is not automatically enabled by 
> accident.
> The following properties should be changed to add {{privacy}}:
> - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
> - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
> The following are cases when this needs to be performed:
> - During Kerberization, the above two properties should be automatically 
> reconfigured.
> - During a stack upgrade to any version of HDP 2.6, they should be 
> automatically merged
> Blueprint deployment is not a scenario being covered here.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)