[ https://issues.apache.org/jira/browse/AMBARI-22803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-22803: ---------------------------------- Description: When *HDP 3.0.0* is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are: - {{core-site.xml : hadoop.rpc.protection = authentication}} - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}} The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident. The following properties should be changed to add {{privacy}}: - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}} - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}} The following are cases when this needs to be performed: - During Kerberization, the above two properties should be automatically reconfigured. - During a stack upgrade to any version of *HDP 3.0.0*, they should be automatically merged Blueprint deployment is not a scenario being covered here. was: When *HDP 3.0.0* is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are: - {{core-site.xml : hadoop.rpc.protection = authentication}} - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}} The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident. The following properties should be changed to add {{privacy}}: - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}} - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}} The following are cases when this needs to be performed: - During Kerberization, the above two properties should be automatically reconfigured. - During a stack upgrade to any version of HDP 2.6, they should be automatically merged Blueprint deployment is not a scenario being covered here. > Update Hadoop RPC Encryption Properties During Kerberization and Upgrade > ------------------------------------------------------------------------ > > Key: AMBARI-22803 > URL: https://issues.apache.org/jira/browse/AMBARI-22803 > Project: Ambari > Issue Type: Task > Components: ambari-server > Affects Versions: 2.7.0 > Reporter: Jonathan Hurley > Assignee: Sandor Molnar > Priority: Critical > Fix For: 2.7.0 > > Attachments: AMBARI-22803.patch > > > When *HDP 3.0.0* is installed, clients should have the ability to choose > encrypted communication over RPC when talking to core hadoop components. > Today, the properties that control this are: > - {{core-site.xml : hadoop.rpc.protection = authentication}} > - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}} > The new value of {{privacy}} enables clients to choose an encrypted means of > communication. By keeping {{authentication}} first, it will be taken as the > default mechanism so that wire encryption is not automatically enabled by > accident. > The following properties should be changed to add {{privacy}}: > - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}} > - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}} > The following are cases when this needs to be performed: > - During Kerberization, the above two properties should be automatically > reconfigured. > - During a stack upgrade to any version of *HDP 3.0.0*, they should be > automatically merged > Blueprint deployment is not a scenario being covered here. -- This message was sent by Atlassian JIRA (v7.6.3#76005)