[
https://issues.apache.org/jira/browse/HBASE-28038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Duo Zhang updated HBASE-28038:
------------------------------
Fix Version/s: (was: 4.0.0-alpha-1)
> Add TLS settings to ZooKeeper client
> ------------------------------------
>
> Key: HBASE-28038
> URL: https://issues.apache.org/jira/browse/HBASE-28038
> Project: HBase
> Issue Type: Improvement
> Components: Zookeeper
> Affects Versions: 3.0.0-alpha-4, 2.4.17, 2.5.5
> Reporter: Andor Molnar
> Assignee: Andor Molnar
> Priority: Major
> Labels: ssl, tls, zookeeper
> Fix For: 2.6.0, 2.4.18, 2.5.6, 3.0.0-beta-1
>
>
> ZooKeeper supports TLS connection from its clients. Currently the only way to
> set up HBase for this is to add the following Java properties to the HBase
> process:
> {noformat}
>
> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
> -Dzookeeper.client.secure=true
> -Dzookeeper.ssl.keyStore.location=/path/to/keystore.jks
> -Dzookeeper.ssl.keyStore.password=password
> -Dzookeeper.ssl.trustStore.location=/path/to/truststore.jks
> -Dzookeeper.ssl.trustStore.password=password
> {noformat}
> KeyStore is only needed if ZooKeeper server wants client certificate to be
> provided.
> I'd like to add these options to hbase-site.xml in the following way:
> {noformat}
> hbase.zookeeper.property.clientCnxnSocket
> hbase.zookeeper.property.client.secure
> hbase.zookeeper.property.ssl.keyStore.location
> hbase.zookeeper.property.ssl.keyStore.password or
> hbase.zookeeper.property.ssl.keyStore.passwordPath
> ...{noformat}
> It will follow the way that we already do for ZooKeeper clientPort and quorum
> settings. ("hbase.zookeeper.property.clientPort", "hbase.zookeeper.quorum")
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
