Review Request 64956: Update Hadoop RPC Encryption Properties During Kerberization and Upgrade

Thu, 04 Jan 2018 12:17:09 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64956/
-----------------------------------------------------------

Review request for Ambari, Dmytro Grinenko, Dmitro Lisnichenko, and Nate Cole.


Bugs: AMBARI-22725
    https://issues.apache.org/jira/browse/AMBARI-22725


Repository: ambari


Description
-------

Clients should have the ability to choose encrypted communication over RPC when 
talking to core hadoop components. Today, the properties that control this are:

- {{core-site.xml : hadoop.rpc.protection = authentication}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}

The new value of {{privacy}} enables clients to choose an encrypted means of 
communication. By keeping {{authentication}} first, it will be taken as the 
default mechanism so that wire encryption is not automatically enabled by 
accident.

The following properties should be changed to add {{privacy}}:

- {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}

The following are cases when this needs to be performed:
- During Kerberization, the above two properties should be automatically 
reconfigured.
- During a stack upgrade to any version of HDP 2.6, they should be 
automatically merged

Blueprint deployment is not a scenario being covered here.


Diffs
-----

  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/ConfigureAction.java
 fbcde51b32 
  
ambari-server/src/main/java/org/apache/ambari/server/state/stack/upgrade/ClusterGrouping.java
 c1a05c03b4 
  
ambari-server/src/main/java/org/apache/ambari/server/state/stack/upgrade/StageWrapperBuilder.java
 7fd8938f7d 
  
ambari-server/src/main/java/org/apache/ambari/server/state/stack/upgrade/Task.java
 2167b7b464 
  ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
0b0c9c56af 
  ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/kerberos.json 
f8bdc5cc5c 
  ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml 
94787225f1 
  
ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
 d506f1f16c 
  ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml 
17a63943ba 
  ambari-server/src/main/resources/upgrade-pack.xsd 9e50a087b6 
  
ambari-server/src/test/java/org/apache/ambari/server/state/UpgradeHelperTest.java
 ac9be666c7 
  
ambari-server/src/test/resources/stacks/HDP/2.2.0/upgrades/upgrade_test_conditions.xml
 61c891a4be 


Diff: https://reviews.apache.org/r/64956/diff/1/


Testing
-------

PENDING


Thanks,

Jonathan Hurley

Reply via email to