[ 
https://issues.apache.org/jira/browse/HADOOP-16524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16912590#comment-16912590
 ] 

Kihwal Lee edited comment on HADOOP-16524 at 8/21/19 6:37 PM:
--------------------------------------------------------------

This does not cover DataNode, since its front-end is netty-based. The 
HttpServer2/jetty based server is internal. Unlike HttpServer2, the netty-based 
DatanodeHttpServer still uses SSLFactory. We have internally modified 
SSLFactory to enable automatic reloading of cert.  This will also make secure 
mapreduce shuffle server to reload cert.  I can add it to this patch if people 
are interested. We have used it for several years in production.


was (Author: kihwal):
This does not cover DataNode, since its front-end is netty-based. The 
HttpServer2/jetty based server is internal. Unlike HttpServer2, the netty-based 
DatanodeHttpServer still uses SSLFactory. We have internally modified 
SSLFactory to enable automatic reloading of cert.  This will also make secure 
mapreduce shuffle server to reload cert.  I can add it to this patch if people 
are interested.

> Automatic keystore reloading for HttpServer2
> --------------------------------------------
>
>                 Key: HADOOP-16524
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16524
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kihwal Lee
>            Assignee: Kihwal Lee
>            Priority: Major
>         Attachments: HADOOP-16524.patch
>
>
> Jetty 9 simplified reloading of keystore.   This allows hadoop daemon's SSL 
> cert to be updated in place without having to restart the service.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to