[jira] [Commented] (AMBARI-22981) Update Hadoop RPC Encryption Properties During Upgrade

Wed, 07 Mar 2018 09:03:17 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-22981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16389802#comment-16389802
 ] 

Hudson commented on AMBARI-22981:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #8822 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/8822/])
[AMBARI-22981] Updating Hadoop RPC Encryption Properties During Upgrade 
(rlevas: 
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=ce7237cc4a2f1dd78b929c83a6db5ef62018bd84])
* (edit) 
ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-3.0.xml
* (edit) 
ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
* (edit) ambari-web/app/data/configs/wizards/secure_mapping.js


> Update Hadoop RPC Encryption Properties During Upgrade
> ------------------------------------------------------
>
>                 Key: AMBARI-22981
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22981
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.7.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 2.7.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> When *HDP 3.0.0* is installed, clients should have the ability to choose 
> encrypted communication over RPC when talking to core hadoop components. 
> Today, the properties that control this are:
>  - {{core-site.xml : hadoop.rpc.protection = authentication}}
>  - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
> The new value of {{privacy}} enables clients to choose an encrypted means of 
> communication. By keeping {{authentication}} first, it will be taken as the 
> default mechanism so that wire encryption is not automatically enabled by 
> accident.
> The following properties should be changed to add {{privacy}}:
>  - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
>  - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
> The following are cases when this needs to be performed:
>  - During Kerberization (this case is covered by AMBARI-22803)
>  - During a stack upgrade to any version of *HDP 3.0.0*, they should be 
> automatically merged
> Blueprint deployment is not a scenario being covered here.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to