Charles Connell created HADOOP-18967:
----------------------------------------
Summary: Allow secure mode to be enabled with no downtime
Key: HADOOP-18967
URL: https://issues.apache.org/jira/browse/HADOOP-18967
Project: Hadoop Common
Issue Type: Improvement
Reporter: Charles Connell
My employer (HubSpot) recently completed transitioning all of the Hadoop
clusters underlying our HBase databases into secure mode. It was important to
us that we be able to make this change without impacting the functionality of
our SaaS product. To accomplish this, we added some new settings to our fork of
Hadoop, and fixed a latent bug. This ticket is my intention to contribute these
changes back to the mainline code, so others can benefits. A PR will be
incoming.
The basic theme of the new functionality is the ability to accept incoming
secure connections without requiring them or making them outgoing. Secure mode
enablement will then be done in two stages.
* First, all nodes are given configuration to accept secure connections, and
are gracefully rolling-restarted to adopt this new functionality. I'll be
adding the new settings to make this stage possible.
* Second, all nodes are told to require incoming connections be secure, and to
make secure outgoing connections, and the settings added in the first stage are
removed. Nodes are again rolling-restarted to adopt this functionality. The
settings in this final state will look the same as in any secure Hadoop cluster
today.
I'll include documentation changes explaining how to do this.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
