István Fajth created HADOOP-18976: ------------------------------------- Summary: Enable service specific keystores and truststores for ZK SSL setup Key: HADOOP-18976 URL: https://issues.apache.org/jira/browse/HADOOP-18976 Project: Hadoop Common Issue Type: Improvement Reporter: István Fajth
Currently we have the common config properties hadoop.zk.(key|trust)store.(location|password) configuration options. In HADOOP-18956 a ZKDelegationTokenSecretManager specific option was provided for these configurations, so with that ZKDelegationTokenSecretManager's ZK access can be set in a centralized fashion along with enabling it within ResourceManager, and DFSZKFailoverController. On the other hand with DTSecretMgr we introduce specific options to be able to specify a separate keystore and truststore to be used. A good improvement would be to add the truststore/keystore related options to all the components, so that even if the common hadoop.zk.* properties are set, and SSL is enabled, an individual component can have its own separate keystore and truststore set via specific configs, however if there are no specific config specified it can fall back to the common config values. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org