István Fajth created HADOOP-18976:
-------------------------------------
Summary: Enable service specific keystores and truststores for ZK
SSL setup
Key: HADOOP-18976
URL: https://issues.apache.org/jira/browse/HADOOP-18976
Project: Hadoop Common
Issue Type: Improvement
Reporter: István Fajth
Currently we have the common config properties
hadoop.zk.(key|trust)store.(location|password) configuration options.
In HADOOP-18956 a ZKDelegationTokenSecretManager specific option was provided
for these configurations, so with that ZKDelegationTokenSecretManager's ZK
access can be set in a centralized fashion along with enabling it within
ResourceManager, and DFSZKFailoverController.
On the other hand with DTSecretMgr we introduce specific options to be able to
specify a separate keystore and truststore to be used.
A good improvement would be to add the truststore/keystore related options to
all the components, so that even if the common hadoop.zk.* properties are set,
and SSL is enabled, an individual component can have its own separate keystore
and truststore set via specific configs, however if there are no specific
config specified it can fall back to the common config values.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
