[
https://issues.apache.org/jira/browse/HADOOP-15980?focusedWorklogId=723132&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-723132
]
ASF GitHub Bot logged work on HADOOP-15980:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 08/Feb/22 20:14
Start Date: 08/Feb/22 20:14
Worklog Time Spent: 10m
Work Description: vnhive opened a new pull request #3966:
URL: https://github.com/apache/hadoop/pull/3966
HADOOP-15980 : Enable TLS in RPC client/server
1 HADOOP-15980 : Enable TLS in RPC client/server
================================================
This pull request integrates the work done in the JIRAs for,
- HADOOP-15978 : Add Netty support to the RPC server
- HADOOP-15979 : Add Netty support to the RPC client
and then creates a prototype for enabling the SSL Handler over the
channel pipeline created in the above JIRAs. Specifically the
following work has been done,
1.1 HADOOP-15978 : Add Netty Support to the RPC Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Integrating the initial patch submitted by Daryn
- Integrating the patch for JAR shading provided by Wei-Chiu Chuang.
- Fixes for unit test failures
- Adding comments and Javadoc.
1.2 HADOOP-15979 : Add Netty support to the RPC client
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Integrating the initial patch submitted by Daryn.
- Addressing the initial comments given by Wei-Chiu Chuang on the
patch.
- Enabling the Netty Client flag in the unit tests.
1.3 HADOOP-15980 : Enable TLS in RPC client/server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Post the above changes we added the SSLHandlers to the Server and
Client Channel pipelines and building the SSLContext from a
SelfSignedCertificate class.
- We had to change NettyOutputStream::write to use
Channel::writeAndFlush. We had to do this because the connection
context packet was not being flushed when a tez session was being
opened. The packet sent after the connection context packet was
being parsed as the header packet causing an error.
- We have a prototype internally using which Hive insert queries are
running successfully.
- There are unit test failures that we are working on fixing.
- I have discussed the changes with Akira offline. I highly respect
his opinion to share early versions of the patches and solicit
feedback on the changes continuously. Although the current patch
is not complete I am submitting it to solicit feedback. I will also keep
posting patches continuously.
- I am also taking Akira's advice and tagging @daryn-sharp and @jojochuang
.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 723132)
Remaining Estimate: 0h
Time Spent: 10m
> Enable TLS in RPC client/server
> -------------------------------
>
> Key: HADOOP-15980
> URL: https://issues.apache.org/jira/browse/HADOOP-15980
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc, security
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Once the RPC client and server can be configured to use Netty, the TLS engine
> can be added to the channel pipeline. The server should allow QoS-like
> functionality to determine if TLS is mandatory or optional for a client.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
