[ https://issues.apache.org/jira/browse/HADOOP-18956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Zita Dombi updated HADOOP-18956: -------------------------------- Description: HADOOP-18709 added support for Zookeeper to communicate with SSL/TLS enabled in hadoop-common. With those changes we have the necessary parameters, that we need to set to enable SSL/TLS in a ZK Client. That change also did changes in ZKCuratorManager, so with that it is easy to set the SSL/TLS, for Yarn it was done in YARN-11468. In DelegationTokenAuthenticationFilter currently we are using CuratorFrameworkFactory, it'd be good to change it to use ZKCuratorManager and with that we should support SSL/TLS enablement. *UPDATE* So as I investigated this a bit more, it wouldn't be so easy to move to using ZKCuratorManager. DelegationTokenAuthenticationFilter uses ZK from two places: in ZKDelegationTokenSecretManager and in ZKSignerSecretProvider. In both places it uses CuratorFrameworkFactory, but the attributes and creation differentiates from ZKCuratorManager. In ZKDelegationTokenSecretManager it would be easy to add the new config and based on that create ZK with CuratorFrameworkFactory. But ZKSignerSecretProvider is in hadoop-auth module and with my change it would need hadoop-common, so it would introduce circular dependency between modules 'hadoop-auth' and 'hadoop-common'. I'm still working on a straightforward solution. was: HADOOP-18709 added support for Zookeeper to communicate with SSL/TLS enabled in hadoop-common. With those changes we have the necessary parameters, that we need to set to enable SSL/TLS in a ZK Client. That change also did changes in ZKCuratorManager, so with that it is easy to set the SSL/TLS, for Yarn it was done in YARN-11468. In DelegationTokenAuthenticationFilter currently we are using CuratorFrameworkFactory, it'd be good to change it to use ZKCuratorManager and with that we should support SSL/TLS enablement. > Zookeeper SSL/TLS support in DelegationTokenAuthenticationFilter > ---------------------------------------------------------------- > > Key: HADOOP-18956 > URL: https://issues.apache.org/jira/browse/HADOOP-18956 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Zita Dombi > Assignee: Zita Dombi > Priority: Major > > HADOOP-18709 added support for Zookeeper to communicate with SSL/TLS enabled > in hadoop-common. With those changes we have the necessary parameters, that > we need to set to enable SSL/TLS in a ZK Client. That change also did changes > in ZKCuratorManager, so with that it is easy to set the SSL/TLS, for Yarn it > was done in YARN-11468. > In DelegationTokenAuthenticationFilter currently we are using > CuratorFrameworkFactory, it'd be good to change it to use ZKCuratorManager > and with that we should support SSL/TLS enablement. > *UPDATE* > So as I investigated this a bit more, it wouldn't be so easy to move to using > ZKCuratorManager. > DelegationTokenAuthenticationFilter uses ZK from two places: in > ZKDelegationTokenSecretManager and in ZKSignerSecretProvider. In both places > it uses CuratorFrameworkFactory, but the attributes and creation > differentiates from ZKCuratorManager. > In ZKDelegationTokenSecretManager it would be easy to add the new config and > based on that create ZK with CuratorFrameworkFactory. But > ZKSignerSecretProvider is in hadoop-auth module and with my change it would > need hadoop-common, so it would introduce circular dependency between modules > 'hadoop-auth' and 'hadoop-common'. I'm still working on a straightforward > solution. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org