[jira] [Commented] (HDFS-13060) Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver

Wed, 31 Jan 2018 22:59:19 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-13060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348115#comment-16348115
 ] 

Hudson commented on HDFS-13060:
-------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13596 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/13596/])
HDFS-13060. Adding a BlacklistBasedTrustedChannelResolver for (xyao: rev 
af015c0b2359be317132e2cf35735429f4f34ea7)
* (add) 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/CombinedIPList.java
* (add) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/package-info.java
* (add) 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestBlackListBasedTrustedChannelResolver.java
* (add) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/BlackListBasedTrustedChannelResolver.java


> Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver
> ------------------------------------------------------------------------
>
>                 Key: HDFS-13060
>                 URL: https://issues.apache.org/jira/browse/HDFS-13060
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, security
>            Reporter: Xiaoyu Yao
>            Assignee: Ajay Kumar
>            Priority: Major
>             Fix For: 3.1.0
>
>         Attachments: HDFS-13060.000.patch, HDFS-13060.001.patch, 
> HDFS-13060.002.patch, HDFS-13060.003.patch
>
>
> HDFS-5910 introduces encryption negotiation between client and server based 
> on a customizable TrustedChannelResolver class. The TrustedChannelResolver is 
> invoked on both client and server side. If the resolver indicates that the 
> channel is trusted, then the data transfer will not be encrypted even if 
> dfs.encrypt.data.transfer is set to true. 
> The default trust channel resolver implementation returns false indicating 
> that the channel is not trusted, which always enables encryption. HDFS-5910 
> also added a build-int whitelist based trust channel resolver. It allows you 
> to put IP address/Network Mask of trusted client/server in whitelist files to 
> skip encryption for certain traffics. 
> This ticket is opened to add a blacklist based trust channel resolver for 
> cases only certain machines (IPs) are untrusted without adding each trusted 
> IP individually.
>   



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to