[ https://issues.apache.org/jira/browse/HDFS-13699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799351#comment-16799351 ]
Chen Liang commented on HDFS-13699: ----------------------------------- Post v007 patch with various refactoring. The logic remains the same. To make it less confusing for review, I want to mention that part of the logic is to enable overwriting downstream inter-DN QOP. Namely, we want to allow client talking to first DN with QOP1, but the DN themselves talk to each other using QOP2, and QOP1 and QOP2 can be different. This is useful when client is external and has security requirement different from DNs which are all in the same cluster. The way the patch works is by configuring QOP2 which overwrites QOP1 at run-time. > Add DFSClient sending handshake token to DataNode, and allow DataNode > overwrite downstream QOP > ---------------------------------------------------------------------------------------------- > > Key: HDFS-13699 > URL: https://issues.apache.org/jira/browse/HDFS-13699 > Project: Hadoop HDFS > Issue Type: Sub-task > Reporter: Chen Liang > Assignee: Chen Liang > Priority: Major > Attachments: HDFS-13699.001.patch, HDFS-13699.002.patch, > HDFS-13699.003.patch, HDFS-13699.004.patch, HDFS-13699.005.patch, > HDFS-13699.006.patch, HDFS-13699.007.patch, HDFS-13699.WIP.001.patch > > > Given the other Jiras under HDFS-13541, this Jira is to allow DFSClient to > redirect the encrypt secret to DataNode. The encrypted message is the QOP > that client and NameNode have used. DataNode decrypts the message and enforce > the QOP for the client connection. Also, this Jira will also include > overwriting downstream QOP, as mentioned in the HDFS-13541 design doc. > Namely, this is to allow inter-DN QOP that is different from client-DN QOP. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org