[jira] [Commented] (HDFS-13699) Add DFSClient sending handshake token to DataNode, and allow DataNode overwrite downstream QOP

Fri, 22 Mar 2019 14:09:05 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-13699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799351#comment-16799351
 ] 

Chen Liang commented on HDFS-13699:
-----------------------------------

Post v007 patch with various refactoring. The logic remains the same. To make 
it less confusing for review, I want to mention that part of the logic is to 
enable overwriting downstream inter-DN QOP. Namely, we want to allow client 
talking to first DN with QOP1, but the DN themselves talk to each other using 
QOP2, and QOP1 and QOP2 can be different. This is useful when client is 
external and has security requirement different from DNs which are all in the 
same cluster. The way the patch works is by configuring QOP2 which overwrites 
QOP1 at run-time.

> Add DFSClient sending handshake token to DataNode, and allow DataNode 
> overwrite downstream QOP
> ----------------------------------------------------------------------------------------------
>
>                 Key: HDFS-13699
>                 URL: https://issues.apache.org/jira/browse/HDFS-13699
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>            Reporter: Chen Liang
>            Assignee: Chen Liang
>            Priority: Major
>         Attachments: HDFS-13699.001.patch, HDFS-13699.002.patch, 
> HDFS-13699.003.patch, HDFS-13699.004.patch, HDFS-13699.005.patch, 
> HDFS-13699.006.patch, HDFS-13699.007.patch, HDFS-13699.WIP.001.patch
>
>
> Given the other Jiras under HDFS-13541, this Jira is to allow DFSClient to 
> redirect the encrypt secret to DataNode. The encrypted message is the QOP 
> that client and NameNode have used. DataNode decrypts the message and enforce 
> the QOP for the client connection. Also, this Jira will also include 
> overwriting downstream QOP, as mentioned in the HDFS-13541 design doc. 
> Namely, this is to allow inter-DN QOP that is different from client-DN QOP.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to