Sandor Molnar created AMBARI-22981: -------------------------------------- Summary: Update Hadoop RPC Encryption Properties During Upgrade Key: AMBARI-22981 URL: https://issues.apache.org/jira/browse/AMBARI-22981 Project: Ambari Issue Type: Task Components: ambari-server Affects Versions: 2.7.0 Reporter: Sandor Molnar Assignee: Sandor Molnar Fix For: 2.7.0
When *HDP 3.0.0* is installed, clients should have the ability to choose encrypted communication over RPC when talking to core hadoop components. Today, the properties that control this are: - {{core-site.xml : hadoop.rpc.protection = authentication}} - {{hdfs-site.xml : dfs.data.transfer.protection = authentication}} The new value of {{privacy}} enables clients to choose an encrypted means of communication. By keeping {{authentication}} first, it will be taken as the default mechanism so that wire encryption is not automatically enabled by accident. The following properties should be changed to add {{privacy}}: - {{core-site.xml : hadoop.rpc.protection = authentication,privacy}} - {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}} The following are cases when this needs to be performed: - During Kerberization, the above two properties should be automatically reconfigured. - During a stack upgrade to any version of *HDP 3.0.0*, they should be automatically merged Blueprint deployment is not a scenario being covered here. -- This message was sent by Atlassian JIRA (v7.6.3#76005)