[
https://issues.apache.org/jira/browse/HADOOP-16524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16912590#comment-16912590
]
Kihwal Lee edited comment on HADOOP-16524 at 8/21/19 6:37 PM:
--------------------------------------------------------------
This does not cover DataNode, since its front-end is netty-based. The
HttpServer2/jetty based server is internal. Unlike HttpServer2, the netty-based
DatanodeHttpServer still uses SSLFactory. We have internally modified
SSLFactory to enable automatic reloading of cert. This will also make secure
mapreduce shuffle server to reload cert. I can add it to this patch if people
are interested. We have used it for several years in production.
was (Author: kihwal):
This does not cover DataNode, since its front-end is netty-based. The
HttpServer2/jetty based server is internal. Unlike HttpServer2, the netty-based
DatanodeHttpServer still uses SSLFactory. We have internally modified
SSLFactory to enable automatic reloading of cert. This will also make secure
mapreduce shuffle server to reload cert. I can add it to this patch if people
are interested.
> Automatic keystore reloading for HttpServer2
> --------------------------------------------
>
> Key: HADOOP-16524
> URL: https://issues.apache.org/jira/browse/HADOOP-16524
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kihwal Lee
> Assignee: Kihwal Lee
> Priority: Major
> Attachments: HADOOP-16524.patch
>
>
> Jetty 9 simplified reloading of keystore. This allows hadoop daemon's SSL
> cert to be updated in place without having to restart the service.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
