Andor Molnar created HBASE-28038: ------------------------------------ Summary: Add TLS settings to ZooKeeper client Key: HBASE-28038 URL: https://issues.apache.org/jira/browse/HBASE-28038 Project: HBase Issue Type: Improvement Components: Zookeeper Affects Versions: 2.5.5, 2.4.17, 3.0.0-alpha-4 Reporter: Andor Molnar Assignee: Andor Molnar
ZooKeeper supports TLS connection from its clients. Currently the only way to set up HBase for this is to add the following Java properties to the HBase process: {noformat} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=/path/to/keystore.jks -Dzookeeper.ssl.keyStore.password=password -Dzookeeper.ssl.trustStore.location=/path/to/truststore.jks -Dzookeeper.ssl.trustStore.password=password {noformat} KeyStore is only needed if ZooKeeper server wants client certificate to be provided. I'd like to add these options to hbase-site.xml in the following way: {noformat} hbase.zookeeper.clientCnxnSocket=... hbase.zookeeper.client.secure=... hbase.zookeeper.ssl.keyStore=... ...{noformat} It will follow the way that we already do for ZooKeeper clientPort and quorum settings. -- This message was sent by Atlassian Jira (v8.20.10#820010)