Andor Molnar created HBASE-28038:
------------------------------------
Summary: Add TLS settings to ZooKeeper client
Key: HBASE-28038
URL: https://issues.apache.org/jira/browse/HBASE-28038
Project: HBase
Issue Type: Improvement
Components: Zookeeper
Affects Versions: 2.5.5, 2.4.17, 3.0.0-alpha-4
Reporter: Andor Molnar
Assignee: Andor Molnar
ZooKeeper supports TLS connection from its clients. Currently the only way to
set up HBase for this is to add the following Java properties to the HBase
process:
{noformat}
-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
-Dzookeeper.client.secure=true
-Dzookeeper.ssl.keyStore.location=/path/to/keystore.jks
-Dzookeeper.ssl.keyStore.password=password
-Dzookeeper.ssl.trustStore.location=/path/to/truststore.jks
-Dzookeeper.ssl.trustStore.password=password
{noformat}
KeyStore is only needed if ZooKeeper server wants client certificate to be
provided.
I'd like to add these options to hbase-site.xml in the following way:
{noformat}
hbase.zookeeper.clientCnxnSocket=...
hbase.zookeeper.client.secure=...
hbase.zookeeper.ssl.keyStore=...
...{noformat}
It will follow the way that we already do for ZooKeeper clientPort and quorum
settings.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
