[jira] [Updated] (YARN-11468) Zookeeper SSL/TLS support

Ferenc Erdelyi (Jira) Thu, 21 Sep 2023 07:11:08 -0700


     [ 
https://issues.apache.org/jira/browse/YARN-11468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ferenc Erdelyi updated YARN-11468:
----------------------------------
    Description: 
Zookeeper 3.5.5 server can operate with SSL/TLS secure connection with its 
clients.

[https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide]

The SSL communication should be possible in the different parts of YARN, where 
it communicates with Zookeeper servers. The Zookeeper clients are used in the 
following places:
 * ResourceManager
 * ZKConfigurationStore
 * ZKRMStateStore

The yarn.resourcemanager.zk-client-ssl.enabled flag to enable SSL communication 
should be provided in the yarn-default.xml and the required parameters for the 
keystore and truststore should be picked up from the core-default.xml 
(HADOOP-18709)

yarn.resourcemanager.ha.curator-leader-elector.enabled has to set to true via 
yarn-site.xml to make sure Curator is used, otherwise we can't enable SSL.

  was:
Zookeeper 3.5.5 server can operate with SSL/TLS secure connection with its 
clients.

[https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide]

The SSL communication should be possible in the different parts of YARN, where 
it communicates with Zookeeper servers. The Zookeeper clients are used in the 
following places:
 * ResourceManager
 * ZKConfigurationStore
 * ZKRMStateStore

The yarn.resourcemanager.zk-client-ssl.enabled flag to enable SSL communication 
should be provided in the yarn-default.xml and the required parameters for the 
keystore and truststore should be picked up from the core-default.xml 
(HADOOP-18709)


> Zookeeper SSL/TLS support
> -------------------------
>
>                 Key: YARN-11468
>                 URL: https://issues.apache.org/jira/browse/YARN-11468
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: resourcemanager
>            Reporter: Ferenc Erdelyi
>            Assignee: Ferenc Erdelyi
>            Priority: Critical
>
> Zookeeper 3.5.5 server can operate with SSL/TLS secure connection with its 
> clients.
> [https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide]
> The SSL communication should be possible in the different parts of YARN, 
> where it communicates with Zookeeper servers. The Zookeeper clients are used 
> in the following places:
>  * ResourceManager
>  * ZKConfigurationStore
>  * ZKRMStateStore
> The yarn.resourcemanager.zk-client-ssl.enabled flag to enable SSL 
> communication should be provided in the yarn-default.xml and the required 
> parameters for the keystore and truststore should be picked up from the 
> core-default.xml (HADOOP-18709)
> yarn.resourcemanager.ha.curator-leader-elector.enabled has to set to true via 
> yarn-site.xml to make sure Curator is used, otherwise we can't enable SSL.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

[jira] [Updated] (YARN-11468) Zookeeper SSL/TLS support

Reply via email to