[
https://issues.apache.org/jira/browse/HADOOP-18967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18028232#comment-18028232
]
ASF GitHub Bot commented on HADOOP-18967:
-----------------------------------------
github-actions[bot] commented on PR #6293:
URL: https://github.com/apache/hadoop/pull/6293#issuecomment-3379128861
We're closing this stale PR because it has been open for 100 days with no
activity. This isn't a judgement on the merit of the PR in any way. It's just a
way of keeping the PR queue manageable.
If you feel like this was a mistake, or you would like to continue working
on it, please feel free to re-open it and ask for a committer to remove the
stale tag and review again.
Thanks all for your contribution.
> Allow no-downtime migration of HDFS clusters into secure mode
> -------------------------------------------------------------
>
> Key: HADOOP-18967
> URL: https://issues.apache.org/jira/browse/HADOOP-18967
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Charles Connell
> Priority: Minor
> Labels: pull-request-available
>
> My employer (HubSpot) recently completed transitioning all of the Hadoop
> clusters underlying our HBase databases into secure mode. It was important to
> us that we be able to make this change without impacting the functionality of
> our SaaS product. To accomplish this, we added some new settings to our fork
> of Hadoop, and fixed a latent bug (HADOOP-18972). This ticket is my intention
> to contribute these changes back to the mainline code, so others can benefit.
> A patch will be incoming.
> It was only necessary to change the HDFS code, because other Hadoop
> components are already able to seamlessly switch into secure mode.
> The basic theme of the new functionality is the ability to accept incoming
> secure connections without requiring them or making them outgoing. Secure
> mode enablement will then be done in two stages.
> * First, all nodes are given configuration to accept secure connections, and
> are gracefully rolling-restarted to adopt this new functionality. I'll be
> adding the new settings to make this stage possible.
> * Second, all nodes are told to require incoming connections be secure, and
> to make secure outgoing connections, and the settings added in the first
> stage are removed. Nodes are again rolling-restarted to adopt this
> functionality. The settings in this final state will look the same as in any
> secure Hadoop cluster today.
> I'll include documentation changes explaining how to do this.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
