hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9709) Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy)
Date Mon, 31 Mar 2014 23:37:29 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13955883#comment-13955883
] 

Benoy Antony commented on HADOOP-9709:
--------------------------------------

resolved at the RPC layer and data transfer protocol via HADOOP-10221 and HDFS-5910

> Add ability in Hadoop servers (Namenode, Datanode, ResourceManager )  to support multiple
QOP (Authentication , Privacy) 
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9709
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9709
>             Project: Hadoop Common
>          Issue Type: New Feature
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>
> Hadoop Servers currently support only one QOP for the whole cluster.
> We want Hadoop servers to support different quality of protection at the same time. This
will enable different clients to use different QOP.
> A simple usecase:
> Let each Hadoop server support two QOP .
> 1.  Authentication
> 2. Privacy (Privacy includes Authentication) . 
> The Hadoop servers and internal clients does Authentication without incurring cost of
encryption. External clients use Privacy. 
> The hadoop servers and internal clients are inside the firewall. External clients are
outside the firewall.
> As an enhancement , it is possible to add  a pluggable check (eg. IP whitelist) to identify
internal and external clients. 
> The implementation is simple. 
> Each Hadoop server listens on multiple ports by configuration with different QOP. 
> For the usecase mentioned above, the servers - NameNode, DataNode, ResourceManager listen
on two ports (much like 80(http) and 443(https)) for RPC and Streaming.  ApplicationMaster
uses a range of ports for privacy and non-privacy and picks up a port and QOP based on client's
config for client communication.
> The clients specify the port which they are supposed to connect to. Clients specify the
rpc protection as well encryption policy for streaming layer.
> This is an umbrella jira . 
> I have divided this feature into multiple small tasks. I'll add testcases once the approach
is reviewed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message