hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Nauroth <cnaur...@hortonworks.com>
Subject Re: Even after HDFS-2856 JSVC References are require..?
Date Thu, 10 Sep 2015 16:55:17 GMT
Yes, I have a paragraph in the docs describing how someone would go about
migrating a jsvc-based deployment to a SASL-based deployment.

http://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Secu
reMode.html#Secure_DataNode


It's a non-trivial operation that starts by making sure everyone is on 2.6
first.  This includes client deployments, which are notoriously more
difficult to control than server deployments.

--Chris Nauroth




On 9/10/15, 1:21 AM, "Steve Loughran" <stevel@hortonworks.com> wrote:

>SASL authenticates the DN on Hadoop 2.6+, but it requires the clients to
>be using the 2.6+ JARs; you can't use it on the 2.2-2.5 artifacts.
>
>> On 9 Sep 2015, at 18:45, Allen Wittenauer <aw@altiscale.com> wrote:
>> 
>> 
>> FWIW, I still use and prefer jsvc, esp with the sudo trick in place.
>> 
>> On Sep 9, 2015, at 9:35 AM, Chris Nauroth <cnauroth@hortonworks.com>
>>wrote:
>> 
>>> AFAIK, the majority of existing deployments still use jsvc to run a
>>> secured DataNode.  It would be a backwards-incompatible change to
>>>remove
>>> support for this deployment model.  For that reason, I would be -1 for
>>> removing jsvc support, at least in the 2.x line.
>>> 
>>> 
>>> It's something that could be considered for 3.x if we think the
>>>clean-up
>>> benefit outweighs the incompatibility cost.  Before we do that, I'd
>>>prefer
>>> to hear if end users are having success with the SASL deployment model.
>>> Brahma, are you asking because you run clusters with the SASL approach?
>>> If so, has it been working well?
>>> 
>>> --Chris Nauroth
>>> 
>>> 
>>> 
>>> 
>>> On 9/9/15, 9:25 AM, "Haohui Mai" <wheat9@apache.org> wrote:
>>> 
>>>> JSVC is no longer required. It causes a lot of headaches in
>>>> deployments. It's definitely a good target for clean ups.
>>>> 
>>>> ~Haohui
>>>> 
>>>> On Wed, Sep 9, 2015 at 5:24 AM, Brahma Reddy Battula
>>>> <brahmareddy.battula@huawei.com> wrote:
>>>>> Hi All,
>>>>> 
>>>>> AFAIK JSVC added secure the block tokens(..?).
>>>>> 
>>>>> Since block tokens are secure now (SASL used to secure the
>>>>> DataTransferProtocol, which transfers file block content between HDFS
>>>>> clients and DataNodes),then can we remove jsvc now (script files)..?
>>>>> 
>>>>> 
>>>>> 
>>>>> Thanks & Regards
>>>>> 
>>>>> Brahma Reddy Battula
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>> 
>> 
>> 
>
>


Mime
View raw message