hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoyu Yao (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-13060) Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver
Date Thu, 01 Feb 2018 06:42:00 GMT

     [ https://issues.apache.org/jira/browse/HDFS-13060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Xiaoyu Yao updated HDFS-13060:
------------------------------
       Resolution: Fixed
     Hadoop Flags: Reviewed
    Fix Version/s: 3.1.0
           Status: Resolved  (was: Patch Available)

Thanks [~ajayydv] for the contribution. I've committed the patch to the trunk and branch-3.0.

> Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver
> ------------------------------------------------------------------------
>
>                 Key: HDFS-13060
>                 URL: https://issues.apache.org/jira/browse/HDFS-13060
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, security
>            Reporter: Xiaoyu Yao
>            Assignee: Ajay Kumar
>            Priority: Major
>             Fix For: 3.1.0
>
>         Attachments: HDFS-13060.000.patch, HDFS-13060.001.patch, HDFS-13060.002.patch,
HDFS-13060.003.patch
>
>
> HDFS-5910 introduces encryption negotiation between client and server based on a customizable
TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server
side. If the resolver indicates that the channel is trusted, then the data transfer will not
be encrypted even if dfs.encrypt.data.transfer is set to true. 
> The default trust channel resolver implementation returns false indicating that the channel
is not trusted, which always enables encryption. HDFS-5910 also added a build-int whitelist
based trust channel resolver. It allows you to put IP address/Network Mask of trusted client/server
in whitelist files to skip encryption for certain traffics. 
> This ticket is opened to add a blacklist based trust channel resolver for cases only
certain machines (IPs) are untrusted without adding each trusted IP individually.
>   



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message