Details
-
Improvement
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
3.4.0
-
Reviewed
Description
Zookeeper 3.5.5 server can operate with SSL/TLS secure connection with its clients.
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide
The SSL communication should be possible in the different parts of YARN, where it communicates with Zookeeper servers. The Zookeeper clients are used in the following places:
- ResourceManager
- ZKConfigurationStore
- ZKRMStateStore
The yarn.resourcemanager.zk-client-ssl.enabled flag to enable SSL communication should be provided in the yarn-default.xml and the required parameters for the keystore and truststore should be picked up from the core-default.xml (HADOOP-18709)
yarn.resourcemanager.ha.curator-leader-elector.enabled has to set to true via yarn-site.xml to make sure Curator is used, otherwise we can't enable SSL.
Attachments
Issue Links
- is blocked by
-
HADOOP-18709 Add curator based ZooKeeper communication support over SSL/TLS into the common library
- Resolved
- relates to
-
HADOOP-16579 Upgrade to Apache Curator 4.2.0 and ZooKeeper 3.5.6 in Hadoop
- Resolved
-
YARN-9783 Remove low-level zookeeper test to be able to build Hadoop against zookeeper 3.5.5
- Resolved
- links to