[YARN-11468] Zookeeper SSL/TLS support - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.4.0
Component/s: resourcemanager
Labels:
- pull-request-available

Target Version/s:

3.4.0
Hadoop Flags:

Reviewed

Description

Zookeeper 3.5.5 server can operate with SSL/TLS secure connection with its clients.

https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide

The SSL communication should be possible in the different parts of YARN, where it communicates with Zookeeper servers. The Zookeeper clients are used in the following places:

ResourceManager
ZKConfigurationStore
ZKRMStateStore

The yarn.resourcemanager.zk-client-ssl.enabled flag to enable SSL communication should be provided in the yarn-default.xml and the required parameters for the keystore and truststore should be picked up from the core-default.xml (~~HADOOP-18709~~)

yarn.resourcemanager.ha.curator-leader-elector.enabled has to set to true via yarn-site.xml to make sure Curator is used, otherwise we can't enable SSL.

Attachments

Issue Links

is blocked by

HADOOP-18709 Add curator based ZooKeeper communication support over SSL/TLS into the common library

Resolved

relates to

HADOOP-16579 Upgrade to Apache Curator 4.2.0 and ZooKeeper 3.5.6 in Hadoop

Resolved

YARN-9783 Remove low-level zookeeper test to be able to build Hadoop against zookeeper 3.5.5

Resolved

links to

GitHub Pull Request #6027

GitHub Pull Request #6114

Activity

People

Assignee:: Ferenc Erdelyi

Reporter:: Ferenc Erdelyi

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Apr/23 15:07

Updated:: 28/Jan/24 01:01

Resolved:: 27/Sep/23 22:23