HBASE-27538 Add paragraph and example for cert reloading (#4927)

Signed-off-by: Tak Lon (Stephen) Wu <taklwu@apache.org>
Signed-off-by: Bryan Beaudreault <bbeaudreault@apache.org>
This commit is contained in:
Andor Molnár 2022-12-15 23:46:45 +01:00 committed by GitHub
parent 105a2749f4
commit 5fc4328d2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions

View File

@ -906,6 +906,20 @@ restart fashion.
WARNING: Once `hbase.client.netty.tls.enabled` is enabled on the server side, the cluster will only be able to communicate WARNING: Once `hbase.client.netty.tls.enabled` is enabled on the server side, the cluster will only be able to communicate
with other clusters which have TLS enabled. For example, this would impact inter-cluster replication. with other clusters which have TLS enabled. For example, this would impact inter-cluster replication.
=== Enable automatic certificate reloading
Certificates usually expire after some time to improve security. In this case we need to replace them by modifying
Keystore / Truststore files and HBase processes have to be restarted. In order to avoid that you can enable automatic
file change detection and certificate reloading with the following option. Default: false.
[source,xml]
----
<property>
<name>hbase.rpc.tls.certReload</name>
<value>true</value>
</property>
----
=== Additional configuration === Additional configuration
==== Enabled protocols ==== Enabled protocols