accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2432) MAC should have an option for creating it's own ssl certs
Date Wed, 18 Jun 2014 22:34:25 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14036562#comment-14036562
] 

Josh Elser commented on ACCUMULO-2432:
--------------------------------------

I am not arguing with you in that one cannot presently configure MAC to run with SSL, I am
trying to tell you that it's not done in a friendly way. I have to know what the configuration
properties are, I have to generate my SSL bits, I have to set the proper Property.* variables
in the configuration Map (hope those Properties don't change across versions).

As SSL is a *feature* of Accumulo, I can't go about saying what the complete set of tests
that anyone might ever want to test. Heck, I won't even bother listing a single example. They
could do anything that is within the realm of possibility that Accumulo supports. [~kturner]
was grilling me on this as well and he tried to give me the analogy of how miniDfsCluster
was ripped out of MAC's "public" api. Now, I have to take extra steps to configure something
that, personally, I would've expected to be a very common usage detail. I still have the ability
to use it, but it's much more obnoxious to do so. The point is that SSL is, most likely, going
to be a very common configuration in running Accumulo that is expected. We should be recognizing
this and trying to make integration with it easier.

bq. Providing some "InsecureSecureEnvironment" is a bit non-sensical, isn't it? It's certainly
not intuitive, and I can't imagine such a thing's existence would actually raise confidence
in Accumulo's SSL features or encourage adoption.

No, it's not, otherwise I wouldn't have tried to make the point in the first place tyvm. I'm
trying to get you to consider the abstracts here. Regardless of the specifics of your security
details, there are going to be commonalities between all of these deployments. There are things
we can abstract away and codify for the user to follow and, getting back to my original point,
make it easier to use overall.

We do not have to push all of the difficulty in configuration onto the user all of the time.
We can think about what the common patterns will be and try to build useful software around
it rather than just saying "it depends too much, you're on your own".

> MAC should have an option for creating it's own ssl certs
> ---------------------------------------------------------
>
>                 Key: ACCUMULO-2432
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2432
>             Project: Accumulo
>          Issue Type: Bug
>          Components: mini
>            Reporter: John Vines
>              Labels: newbie
>             Fix For: 1.7.0
>
>
> Currently ssl certs must be generated prior to starting mac, and passed in. We should
find a way to make that as seamless as possible.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message