flink-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vinay patil <vinay18.pa...@gmail.com>
Subject Re: In-transit Data Encryption in EMR
Date Fri, 09 Jun 2017 14:18:04 GMT
Hi Guys,

Can anyone please provide me solution to my queries.

On Jun 8, 2017 11:30 PM, "Vinay Patil" <vinay18.patil@gmail.com> wrote:

> Hi Guys,
>
> I am able to setup SSL correctly, however the following command  does not
> work correctly and results in the error I had mailed earlier
>
> flink run -m yarn-cluster -yt deploy-keys/ TestJob.jar
>
>
> Few Doubts:
> 1. Can anyone please explain me how do you test if SSL is working
> correctly ? Currently I am just relying on the logs.
>
> 2. Wild Card is not working with the keytool command, can you please let
> me know what is the issue with the following command:
> keytool -genkeypair -alias ca -keystore: -ext SAN=dns:node1.*
>
>
> Regards,
> Vinay Patil
>
> On Mon, Jun 5, 2017 at 8:43 PM, vinay patil [via Apache Flink User Mailing
> List archive.] <ml+s2336050n13490h42@n4.nabble.com> wrote:
>
>> Hi Gordon,
>>
>> The yarn session gets created when I try to run the following command:
>> yarn-session.sh -n 4 -s 2 -jm 1024 -tm 3000 -d --ship deploy-keys/
>>
>> However when I try to access the Job Manager UI, it gives me exception as
>> :
>> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
>> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
>> unable to find valid certification path to requested target
>>
>> I am able to see the Job Manager UI  when I imported the CA certificate
>> to java truststore on EMR master node :
>> keytool -keystore /etc/alternatives/jre/lib/security/cacerts -importcert
>> -alias FLINKSSL -file ca.cer
>>
>>
>> Does this mean that SSL is configured correctly ? I can see in the Job
>> Manager configurations and also in th e logs. Is there any other way to
>> verify ?
>>
>> Also the keystore and truststore  password should be masked in the logs
>> which is not case.
>>
>>
>>
>>
>>
>>
>> *2017-06-05 14:51:31,135 INFO
>>  org.apache.flink.configuration.GlobalConfiguration            - Loading
>> configuration property: security.ssl.enabled, true 2017-06-05 14:51:31,136
>> INFO  org.apache.flink.configuration.GlobalConfiguration            -
>> Loading configuration property: security.ssl.keystore,
>> deploy-keys/ca.keystore 2017-06-05 14:51:31,136 INFO
>>  org.apache.flink.configuration.GlobalConfiguration            - Loading
>> configuration property: security.ssl.keystore-password, password 2017-06-05
>> 14:51:31,136 INFO  org.apache.flink.configuration.GlobalConfiguration
>>      - Loading configuration property: security.ssl.key-password, password
>> 2017-06-05 14:51:31,136 INFO
>>  org.apache.flink.configuration.GlobalConfiguration            - Loading
>> configuration property: security.ssl.truststore, deploy-keys/ca.truststore
>> 2017-06-05 14:51:31,136 INFO
>>  org.apache.flink.configuration.GlobalConfiguration            - Loading
>> configuration property: security.ssl.truststore-password, password*
>>
>>
>> Regards,
>> Vinay Patil
>>
>>
>> ------------------------------
>> If you reply to this email, your message will be added to the discussion
>> below:
>> http://apache-flink-user-mailing-list-archive.2336050.n4.
>> nabble.com/In-transit-Data-Encryption-in-EMR-tp13455p13490.html
>> To start a new topic under Apache Flink User Mailing List archive., email
>> ml+s2336050n1h83@n4.nabble.com
>> To unsubscribe from Apache Flink User Mailing List archive., click here
>> <http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1&code=dmluYXkxOC5wYXRpbEBnbWFpbC5jb218MXwxODExMDE2NjAx>
>> .
>> NAML
>> <http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>




--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/In-transit-Data-Encryption-in-EMR-tp13455p13609.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
Mime
View raw message