hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4661) Add HTTPS for JobTracker and TaskTracker
Date Thu, 04 Oct 2012 00:37:08 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13469035#comment-13469035
] 

Alejandro Abdelnur commented on MAPREDUCE-4661:
-----------------------------------------------

you'd need the sslfactory stuff from MAPREDUCE-4417 (there is a patch for branch-1 which as
not been committed, see JIRA for details) and then you'll have to tweak JSPs and a few other
places to use the HttpConfig from HADOOP-8581 to create the URLs. Also, in Hadoop 1 the HttpServer
is shared between shuffle and the webui, so you'll have to make sure you use 2 connectors,
one SSL for the webui and one clear for shuffle, for all the webui requests you have to ensure
they are not served over the clear connector (shuffle's), you could do this with a filter.
                
> Add HTTPS for JobTracker and TaskTracker
> ----------------------------------------
>
>                 Key: MAPREDUCE-4661
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4661
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>    Affects Versions: 1.0.0, 2.0.0-alpha
>            Reporter: Plamen Jeliazkov
>            Assignee: Plamen Jeliazkov
>         Attachments: MAPREDUCE-4461.patch
>
>
> In order to provide full security around the cluster, the webUI should also be secure
if desired to prevent cookie theft and user masquerading. 
> Here is my proposed work. Currently I can only add HTTPS support. I do not know how to
switch reliance of the HttpServer from HTTP to HTTPS fully.
> In order to facilitate this change I propose the following configuration additions:
> CONFIG PROPERTY -> DEFAULT VALUE
> mapred.https.enable -> false
> mapred.https.need.client.auth -> false
> mapred.https.server.keystore.resource -> "ssl-server.xml"
> mapred.job.tracker.https.port -> 50035
> mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
> mapred.task.tracker.https.port -> 50065
> mapred.task.tracker.https.address -> "<IP_ADDR>:50065"
> I tested this on my local box after using keytool to generate a SSL certficate. You will
need to change ssl-server.xml to point to the .keystore file after. Truststore may not be
necessary; you can just point it to the keystore.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message