hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plamen Jeliazkov (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MAPREDUCE-4661) Add HTTPS for WebUIs on Branch-1
Date Wed, 28 Nov 2012 07:32:59 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-4661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Plamen Jeliazkov updated MAPREDUCE-4661:

    Attachment:     (was: https.patch)
> Add HTTPS for WebUIs on Branch-1
> --------------------------------
>                 Key: MAPREDUCE-4661
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4661
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>          Components: security, webapps
>    Affects Versions: 1.0.3
>            Reporter: Plamen Jeliazkov
>            Assignee: Plamen Jeliazkov
>         Attachments: MAPREDUCE-4461.patch, MAPREDUCE-4661.patch, MAPREDUCE-4661.patch,
> After investigating the methodology used to add HTTPS support in branch-2, I feel that
this same approach should be back-ported to branch-1. I have taken many of the patches used
for branch-2 and merged them in.
> I was working on top of HDP 1 at the time - I will provide a patch for trunk soon once
I can confirm I am adding only the necessities for supporting HTTPS on the webUIs.
> As an added benefit -- this patch actually provides HTTPS webUI to HBase by extension.
If you take a hadoop-core jar compiled with this patch and put it into the hbase/lib directory
and apply the necessary configs to hbase/conf.
> ========= OLD IDEA(s) BEHIND ADDING HTTPS (look @ Sept 17th patch) ==========
> In order to provide full security around the cluster, the webUI should also be secure
if desired to prevent cookie theft and user masquerading. 
> Here is my proposed work. Currently I can only add HTTPS support. I do not know how to
switch reliance of the HttpServer from HTTP to HTTPS fully.
> In order to facilitate this change I propose the following configuration additions:
> mapred.https.enable -> false
> mapred.https.need.client.auth -> false
> mapred.https.server.keystore.resource -> "ssl-server.xml"
> mapred.job.tracker.https.port -> 50035
> mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
> mapred.task.tracker.https.port -> 50065
> mapred.task.tracker.https.address -> "<IP_ADDR>:50065"
> I tested this on my local box after using keytool to generate a SSL certficate. You will
need to change ssl-server.xml to point to the .keystore file after. Truststore may not be
necessary; you can just point it to the keystore.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message