hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Weng (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MAPREDUCE-4661) Add HTTPS for WebUIs on Branch-1
Date Fri, 19 Jul 2013 21:22:49 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-4661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Michael Weng updated MAPREDUCE-4661:

    Attachment: branch-1.2-patch.txt5

Thanks Devaraj.

Here is the new patch with changes mentioned in your comments. Files being touched are:

#	modified:   src/core/org/apache/hadoop/http/HttpServer.java
#	modified:   src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
#	modified:   src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataNode.java
#	modified:   src/mapred/org/apache/hadoop/mapred/TaskTrackerStatus.java

And BTW, how can I get the unit test result? Copy and paste from terminal output or there
is a different way? This is the command I used to run the unit test.

   ant -Dforrest.home=$FORREST_HOME -Djava5.home=$JAVA5_HOME -Dcompile.c++=true -Dcompile.native=true
clean test
> Add HTTPS for WebUIs on Branch-1
> --------------------------------
>                 Key: MAPREDUCE-4661
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4661
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>          Components: security, webapps
>    Affects Versions: 1.0.3
>            Reporter: Plamen Jeliazkov
>            Assignee: Michael Weng
>         Attachments: branch-1.2-patch.txt, branch-1.2-patch.txt2, branch-1.2-patch.txt3,
branch-1.2-patch.txt4, branch-1.2-patch.txt5, MAPREDUCE-4461.patch, MAPREDUCE-4661.patch,
MAPREDUCE-4661.patch, MAPREDUCE-4661.patch
> After investigating the methodology used to add HTTPS support in branch-2, I feel that
this same approach should be back-ported to branch-1. I have taken many of the patches used
for branch-2 and merged them in.
> I was working on top of HDP 1 at the time - I will provide a patch for trunk soon once
I can confirm I am adding only the necessities for supporting HTTPS on the webUIs.
> As an added benefit -- this patch actually provides HTTPS webUI to HBase by extension.
If you take a hadoop-core jar compiled with this patch and put it into the hbase/lib directory
and apply the necessary configs to hbase/conf.
> ========= OLD IDEA(s) BEHIND ADDING HTTPS (look @ Sept 17th patch) ==========
> In order to provide full security around the cluster, the webUI should also be secure
if desired to prevent cookie theft and user masquerading. 
> Here is my proposed work. Currently I can only add HTTPS support. I do not know how to
switch reliance of the HttpServer from HTTP to HTTPS fully.
> In order to facilitate this change I propose the following configuration additions:
> mapred.https.enable -> false
> mapred.https.need.client.auth -> false
> mapred.https.server.keystore.resource -> "ssl-server.xml"
> mapred.job.tracker.https.port -> 50035
> mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
> mapred.task.tracker.https.port -> 50065
> mapred.task.tracker.https.address -> "<IP_ADDR>:50065"
> I tested this on my local box after using keytool to generate a SSL certficate. You will
need to change ssl-server.xml to point to the .keystore file after. Truststore may not be
necessary; you can just point it to the keystore.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message