hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haibo Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-6457) Allow custom SSL configuration to be supplied in WebApps
Date Thu, 27 Apr 2017 23:41:04 GMT

    [ https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15987906#comment-15987906

Haibo Chen commented on YARN-6457:

My apologies for being slow looking at this! With the change, If ssl.server.keystore.location
is set by users, ssl-server.xml will no longer be loaded. 
This is an issue if cluster admins have relied on the ssl-server.xml to force the ssl configurations
(by making the properties final in the file). 
Now users can just work around that by specifying ssl.server.keystore.location. I wonder if
we could do things similar in SSLFactory, that is,
we allow users to configure 'hadoop.ssl.server.conf', which defaults to ssl-server.xml. Users
can then specify the new configuration property and
upload their own ssl-server.xml file to distributed cache. If cluster admins wants to force
ssl configurations, they can make hadoop.ssl.server.conf
final in yarn-site.xml. Does that work for your use case?

> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>                 Key: YARN-6457
>                 URL: https://issues.apache.org/jira/browse/YARN-6457
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: webapp, yarn
>            Reporter: Sanjay M Pujare
>   Original Estimate: 96h
>  Remaining Estimate: 96h
> Currently a custom SSL store cannot be passed on to WebApps which forces the embedded
web-server to use the default keystore set up in ssl-server.xml for the whole Hadoop cluster.
There are cases where the Hadoop app needs to use its own/custom keystore.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message