hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sanjay M Pujare (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-6457) Allow custom SSL configuration to be supplied in WebApps
Date Fri, 28 Apr 2017 03:35:04 GMT

    [ https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15988124#comment-15988124
] 

Sanjay M Pujare commented on YARN-6457:
---------------------------------------

[~haibochen] I understand the issue you have raised but I see couple of problems with your
suggestion:

- in the current code in WebAppUtils.java in the function loadSslConfiguration(HttpServer2.Builder,
Configuration) it doesn't get the value of hadoop.ssl.server.conf key but the default value
YarnConfiguration.YARN_SSL_SERVER_RESOURCE_DEFAULT (i.e. ssl-server.xml) is hardcoded in the
loadResource call. Unless you are proposing fixing this, your suggestion won't work

- the Hadoop app (in our case) reads the same set of config files as the other Hadoop components
so it is going read the yarn-site.xml file and use the same value of hadoop.ssl.server.conf
but of course the app can get the value from somewhere else and override it in the Confguration
object before passing it to WebApps builder. But in that case doesn't it defeat the purpose
of marking it final in yarn-site.xml?

Also we have coded and tested our fix against the change in the PR so we would like to go
ahead with this fix (assuming it passes all the reviews)

> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>
>                 Key: YARN-6457
>                 URL: https://issues.apache.org/jira/browse/YARN-6457
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: webapp, yarn
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Currently a custom SSL store cannot be passed on to WebApps which forces the embedded
web-server to use the default keystore set up in ssl-server.xml for the whole Hadoop cluster.
There are cases where the Hadoop app needs to use its own/custom keystore.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message