Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A87BB200C88 for ; Fri, 28 Apr 2017 05:35:08 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id A71FB160BB5; Fri, 28 Apr 2017 03:35:08 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id EA9F9160BB2 for ; Fri, 28 Apr 2017 05:35:07 +0200 (CEST) Received: (qmail 21657 invoked by uid 500); 28 Apr 2017 03:35:07 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 21643 invoked by uid 99); 28 Apr 2017 03:35:06 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Apr 2017 03:35:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 7F360CA95B for ; Fri, 28 Apr 2017 03:35:06 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id j0R1vCEU9ICt for ; Fri, 28 Apr 2017 03:35:05 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 3AD8D5FAC9 for ; Fri, 28 Apr 2017 03:35:05 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 859CBE0BD5 for ; Fri, 28 Apr 2017 03:35:04 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2213121DE1 for ; Fri, 28 Apr 2017 03:35:04 +0000 (UTC) Date: Fri, 28 Apr 2017 03:35:04 +0000 (UTC) From: "Sanjay M Pujare (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (YARN-6457) Allow custom SSL configuration to be supplied in WebApps MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 28 Apr 2017 03:35:08 -0000 [ https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15988124#comment-15988124 ] Sanjay M Pujare commented on YARN-6457: --------------------------------------- [~haibochen] I understand the issue you have raised but I see couple of problems with your suggestion: - in the current code in WebAppUtils.java in the function loadSslConfiguration(HttpServer2.Builder, Configuration) it doesn't get the value of hadoop.ssl.server.conf key but the default value YarnConfiguration.YARN_SSL_SERVER_RESOURCE_DEFAULT (i.e. ssl-server.xml) is hardcoded in the loadResource call. Unless you are proposing fixing this, your suggestion won't work - the Hadoop app (in our case) reads the same set of config files as the other Hadoop components so it is going read the yarn-site.xml file and use the same value of hadoop.ssl.server.conf but of course the app can get the value from somewhere else and override it in the Confguration object before passing it to WebApps builder. But in that case doesn't it defeat the purpose of marking it final in yarn-site.xml? Also we have coded and tested our fix against the change in the PR so we would like to go ahead with this fix (assuming it passes all the reviews) > Allow custom SSL configuration to be supplied in WebApps > -------------------------------------------------------- > > Key: YARN-6457 > URL: https://issues.apache.org/jira/browse/YARN-6457 > Project: Hadoop YARN > Issue Type: Improvement > Components: webapp, yarn > Reporter: Sanjay M Pujare > Assignee: Sanjay M Pujare > Original Estimate: 96h > Remaining Estimate: 96h > > Currently a custom SSL store cannot be passed on to WebApps which forces the embedded web-server to use the default keystore set up in ssl-server.xml for the whole Hadoop cluster. There are cases where the Hadoop app needs to use its own/custom keystore. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: yarn-issues-help@hadoop.apache.org