Return-Path: <yarn-issues-return-113441-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 5C31F200C77
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon,  1 May 2017 22:18:09 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 5AFEC160BB9; Mon,  1 May 2017 20:18:09 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id A1B68160BAE
	for <archive-asf-public@cust-asf.ponee.io>; Mon,  1 May 2017 22:18:08 +0200 (CEST)
Received: (qmail 6849 invoked by uid 500); 1 May 2017 20:18:07 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 6838 invoked by uid 99); 1 May 2017 20:18:07 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 May 2017 20:18:07 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 50E4818FD89
	for <yarn-issues@hadoop.apache.org>; Mon,  1 May 2017 20:18:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -100.002
X-Spam-Level: 
X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id LwS6WBw7WlXy for <yarn-issues@hadoop.apache.org>;
	Mon,  1 May 2017 20:18:06 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id BE02B5FB26
	for <yarn-issues@hadoop.apache.org>; Mon,  1 May 2017 20:18:05 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id D4C42E093C
	for <yarn-issues@hadoop.apache.org>; Mon,  1 May 2017 20:18:04 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2D89421DE5
	for <yarn-issues@hadoop.apache.org>; Mon,  1 May 2017 20:18:04 +0000 (UTC)
Date: Mon, 1 May 2017 20:18:04 +0000 (UTC)
From: "Pramod Immaneni (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.13062750.1491779338000.94593.1493669884184@Atlassian.JIRA>
In-Reply-To: <JIRA.13062750.1491779338000@Atlassian.JIRA>
References: <JIRA.13062750.1491779338000@Atlassian.JIRA> <JIRA.13062750.1491779338944@jira-lw-us.apache.org>
Subject: [jira] [Commented] (YARN-6457) Allow custom SSL configuration to be
 supplied in WebApps
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Mon, 01 May 2017 20:18:09 -0000


    [ https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991458#comment-15991458 ] 

Pramod Immaneni commented on YARN-6457:
---------------------------------------

If the method relies only on the configuration passed from outside, then the user could sidestep any final settings for the ssl configuration and pass only the custom ssl setting, since the user has total control on the construction of the configuration object. Instead, if the method were to apply the configuration passed in from outside as an addendum on top of the internal configuration object it is creating today then the setting can take effect. So what I am suggesting is this

{code}
 public static HttpServer2.Builder loadSslConfiguration(
      HttpServer2.Builder builder, Configuration conf) {
      Configuration sslConf = new Configuration(false);
      boolean needsClientAuth = YarnConfiguration.YARN_SSL_CLIENT_HTTPS_NEED_AUTH_DEFAULT;
      sslConf.addResource(YarnConfiguration.YARN_SSL_SERVER_RESOURCE_DEFAULT);
      sslConf.addResource(conf);
      ....
{code}



> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>
>                 Key: YARN-6457
>                 URL: https://issues.apache.org/jira/browse/YARN-6457
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: webapp, yarn
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Currently a custom SSL store cannot be passed on to WebApps which forces the embedded web-server to use the default keystore set up in ssl-server.xml for the whole Hadoop cluster. There are cases where the Hadoop app needs to use its own/custom keystore.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org