hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Kanter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-6457) Allow custom SSL configuration to be supplied in WebApps
Date Wed, 04 Oct 2017 22:20:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16192159#comment-16192159

Robert Kanter commented on YARN-6457:

{quote}was not loadDefaults set to false prior to the patch as well?{quote}
It was.  However, it only called that code before when the passed in Configuration was {{null}}.
 Now it always does it.
if (sslConf == null) {		
   sslConf = new Configuration(false);
Configuration sslConf = new Configuration(false);
The passed in config in the code path I'm interested in is not {{null}}, so it actually did
not create the new Configuration in the original version.

In any case, I tried using HDFS HA + SSL + Hadoop Credstore after reverting YARN-6457 (so
the original code was used), and everything works fine.  So this JIRA definitely affects this
use case.

{quote}In case you plan to change loadDefaults, please see my prior comments regarding "ssl.server.truststore.location"{quote}
Could you please clarify?  I looked back at the earlier comments and I'm still not understanding
the issue.

> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>                 Key: YARN-6457
>                 URL: https://issues.apache.org/jira/browse/YARN-6457
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: webapp, yarn
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>             Fix For: 2.9.0, 2.7.4, 3.0.0-alpha4, 2.8.2
>         Attachments: YARN-6457.00.patch, YARN-6457.01.patch
>   Original Estimate: 96h
>  Remaining Estimate: 96h
> Currently a custom SSL store cannot be passed on to WebApps which forces the embedded
web-server to use the default keystore set up in ssl-server.xml for the whole Hadoop cluster.
There are cases where the Hadoop app needs to use its own/custom keystore.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message