You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Pramod Immaneni (JIRA)" <ji...@apache.org> on 2017/05/01 20:18:04 UTC

[jira] [Commented] (YARN-6457) Allow custom SSL configuration to be supplied in WebApps

    [ https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991458#comment-15991458 ] 

Pramod Immaneni commented on YARN-6457:
---------------------------------------

If the method relies only on the configuration passed from outside, then the user could sidestep any final settings for the ssl configuration and pass only the custom ssl setting, since the user has total control on the construction of the configuration object. Instead, if the method were to apply the configuration passed in from outside as an addendum on top of the internal configuration object it is creating today then the setting can take effect. So what I am suggesting is this

{code}
 public static HttpServer2.Builder loadSslConfiguration(
      HttpServer2.Builder builder, Configuration conf) {
      Configuration sslConf = new Configuration(false);
      boolean needsClientAuth = YarnConfiguration.YARN_SSL_CLIENT_HTTPS_NEED_AUTH_DEFAULT;
      sslConf.addResource(YarnConfiguration.YARN_SSL_SERVER_RESOURCE_DEFAULT);
      sslConf.addResource(conf);
      ....
{code}



> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>
>                 Key: YARN-6457
>                 URL: https://issues.apache.org/jira/browse/YARN-6457
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: webapp, yarn
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Currently a custom SSL store cannot be passed on to WebApps which forces the embedded web-server to use the default keystore set up in ssl-server.xml for the whole Hadoop cluster. There are cases where the Hadoop app needs to use its own/custom keystore.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org