You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apex.apache.org by "Vlad Rozov (JIRA)" <ji...@apache.org> on 2017/05/07 23:41:04 UTC

[jira] [Commented] (APEXCORE-711) Support custom SSL keystore for the Stram REST API web service

    [ https://issues.apache.org/jira/browse/APEXCORE-711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16000121#comment-16000121 ] 

Vlad Rozov commented on APEXCORE-711:
-------------------------------------

I'd prefer not to rely on YARN-6457 and YARN-4562 be ported to older versions of hadoop-yarn-common. YARN-4562 is marked as resolved on 2.9 and 3.0, so it does not look that it will eventually make into 2.7.1. There is still no agreement on how YARN-6457 will be fixed.

Instead of relying on YARN-6457, can we implement a class that extends org.apache.hadoop.yarn.webapp.WebApps or provides similar functionality and that does not have the same limitation as YARN-6457?

> Support custom SSL keystore for the Stram REST API web service
> --------------------------------------------------------------
>
>                 Key: APEXCORE-711
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-711
>             Project: Apache Apex Core
>          Issue Type: Improvement
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> Currently StrAM supports only the default Hadoop SSL configuration for the web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper class which has the limitation of only using the default Hadoop SSL config that is read from Hadoop's ssl-server.xml resource file. Some users have run into a situation where Hadoops' SSL keystore is not available on most cluster nodes or the Stram process doesn't have read access to the keystore even when present. So there is a need for the Stram to use a custom SSL keystore and configuration that does not suffer from these limitations.
> There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to support this in Hadoop and it is in the process of getting merged soon.
> After that Stram needs to be enhanced (this JIRA) to accept the location of a custom ssl-server.xml file (supplied by the client via a DAG attribute) and use the values from that file to set up the config object to be passed to WebApps which will end up using the custom SSL configuration. This approach has already been verified in a prototype.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)