You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Sanjay M Pujare (JIRA)" <ji...@apache.org> on 2017/05/01 17:38:04 UTC

[jira] [Issue Comment Deleted] (YARN-6457) Allow custom SSL configuration to be supplied in WebApps

     [ https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sanjay M Pujare updated YARN-6457:
----------------------------------
    Comment: was deleted

(was: [~haibochen] I understand the issue you have raised but I see couple of problems with your suggestion:

- in the current code in WebAppUtils.java in the function loadSslConfiguration(HttpServer2.Builder, Configuration) it doesn't get the value of hadoop.ssl.server.conf key but the default value YarnConfiguration.YARN_SSL_SERVER_RESOURCE_DEFAULT (i.e. ssl-server.xml) is hardcoded in the loadResource call. Unless you are proposing fixing this, your suggestion won't work

- the Hadoop app (in our case) reads the same set of config files as the other Hadoop components so it is going read the yarn-site.xml file and use the same value of hadoop.ssl.server.conf but of course the app can get the value from somewhere else and override it in the Confguration object before passing it to WebApps builder. But in that case doesn't it defeat the purpose of marking it final in yarn-site.xml?

Also we have coded and tested our fix against the change in the PR so we would like to go ahead with this fix (assuming it passes all the reviews))

> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>
>                 Key: YARN-6457
>                 URL: https://issues.apache.org/jira/browse/YARN-6457
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: webapp, yarn
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Currently a custom SSL store cannot be passed on to WebApps which forces the embedded web-server to use the default keystore set up in ssl-server.xml for the whole Hadoop cluster. There are cases where the Hadoop app needs to use its own/custom keystore.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org