You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Tarun Parimi (JIRA)" <ji...@apache.org> on 2019/07/25 11:21:00 UTC

[jira] [Created] (YARN-9701) Yarn service cli commands do not connect to ssl enabled RM using ssl-client.xml configs

Tarun Parimi created YARN-9701:
----------------------------------

             Summary: Yarn service cli commands do not connect to ssl enabled RM using ssl-client.xml configs
                 Key: YARN-9701
                 URL: https://issues.apache.org/jira/browse/YARN-9701
             Project: Hadoop YARN
          Issue Type: Bug
          Components: yarn-native-services
    Affects Versions: 3.1.0
            Reporter: Tarun Parimi
            Assignee: Tarun Parimi


Yarn service commands use the yarn service rest api. When ssl is enabled for RM, the yarn service commands fail as they don't read the ssl-client.xml configs to create ssl connection to the rest api.

This becomes a problem especially for self signed certificates as the truststore location specified at ssl.client.truststore.location is not considered by commands.

As workaround, we need to import the certificates to the java default cacert for the yarn service commands to work via ssl. It would be more proper if the yarn service commands makes use of the configs at ssl-client.xml instead to configure and create an ssl client connection.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org