[ https://issues.apache.org/jira/browse/AMBARI-11058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539842#comment-14539842 ]
Tom Beerbower commented on AMBARI-11058: ---------------------------------------- [~jonathan.hurley], Thanks for reviewing! The requirement to include the {{-secure}} flag based on the presence of any of the oozie.https properties comes after review with the Oozie team... {quote} Updating the oozie.base.url to add https:// and changing the port to 11443 causes the Oozie server to fail to startup the HTTPS socket as it uses the oozie.base.url to determine which socket should be used for the *HTTP* socket. So when the server starts up it binds 11443 for the HTTP socket and turns around and tries to bind 11443 again for the HTTPS socket. So we can't use this property to detect if '-secure' should be added to the prepare-war step as it would force the user to enter an invalid URL, as this URL needs to be the HTTP and *not* HTTPS URL used for the Oozie Server to start. Oozie will use the oozie.base.url to accept HTTP connections and when -secure is used, inbound connections will immediately redirect to the https:// socket. So, this property should be left as-is by the user. In talking to the Oozie team we should use the oozie.https.* parameters to identify if -secure should be used, and here is why: In order for the Oozie Server to startup once -secure has been passed to prepare-ware, the following properties *have to be added* to the *Advanced oozie-env* -> *Custom oozie-site*. These will allow the Oozie server to actually start: {noformat} oozie.https.port=11443 oozie.https.keystore.file=/home/oozie/ssl.keystore oozie.https.keystore.pass=changeit {noformat} Ambari -> We should trigger a -secure prepare-war step if we notice any oozie.https.* properties added in the Custom oozie-site. {quote} > Check oozie.https properties to generate oozie war -secure > ---------------------------------------------------------- > > Key: AMBARI-11058 > URL: https://issues.apache.org/jira/browse/AMBARI-11058 > Project: Ambari > Issue Type: Bug > Reporter: Tom Beerbower > Assignee: Tom Beerbower > Fix For: 1.2.1 > > Attachments: AMBARI-11058.patch > > > We should trigger a -secure prepare-war step if we notice any oozie.https.* > properties added in the Custom oozie-site. > {code} > oozie.https.port=11443 > oozie.https.keystore.file=/home/oozie/.keystore > oozie.https.keystore.pass=password > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)