[jira] [Commented] (AMBARI-11058) Check oozie.https properties to generate oozie war -secure

Tue, 12 May 2015 06:48:54 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-11058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539842#comment-14539842
 ] 

Tom Beerbower commented on AMBARI-11058:
----------------------------------------

[~jonathan.hurley], Thanks for reviewing!

The requirement to include the {{-secure}} flag based on the presence of any of 
the oozie.https properties comes after review with the Oozie team...

{quote}
Updating the oozie.base.url to add https:// and changing the port to 11443 
causes the Oozie server to fail to startup the HTTPS socket as it uses the 
oozie.base.url to determine which socket should be used for the *HTTP* socket.  
 So when the server starts up it binds 11443 for the HTTP socket and turns 
around and tries to bind 11443 again for the HTTPS socket. So we can't use this 
property to detect if '-secure' should be added to the prepare-war step as it 
would force the user to enter an invalid URL, as this URL needs to be the HTTP 
and *not* HTTPS URL used for the Oozie Server to start.  Oozie will use the 
oozie.base.url to accept HTTP connections and when -secure is used, inbound 
connections will immediately redirect to the https:// socket.  So, this 
property should be left as-is by the user.

In talking to the Oozie team we should use the oozie.https.* parameters to 
identify if -secure should be used, and here is why:

In order for the Oozie Server to startup once -secure has been passed to 
prepare-ware, the following properties *have to be added* to the *Advanced 
oozie-env* -> *Custom oozie-site*.  These will allow the Oozie server to 
actually start:

{noformat}
oozie.https.port=11443
oozie.https.keystore.file=/home/oozie/ssl.keystore
oozie.https.keystore.pass=changeit
{noformat}

Ambari -> We should trigger a -secure prepare-war step if we notice any 
oozie.https.* properties added in the Custom oozie-site.
{quote}

> Check oozie.https properties to generate oozie war -secure
> ----------------------------------------------------------
>
>                 Key: AMBARI-11058
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11058
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Tom Beerbower
>            Assignee: Tom Beerbower
>             Fix For: 1.2.1
>
>         Attachments: AMBARI-11058.patch
>
>
> We should trigger a -secure prepare-war step if we notice any oozie.https.* 
> properties added in the Custom oozie-site.
> {code}
> oozie.https.port=11443
> oozie.https.keystore.file=/home/oozie/.keystore
> oozie.https.keystore.pass=password
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to