Sanjay M Pujare created APEXCORE-711:
----------------------------------------
Summary: Support custom SSL keystore for the Stram REST API web
service
Key: APEXCORE-711
URL: https://issues.apache.org/jira/browse/APEXCORE-711
Project: Apache Apex Core
Issue Type: Improvement
Reporter: Sanjay M Pujare
Assignee: Sanjay M Pujare
Currently StrAM supports only the default Hadoop SSL configuration for the
web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper class
which has the limitation of only using the default Hadoop SSL config that is
read from Hadoop's ssl-server.xml resource file. Some users have run into a
situation where Hadoops' SSL keystore is not available on most cluster nodes or
the Stram process doesn't have read access to the keystore even when present.
So there is a need for the Stram to use a custom SSL keystore and configuration
that does not suffer from these limitations.
There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to
support this in Hadoop and it is in the process of getting merged soon.
After that Stram needs to be enhanced (this JIRA) to accept the location of a
custom ssl-server.xml file (supplied by the client via a DAG attribute) and use
the values from that file to set up the config object to be passed to WebApps
which will end up using the custom SSL configuration. This approach has already
been verified in a prototype.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
