[jira] [Commented] (APEXCORE-711) Support custom SSL keystore for the Stram REST API web service

Fri, 28 Apr 2017 19:52:18 -0700 

    [ 
https://issues.apache.org/jira/browse/APEXCORE-711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15989708#comment-15989708
 ] 

Sanjay M Pujare commented on APEXCORE-711:
------------------------------------------

[~vrozov] you are right about the dependency but only if you (the user) want to 
use this feature. Otherwise this fix does not cause any regressions even if the 
dependencies are not met. I am also trying to get the YARN fix to be ported to 
earlier versions (up to Hadoop 2.6) but if that doesn't happen we can ask 
interested users to upgrade to Hadoop 2.9 (or later) for using this feature.

> Support custom SSL keystore for the Stram REST API web service
> --------------------------------------------------------------
>
>                 Key: APEXCORE-711
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-711
>             Project: Apache Apex Core
>          Issue Type: Improvement
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> Currently StrAM supports only the default Hadoop SSL configuration for the 
> web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper 
> class which has the limitation of only using the default Hadoop SSL config 
> that is read from Hadoop's ssl-server.xml resource file. Some users have run 
> into a situation where Hadoops' SSL keystore is not available on most cluster 
> nodes or the Stram process doesn't have read access to the keystore even when 
> present. So there is a need for the Stram to use a custom SSL keystore and 
> configuration that does not suffer from these limitations.
> There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to 
> support this in Hadoop and it is in the process of getting merged soon.
> After that Stram needs to be enhanced (this JIRA) to accept the location of a 
> custom ssl-server.xml file (supplied by the client via a DAG attribute) and 
> use the values from that file to set up the config object to be passed to 
> WebApps which will end up using the custom SSL configuration. This approach 
> has already been verified in a prototype.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to