[jira] [Commented] (APEXCORE-711) Support custom SSL keystore for the Stram REST API web service

Sun, 07 May 2017 16:42:07 -0700 

    [ 
https://issues.apache.org/jira/browse/APEXCORE-711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16000121#comment-16000121
 ] 

Vlad Rozov commented on APEXCORE-711:
-------------------------------------

I'd prefer not to rely on YARN-6457 and YARN-4562 be ported to older versions 
of hadoop-yarn-common. YARN-4562 is marked as resolved on 2.9 and 3.0, so it 
does not look that it will eventually make into 2.7.1. There is still no 
agreement on how YARN-6457 will be fixed.

Instead of relying on YARN-6457, can we implement a class that extends 
org.apache.hadoop.yarn.webapp.WebApps or provides similar functionality and 
that does not have the same limitation as YARN-6457?

> Support custom SSL keystore for the Stram REST API web service
> --------------------------------------------------------------
>
>                 Key: APEXCORE-711
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-711
>             Project: Apache Apex Core
>          Issue Type: Improvement
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> Currently StrAM supports only the default Hadoop SSL configuration for the 
> web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper 
> class which has the limitation of only using the default Hadoop SSL config 
> that is read from Hadoop's ssl-server.xml resource file. Some users have run 
> into a situation where Hadoops' SSL keystore is not available on most cluster 
> nodes or the Stram process doesn't have read access to the keystore even when 
> present. So there is a need for the Stram to use a custom SSL keystore and 
> configuration that does not suffer from these limitations.
> There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to 
> support this in Hadoop and it is in the process of getting merged soon.
> After that Stram needs to be enhanced (this JIRA) to accept the location of a 
> custom ssl-server.xml file (supplied by the client via a DAG attribute) and 
> use the values from that file to set up the config object to be passed to 
> WebApps which will end up using the custom SSL configuration. This approach 
> has already been verified in a prototype.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to