[jira] [Commented] (APEXCORE-711) Support custom SSL keystore for the Stram REST API web service

Mon, 08 May 2017 10:08:17 -0700 

    [ 
https://issues.apache.org/jira/browse/APEXCORE-711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16001104#comment-16001104
 ] 

Sanjay M Pujare commented on APEXCORE-711:
------------------------------------------

[~vrozov] we are working with Yarn/Hadoop developers at distros who will be 
merging the YARN-6457 fix into whatever version is used by the end users who 
are interested in this fix. So the Hadoop dependency is taken care of. As far 
as extending WebApps within Apex and eliminating dependency on Hadoop, this was 
also considered and ruled out because of the time required and the urgency of 
this fix. Also if I remember right there are some final or static 
classes/methods involved which prevent extending the code we want to. In any 
case right now we have working code that is ready to be merged.

> Support custom SSL keystore for the Stram REST API web service
> --------------------------------------------------------------
>
>                 Key: APEXCORE-711
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-711
>             Project: Apache Apex Core
>          Issue Type: Improvement
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> Currently StrAM supports only the default Hadoop SSL configuration for the 
> web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper 
> class which has the limitation of only using the default Hadoop SSL config 
> that is read from Hadoop's ssl-server.xml resource file. Some users have run 
> into a situation where Hadoops' SSL keystore is not available on most cluster 
> nodes or the Stram process doesn't have read access to the keystore even when 
> present. So there is a need for the Stram to use a custom SSL keystore and 
> configuration that does not suffer from these limitations.
> There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to 
> support this in Hadoop and it is in the process of getting merged soon.
> After that Stram needs to be enhanced (this JIRA) to accept the location of a 
> custom ssl-server.xml file (supplied by the client via a DAG attribute) and 
> use the values from that file to set up the config object to be passed to 
> WebApps which will end up using the custom SSL configuration. This approach 
> has already been verified in a prototype.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to