[
https://issues.apache.org/jira/browse/APEXCORE-712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16056454#comment-16056454
]
Sanjay M Pujare commented on APEXCORE-712:
------------------------------------------
Based on the feedback in the PR https://github.com/apache/apex-core/pull/547 I
am proposing the following implementation for this JIRA. This also impacts the
implementation for APEXCORE-711 to a small extent. Pls let me know your
feedback.
- The attribute name STRAM_HTTP_CUSTOM_CONFIG (in DAGContext) will be renamed
to SSL_CONFIG (or TLS_CONFIG if preferred).
- there are no other settings or attributes used for this feature. SSL_CONFIG
is used both in app-master (server) and the Stram client as follows.
- The value of SSL_CONFIG is not a single string value but a set of key-value
pairs in curly braces (similar to how a property map is supplied via a single
attribute value elsewhere)
- for the APEXCORE-711 use-case (i.e. where the SSL config and keystore are
already deployed on the app-master node) the user specifies a single key-value
pair in SSL_CONFIG value
e.g. {ssl.server.conf=/opt/mydir/ssl-server.xml} . In this case the Apex CLI
does not do anything but the attribute value is just passed on to the app
master. On the App master side, the value of ssl.server.conf is used to add a
resource to the config object similar to how it is currently done in
StreamingAppMasterService.serviceStart(). So the only change to the
APEXCORE-711 use case is how the value of SSL_CONFIG is supplied (instead of
/opt/mydir/ssl-server.xml we need to use
"{ssl.server.conf=/opt/mydir/ssl-server.xml}" ).
- for the this new use-case of APEXCORE-712 Apex CLI user will supply the value
of SSL_CONFIG as follows (an example):
{ssl.server.keystore.location="apexkeystore.jks",
ssl.server.keystore.keypassword="password1",
ssl.server.keystore.password="password2"}
- in this second use case when StreamingAppMasterService gets the SSL_CONFIG
value it will determine this is the second use-case (absence of
ssl.server.conf) and use the values supplied to construct a configuration
object that will be used as a resource for the actual config object to be
passed to Hadoop WebApps. So the only difference here is instead of using a
local file system file as a resource it uses this constructed config object as
a resource
- there will be error checking to make sure the 2 use cases are not mixed up
(i.e. ssl.server.conf and any of the other values are not defined together)
> Support distribution of custom SSL material to the Stram node while launch
> the app
> ----------------------------------------------------------------------------------
>
> Key: APEXCORE-712
> URL: https://issues.apache.org/jira/browse/APEXCORE-712
> Project: Apache Apex Core
> Issue Type: Improvement
> Reporter: Sanjay M Pujare
> Assignee: devendra tagare
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> This JIRA is dependent on APEXCORE-711. APEXCORE-711 talks about using a
> custom SSL configuration but assumes the SSL files (ssl-server.xml and the
> keystore) are already available on any cluster node so when the Stram starts
> it is able to find them. There are cases where users don't want to do this
> and they expect the Apex client to package these files so that they are
> copied to the App master node so when Stram starts it will find them in the
> expected location.
> Enhance the Apex client/launcher to distribute the custom SSL files (XML and
> the keystore) along with the application jars/resources so the user does not
> need to pre-distribute the custom SSL files.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
