[
https://issues.apache.org/jira/browse/APEXCORE-711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16199779#comment-16199779
]
Thomas Weise commented on APEXCORE-711:
---------------------------------------
I think it would be good to add that. Getting Apex to work in SSL enabled
Hadoop environment is not trivial and providing the guidance in the
documentation is desirable.
> Support custom SSL keystore for the Stram REST API web service
> --------------------------------------------------------------
>
> Key: APEXCORE-711
> URL: https://issues.apache.org/jira/browse/APEXCORE-711
> Project: Apache Apex Core
> Issue Type: Improvement
> Reporter: Sanjay M Pujare
> Assignee: Sanjay M Pujare
> Fix For: 3.7.0
>
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> Currently StrAM supports only the default Hadoop SSL configuration for the
> web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper
> class which has the limitation of only using the default Hadoop SSL config
> that is read from Hadoop's ssl-server.xml resource file. Some users have run
> into a situation where Hadoops' SSL keystore is not available on most cluster
> nodes or the Stram process doesn't have read access to the keystore even when
> present. So there is a need for the Stram to use a custom SSL keystore and
> configuration that does not suffer from these limitations.
> There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to
> support this in Hadoop and it is in the process of getting merged soon.
> After that Stram needs to be enhanced (this JIRA) to accept the location of a
> custom ssl-server.xml file (supplied by the client via a DAG attribute) and
> use the values from that file to set up the config object to be passed to
> WebApps which will end up using the custom SSL configuration. This approach
> has already been verified in a prototype.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
