GitHub user fredji97 opened a pull request:
https://github.com/apache/samza/pull/72
SAMZA-1085 add CertFSFileSystem and SimpleCertFSFileSystem for handling
certificate localization from CSR in yarn
This is the implementation used during the experiment and testing. will add
more unit tests and improve the TODO section in later PRs.
Currently implementation is tested manually with the following yarn
configuration (yarn core-site.xml):
<property>
<name>fs.certfs.impl</name>
<value>org.apache.samza.util.hadoop.CertFSFileSystem</value>
</property>
<property>
<name>csr.ssl.truststore.type</name>
<value>${csr.ssl.truststore.type}</value>
</property>
<property>
<name>csr.ssl.truststore.location</name>
<value>${csr.ssl.truststore.location}</value>
</property>
<property>
<name>csr.ssl.truststore.password</name>
<value>${csr.ssl.truststore.password}</value>
</property>
<property>
<name>csr.ssl.keystore.type</name>
<value>${csr.ssl.keystore.type}</value>
</property>
<property>
<name>csr.ssl.keystore.location</name>
<value>${csr.ssl.keystore.location}</value>
</property>
<property>
<name>csr.ssl.keystore.password</name>
<value>${csr.ssl.keystore.password}</value>
</property>
<property>
<name>csr.ssl.key.password</name>
<value>${csr.ssl.key.password}</value>
</property>
<property>
<name>csr.ssl.bcstyle.x500name</name>
<value>${csr.ssl.bcstyle.x500name}</value>
</property>
The tested uri is
certfs://lca1-app0739.corp.linkedin.com:10180/grestin/request_service_certificate?fabric=dev&application=test_application&instance=i001
The generated certificate is found in the corresponding application cache
for the specific application. (in my testing env, it is
export/content/data/samsa-yarn/usercache/samza-ji/ap461_0093/container_e03_1487135111461_0093_02_000001/identity.p12)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/fredji97/samza certfs
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/samza/pull/72.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #72
----
commit d46b5371e8a3c2001d5d346d93617a921ab8fd1f
Author: Fred Ji <[email protected]>
Date: 2017-03-02T18:24:06Z
SAMZA-1085: adding the samza-yarn dependency on httpClient and
bouncyCastle, which are used for https post request and json parsing on CSR
request/response
commit f1a196d1b25d0192bf086c71e72d683ce2cae674
Author: Fred Ji <[email protected]>
Date: 2017-03-02T19:41:28Z
SAMZA-1085 add CertFSFileSystem and SimpleCertFSFileSystem for handling
certificate localization from CSR in yarn
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
