[jira] [Commented] (SLIDER-131) enable AM one and two-way SSL and test/enable agent secure comm

Wed, 18 Jun 2014 08:51:40 -0700 

    [ 
https://issues.apache.org/jira/browse/SLIDER-131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14035837#comment-14035837
 ] 

Jonathan Maron commented on SLIDER-131:
---------------------------------------

There are a number of exposed UI and REST endpoints for the slider AM, 
including:

1)  Registry resources
2)  Publisher resources
3)  Management resources
4)  AM UI
5)  Agent resources

The agent resources are exposed for communication with the remote slider agents 
running within spawned containers.  The nature of their communication dictates 
that, at a minimum, secure, one-way SSL transport is required.  However, the 
other HTTP resources currently exposed by the AM probably do not require SSL.  
Therefore it seems appropriate to instantiate another HTTP server instance in 
the AM, exposing a separate secured port, for the agent resources.  This server 
instance will:

- be configured with an HTTPS_ONLY HTTP policy
- be configured for one way SSL by default
- Alternatively be configurable for two-way SSL, though initial investigations 
show that may require an AM restart (to reload newly uploaded client 
certificates into the keystore/truststore), unless a custom reloadable trust 
manager can be written and leveraged.
- keystore/truststore will be associated with node managers/hosts (i.e. the 
location should be a writable, non-transient path on the host accessible to all 
running containers)

> enable AM one and two-way SSL and test/enable agent secure comm
> ---------------------------------------------------------------
>
>                 Key: SLIDER-131
>                 URL: https://issues.apache.org/jira/browse/SLIDER-131
>             Project: Slider
>          Issue Type: Bug
>          Components: agent, appmaster
>            Reporter: Jonathan Maron
>            Assignee: Jonathan Maron
>
> AM has ssl settings enabling SSL (including 2-way).  Work through enabling 
> this feature (perhaps initially testing it with a browser that has the 
> appropriate server cert and client key), and subsequently try to ensure agent 
> can communicate with server using both SSL modes.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to