Using the current working dir doesn’t work with openssl - it seems to gag on
the long path in the unit test environment:
(Emulated the runtime execution to see this error):
openssl ca -create_serial -out
/Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.crt
-days 365 -keyfile
/Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.key
-key 3QxUtKyILrV5Its1l8YiyyAKPMRq86Uxq0L5iDRtgVO3xAunFs -selfsign -extensions
jdk7_ca -config
/Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.config
-batch -infiles
/Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.csr
Using configuration from
/Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.config
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'AU'
stateOrProvinceName :PRINTABLE:'Some-State'
organizationName :PRINTABLE:'Internet Widgits Pty Ltd'
Certificate is to be certified until Jul 9 02:12:31 2015 GMT (365 days)
Write out database with 1 new entries
certificate file name too long
24151:error:02001002:system library:fopen:No such file or
directory:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:356:fopen('/Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/db/serial','r')
24151:error:20074002:BIO routines:FILE_CTRL:system
lib:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:358:
Is there any objection if I simply go with a unique temp dir per app master for
creating the app master security directory structure (stores certs, keystones
etc, all password protected)?
— Jon
On Jul 8, 2014, at 1:10 PM, Sumit Mohanty <smoha...@hortonworks.com> wrote:
> /hadoop/yarn/local/usercache/yarn/appcache/application_
> 1404328298542_0019/container_1404328298542_0019_01_000002 is the working
> dir.
>
> For example, agent refers to a sub-dir within as
> "${AGENT_WORK_ROOT}/app/run"
>
>
> On Tue, Jul 8, 2014 at 9:28 AM, Jon Maron <jma...@hortonworks.com> wrote:
>
>> Perhaps it's simply the working dir? I'll give that a try...
>>
>>> On Jul 8, 2014, at 11:56 AM, Jon Maron <jma...@hortonworks.com> wrote:
>>>
>>> Hi,
>>>
>>> In my current commit I am placing SSL security files for the slider app
>> master in /home/yarn/.slider/security. They are created dynamically by the
>> application master. I’d prefer to specify the appropriate, container
>> associated directory (under /hadoop/yarn/…, I imagine). This would allow
>> for a clean removal of the files (I suppose the argument could be made that
>> the host based certificate can be reused by relaunched app masters, but I
>> imagine the creation of new cert stores etc for a given app master has
>> advantages as well). However, I still haven’t found what looks to be the
>> acceptable/approved way for ascertaining that location (API etc), e.g.
>>>
>>>
>> /hadoop/yarn/local/usercache/yarn/appcache/application_1404328298542_0019/container_1404328298542_0019_01_000002/infra
>>>
>>> Anyone know the API to invoke or system property to retrieve this
>> directory?
>>>
>>> Thanks!
>>>
>>> — Jon
>>>
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity to
>> which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender immediately
>> and delete it from your system. Thank You.
>>
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
