[ 
https://issues.apache.org/jira/browse/SPARK-2750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

WangTaoTheTonic updated SPARK-2750:
-----------------------------------

    Description: 
Now I try to add https support for web ui using Jetty ssl integration.Below is 
the plan:
1.Web UI include Master UI, Worker UI, HistoryServer UI and Spark Ui. User can 
switch between https and http by configure "spark.http.policy" in JVM property 
for each process, while choose http by default.
2.Web port of Master and worker would be decided in turn launch arguments, JVM 
property, System Env and default.
3.Below is some other configuration items:
spark.ssl.server.keystore.location The file or URL of the SSL Key store
spark.ssl.server.keystore.password  The password for the key store
spark.ssl.server.keystore.keypassword The password (if any) for the specific 
key within the key store
spark.ssl.server.keystore.type The type of the key store (default "JKS")
spark.client.https.need-auth True if SSL needs client authentication
spark.ssl.server.truststore.location The file name or URL of the trust store 
location
spark.ssl.server.truststore.password The password for the trust store
spark.ssl.server.truststore.type The type of the trust store (default "JKS")

Any feedback is welcome!

  was:
Now I try to add https support for web ui using Jetty ssl integration.Below is 
the plan:
1.Web UI include Master UI, Worker UI, HistoryServer UI and Spark Ui. User can 
choose to use http or/and https way to acess them. We add some configuration 
items here, for example, "SPARK_MASTER_WEBUI_HTTPS_PORT" in system envs claim 
the https port for master ui. Different items would be added  to control access 
way of dirrenet processes in system envs, JVM Properties and launch args.
2.User choose access way according to their configuration. If http port is 
assigned, then we start http service for web ui. If https port is assigned, we 
start https. If both two are assigned, we start two. If neither is assigned, we 
start http service at default port as same as now.
3.We should add some configuration items to state some args for ssl 
authentication, like keystore location and keystore password in 1-way ssl, 
truststore location in 2-way. User can also choose to switch between 1-way and 
2-way.

Now I nearly have implemented the functions mentioned above. Here are some 
questions:
We know there are some hyper links between Master and Worker and some from 
Master to Spark UI(Driver UI). Now the link is their http addresses. So if we 
add https to them, what we should do when users click the links?
Situation:
1.Master http port to Worker which opens https port only.
2.Master https port to Worker which opens http port only.

Any feedback is welcome!


> Add Https support for Web UI
> ----------------------------
>
>                 Key: SPARK-2750
>                 URL: https://issues.apache.org/jira/browse/SPARK-2750
>             Project: Spark
>          Issue Type: New Feature
>          Components: Web UI
>            Reporter: WangTaoTheTonic
>              Labels: https, ssl, webui
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Now I try to add https support for web ui using Jetty ssl integration.Below 
> is the plan:
> 1.Web UI include Master UI, Worker UI, HistoryServer UI and Spark Ui. User 
> can switch between https and http by configure "spark.http.policy" in JVM 
> property for each process, while choose http by default.
> 2.Web port of Master and worker would be decided in turn launch arguments, 
> JVM property, System Env and default.
> 3.Below is some other configuration items:
> spark.ssl.server.keystore.location The file or URL of the SSL Key store
> spark.ssl.server.keystore.password  The password for the key store
> spark.ssl.server.keystore.keypassword The password (if any) for the specific 
> key within the key store
> spark.ssl.server.keystore.type The type of the key store (default "JKS")
> spark.client.https.need-auth True if SSL needs client authentication
> spark.ssl.server.truststore.location The file name or URL of the trust store 
> location
> spark.ssl.server.truststore.password The password for the trust store
> spark.ssl.server.truststore.type The type of the trust store (default "JKS")
> Any feedback is welcome!



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to