[
https://issues.apache.org/jira/browse/MAPREDUCE-4661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13492497#comment-13492497
]
Plamen Jeliazkov commented on MAPREDUCE-4661:
---------------------------------------------
Hi Owen,
I apologize for the length of silence. I will go ahead and take action to your
comments and generate a new patch.
Benoy has discovered some issues with submitting a job using my patch and
enabling HTTPS, and an interesting "NoSuchMethodError" with using my patch but
without enabling HTTPS.
We spoke off-line about how I removed the MapReduce SSL shuffle code; most
likely there is somewhere within the code that still relies on SSL for job
submission when HTTPS is enabled. Benoy and I will be working on these issues,
I will then apply your comments to the patch and upload it soon.
It appears I should also modify my code for 1.2.0 as well.
> Add HTTPS for WebUIs on Branch-1
> --------------------------------
>
> Key: MAPREDUCE-4661
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4661
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: security, webapps
> Affects Versions: 1.0.3
> Reporter: Plamen Jeliazkov
> Assignee: Plamen Jeliazkov
> Attachments: https.patch, MAPREDUCE-4461.patch, MAPREDUCE-4661.patch,
> MAPREDUCE-4661.patch, MAPREDUCE-4661.patch
>
>
> After investigating the methodology used to add HTTPS support in branch-2, I
> feel that this same approach should be back-ported to branch-1. I have taken
> many of the patches used for branch-2 and merged them in.
> I was working on top of HDP 1 at the time - I will provide a patch for trunk
> soon once I can confirm I am adding only the necessities for supporting HTTPS
> on the webUIs.
> As an added benefit -- this patch actually provides HTTPS webUI to HBase by
> extension. If you take a hadoop-core jar compiled with this patch and put it
> into the hbase/lib directory and apply the necessary configs to hbase/conf.
> ========= OLD IDEA(s) BEHIND ADDING HTTPS (look @ Sept 17th patch) ==========
> In order to provide full security around the cluster, the webUI should also
> be secure if desired to prevent cookie theft and user masquerading.
> Here is my proposed work. Currently I can only add HTTPS support. I do not
> know how to switch reliance of the HttpServer from HTTP to HTTPS fully.
> In order to facilitate this change I propose the following configuration
> additions:
> CONFIG PROPERTY -> DEFAULT VALUE
> mapred.https.enable -> false
> mapred.https.need.client.auth -> false
> mapred.https.server.keystore.resource -> "ssl-server.xml"
> mapred.job.tracker.https.port -> 50035
> mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
> mapred.task.tracker.https.port -> 50065
> mapred.task.tracker.https.address -> "<IP_ADDR>:50065"
> I tested this on my local box after using keytool to generate a SSL
> certficate. You will need to change ssl-server.xml to point to the .keystore
> file after. Truststore may not be necessary; you can just point it to the
> keystore.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
