[ https://issues.apache.org/jira/browse/MAPREDUCE-4661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Weng updated MAPREDUCE-4661: ------------------------------------ Attachment: branch-1.2-patch.txt Continue Plamen's work. Here is the updating patch for branch 1.2. > Add HTTPS for WebUIs on Branch-1 > -------------------------------- > > Key: MAPREDUCE-4661 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-4661 > Project: Hadoop Map/Reduce > Issue Type: Improvement > Components: security, webapps > Affects Versions: 1.0.3 > Reporter: Plamen Jeliazkov > Assignee: Michael Weng > Attachments: branch-1.2-patch.txt, MAPREDUCE-4461.patch, > MAPREDUCE-4661.patch, MAPREDUCE-4661.patch, MAPREDUCE-4661.patch > > > After investigating the methodology used to add HTTPS support in branch-2, I > feel that this same approach should be back-ported to branch-1. I have taken > many of the patches used for branch-2 and merged them in. > I was working on top of HDP 1 at the time - I will provide a patch for trunk > soon once I can confirm I am adding only the necessities for supporting HTTPS > on the webUIs. > As an added benefit -- this patch actually provides HTTPS webUI to HBase by > extension. If you take a hadoop-core jar compiled with this patch and put it > into the hbase/lib directory and apply the necessary configs to hbase/conf. > ========= OLD IDEA(s) BEHIND ADDING HTTPS (look @ Sept 17th patch) ========== > In order to provide full security around the cluster, the webUI should also > be secure if desired to prevent cookie theft and user masquerading. > Here is my proposed work. Currently I can only add HTTPS support. I do not > know how to switch reliance of the HttpServer from HTTP to HTTPS fully. > In order to facilitate this change I propose the following configuration > additions: > CONFIG PROPERTY -> DEFAULT VALUE > mapred.https.enable -> false > mapred.https.need.client.auth -> false > mapred.https.server.keystore.resource -> "ssl-server.xml" > mapred.job.tracker.https.port -> 50035 > mapred.job.tracker.https.address -> "<IP_ADDR>:50035" > mapred.task.tracker.https.port -> 50065 > mapred.task.tracker.https.address -> "<IP_ADDR>:50065" > I tested this on my local box after using keytool to generate a SSL > certficate. You will need to change ssl-server.xml to point to the .keystore > file after. Truststore may not be necessary; you can just point it to the > keystore. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira