[GitHub] spark pull request #18846: [SPARK-21642][CORE] Use FQDN for DRIVER_HOST_ADDR...

Fri, 04 Aug 2017 09:16:43 -0700 

GitHub user thideeeee opened a pull request:

    https://github.com/apache/spark/pull/18846

    [SPARK-21642][CORE] Use FQDN for DRIVER_HOST_ADDRESS instead of ip address

    
    ## What changes were proposed in this pull request?
    
    The patch lets spark web ui use FQDN as its hostname instead of ip address.
    
    In current implementation, ip address of a driver host is set to 
DRIVER_HOST_ADDRESS. This becomes a problem when we enable SSL using 
"spark.ssl.enabled", "spark.ssl.trustStore" and "spark.ssl.keyStore" 
properties. When we configure these properties, spark web ui is launched with 
SSL enabled and the HTTPS server is configured with the custom SSL certificate 
you configured in these properties.
    In this case, client gets javax.net.ssl.SSLPeerUnverifiedException 
exception when the client accesses the spark web ui because the client fails to 
verify the SSL certificate (Common Name of the SSL cert does not match with 
DRIVER_HOST_ADDRESS).
    
    To avoid the exception, we should use FQDN of the driver host for 
DRIVER_HOST_ADDRESS.
    
    
    Error message that client gets when the client accesses spark web ui:
    javax.net.ssl.SSLPeerUnverifiedException: Certificate for <10.102.138.239> 
doesn't match any of the subject alternative names: []
    
    ## How was this patch tested?
    manual tests
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/thideeeee/spark SPARK-21642

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/spark/pull/18846.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #18846
    
----
commit afc07ee14974a38c3b6912dfd2943084d25eeccf
Author: Hideaki Tanaka <tana...@amazon.com>
Date:   2017-08-04T15:57:14Z

    [SPARK-21642][CORE] Use FQDN for DRIVER_HOST_ADDRESS instead of ip address

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org

Reply via email to