[ https://issues.apache.org/jira/browse/IMPALA-5263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Brown resolved IMPALA-5263. ----------------------------------- Resolution: Fixed Fix Version/s: (was: Product Backlog) Impala 2.10.0 {noformat} commit 428b5a1bfe5e8a533db95c98f8ffbc1f825cdcef Author: Michael Brown <mi...@cloudera.com> Date: Sat Jun 10 16:35:00 2017 -0700 IMPALA-5263: test infra: support CA bundles with secure clusters This patch adds the command line option --ca_cert to the common test infra CLI options for use alongside --use-ssl. This is useful when testing against a secured Impala cluster in which the SSL certs are self-signed. This will allow the SSL request to be validated. Using this option will also suppress noisy console warnings like: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html We also go further in this patch and use the warnings module to print these SSL-related warnings once and only once, instead of all over the place. In the case of the stress test, this greatly reduces the noise in the console log. Testing: - quick concurrent_select.py calls with and without --ca_cert to observe that connections still get made and the test runs smoothly. Some of this testing occurred without warning suppression, so that I could be sure the InsecureRequestWarnings were not occurring when using --ca_cert anymore. - ensured warnings are printed once, not multiple times Change-Id: Ifb9e466e4b7cde704cdc4cf98159c068c0a400a9 Reviewed-on: http://gerrit.cloudera.org:8080/7152 Reviewed-by: David Knupp <dkn...@cloudera.com> Tested-by: Impala Public Jenkins {noformat} > support CA bundles when running stress test against SSL'd Impala > ---------------------------------------------------------------- > > Key: IMPALA-5263 > URL: https://issues.apache.org/jira/browse/IMPALA-5263 > Project: IMPALA > Issue Type: Improvement > Components: Infrastructure > Affects Versions: Impala 2.9.0 > Reporter: Michael Brown > Assignee: Michael Brown > Fix For: Impala 2.10.0 > > > When running the stress test against an SSL'd Impala cluster, if the cluster > has self-signed certificates the KerberosClient and requests library we use > to query the Impala Web interface will fail. To get around that, I've set > verify=False for the request Session. However, requests seems to support a CA > bundle. If we can find a way to automate grabbing this CA bundle, we can try > to remove verify=False here and use the bundle instead. -- This message was sent by Atlassian JIRA (v6.4.14#64029)