[
https://issues.apache.org/jira/browse/IMPALA-5263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Brown resolved IMPALA-5263.
-----------------------------------
Resolution: Fixed
Fix Version/s: (was: Product Backlog)
Impala 2.10.0
{noformat}
commit 428b5a1bfe5e8a533db95c98f8ffbc1f825cdcef
Author: Michael Brown <mi...@cloudera.com>
Date: Sat Jun 10 16:35:00 2017 -0700
IMPALA-5263: test infra: support CA bundles with secure clusters
This patch adds the command line option --ca_cert to the common test
infra CLI options for use alongside --use-ssl. This is useful when
testing against a secured Impala cluster in which the SSL certs are
self-signed. This will allow the SSL request to be validated. Using this
option will also suppress noisy console warnings like:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.org/en/latest/security.html
We also go further in this patch and use the warnings module to print
these SSL-related warnings once and only once, instead of all over the
place. In the case of the stress test, this greatly reduces the noise in
the console log.
Testing:
- quick concurrent_select.py calls with and without --ca_cert to observe
that connections still get made and the test runs smoothly. Some of
this testing occurred without warning suppression, so that I could be
sure the InsecureRequestWarnings were not occurring when using
--ca_cert anymore.
- ensured warnings are printed once, not multiple times
Change-Id: Ifb9e466e4b7cde704cdc4cf98159c068c0a400a9
Reviewed-on: http://gerrit.cloudera.org:8080/7152
Reviewed-by: David Knupp <dkn...@cloudera.com>
Tested-by: Impala Public Jenkins
{noformat}
> support CA bundles when running stress test against SSL'd Impala
> ----------------------------------------------------------------
>
> Key: IMPALA-5263
> URL: https://issues.apache.org/jira/browse/IMPALA-5263
> Project: IMPALA
> Issue Type: Improvement
> Components: Infrastructure
> Affects Versions: Impala 2.9.0
> Reporter: Michael Brown
> Assignee: Michael Brown
> Fix For: Impala 2.10.0
>
>
> When running the stress test against an SSL'd Impala cluster, if the cluster
> has self-signed certificates the KerberosClient and requests library we use
> to query the Impala Web interface will fail. To get around that, I've set
> verify=False for the request Session. However, requests seems to support a CA
> bundle. If we can find a way to automate grabbing this CA bundle, we can try
> to remove verify=False here and use the bundle instead.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
