[
https://issues.apache.org/jira/browse/YARN-9701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tarun Parimi updated YARN-9701:
-------------------------------
Description:
Yarn service commands use the yarn service rest api. When ssl is enabled for
RM, the yarn service commands fail as they don't read the ssl-client.xml
configs to create ssl connection to the rest api.
This becomes a problem especially for self signed certificates as the
truststore location specified at ssl.client.truststore.location is not
considered by commands.
As workaround, we need to import the certificates to the java default cacert
for the yarn service commands to work via ssl. It would be more proper if the
yarn service commands makes use of the configs at ssl-client.xml instead to
configure and create an ssl client connection. This workaround may not even
work if there are additional properties configured in ssl-client.xml that are
necessary apart from the truststore related properties.
was:
Yarn service commands use the yarn service rest api. When ssl is enabled for
RM, the yarn service commands fail as they don't read the ssl-client.xml
configs to create ssl connection to the rest api.
This becomes a problem especially for self signed certificates as the
truststore location specified at ssl.client.truststore.location is not
considered by commands.
As workaround, we need to import the certificates to the java default cacert
for the yarn service commands to work via ssl. It would be more proper if the
yarn service commands makes use of the configs at ssl-client.xml instead to
configure and create an ssl client connection.
> Yarn service cli commands do not connect to ssl enabled RM using
> ssl-client.xml configs
> ---------------------------------------------------------------------------------------
>
> Key: YARN-9701
> URL: https://issues.apache.org/jira/browse/YARN-9701
> Project: Hadoop YARN
> Issue Type: Bug
> Components: yarn-native-services
> Affects Versions: 3.1.0
> Reporter: Tarun Parimi
> Assignee: Tarun Parimi
> Priority: Major
>
> Yarn service commands use the yarn service rest api. When ssl is enabled for
> RM, the yarn service commands fail as they don't read the ssl-client.xml
> configs to create ssl connection to the rest api.
> This becomes a problem especially for self signed certificates as the
> truststore location specified at ssl.client.truststore.location is not
> considered by commands.
> As workaround, we need to import the certificates to the java default cacert
> for the yarn service commands to work via ssl. It would be more proper if the
> yarn service commands makes use of the configs at ssl-client.xml instead to
> configure and create an ssl client connection. This workaround may not even
> work if there are additional properties configured in ssl-client.xml that are
> necessary apart from the truststore related properties.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
