[
https://issues.apache.org/jira/browse/APEXCORE-711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15990108#comment-15990108
]
Sanjay M Pujare commented on APEXCORE-711:
------------------------------------------
[~vrozov] I tested it with my own hadoop-yarn-common-*.jar file that included
this fix described in YARN-6457. Note that the Yarn fix will eventually make it
to at least 2.7.1 and later branches and users who are interested in this
feature will need both this fix and the Yarn fix and the current set of users
who are looking for it are aware of that. I have already talked to a few Hadoop
developers (in fact a few from a major distributor) who have accepted the need
for this fix and have realized there is no other way to do this (look at the
WebApps.java code and the discussion in YARN-6457 and YARN-4562). I understand
the hesitation in having a new attribute that may not work in older Hadoop
versions but the upside of having this fix is much higher than any downside
(which I think is none).
> Support custom SSL keystore for the Stram REST API web service
> --------------------------------------------------------------
>
> Key: APEXCORE-711
> URL: https://issues.apache.org/jira/browse/APEXCORE-711
> Project: Apache Apex Core
> Issue Type: Improvement
> Reporter: Sanjay M Pujare
> Assignee: Sanjay M Pujare
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> Currently StrAM supports only the default Hadoop SSL configuration for the
> web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper
> class which has the limitation of only using the default Hadoop SSL config
> that is read from Hadoop's ssl-server.xml resource file. Some users have run
> into a situation where Hadoops' SSL keystore is not available on most cluster
> nodes or the Stram process doesn't have read access to the keystore even when
> present. So there is a need for the Stram to use a custom SSL keystore and
> configuration that does not suffer from these limitations.
> There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to
> support this in Hadoop and it is in the process of getting merged soon.
> After that Stram needs to be enhanced (this JIRA) to accept the location of a
> custom ssl-server.xml file (supplied by the client via a DAG attribute) and
> use the values from that file to set up the config object to be passed to
> WebApps which will end up using the custom SSL configuration. This approach
> has already been verified in a prototype.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
