[
https://issues.apache.org/jira/browse/SPARK-2750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
WangTaoTheTonic updated SPARK-2750:
-----------------------------------
Description:
Now I try to add https support for web ui using Jetty ssl integration.Below is
the plan:
1.Web UI include Master UI, Worker UI, HistoryServer UI and Spark Ui. User can
switch between https and http by configure "spark.http.policy" in JVM property
for each process, while choose http by default.
2.Web port of Master and worker would be decided in turn launch arguments, JVM
property, System Env and default.
3.Below is some other configuration items:
spark.ssl.server.keystore.location The file or URL of the SSL Key store
spark.ssl.server.keystore.password The password for the key store
spark.ssl.server.keystore.keypassword The password (if any) for the specific
key within the key store
spark.ssl.server.keystore.type The type of the key store (default "JKS")
spark.client.https.need-auth True if SSL needs client authentication
spark.ssl.server.truststore.location The file name or URL of the trust store
location
spark.ssl.server.truststore.password The password for the trust store
spark.ssl.server.truststore.type The type of the trust store (default "JKS")
Any feedback is welcome!
was:
Now I try to add https support for web ui using Jetty ssl integration.Below is
the plan:
1.Web UI include Master UI, Worker UI, HistoryServer UI and Spark Ui. User can
choose to use http or/and https way to acess them. We add some configuration
items here, for example, "SPARK_MASTER_WEBUI_HTTPS_PORT" in system envs claim
the https port for master ui. Different items would be added to control access
way of dirrenet processes in system envs, JVM Properties and launch args.
2.User choose access way according to their configuration. If http port is
assigned, then we start http service for web ui. If https port is assigned, we
start https. If both two are assigned, we start two. If neither is assigned, we
start http service at default port as same as now.
3.We should add some configuration items to state some args for ssl
authentication, like keystore location and keystore password in 1-way ssl,
truststore location in 2-way. User can also choose to switch between 1-way and
2-way.
Now I nearly have implemented the functions mentioned above. Here are some
questions:
We know there are some hyper links between Master and Worker and some from
Master to Spark UI(Driver UI). Now the link is their http addresses. So if we
add https to them, what we should do when users click the links?
Situation:
1.Master http port to Worker which opens https port only.
2.Master https port to Worker which opens http port only.
Any feedback is welcome!
> Add Https support for Web UI
> ----------------------------
>
> Key: SPARK-2750
> URL: https://issues.apache.org/jira/browse/SPARK-2750
> Project: Spark
> Issue Type: New Feature
> Components: Web UI
> Reporter: WangTaoTheTonic
> Labels: https, ssl, webui
> Original Estimate: 96h
> Remaining Estimate: 96h
>
> Now I try to add https support for web ui using Jetty ssl integration.Below
> is the plan:
> 1.Web UI include Master UI, Worker UI, HistoryServer UI and Spark Ui. User
> can switch between https and http by configure "spark.http.policy" in JVM
> property for each process, while choose http by default.
> 2.Web port of Master and worker would be decided in turn launch arguments,
> JVM property, System Env and default.
> 3.Below is some other configuration items:
> spark.ssl.server.keystore.location The file or URL of the SSL Key store
> spark.ssl.server.keystore.password The password for the key store
> spark.ssl.server.keystore.keypassword The password (if any) for the specific
> key within the key store
> spark.ssl.server.keystore.type The type of the key store (default "JKS")
> spark.client.https.need-auth True if SSL needs client authentication
> spark.ssl.server.truststore.location The file name or URL of the trust store
> location
> spark.ssl.server.truststore.password The password for the trust store
> spark.ssl.server.truststore.type The type of the trust store (default "JKS")
> Any feedback is welcome!
--
This message was sent by Atlassian JIRA
(v6.2#6252)
