[
https://issues.apache.org/jira/browse/MAPREDUCE-4661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Plamen Jeliazkov updated MAPREDUCE-4661:
----------------------------------------
Description:
In order to provide full security around the cluster, the webUI should also be
secure if desired to prevent cookie theft and user masquerading.
Here is my proposed work. Currently I can only add HTTPS support. I do not know
how to switch reliance of the HttpServer from HTTP to HTTPS fully.
In order to facilitate this change I propose the following configuration
additions:
CONFIG PROPERTY -> DEFAULT VALUE
mapred.https.enable -> true
mapred.https.need.client.auth -> false
mapred.https.server.keystore.resource -> "ssl-server.xml"
mapred.job.tracker.https.port -> 50035
mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
mapred.task.tracker.https.port -> 50065
mapred.task.tracker.https.address -> "<IP_ADDR>:50065"
I tested this on my local box after using keytool to generate a SSL certficate.
You will need to change ssl-server.xml to point to the .keystore file after.
Truststore may not be necessary; you can just point it to the keystore.
was:
In order to provide full security around the cluster, the webUI should also be
secure if desired to prevent cookie theft and user masquerading.
Here is my proposed work. Currently I can only add HTTPS support. I do not know
how to switch reliance of the HttpServer from HTTP to HTTPS fully.
In order to facilitate this change I propose the following configuration
additions:
CONFIG PROPERTY -> DEFAULT VALUE
mapred.https.enable -> true
mapred.https.need.client.auth -> false
mapred.job.tracker.https.port -> 50035
mapred.job.tracker.https.address -> IP:50035
mapred.https.server.keystore.resource -> "ssl-server.xml"
mapred.task.tracker.https.port -> 50065
mapred.task.tracker.https.address -> IP:50065
> Add HTTPS for JobTracker and TaskTracker
> ----------------------------------------
>
> Key: MAPREDUCE-4661
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4661
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Affects Versions: 1.0.0
> Reporter: Plamen Jeliazkov
> Assignee: Plamen Jeliazkov
> Attachments: MAPREDUCE-4461.patch
>
>
> In order to provide full security around the cluster, the webUI should also
> be secure if desired to prevent cookie theft and user masquerading.
> Here is my proposed work. Currently I can only add HTTPS support. I do not
> know how to switch reliance of the HttpServer from HTTP to HTTPS fully.
> In order to facilitate this change I propose the following configuration
> additions:
> CONFIG PROPERTY -> DEFAULT VALUE
> mapred.https.enable -> true
> mapred.https.need.client.auth -> false
> mapred.https.server.keystore.resource -> "ssl-server.xml"
> mapred.job.tracker.https.port -> 50035
> mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
> mapred.task.tracker.https.port -> 50065
> mapred.task.tracker.https.address -> "<IP_ADDR>:50065"
> I tested this on my local box after using keytool to generate a SSL
> certficate. You will need to change ssl-server.xml to point to the .keystore
> file after. Truststore may not be necessary; you can just point it to the
> keystore.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
