[jira] [Commented] (MAPREDUCE-4661) Add HTTPS for JobTracker and TaskTracker

Wed, 03 Oct 2012 17:37:10 -0700 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-4661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13469035#comment-13469035
 ] 

Alejandro Abdelnur commented on MAPREDUCE-4661:
-----------------------------------------------

you'd need the sslfactory stuff from MAPREDUCE-4417 (there is a patch for 
branch-1 which as not been committed, see JIRA for details) and then you'll 
have to tweak JSPs and a few other places to use the HttpConfig from 
HADOOP-8581 to create the URLs. Also, in Hadoop 1 the HttpServer is shared 
between shuffle and the webui, so you'll have to make sure you use 2 
connectors, one SSL for the webui and one clear for shuffle, for all the webui 
requests you have to ensure they are not served over the clear connector 
(shuffle's), you could do this with a filter.
                
> Add HTTPS for JobTracker and TaskTracker
> ----------------------------------------
>
>                 Key: MAPREDUCE-4661
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4661
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>    Affects Versions: 1.0.0, 2.0.0-alpha
>            Reporter: Plamen Jeliazkov
>            Assignee: Plamen Jeliazkov
>         Attachments: MAPREDUCE-4461.patch
>
>
> In order to provide full security around the cluster, the webUI should also 
> be secure if desired to prevent cookie theft and user masquerading. 
> Here is my proposed work. Currently I can only add HTTPS support. I do not 
> know how to switch reliance of the HttpServer from HTTP to HTTPS fully.
> In order to facilitate this change I propose the following configuration 
> additions:
> CONFIG PROPERTY -> DEFAULT VALUE
> mapred.https.enable -> false
> mapred.https.need.client.auth -> false
> mapred.https.server.keystore.resource -> "ssl-server.xml"
> mapred.job.tracker.https.port -> 50035
> mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
> mapred.task.tracker.https.port -> 50065
> mapred.task.tracker.https.address -> "<IP_ADDR>:50065"
> I tested this on my local box after using keytool to generate a SSL 
> certficate. You will need to change ssl-server.xml to point to the .keystore 
> file after. Truststore may not be necessary; you can just point it to the 
> keystore.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to