[
https://issues.apache.org/jira/browse/MAPREDUCE-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16657444#comment-16657444
]
Robert Kanter commented on MAPREDUCE-4669:
------------------------------------------
Thanks [~haibochen] for the review.
The 004 patch:
- Rebased on latest trunk
- Renames {{withNeedsClientAuth}} to just {{needsClientAuth}}
-- [~haibochen] I went with this instead of {{withClientAuth}} to keep it
consistent with HttpServer2 and SSL, while still making it more normal sounding
- Now only adds the truststore if {{needsClientAuth}} is {{true}}
- Updated {{TestAMWebApp#testMRWebAppSSLEnabledWithClientAuth}} to also try a
wrong client cert
-- I kept this as part of the same test because that way it shows that a client
with the right cert works, while with the wrong cert does not
- Minor refactoring in {{TestAMWebApp}}
> MRAM web UI does not work with HTTPS
> ------------------------------------
>
> Key: MAPREDUCE-4669
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4669
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: mr-am
> Affects Versions: 2.0.3-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Robert Kanter
> Priority: Major
> Attachments: MAPREDUCE-4669.001.patch, MAPREDUCE-4669.002.patch,
> MAPREDUCE-4669.003.patch, MAPREDUCE-4669.004.patch
>
>
> With Kerberos enable, the MRAM runs as the user that submitted the job, thus
> the MRAM process cannot read the cluster keystore files to get the
> certificates to start its HttpServer using HTTPS.
> We need to decouple the keystore used by RM/NM/NN/DN (which are cluster
> provided) from the keystore used by AMs (which ought to be user provided).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
