[
https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15987906#comment-15987906
]
Haibo Chen commented on YARN-6457:
----------------------------------
My apologies for being slow looking at this! With the change, If
ssl.server.keystore.location is set by users, ssl-server.xml will no longer be
loaded.
This is an issue if cluster admins have relied on the ssl-server.xml to force
the ssl configurations (by making the properties final in the file).
Now users can just work around that by specifying ssl.server.keystore.location.
I wonder if we could do things similar in SSLFactory, that is,
we allow users to configure 'hadoop.ssl.server.conf', which defaults to
ssl-server.xml. Users can then specify the new configuration property and
upload their own ssl-server.xml file to distributed cache. If cluster admins
wants to force ssl configurations, they can make hadoop.ssl.server.conf
final in yarn-site.xml. Does that work for your use case?
> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>
> Key: YARN-6457
> URL: https://issues.apache.org/jira/browse/YARN-6457
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: webapp, yarn
> Reporter: Sanjay M Pujare
> Original Estimate: 96h
> Remaining Estimate: 96h
>
> Currently a custom SSL store cannot be passed on to WebApps which forces the
> embedded web-server to use the default keystore set up in ssl-server.xml for
> the whole Hadoop cluster. There are cases where the Hadoop app needs to use
> its own/custom keystore.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
