[jira] [Commented] (YARN-6457) Allow custom SSL configuration to be supplied in WebApps

Wed, 04 Oct 2017 15:20:12 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16192159#comment-16192159
 ] 

Robert Kanter commented on YARN-6457:
-------------------------------------

{quote}was not loadDefaults set to false prior to the patch as well?{quote}
It was.  However, it only called that code before when the passed in 
Configuration was {{null}}.  Now it always does it.
{code:java}
if (sslConf == null) {          
   sslConf = new Configuration(false);
}
{code}
vs
{code:java}
Configuration sslConf = new Configuration(false);
{code}
The passed in config in the code path I'm interested in is not {{null}}, so it 
actually did not create the new Configuration in the original version.

In any case, I tried using HDFS HA + SSL + Hadoop Credstore after reverting 
YARN-6457 (so the original code was used), and everything works fine.  So this 
JIRA definitely affects this use case.

{quote}In case you plan to change loadDefaults, please see my prior comments 
regarding "ssl.server.truststore.location"{quote}
Could you please clarify?  I looked back at the earlier comments and I'm still 
not understanding the issue.

> Allow custom SSL configuration to be supplied in WebApps
> --------------------------------------------------------
>
>                 Key: YARN-6457
>                 URL: https://issues.apache.org/jira/browse/YARN-6457
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: webapp, yarn
>            Reporter: Sanjay M Pujare
>            Assignee: Sanjay M Pujare
>             Fix For: 2.9.0, 2.7.4, 3.0.0-alpha4, 2.8.2
>
>         Attachments: YARN-6457.00.patch, YARN-6457.01.patch
>
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Currently a custom SSL store cannot be passed on to WebApps which forces the 
> embedded web-server to use the default keystore set up in ssl-server.xml for 
> the whole Hadoop cluster. There are cases where the Hadoop app needs to use 
> its own/custom keystore.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to