[ https://issues.apache.org/jira/browse/YARN-8448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16642647#comment-16642647 ]
Robert Kanter commented on YARN-8448: ------------------------------------- Thanks [~haibochen] for the review. That's a good idea about BouncyCastle; that'll make it easier to iterate on this patch because we won't have to wait 6+ hours each time :). I've filed HADOOP-15832 and put up a patch with just the pom changes there. Once that's in, I'll update this JIRA's patch. On your second point, if the policy is REQUIRED, the RM won't proxy you to a non-HTTPS AM. You'll instead get a warning page, similar to the {{WebAppProxyServlet#warnUserPage}} code that warns the user in certain situations when Kerberos is enabled. Take a look at the {{WebAppProxyServlet#checkHttpsRequiredAndNotProvided}} method to see where this is done. When set to OPTIONAL, this behavior doesn't trigger. If we fail the AM, I'm concerned that it's going to make it harder for users with older apps that can't be updated to use HTTPS. As it is now, with REQUIRED, you can still run the AM if it's using HTTP, you just can't access it's web page (with OPTIONAL, you'd still be able to access it's web page). Does that make sense? > AM HTTPS Support > ---------------- > > Key: YARN-8448 > URL: https://issues.apache.org/jira/browse/YARN-8448 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Robert Kanter > Assignee: Robert Kanter > Priority: Major > Attachments: YARN-8448.001.patch, YARN-8448.002.patch, > YARN-8448.003.patch, YARN-8448.004.patch, YARN-8448.005.patch, > YARN-8448.006.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org