[
https://issues.apache.org/jira/browse/YARN-8448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16642647#comment-16642647
]
Robert Kanter commented on YARN-8448:
-------------------------------------
Thanks [~haibochen] for the review. That's a good idea about BouncyCastle;
that'll make it easier to iterate on this patch because we won't have to wait
6+ hours each time :). I've filed HADOOP-15832 and put up a patch with just
the pom changes there. Once that's in, I'll update this JIRA's patch.
On your second point, if the policy is REQUIRED, the RM won't proxy you to a
non-HTTPS AM. You'll instead get a warning page, similar to the
{{WebAppProxyServlet#warnUserPage}} code that warns the user in certain
situations when Kerberos is enabled. Take a look at the
{{WebAppProxyServlet#checkHttpsRequiredAndNotProvided}} method to see where
this is done. When set to OPTIONAL, this behavior doesn't trigger. If we fail
the AM, I'm concerned that it's going to make it harder for users with older
apps that can't be updated to use HTTPS. As it is now, with REQUIRED, you can
still run the AM if it's using HTTP, you just can't access it's web page (with
OPTIONAL, you'd still be able to access it's web page). Does that make sense?
> AM HTTPS Support
> ----------------
>
> Key: YARN-8448
> URL: https://issues.apache.org/jira/browse/YARN-8448
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Major
> Attachments: YARN-8448.001.patch, YARN-8448.002.patch,
> YARN-8448.003.patch, YARN-8448.004.patch, YARN-8448.005.patch,
> YARN-8448.006.patch
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
