[
https://issues.apache.org/jira/browse/YARN-11468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768055#comment-17768055
]
ASF GitHub Bot commented on YARN-11468:
---------------------------------------
ferdelyi commented on code in PR #6027:
URL: https://github.com/apache/hadoop/pull/6027#discussion_r1334511785
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMStoreCommands.java:
##########
@@ -101,6 +102,16 @@ public void testFormatConfStoreCmdForZK() throws Exception
{
}
}
+ @Test
+ public void testSSLEnabledConfiguration() {
+ //Test if we can enable SSL/TLS for the ZK Curator Client in YARN.
+ Configuration conf = new Configuration();
+ conf.set(YarnConfiguration.RM_ZK_CLIENT_SSL_ENABLED,
Boolean.TRUE.toString());
+
+ assertEquals("The " + YarnConfiguration.RM_ZK_CLIENT_SSL_ENABLED + " value
should be true.",
+ conf.get(YarnConfiguration.RM_ZK_CLIENT_SSL_ENABLED),
Boolean.TRUE.toString());
+ }
Review Comment:
Thank you Szilard for the review!
"The ZKCuratorManager is started with SSL disabled by default. " case is
implicitly covered in the already existing TestLeaderElectorService.java, as it
uses Curator.
Testing the SSL case will be more tricky due to CURATOR-658 "Add Support for
TLS-enabled TestingZooKeeperMain" won't be fixed, but it seems there is a way
by using ZooKeeperServerEmbeddedAdapter, which I need to explore how to
implement.
> Zookeeper SSL/TLS support
> -------------------------
>
> Key: YARN-11468
> URL: https://issues.apache.org/jira/browse/YARN-11468
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: resourcemanager
> Reporter: Ferenc Erdelyi
> Assignee: Ferenc Erdelyi
> Priority: Critical
>
> Zookeeper 3.5.5 server can operate with SSL/TLS secure connection with its
> clients.
> [https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide]
> The SSL communication should be possible in the different parts of YARN,
> where it communicates with Zookeeper servers. The Zookeeper clients are used
> in the following places:
> * ResourceManager
> * ZKConfigurationStore
> * ZKRMStateStore
> The yarn.resourcemanager.zk-client-ssl.enabled flag to enable SSL
> communication should be provided in the yarn-default.xml and the required
> parameters for the keystore and truststore should be picked up from the
> core-default.xml (HADOOP-18709)
> yarn.resourcemanager.ha.curator-leader-elector.enabled has to set to true via
> yarn-site.xml to make sure Curator is used, otherwise we can't enable SSL.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
