[ https://issues.apache.org/jira/browse/YARN-2174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14102528#comment-14102528 ]
Varun Vasudev commented on YARN-2174: ------------------------------------- [~zjshen] is it possible to explicitly assert in the tests that the entities were posted using https? If there is some wrong configuration, the configurator silently falls back to http and the test will still pass. The reason I bring this up is that I saw a similar issue with webhdfs today. {noformat} 2014-08-19 09:54:51,398 DEBUG web.URLConnectionFactory (URLConnectionFactory.java:newDefaultURLConnectionFactory(86)) - Cannot load customized ssl related configuration. Fallback to system-generic settings. java.io.FileNotFoundException: /etc/security/clientKeys/all.jks (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:146) at org.apache.hadoop.security.ssl.ReloadingX509TrustManager.loadTrustManager(ReloadingX509TrustManager.java:164) at org.apache.hadoop.security.ssl.ReloadingX509TrustManager.<init>(ReloadingX509TrustManager.java:81) at org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:207) at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:121) at org.apache.hadoop.hdfs.web.URLConnectionFactory.newSslConnConfigurator(URLConnectionFactory.java:109) at org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:84) at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.initialize(WebHdfsFileSystem.java:149) at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2596) at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:91) at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2630) at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2612) at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370) at org.apache.hadoop.hdfs.web.TokenAspect$TokenManager.getInstance(TokenAspect.java:86) at org.apache.hadoop.hdfs.web.TokenAspect$TokenManager.renew(TokenAspect.java:71) at org.apache.hadoop.security.token.Token.renew(Token.java:377) at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:478) at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:475) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1614) at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.renewToken(DelegationTokenRenewer.java:474) at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.handleAppSubmitEvent(DelegationTokenRenewer.java:392) at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.access$500(DelegationTokenRenewer.java:70) at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.handleDTRenewerAppSubmitEvent(DelegationTokenRenewer.java:658) at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.run(DelegationTokenRenewer.java:639) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) {noformat} Note that the log is a debug log. In a production scenario, you'll never know. Just want to make sure that we don't end up testing the http workflow because of a misconfiguration. > Enabling HTTPs for the writer REST API of TimelineServer > -------------------------------------------------------- > > Key: YARN-2174 > URL: https://issues.apache.org/jira/browse/YARN-2174 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Attachments: YARN-2174.1.patch, YARN-2174.2.patch > > > Since we'd like to allow the application to put the timeline data at the > client, the AM and even the containers, we need to provide the way to > distribute the keystore. -- This message was sent by Atlassian JIRA (v6.2#6252)