[jira] [Commented] (YARN-2174) Enabling HTTPs for the writer REST API of TimelineServer

Tue, 19 Aug 2014 10:49:35 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-2174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14102528#comment-14102528
 ] 

Varun Vasudev commented on YARN-2174:
-------------------------------------

[~zjshen] is it possible to explicitly assert in the tests that the entities 
were posted using https? If there is some wrong configuration, the configurator 
silently falls back to http and the test will still pass. The reason I bring 
this up is that I saw a similar issue with webhdfs today.

{noformat}
2014-08-19 09:54:51,398 DEBUG web.URLConnectionFactory 
(URLConnectionFactory.java:newDefaultURLConnectionFactory(86)) - Cannot load 
customized ssl related configuration. Fallback to system-generic settings.
java.io.FileNotFoundException: /etc/security/clientKeys/all.jks (No such file 
or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at 
org.apache.hadoop.security.ssl.ReloadingX509TrustManager.loadTrustManager(ReloadingX509TrustManager.java:164)
        at 
org.apache.hadoop.security.ssl.ReloadingX509TrustManager.<init>(ReloadingX509TrustManager.java:81)
        at 
org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:207)
        at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:121)
        at 
org.apache.hadoop.hdfs.web.URLConnectionFactory.newSslConnConfigurator(URLConnectionFactory.java:109)
        at 
org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:84)
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.initialize(WebHdfsFileSystem.java:149)
        at 
org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2596)
        at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:91)
        at 
org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2630)
        at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2612)
        at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
        at 
org.apache.hadoop.hdfs.web.TokenAspect$TokenManager.getInstance(TokenAspect.java:86)
        at 
org.apache.hadoop.hdfs.web.TokenAspect$TokenManager.renew(TokenAspect.java:71)
        at org.apache.hadoop.security.token.Token.renew(Token.java:377)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:478)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:475)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:415)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1614)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.renewToken(DelegationTokenRenewer.java:474)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.handleAppSubmitEvent(DelegationTokenRenewer.java:392)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.access$500(DelegationTokenRenewer.java:70)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.handleDTRenewerAppSubmitEvent(DelegationTokenRenewer.java:658)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.run(DelegationTokenRenewer.java:639)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
{noformat}

Note that the log is a debug log. In a production scenario, you'll never know. 
Just want to make sure that we don't end up testing the http workflow because 
of a misconfiguration.

> Enabling HTTPs for the writer REST API of TimelineServer
> --------------------------------------------------------
>
>                 Key: YARN-2174
>                 URL: https://issues.apache.org/jira/browse/YARN-2174
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2174.1.patch, YARN-2174.2.patch
>
>
> Since we'd like to allow the application to put the timeline data at the 
> client, the AM and even the containers, we need to provide the way to 
> distribute the keystore.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to