[jira] [Commented] (YARN-2554) Slider AM Web UI is inaccessible if HTTPS/SSL is specified as the HTTP policy

Fri, 01 May 2015 22:02:45 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14524962#comment-14524962
 ] 

Hadoop QA commented on YARN-2554:
---------------------------------

\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:red}-1{color} | patch |   0m  0s | The patch command could not apply 
the patch during dryrun. |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL | 
http://issues.apache.org/jira/secure/attachment/12670251/YARN-2554.3.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / f1a152c |
| Console output | 
https://builds.apache.org/job/PreCommit-YARN-Build/7631/console |


This message was automatically generated.

> Slider AM Web UI is inaccessible if HTTPS/SSL is specified as the HTTP policy
> -----------------------------------------------------------------------------
>
>                 Key: YARN-2554
>                 URL: https://issues.apache.org/jira/browse/YARN-2554
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: webapp
>    Affects Versions: 2.6.0
>            Reporter: Jonathan Maron
>         Attachments: YARN-2554.1.patch, YARN-2554.2.patch, YARN-2554.3.patch, 
> YARN-2554.3.patch
>
>
> If the HTTP policy to enable HTTPS is specified, the RM and AM are 
> initialized with SSL listeners.  The RM has a web app proxy servlet that acts 
> as a proxy for incoming AM requests.  In order to forward the requests to the 
> AM the proxy servlet makes use of HttpClient.  However, the HttpClient 
> utilized is not initialized correctly with the necessary certs to allow for 
> successful one way SSL invocations to the other nodes in the cluster (it is 
> not configured to access/load the client truststore specified in 
> ssl-client.xml).   I imagine SSLFactory.createSSLSocketFactory() could be 
> utilized to create an instance that can be assigned to the HttpClient.
> The symptoms of this issue are:
> AM: Displays "unknown_certificate" exception
> RM:  Displays an exception such as "javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to