Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Currently StrAM supports only the default Hadoop SSL configuration for the web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper class which has the limitation of only using the default Hadoop SSL config that is read from Hadoop's ssl-server.xml resource file. Some users have run into a situation where Hadoops' SSL keystore is not available on most cluster nodes or the Stram process doesn't have read access to the keystore even when present. So there is a need for the Stram to use a custom SSL keystore and configuration that does not suffer from these limitations.
There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to support this in Hadoop and it is in the process of getting merged soon.
After that Stram needs to be enhanced (this JIRA) to accept the location of a custom ssl-server.xml file (supplied by the client via a DAG attribute) and use the values from that file to set up the config object to be passed to WebApps which will end up using the custom SSL configuration. This approach has already been verified in a prototype.
Attachments
Issue Links
- depends upon
-
YARN-6457 Allow custom SSL configuration to be supplied in WebApps
- Resolved
- is depended upon by
-
APEXCORE-712 Support distribution of custom SSL material to the Stram node while launch the app
- Closed
- links to