Uploaded image for project: 'Apache Apex Core'
  1. Apache Apex Core
  2. APEXCORE-711

Support custom SSL keystore for the Stram REST API web service

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.7.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently StrAM supports only the default Hadoop SSL configuration for the web-service because it uses org.apache.hadoop.yarn.webapp.WebApps helper class which has the limitation of only using the default Hadoop SSL config that is read from Hadoop's ssl-server.xml resource file. Some users have run into a situation where Hadoops' SSL keystore is not available on most cluster nodes or the Stram process doesn't have read access to the keystore even when present. So there is a need for the Stram to use a custom SSL keystore and configuration that does not suffer from these limitations.

      There is already a PR https://github.com/apache/hadoop/pull/213 to Hadoop to support this in Hadoop and it is in the process of getting merged soon.

      After that Stram needs to be enhanced (this JIRA) to accept the location of a custom ssl-server.xml file (supplied by the client via a DAG attribute) and use the values from that file to set up the config object to be passed to WebApps which will end up using the custom SSL configuration. This approach has already been verified in a prototype.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sanjaypujare Sanjay M Pujare
                Reporter:
                sanjaypujare Sanjay M Pujare
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 72h
                  72h
                  Remaining:
                  Remaining Estimate - 72h
                  72h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified