Details

    • Type: Improvement
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.0.3
    • Fix Version/s: None
    • Component/s: security, webapps
    • Labels:
      None
    • Target Version/s:

      Description

      After investigating the methodology used to add HTTPS support in branch-2, I feel that this same approach should be back-ported to branch-1. I have taken many of the patches used for branch-2 and merged them in.

      I was working on top of HDP 1 at the time - I will provide a patch for trunk soon once I can confirm I am adding only the necessities for supporting HTTPS on the webUIs.

      As an added benefit – this patch actually provides HTTPS webUI to HBase by extension. If you take a hadoop-core jar compiled with this patch and put it into the hbase/lib directory and apply the necessary configs to hbase/conf.

      ========= OLD IDEA(s) BEHIND ADDING HTTPS (look @ Sept 17th patch) ==========

      In order to provide full security around the cluster, the webUI should also be secure if desired to prevent cookie theft and user masquerading.

      Here is my proposed work. Currently I can only add HTTPS support. I do not know how to switch reliance of the HttpServer from HTTP to HTTPS fully.

      In order to facilitate this change I propose the following configuration additions:
      CONFIG PROPERTY -> DEFAULT VALUE
      mapred.https.enable -> false
      mapred.https.need.client.auth -> false
      mapred.https.server.keystore.resource -> "ssl-server.xml"
      mapred.job.tracker.https.port -> 50035
      mapred.job.tracker.https.address -> "<IP_ADDR>:50035"
      mapred.task.tracker.https.port -> 50065
      mapred.task.tracker.https.address -> "<IP_ADDR>:50065"

      I tested this on my local box after using keytool to generate a SSL certficate. You will need to change ssl-server.xml to point to the .keystore file after. Truststore may not be necessary; you can just point it to the keystore.

        Attachments

        1. branch-1.2-patch.txt
          192 kB
          Michael Weng
        2. branch-1.2-patch.txt2
          192 kB
          Michael Weng
        3. branch-1.2-patch.txt3
          192 kB
          Michael Weng
        4. branch-1.2-patch.txt4
          194 kB
          Michael Weng
        5. branch-1.2-patch.txt5
          194 kB
          Michael Weng
        6. branch-1.2-patch.txt6
          193 kB
          Michael Weng
        7. branch-1.2-patch.txt7
          193 kB
          Michael Weng
        8. MAPREDUCE-4461.patch
          4 kB
          Plamen Jeliazkov
        9. MAPREDUCE-4661.patch
          120 kB
          Plamen Jeliazkov
        10. MAPREDUCE-4661.patch
          123 kB
          Plamen Jeliazkov
        11. MAPREDUCE-4661.patch
          88 kB
          Plamen Jeliazkov

          Issue Links

            Activity

              People

              • Assignee:
                michaelweng Michael Weng
                Reporter:
                zero45 Plamen Jeliazkov
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated: