Major Description
When turning on SSL on the HistoryServer with spark.ssl.historyServer.enabled=true this opens up a second port, at the hardcoded result of calculating spark.history.ui.port + 400, and sets up a redirect from the original (http) port to the new (https) port.
$ netstat -nlp | grep 23714 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 :::18080 :::* LISTEN 23714/java tcp 0 0 :::18480 :::* LISTEN 23714/java
By enabling spark.ssl.historyServer.enabled I would have expected the one open port to change protocol from http to https, not to have 1) additional ports open 2) the http port remain open 3) the additional port at a value I didn't specify.
To fix this could take one of two approaches:
Approach 1:
- one port always, which is configured with spark.history.ui.port
- the protocol on that port is http by default
- or if spark.ssl.historyServer.enabled=true then it's https
Approach 2:
- add a new configuration item spark.history.ui.sslPort which configures the second port that starts up
In approach 1 we probably need a way to specify to Spark jobs whether the history server has ssl or not, based on SPARK-16988
That makes me think we should go with approach 2.
Attachments
Issue Links
- is duplicated by
-
SPARK-16987 Add spark-default.conf property to define https port for spark history server
-
- Resolved
-
- links to
