[YARN-9701] Yarn service cli commands do not connect to ssl enabled RM using ssl-client.xml configs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.1.0
Fix Version/s: None
Component/s: yarn-native-services
Labels:
None

Description

Yarn service commands use the yarn service rest api. When ssl is enabled for RM, the yarn service commands fail as they don't read the ssl-client.xml configs to create ssl connection to the rest api.

This becomes a problem especially for self signed certificates as the truststore location specified at ssl.client.truststore.location is not considered by commands.

As workaround, we need to import the certificates to the java default cacert for the yarn service commands to work via ssl. It would be more proper if the yarn service commands makes use of the configs at ssl-client.xml instead to configure and create an ssl client connection. This workaround may not even work if there are additional properties configured in ssl-client.xml that are necessary apart from the truststore related properties.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-9701.002.patch
10/Aug/19 04:52
25 kB
Tarun Parimi
YARN-9701.001.patch
30/Jul/19 18:21
10 kB
Tarun Parimi

Activity

People

Assignee:: Tarun Parimi

Reporter:: Tarun Parimi

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 25/Jul/19 11:20

Updated:: 23/Oct/19 16:14