[SPARK-2750][WEB UI]Add Https support for Web UI #5664
Conversation
|
Test build #30839 has finished for PR 5664 at commit
|
| @@ -1,571 +0,0 @@ | |||
| /* | |||
WangTaoTheTonic
force-pushed
the
SPARK-2750
branch
from
fef5003 to
d80f7e9
Compare
|
Test build #30841 has finished for PR 5664 at commit
|
WangTaoTheTonic
changed the title
|
Test build #31749 has finished for PR 5664 at commit
|
|
@vanzin After taking some look at the docs and codes, I rename the configs to @jacek-lewandowski Could you help to review yet? |
|
|
||
| logDebug(s"SSLConfiguration for file server: $fileServerSSLOptions") | ||
| logDebug(s"SSLConfiguration for Akka: $akkaSSLOptions") | ||
| logDebug(s"SSLConfiguration for Akka: $webUISSLOptions") |
|
Test build #31824 has finished for PR 5664 at commit
|
|
Jenkins, retest this please. |
|
@vanzin Not sure if we should modify |
|
Test build #31831 has finished for PR 5664 at commit
|
|
I'm not really familiar with Akka's SSL configuration, don't even know if they support those options. But if not modifying it, you should mention in the docs that the options don't apply to Akka. |
|
@CodingCat @jacek-lewandowski We add some configs for @pwendell @andrewor14 @srowen Do you know anybody else who is familiar with Akka'\s SSL configurations? |
|
@vanzin @JoshRosen is this already resolved by #3571? |
|
I don't think so; from what I remember, that PR only added SSL to the HTTP server that serves jars and files to executors, not to the server that serves the UI. |
|
@vanzin @andrewor14 I may take a look at this and finish or create a separate pr with my approach if you like. |
|
I'm not sure that YARN likes custom SSL certificates at all. Even if you do set up the RM proxy up for them, there's the issue that as they are host-wide, so every web/REST endpoint on the host can/should use the same certificate. That said, there's probably no explicit reason why the RM Proxy doesn't handle SSL except it's not been done —that'd be the place to add the code. Note of course that web/REST clients of AM web pages redirected via the Am filter will have their communications direct with that RM proxy, using SPNEGO and any https support of the AM proxy; you can lock down the long-haul bit of the communications without adding HTTPS. It's the in-cluster TCP connections that HTTPS -in-AM would address |
|
@WangTaoTheTonic can you rebase and squash? |
|
@jacek-lewandowski Okay I will rebase this in a week or so. |
|
@WangTaoTheTonic if you don't have time, would you mind if i take your commits, rebase, squash them and add few changes? |
|
@jacek-lewandowski Sure. I'm glad for this. |
|
@WangTaoTheTonic would you mind closing this patch for now? We can always re-open it later if there is interest or if @jacek-lewandowski takes over. |
|
I rebased this pr on the current master with a little pain 😄 |
|
ok once jacky raise the PR, I will close this one. |
|
I want to enable https on spark UI. I added following config to spark-defaults.config, but when we access spark ui via https::/:8080 or https://:443 or https://:8480, it's not able to connect. spark.ui.https.enabled true |
Based on #1980, as @scwf is busy doing sql stuff, I will finish this patch.