Skip to content
Snippets Groups Projects
Commit e328f577 authored by wm624@hotmail.com's avatar wm624@hotmail.com Committed by Sean Owen
Browse files

[SPARK-17002][CORE] Document that spark.ssl.protocol. is required for SSL 

## What changes were proposed in this pull request?

`spark.ssl.enabled`=true, but failing to set `spark.ssl.protocol` will fail and throw meaningless exception. `spark.ssl.protocol` is required when `spark.ssl.enabled`.

Improvement: require `spark.ssl.protocol` when initializing SSLContext, otherwise throws an exception to indicate that.

Remove the OrElse("default").

Document this requirement in configure.md

## How was this patch tested?

(Please explain how this patch was tested. E.g. unit tests, integration tests, manual tests)

Manual tests:
Build document and check document

Configure `spark.ssl.enabled` only, it throws exception below:
6/08/16 16:04:37 INFO SecurityManager: SecurityManager: authentication disabled; ui acls disabled; users  with view permissions: Set(mwang); groups with view permissions: Set(); users  with modify permissions: Set(mwang); groups with modify permissions: Set()
Exception in thread "main" java.lang.IllegalArgumentException: requirement failed: spark.ssl.protocol is required when enabling SSL connections.
	at scala.Predef$.require(Predef.scala:224)
	at org.apache.spark.SecurityManager.<init>(SecurityManager.scala:285)
	at org.apache.spark.deploy.master.Master$.startRpcEnvAndEndpoint(Master.scala:1026)
	at org.apache.spark.deploy.master.Master$.main(Master.scala:1011)
	at org.apache.spark.deploy.master.Master.main(Master.scala)

Configure `spark.ssl.protocol`  and `spark.ssl.protocol`
It works fine.

Author: wm624@hotmail.com <wm624@hotmail.com>

Closes #14674 from wangmiao1981/ssl.
parent 7f08a60b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/src/main/scala/org/apache/spark/SecurityManager.scala
+ 4
1
View file @ e328f577
...@@ -282,7 +282,10 @@ private[spark] class SecurityManager(sparkConf: SparkConf) ...@@ -282,7 +282,10 @@ private[spark] class SecurityManager(sparkConf: SparkConf)
}: TrustManager }: TrustManager
}) })
val sslContext = SSLContext.getInstance(fileServerSSLOptions.protocol.getOrElse("Default")) require(fileServerSSLOptions.protocol.isDefined,
"spark.ssl.protocol is required when enabling SSL connections.")
val sslContext = SSLContext.getInstance(fileServerSSLOptions.protocol.get)
sslContext.init(null, trustStoreManagers.getOrElse(credulousTrustStoreManagers), null) sslContext.init(null, trustStoreManagers.getOrElse(credulousTrustStoreManagers), null)
val hostVerifier = new HostnameVerifier { val hostVerifier = new HostnameVerifier {
......
docs/configuration.md
+ 3
0
View file @ e328f577
...@@ -1472,6 +1472,9 @@ Apart from these, the following properties are also available, and may be useful ...@@ -1472,6 +1472,9 @@ Apart from these, the following properties are also available, and may be useful
<td> <td>
<p>Whether to enable SSL connections on all supported protocols.</p> <p>Whether to enable SSL connections on all supported protocols.</p>
<p>When <code>spark.ssl.enabled</code> is configured, <code>spark.ssl.protocol</code>
is required.</p>
<p>All the SSL settings like <code>spark.ssl.xxx</code> where <code>xxx</code> is a <p>All the SSL settings like <code>spark.ssl.xxx</code> where <code>xxx</code> is a
particular configuration property, denote the global configuration for all the supported particular configuration property, denote the global configuration for all the supported
protocols. In order to override the global configuration for the particular protocol, protocols. In order to override the global configuration for the particular protocol,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment