diff options
author | Jacek Lewandowski <lewandowski.jacek@gmail.com> | 2015-02-02 17:18:54 -0800 |
---|---|---|
committer | Josh Rosen <joshrosen@databricks.com> | 2015-02-02 17:27:26 -0800 |
commit | cfea30037ff4ac7e386a1478e7dce07ca3bb9072 (patch) | |
tree | da4acef82b34fde0536695e53669b16b32ff2889 /docs/configuration.md | |
parent | ef65cf09b04f915ab463a6d3bac12795318897f2 (diff) | |
download | spark-cfea30037ff4ac7e386a1478e7dce07ca3bb9072.tar.gz spark-cfea30037ff4ac7e386a1478e7dce07ca3bb9072.tar.bz2 spark-cfea30037ff4ac7e386a1478e7dce07ca3bb9072.zip |
Spark 3883: SSL support for HttpServer and Akka
SPARK-3883: SSL support for Akka connections and Jetty based file servers.
This story introduced the following changes:
- Introduced SSLOptions object which holds the SSL configuration and can build the appropriate configuration for Akka or Jetty. SSLOptions can be created by parsing SparkConf entries at a specified namespace.
- SSLOptions is created and kept by SecurityManager
- All Akka actor address creation snippets based on interpolated strings were replaced by a dedicated methods from AkkaUtils. Those methods select the proper Akka protocol - whether akka.tcp or akka.ssl.tcp
- Added tests cases for AkkaUtils, FileServer, SSLOptions and SecurityManager
- Added a way to use node local SSL configuration by executors and driver in standalone mode. It can be done by specifying spark.ssl.useNodeLocalConf in SparkConf.
- Made CoarseGrainedExecutorBackend not overwrite the settings which are executor startup configuration - they are passed anyway from Worker
Refer to https://github.com/apache/spark/pull/3571 for discussion and details
Author: Jacek Lewandowski <lewandowski.jacek@gmail.com>
Author: Jacek Lewandowski <jacek.lewandowski@datastax.com>
Closes #3571 from jacek-lewandowski/SPARK-3883-master and squashes the following commits:
9ef4ed1 [Jacek Lewandowski] Merge pull request #2 from jacek-lewandowski/SPARK-3883-docs2
fb31b49 [Jacek Lewandowski] SPARK-3883: Added SSL setup documentation
2532668 [Jacek Lewandowski] SPARK-3883: Refactored AkkaUtils.protocol method to not use Try
90a8762 [Jacek Lewandowski] SPARK-3883: Refactored methods to resolve Akka address and made it possible to easily configure multiple communication layers for SSL
72b2541 [Jacek Lewandowski] SPARK-3883: A reference to the fallback SSLOptions can be provided when constructing SSLOptions
93050f4 [Jacek Lewandowski] SPARK-3883: SSL support for HttpServer and Akka
Diffstat (limited to 'docs/configuration.md')
-rw-r--r-- | docs/configuration.md | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/docs/configuration.md b/docs/configuration.md index 08c6befaf3..62d3fca937 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -1242,6 +1242,86 @@ Apart from these, the following properties are also available, and may be useful </tr> </table> +#### Encryption + +<table class="table"> + <tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr> + <tr> + <td><code>spark.ssl.enabled</code></td> + <td>false</td> + <td> + <p>Whether to enable SSL connections on all supported protocols.</p> + + <p>All the SSL settings like <code>spark.ssl.xxx</code> where <code>xxx</code> is a + particular configuration property, denote the global configuration for all the supported + protocols. In order to override the global configuration for the particular protocol, + the properties must be overwritten in the protocol-specific namespace.</p> + + <p>Use <code>spark.ssl.YYY.XXX</code> settings to overwrite the global configuration for + particular protocol denoted by <code>YYY</code>. Currently <code>YYY</code> can be + either <code>akka</code> for Akka based connections or <code>fs</code> for broadcast and + file server.</p> + </td> + </tr> + <tr> + <td><code>spark.ssl.keyStore</code></td> + <td>None</td> + <td> + A path to a key-store file. The path can be absolute or relative to the directory where + the component is started in. + </td> + </tr> + <tr> + <td><code>spark.ssl.keyStorePassword</code></td> + <td>None</td> + <td> + A password to the key-store. + </td> + </tr> + <tr> + <td><code>spark.ssl.keyPassword</code></td> + <td>None</td> + <td> + A password to the private key in key-store. + </td> + </tr> + <tr> + <td><code>spark.ssl.trustStore</code></td> + <td>None</td> + <td> + A path to a trust-store file. The path can be absolute or relative to the directory + where the component is started in. + </td> + </tr> + <tr> + <td><code>spark.ssl.trustStorePassword</code></td> + <td>None</td> + <td> + A password to the trust-store. + </td> + </tr> + <tr> + <td><code>spark.ssl.protocol</code></td> + <td>None</td> + <td> + A protocol name. The protocol must be supported by JVM. The reference list of protocols + one can find on <a href="https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https">this</a> + page. + </td> + </tr> + <tr> + <td><code>spark.ssl.enabledAlgorithms</code></td> + <td>Empty</td> + <td> + A comma separated list of ciphers. The specified ciphers must be supported by JVM. + The reference list of protocols one can find on + <a href="https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https">this</a> + page. + </td> + </tr> +</table> + + #### Spark Streaming <table class="table"> <tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr> |