From e328f577e81363f6b3f892931f20dbf68f7d29cf Mon Sep 17 00:00:00 2001 From: "wm624@hotmail.com" Date: Sun, 21 Aug 2016 11:51:46 +0100 Subject: [SPARK-17002][CORE] Document that spark.ssl.protocol. is required for SSL ## What changes were proposed in this pull request? `spark.ssl.enabled`=true, but failing to set `spark.ssl.protocol` will fail and throw meaningless exception. `spark.ssl.protocol` is required when `spark.ssl.enabled`. Improvement: require `spark.ssl.protocol` when initializing SSLContext, otherwise throws an exception to indicate that. Remove the OrElse("default"). Document this requirement in configure.md ## How was this patch tested? (Please explain how this patch was tested. E.g. unit tests, integration tests, manual tests) Manual tests: Build document and check document Configure `spark.ssl.enabled` only, it throws exception below: 6/08/16 16:04:37 INFO SecurityManager: SecurityManager: authentication disabled; ui acls disabled; users with view permissions: Set(mwang); groups with view permissions: Set(); users with modify permissions: Set(mwang); groups with modify permissions: Set() Exception in thread "main" java.lang.IllegalArgumentException: requirement failed: spark.ssl.protocol is required when enabling SSL connections. at scala.Predef$.require(Predef.scala:224) at org.apache.spark.SecurityManager.(SecurityManager.scala:285) at org.apache.spark.deploy.master.Master$.startRpcEnvAndEndpoint(Master.scala:1026) at org.apache.spark.deploy.master.Master$.main(Master.scala:1011) at org.apache.spark.deploy.master.Master.main(Master.scala) Configure `spark.ssl.protocol` and `spark.ssl.protocol` It works fine. Author: wm624@hotmail.com Closes #14674 from wangmiao1981/ssl. --- core/src/main/scala/org/apache/spark/SecurityManager.scala | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/src/main/scala/org/apache/spark/SecurityManager.scala b/core/src/main/scala/org/apache/spark/SecurityManager.scala index f72c7ded5e..a6550b6ca8 100644 --- a/core/src/main/scala/org/apache/spark/SecurityManager.scala +++ b/core/src/main/scala/org/apache/spark/SecurityManager.scala @@ -282,7 +282,10 @@ private[spark] class SecurityManager(sparkConf: SparkConf) }: TrustManager }) - val sslContext = SSLContext.getInstance(fileServerSSLOptions.protocol.getOrElse("Default")) + require(fileServerSSLOptions.protocol.isDefined, + "spark.ssl.protocol is required when enabling SSL connections.") + + val sslContext = SSLContext.getInstance(fileServerSSLOptions.protocol.get) sslContext.init(null, trustStoreManagers.getOrElse(credulousTrustStoreManagers), null) val hostVerifier = new HostnameVerifier { -- cgit v1.2.3