Skip to content

Issue 41 security #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mkaranasou wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Issue 41 security #43

mkaranasou wants to merge 4 commits into from

Conversation

@mkaranasou
Copy link
Collaborator

@mkaranasou mkaranasou commented Aug 20, 2020
edited
Loading

Adding spark security and encryption. SSL and basic authentication for one user (one admin) for the UI.
closes #41

@mkaranasou mkaranasou added the enhancement New feature or request label Aug 20, 2020
@mkaranasou mkaranasou self-assigned this Aug 20, 2020
mkaranasou
mkaranasou commented Aug 22, 2020
View reviewed changes
conf/conf_example_baskerville.yaml
kryoserializer_buffer: '1024k' # It is suggested that you omit setting kryoserializer_buffer_max and kryoserializer_buffer and only set them if you get serialization errors.
driver_java_options: '-verbose:gc' # Optional. When on a local machine with less than 36GB of ram -XX:+UseCompressedOops
executor_extra_java_options: '-verbose:gc' # Optional. When on a local machine with less than 36GB of ram -XX:+UseCompressedOops
auth_secret: 'TEST_SECRET' # Optional. For RPC auth in cluster set up
Copy link
Collaborator Author

@mkaranasou mkaranasou Aug 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be tested on the cluster.

data/scripts/ssl_for_sparkui.sh
keytool -exportcert -keystore "$KEYSTORE_PATH/keystore" -alias selfsigned -storepass $STORE_PASS -file spark.cer

# note: do not forget to import cert in all nodes
keytool -importcert -keystore "$TRUSTSTORE_PATH/truststore" -alias selfsigned -storepass $STORE_PASS -file spark.cer -noprompt No newline at end of file
Copy link
Collaborator Author

@mkaranasou mkaranasou Aug 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have checked this only locally. We'll need to test this on the cluster.

src/baskerville/spark/__init__.py
conf.set('spark.ssl.keyStore', spark_conf.ssl_keystore)
conf.set('spark.ssl.keyStorePassword', spark_conf.ssl_keystore_password)
conf.set('spark.ssl.keyPassword', spark_conf.ssl_keypassword)
conf.set('spark.ssl.protocol', 'TLSv1.2')
Copy link
Collaborator Author

@mkaranasou mkaranasou Aug 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure about the tls protocol version, will double check.

@mkaranasou mkaranasou requested a review from mazhurin August 24, 2020 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mazhurin mazhurin Awaiting requested review from mazhurin

Assignees

@mkaranasou mkaranasou

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mkaranasou