Spark History Server SSL

Describes how to enable SSL for Spark History Server.

Note: For secure clusters, Spark History Server UI authentication is enabled by default. If passwords are present in both /opt/mapr/conf/ssl-client.xml and /opt/mapr/spark/spark-2.3.1/conf/spark-defaults.conf files, then the password from the spark-defaults.conf file is used.

Starting in MEP 4.0, for secure clusters, you can skip this step. For new installs done through the 6.0 MapR Installer, the installer enables this configuration. For manual installs and upgrades, running configure.sh -R enables these settings.

To configure SSL manually in a non-secure cluster or in versions earlier than MEP 4.0, add the following properties to the spark-default.conf file:

#HistoryServer https configure        
spark.yarn.historyServer.address <Spark History Server node hostname>:18480          
spark.ssl.protocol tls           
spark.ssl.historyServer.enabled true       
spark.ssl.trustStore $MAPR_HOME/conf/ssl_truststore         
spark.ssl.keyStore $MAPR_HOME/conf/ssl_keystore        
spark.ssl.trustStorePassword <ssl-keystore-password>        
spark.ssl.keyStorePassword <ssl-keystore-password> 
Note: If a cluster is secure and you use unsecured ports with HTTP, you will be automatically redirected to HTTPS with secure ports. For example, if on the secure cluster you go to http://node1:18080, you will be redirected to https://node1:18480.