[PR] [fix](bdbje) release SSL certificate monitor threads on factory shutdown [doris-thirdparty]

Mon, 09 Feb 2026 01:15:06 -0800 


Hastyshell opened a new pull request, #380:
URL: https://github.com/apache/doris-thirdparty/pull/380

   Summary
   This PR fixes a thread leak of `BDB-SSL-Certificate-Monitor` in SSL/TLS mode.
   In some production scenarios, short-lived admin/ping/channel-factory objects 
are created repeatedly, but their internal certificate-monitor scheduler 
threads are not released. This causes monitor threads to accumulate over time.
    Root Cause
   - `SSLChannelFactory` creates a dedicated scheduled executor for certificate 
monitoring.
   - The channel factory lacked a unified lifecycle shutdown contract at the 
interface level.
   - Some call paths (including admin/ping utility paths) did not release 
internally created factories.
   - Certificate monitoring could be initialized even when PEM monitoring 
preconditions were not fully met.
    Changes
   - Add `shutdown()` default lifecycle hook to `DataChannelFactory` (no-op by 
default for compatibility).
   - Ensure `SSLChannelFactory.shutdown()` is invoked on major shutdown paths:
     - `RepImpl` close/abnormal-close paths
     - `Monitor.shutdown()`
   - Add ownership-aware close handling:
     - `ReplicationGroupAdmin.close()`
     - `DbPing.close()`
     - `DbGroupAdmin` now closes `ReplicationGroupAdmin` in `finally`
   - Tighten SSL cert monitor initialization:
     - Start monitor only when PEM cert/key/CA are fully configured
     - Skip monitor setup for keystore mode or incomplete PEM config
    Expected Result
   - `BDB-SSL-Certificate-Monitor` threads no longer grow linearly with 
repeated admin/ping/factory creation.
   - Existing non-SSL and simple channel factory behavior remains compatible 
due to default no-op shutdown contract.
    Validation
   - Code-level verification of all factory ownership and shutdown paths.
   - Build attempt in current environment is blocked by Maven PKIX trust-chain 
issue when downloading plugins (environmental, not code-logic related).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to