IMPALA-5253: Use appropriate transport for StatestoreSubscriber This makes sure that the appropriate Thrift transport is used in the StatestoreSubscriber.
This patch also adds a custom cluster test to improve our security testing. Change-Id: I711b994bd82533d2a6dfad3f4c103f7caecc427b Reviewed-on: http://gerrit.cloudera.org:8080/6720 Reviewed-by: Sailesh Mukil <[email protected]> Tested-by: Impala Public Jenkins Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/1213843d Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/1213843d Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/1213843d Branch: refs/heads/master Commit: 1213843d54c79bcfbf613d3fd29a00b3e44e1151 Parents: 5294bb2 Author: Sailesh Mukil <[email protected]> Authored: Thu Mar 30 14:44:36 2017 -0700 Committer: Impala Public Jenkins <[email protected]> Committed: Thu Apr 27 11:24:04 2017 +0000 ---------------------------------------------------------------------- be/src/statestore/statestore-subscriber.cc | 10 ++++++++++ be/src/statestore/statestore.cc | 6 ++++-- 2 files changed, 14 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/1213843d/be/src/statestore/statestore-subscriber.cc ---------------------------------------------------------------------- diff --git a/be/src/statestore/statestore-subscriber.cc b/be/src/statestore/statestore-subscriber.cc index 28ac553..cb46e3b 100644 --- a/be/src/statestore/statestore-subscriber.cc +++ b/be/src/statestore/statestore-subscriber.cc @@ -48,6 +48,10 @@ DEFINE_int32(statestore_subscriber_cnxn_retry_interval_ms, 3000, "The interval, "to wait between attempts to make an RPC connection to the statestore."); DECLARE_string(ssl_client_ca_certificate); +DECLARE_string(ssl_server_certificate); +DECLARE_string(ssl_private_key); +DECLARE_string(ssl_private_key_password_cmd); + namespace impala { // Used to identify the statestore in the failure detector @@ -189,7 +193,13 @@ Status StatestoreSubscriber::Start() { heartbeat_server_.reset(new ThriftServer("StatestoreSubscriber", processor, heartbeat_address_.port, NULL, NULL, 5)); + if (EnableInternalSslConnections()) { + LOG(INFO) << "Enabling SSL for Statestore subscriber"; + RETURN_IF_ERROR(heartbeat_server_->EnableSsl(FLAGS_ssl_server_certificate, + FLAGS_ssl_private_key, FLAGS_ssl_private_key_password_cmd)); + } RETURN_IF_ERROR(heartbeat_server_->Start()); + LOG(INFO) << "Registering with statestore"; status = Register(); if (status.ok()) { http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/1213843d/be/src/statestore/statestore.cc ---------------------------------------------------------------------- diff --git a/be/src/statestore/statestore.cc b/be/src/statestore/statestore.cc index 1b1034e..a19de2e 100644 --- a/be/src/statestore/statestore.cc +++ b/be/src/statestore/statestore.cc @@ -226,10 +226,12 @@ Statestore::Statestore(MetricGroup* metrics) bind<void>(mem_fn(&Statestore::DoSubscriberUpdate), this, true, _1, _2)), update_state_client_cache_(new ClientCache<StatestoreSubscriberClient>(1, 0, FLAGS_statestore_update_tcp_timeout_seconds * 1000, - FLAGS_statestore_update_tcp_timeout_seconds * 1000)), + FLAGS_statestore_update_tcp_timeout_seconds * 1000, "", + EnableInternalSslConnections())), heartbeat_client_cache_(new ClientCache<StatestoreSubscriberClient>(1, 0, FLAGS_statestore_heartbeat_tcp_timeout_seconds * 1000, - FLAGS_statestore_heartbeat_tcp_timeout_seconds * 1000)), + FLAGS_statestore_heartbeat_tcp_timeout_seconds * 1000, "", + EnableInternalSslConnections())), thrift_iface_(new StatestoreThriftIf(this)), failure_detector_(new MissedHeartbeatFailureDetector( FLAGS_statestore_max_missed_heartbeats,
