EnableAsync opened a new pull request, #9483: URL: https://github.com/apache/rocketmq/pull/9483
<!-- Please make sure the target branch is right. In most case, the target branch should be `develop`. --> ### Which Issue(s) This PR Fixes <!-- Please ensure that the related issue has already been created, and [link this pull request to that issue using keywords](<https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword>) to ensure automatic closure. --> Fixes#8920 ### Brief Description This PR adds functionality to dynamically reload TLS certificates without requiring a server restart. The implementation monitors certificate and key files for changes and automatically updates the TLS configuration when both files are modified. Key changes: - Added file monitoring for TLS certificate and private key files - Implemented logic to detect simultaneous changes to both files - Added certificate reload mechanism that updates TLS configuration in-place - Eliminated the need for service restarts when renewing certificates This feature improves system availability by allowing certificate updates with zero downtime, which is particularly valuable for production environments with automatic certificate renewal processes. <!-- Write a brief description for your pull request to help the maintainer understand the reasons behind your changes. --> ### How Did You Test This Change? <!-- In order to ensure the code quality of Apache RocketMQ, we expect every pull request to have undergone thorough testing. --> I've implemented comprehensive tests to validate the dynamic TLS certificate update feature. The tests cover several key aspects: 1. TlsCertificateManager Tests - Verified the certificate monitoring logic correctly detects changes in certificate files - Confirmed reload is triggered when both certificate and key files are modified - Validated that changes to trust certificates trigger immediate reload - Ensured the listener notification system works properly when certificate files change 2. gRPC Server TLS Context Tests - Tested successful SSL context reloading for gRPC servers - Verified proper error handling for certificate exceptions during reload - Confirmed error handling for IO exceptions during reload - Validated that reload handlers are properly registered and unregistered - Verified the SSL context is correctly replaced after a reload event 3. Remoting Server TLS Context Tests - Confirmed the Netty remoting server properly updates its SSL context when triggered - Validated that the TlsCertificateManager correctly notifies all registered listeners - Verified that the SSL context is actually replaced with a new instance - Tested integration between the certificate manager and the remoting server components These tests ensure the system can update TLS certificates without requiring a service restart, improving system availability during certificate renewals. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@rocketmq.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
