[jira] [Work logged] (HADOOP-16524) Automatic keystore reloading for HttpServer2

Tue, 17 Nov 2020 20:51:40 -0800 


     [ 
https://issues.apache.org/jira/browse/HADOOP-16524?focusedWorklogId=513341&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-513341
 ]

ASF GitHub Bot logged work on HADOOP-16524:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Nov/20 04:50
            Start Date: 18/Nov/20 04:50
    Worklog Time Spent: 10m 
      Work Description: bolerio opened a new pull request #2470:
URL: https://github.com/apache/hadoop/pull/2470


   Addresses https://issues.apache.org/jira/browse/HADOOP-16524, in addition 
covering the DataNode use case. 
   
   - Following the existing ReloadingX509TrustManager, a new 
ReloadingX509KeystoreManager was created.
   - Existing code slightly refactored so both trust manager and keystore 
reloading managers share the monitoring logic within a single java.util.Timer 
(and therefore a single thread). 
   - In HttpServer2, the same strategy as a previously proposed patch (see 
above) is used with SSLContextFactory.reload, but with the addition of cleanup 
upon stopping the server.
   - A new config parameter which applies to all of the above 
FileBasedKeyStoresFactory.SSL_STORES_RELOAD_INTERVAL_TPL_KEY supersedes the 
existing FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY which 
only applies to trust store reloading. Setting the value to 0 (default is 10s) 
to this parameter disables the reloading.
   
   If this PR is accepted, I would need guidance where/how to update the docs 
with that new configuration parameter.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 513341)
    Remaining Estimate: 0h
            Time Spent: 10m

> Automatic keystore reloading for HttpServer2
> --------------------------------------------
>
>                 Key: HADOOP-16524
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16524
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kihwal Lee
>            Assignee: Kihwal Lee
>            Priority: Major
>         Attachments: HADOOP-16524.patch
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Jetty 9 simplified reloading of keystore.   This allows hadoop daemon's SSL 
> cert to be updated in place without having to restart the service.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to