[
https://issues.apache.org/jira/browse/HADOOP-16524?focusedWorklogId=521903&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-521903
]
ASF GitHub Bot logged work on HADOOP-16524:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 08/Dec/20 22:17
Start Date: 08/Dec/20 22:17
Worklog Time Spent: 10m
Work Description: bolerio commented on a change in pull request #2470:
URL: https://github.com/apache/hadoop/pull/2470#discussion_r538849072
##########
File path:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
##########
@@ -569,12 +577,45 @@ private ServerConnector createHttpsChannelConnector(
}
setEnabledProtocols(sslContextFactory);
+
+ long storesReloadInterval =
+
conf.getLong(FileBasedKeyStoresFactory.SSL_STORES_RELOAD_INTERVAL_TPL_KEY,
+ FileBasedKeyStoresFactory.DEFAULT_SSL_STORES_RELOAD_INTERVAL);
+
+ this.configurationChangeMonitor = storesReloadInterval > 0
+ ?
Optional.of(this.makeConfigurationChangeMonitor(storesReloadInterval,
sslContextFactory))
+ : Optional.empty();
+
conn.addFirstConnectionFactory(new
SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()));
return conn;
}
+ private java.util.Timer makeConfigurationChangeMonitor(long reloadInterval,
+
SslContextFactory.Server sslContextFactory) {
+ java.util.Timer timer = new java.util.Timer("SSL Certificates Store
Monitor", true);
Review comment:
Fixed.
##########
File path:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java
##########
@@ -29,20 +29,20 @@
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.text.MessageFormat;
+import java.util.Timer;
/**
* {@link KeyStoresFactory} implementation that reads the certificates from
* keystore files.
* <p>
- * if the trust certificates keystore file changes, the {@link TrustManager}
- * is refreshed with the new trust certificate entries (using a
- * {@link ReloadingX509TrustManager} trustmanager).
+ * If either the truststore or the keystore certificates file changes, it
would be refreshed
Review comment:
Fixed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 521903)
Time Spent: 1h 20m (was: 1h 10m)
> Automatic keystore reloading for HttpServer2
> --------------------------------------------
>
> Key: HADOOP-16524
> URL: https://issues.apache.org/jira/browse/HADOOP-16524
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kihwal Lee
> Assignee: Kihwal Lee
> Priority: Major
> Labels: pull-request-available
> Attachments: HADOOP-16524.patch
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Jetty 9 simplified reloading of keystore. This allows hadoop daemon's SSL
> cert to be updated in place without having to restart the service.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
