[jira] [Work logged] (HADOOP-16524) Automatic keystore reloading for HttpServer2

Tue, 08 Dec 2020 14:19:20 -0800 


     [ 
https://issues.apache.org/jira/browse/HADOOP-16524?focusedWorklogId=521906&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-521906
 ]

ASF GitHub Bot logged work on HADOOP-16524:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Dec/20 22:18
            Start Date: 08/Dec/20 22:18
    Worklog Time Spent: 10m 
      Work Description: bolerio commented on a change in pull request #2470:
URL: https://github.com/apache/hadoop/pull/2470#discussion_r538850068



##########
File path: 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java
##########
@@ -77,14 +84,118 @@
   public static final String DEFAULT_KEYSTORE_TYPE = "jks";
 
   /**
-   * Reload interval in milliseconds.
+   * The default time interval in milliseconds used to check if either
+   * of the truststore or keystore certificates file has changed and needs 
reloading.
    */
-  public static final int DEFAULT_SSL_TRUSTSTORE_RELOAD_INTERVAL = 10000;
+  public static final int DEFAULT_SSL_STORES_RELOAD_INTERVAL = 10000;
 
   private Configuration conf;
   private KeyManager[] keyManagers;
   private TrustManager[] trustManagers;
   private ReloadingX509TrustManager trustManager;
+  private Timer fileMonitoringTimer;
+
+
+  private void createTrustManagersFromConfiguration(SSLFactory.Mode mode,
+                                                    String truststoreType,
+                                                    String truststoreLocation,
+                                                    long storesReloadInterval)

Review comment:
       Yeah, but it's true the most of the code base doesn't have it.  Should I 
change? I don't mind...just inadvertently sneaking in my old habits I 
suppose....




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 521906)
    Time Spent: 1h 40m  (was: 1.5h)

> Automatic keystore reloading for HttpServer2
> --------------------------------------------
>
>                 Key: HADOOP-16524
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16524
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kihwal Lee
>            Assignee: Kihwal Lee
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HADOOP-16524.patch
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> Jetty 9 simplified reloading of keystore.   This allows hadoop daemon's SSL 
> cert to be updated in place without having to restart the service.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to