[GitHub] [hadoop] ferdelyi commented on a diff in pull request #5638: HADOOP-18709. Add curator based ZooKeeper communication support over…

Mon, 15 May 2023 08:02:33 -0700 


ferdelyi commented on code in PR #5638:
URL: https://github.com/apache/hadoop/pull/5638#discussion_r1193971771


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/curator/ZKCuratorManager.java:
##########
@@ -478,10 +558,53 @@ public ZooKeeper newZooKeeper(String connectString, int 
sessionTimeout,
       if (zkClientConfig.isSaslClientEnabled() && 
!isJaasConfigurationSet(zkClientConfig)) {
         setJaasConfiguration(zkClientConfig);
       }
+      if (sslEnabled) {
+        setSslConfiguration(zkClientConfig);
+      }
       return new ZooKeeper(connectString, sessionTimeout, watcher,
           canBeReadOnly, zkClientConfig);
     }
 
+    /**
+     * Configure ZooKeeper Client with SSL/TLS connection.
+     * @param zkClientConfig ZooKeeper Client configuration
+     * */
+    private void setSslConfiguration(ZKClientConfig zkClientConfig) throws 
ConfigurationException {
+      this.setSslConfiguration(zkClientConfig, new ClientX509Util());
+    }
+    public void setSslConfiguration(ZKClientConfig zkClientConfig, 
ClientX509Util x509Util )
+            throws ConfigurationException {
+      LOG.info("Configuring the ZooKeeper client to use SSL/TLS encryption for 
connecting to the ZooKeeper server.");
+      if (StringUtils.isEmpty(this.keystoreLocation)) {
+        throw new ConfigurationException(
+                  "The keystore location parameter is empty for the ZooKeeper 
client connection.");
+      }
+      if (StringUtils.isEmpty(this.keystorePassword)) {
+        throw new ConfigurationException(
+                  "The keystore password parameter is empty for the ZooKeeper 
client connection.");
+      }
+      if (StringUtils.isEmpty(this.truststoreLocation)) {
+        throw new ConfigurationException(
+                  "The truststore location parameter is empty for the 
ZooKeeper client connection.");
+      }
+      if (StringUtils.isEmpty(this.truststorePassword)) {
+        throw new ConfigurationException(
+                  "The truststore password parameter is empty for the 
ZooKeeper client connection.");
+      }
+      LOG.debug("Configuring the ZooKeeper client with {} {} location.",
+              this.keystoreLocation, 
CommonConfigurationKeys.ZK_SSL_KEYSTORE_LOCATION);

Review Comment:
   Thank you for the heads-up!



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to