[
https://issues.apache.org/jira/browse/LOG4J2-2072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16205951#comment-16205951
]
Frank Swanson commented on LOG4J2-2072:
---------------------------------------
Matt,
Thanks a lot for the link I think after looking at it some yesterday from the
testing perspective I will certainly be using that pacakage. Seems like I can
just do test very similar to or update the current flume test but configure in
the SSL on the appender and the source using an existing trustore and keystore,
with that testing should be pretty easy. Your comment seems to elude more to an
implementation decision. Maybe it would be best to discuss that some prior to
opening a PR.
>From an implementation perspective I had considered using SSLConfiguration as
>a parameter to the FlumeAppender.createAppender method. On considering that, I
>like the idea of the clarity as its usage in HTTPAppender and elsewhere is
>outstanding, but as a user of this method I think that the clarity offered by
>that is outweighed by complexity of adding another paramter to an already
>considerable creation method. By implementing simply, exactly as i
>describe(just passing through the properties) the only sort of change to users
>not interested in this feature is one of documentation:
https://github.com/apache/logging-log4j2/blob/master/log4j-flume-ng/src/main/java/org/apache/logging/log4j/flume/appender/FlumeAppender.java#L141
* @param properties Properties to pass to the embedded agent.
changes to:
* @param properties Properties to pass to the Managers.
This move would also unify all the 3 manager types(Avro,Embedded and
Persistitent) as the embedded and persistent managers currently pass those
properties through already, only the avro manager does not. It would also
correct a slightly incorrect thing as the comment currently indicates that
these properties will only be passed to the embedded agent while they will be
passed to the FlumeEmbeddedManager as well as FlumePersistentManager. Adding
another parameter most users will set to null does not seem for the best.
I understand there may be more thinhd the maintainers are more aware of than I
and respect that. Thank you for helping to guide me with design to make for an
easy PR.
> Support TLS configuration through FlumeAppender
> -----------------------------------------------
>
> Key: LOG4J2-2072
> URL: https://issues.apache.org/jira/browse/LOG4J2-2072
> Project: Log4j 2
> Issue Type: Bug
> Components: Flume Appender
> Affects Versions: 2.9.1
> Reporter: Frank Swanson
>
> When using the FlumeAppnder with a FlumeAvroManager it would be nice to be
> able to pass some properties through to the connect method for the RpcClient
> to support SSL configuration.
> The required properties to support the configuration are ~
> properties[0] =
> Property.createProperty(RpcClientConfigurationConstants.CONFIG_TRUST_ALL_CERTS,
> "false");
> properties[1] =
> Property.createProperty(RpcClientConfigurationConstants.CONFIG_SSL, "true");
> properties[2] =
> Property.createProperty(RpcClientConfigurationConstants.CONFIG_TRUSTSTORE,
> path_to_truststore);
> properties[3] =
> Property.createProperty(RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_PASSWORD,
> super_secret);
> properties[4] =
> Property.createProperty(RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_TYPE,
> "JKS");
> I am happy to provide a PR for this feature if supported.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
