[GitHub] zookeeper pull request #680: ZOOKEEPER-3174: Quorum TLS - support reloading ...

Tue, 06 Nov 2018 09:33:21 -0800 

GitHub user ivmaykov reopened a pull request:

    https://github.com/apache/zookeeper/pull/680

    ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store

    Allow reloading SSL trust stores and key stores from disk when the files on 
disk change.
    
    Note that this is stacked on top of #678 and #679 and thus includes them. 
Please only consider the ZOOKEEPER-3174 commit when reviewing. Once the other 
PRs are merged upstream, I will rebase this so it only contains one commit.
    
    ## Added support for reloading key/trust stores when the file on disk 
changes
    - new property `sslQuorumReloadCertFiles` which controls the behavior for 
reloading the key and trust store files for `QuorumX509Util`. Reloading of key 
and trust store for `ClientX509Util` is not in this PR but could be added easily
    - this allows a ZK server to keep running on a machine that uses 
short-lived certs that refresh frequently without having to restart the ZK 
process.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ivmaykov/zookeeper ZOOKEEPER-3174

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zookeeper/pull/680.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #680
    
----
commit 2122c8c23a0dbb27f9b2aff55e800e48d253f943
Author: Ilya Maykov <ilyam@...>
Date:   2018-10-25T00:41:48Z

    ZOOKEEPER-3173: Quorum TLS - support PEM trust/key stores
    ZOOKEEPER-3175: Quorum TLS - test improvements
    
    Add support for loading key and trust stores from PEM files.
    Also added test utils for testing X509-related code, because it
    was very difficult to untangle them from the PEM support code.

commit 69f5185c8c14720e94c81f0147ee9cbc2ae42f89
Author: Ilya Maykov <ilyam@...>
Date:   2018-10-25T01:22:24Z

    ZOOKEEPER-3172: Quorum TLS - fix port unification to allow rolling upgrades

commit d9e09dc73a42be079a6bd28b51c09635fff32e95
Author: Ilya Maykov <ilyam@...>
Date:   2018-10-25T01:54:06Z

    ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store

----


---

Reply via email to