mridulm commented on code in PR #2469:
URL: https://github.com/apache/celeborn/pull/2469#discussion_r1573310872
##########
common/src/main/java/org/apache/celeborn/common/network/ssl/SSLFactory.java:
##########
@@ -85,6 +96,28 @@ private void initJdkSslContext(final Builder b) throws
IOException, GeneralSecur
this.jdkSslContext = createSSLContext(requestedProtocol, keyManagers,
trustManagers);
}
+ /*
+ * As b.trustStore is null, credulousTrustStoreManagers will be used - and
so all
+ * certs will be accepted - and hence self-signed cert from lifecycle
manager will
+ * be accepted at executors: nothing else needs to be done to enable its
+ * use - other than generation of the certificate itself, which is what gets
done here.
+ */
+ private void configureAutoSsl(Builder b) {
+ // The keystore creation ideally be done only at Lifecycle manager, and
not in executors
+ // It does not cause issues to run it at executors, though it is not
necessary.
+ // How can be identify this scenario and ensure this is not invoked at
executors ?
Review Comment:
Interesting idea !
My concern would be if this makes it slightly difficult to configure ... rpc
client module would be the client side to lifecycle manager module at driver,
right ? So becomes important to keep some of the configs in sync ... we could
inherit the configs, but not sure if that becomes intuitive as project evolves.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
