jeroen92 opened a new pull request, #21333:
URL: https://github.com/apache/kafka/pull/21333
When updating keystore/truststore, one can use the kafka-configs.sh CLI to
gracefully reconfigure the listeners and let them pick up the new certificates.
For RaftManager however this wasn't working as expected. E.g. when running
the kafka-configs command below, connections initated by the KafkaRaftManager
would not pick up the reconfiguration and kept using the old TLS settings
indefinitely, both on broker and controller nodes.
```/usr/local/kafka/bin/kafka-configs.sh --bootstrap-server
kafka-broker:9999 --alter --entity-type brokers --entity-name 2 --add-config
listener.name.CONTROLLER.ssl.keystore.location=/pki/broker.jks```
This was caused by:
1) The RaftManager ChannelBuilder isn't added to the DynamicBrokerConfig
reconfigurables
2) the RaftManager uses a 'stub-like' broker config which doesn't
receive any dynamic configuration updates.
This commit resolves both issues.
Delete this text and replace it with a detailed description of your change.
The
PR title and body will become the squashed commit message.
If you would like to tag individuals, add some commentary, upload images, or
include other supplemental information that should not be part of the
eventual
commit message, please use a separate comment.
If applicable, please include a summary of the testing strategy (including
rationale) for the proposed change. Unit and/or integration tests are
expected
for any behavior change and system tests should be considered for larger
changes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
