Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8439 )
Change subject: IMPALA-5054: [SECURITY] Enable KRPC w/ TLS in Impala ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/8439/1/be/src/rpc/rpc-mgr.h File be/src/rpc/rpc-mgr.h: http://gerrit.cloudera.org:8080/#/c/8439/1/be/src/rpc/rpc-mgr.h@183 PS1, Line 183: /// The following strings preserve the Kudu flags original values to restore in : /// Shutdown() as they will be modified by us. : string flag_save_ca_certificate_file; : string flag_save_rpc_private_key_file; : string flag_save_rpc_certificate_file; : string flag_save_rpc_private_key_password_cmd; : string flag_save_rpc_tls_ciphers; : string flag_save_rpc_tls_min_protocol; > why bother saving and restoring these flags? what's the case that would be In our Impala process we only always start one Messenger object ever. However, in our tests, we start multiple Messenger objects within the context of the same process. So if we don't save and restore the flags on exit, we leak the configuration of one Messenger object into the following ones. This is isn't great as we would ideally have all these as messenger options instead of process wide flags, but that's something not done yet on the Kudu side. I have a WIP patch for that but we decided against going forward with it now since that would change the APIs to use KRPC quite a bit. But it is something we'll need to pick up again in the future. https://gerrit.cloudera.org/#/c/6520/ -- To view, visit http://gerrit.cloudera.org:8080/8439 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I9a14a44fdea9ab668f3714eb69fdb188bce38f5a Gerrit-Change-Number: 8439 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Dan Hecht <[email protected]> Gerrit-Reviewer: Michael Ho <[email protected]> Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Comment-Date: Tue, 28 Nov 2017 17:04:33 +0000 Gerrit-HasComments: Yes
