Adar Dembo has posted comments on this change. ( http://gerrit.cloudera.org:8080/9076 )
Change subject: KUDU-2265 CA-signed server certs for non-leader masters ...................................................................... Patch Set 4: (6 comments) I'm not a huge fan http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/integration-tests/CMakeLists.txt File src/kudu/integration-tests/CMakeLists.txt: http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/integration-tests/CMakeLists.txt@98 PS4, Line 98: ADD_KUDU_TEST(security-master-certificates-itest RESOURCE_LOCK "master-rpc-ports") Nit: retain alphabetical sorting. http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/integration-tests/security-master-certificates-itest.cc File src/kudu/integration-tests/security-master-certificates-itest.cc: http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/integration-tests/security-master-certificates-itest.cc@49 PS4, Line 49: class SecurityMasterCertsTest : public KuduTest { Is there a fixture you could inherit from that would set up the cluster for you? http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/integration-tests/security-master-certificates-itest.cc@51 PS4, Line 51: SecurityMasterCertsTest() { : } Can omit? http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/master/catalog_manager.h File src/kudu/master/catalog_manager.h: http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/master/catalog_manager.h@668 PS4, Line 668: bool NeedToPrepareFollower(); Doc? http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/master/catalog_manager.cc@539 PS4, Line 539: } else if (catalog_manager_->NeedToPrepareFollower() && l.owns_lock()) { I'm not a huge fan of this poll-based approach to figuring out whether we need to read the CA cert from the master tablet; I would prefer something where the leader "publishes" the CA cert to the master tablet and the followers "subscribe" to it and receive a notification. That said, what I prefer is far more work and would be a large-scale rearchitecture of the master, and since the poll is cheap, it seems fine for this use case. http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/mini-cluster/internal_mini_cluster.h File src/kudu/mini-cluster/internal_mini_cluster.h: http://gerrit.cloudera.org:8080/#/c/9076/4/src/kudu/mini-cluster/internal_mini_cluster.h@80 PS4, Line 80: // Whether to wait while catalog manager is started and properly initialized Nit: specify the default value here. -- To view, visit http://gerrit.cloudera.org:8080/9076 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia3539d58d10ed319ad1d8686c1259c92822fb710 Gerrit-Change-Number: 9076 Gerrit-PatchSet: 4 Gerrit-Owner: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <d...@cloudera.com> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-Comment-Date: Fri, 19 Jan 2018 22:53:05 +0000 Gerrit-HasComments: Yes
