You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by xi...@apache.org on 2021/05/13 19:51:16 UTC
[incubator-pinot] branch master updated: initialize server tls
regardless of uploader https settings (#6911)
This is an automated email from the ASF dual-hosted git repository.
xiangfu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 7b4d9b5 initialize server tls regardless of uploader https settings (#6911)
7b4d9b5 is described below
commit 7b4d9b57729cf94ffe70e6c9df9c740c8105f6d0
Author: Alexander Pucher <ap...@apache.org>
AuthorDate: Thu May 13 12:50:09 2021 -0700
initialize server tls regardless of uploader https settings (#6911)
* initialize server tls early
* use default ssl on null arg
Co-authored-by: Alexander Pucher <al...@alexpucher.com>
---
.../apache/pinot/common/utils/FileUploadDownloadClient.java | 3 +++
.../apache/pinot/server/starter/helix/HelixServerStarter.java | 11 +++++++++++
2 files changed, 14 insertions(+)
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java
index ba32144..91fb6ce 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java
@@ -132,6 +132,9 @@ public class FileUploadDownloadClient implements Closeable {
* @param sslContext SSL context
*/
public FileUploadDownloadClient(@Nullable SSLContext sslContext) {
+ if (sslContext == null) {
+ sslContext = _defaultSSLContext;
+ }
_httpClient = HttpClients.custom().setSSLContext(sslContext).build();
}
diff --git a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
index c4053a6..920b055 100644
--- a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
+++ b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
@@ -30,6 +30,7 @@ import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
import org.apache.helix.HelixAdmin;
import org.apache.helix.HelixDataAccessor;
import org.apache.helix.HelixManager;
@@ -56,7 +57,9 @@ import org.apache.pinot.core.common.datatable.DataTableBuilder;
import org.apache.pinot.core.data.manager.InstanceDataManager;
import org.apache.pinot.core.query.request.context.ThreadTimer;
import org.apache.pinot.core.transport.ListenerConfig;
+import org.apache.pinot.core.transport.TlsConfig;
import org.apache.pinot.core.util.ListenerConfigUtil;
+import org.apache.pinot.core.util.TlsUtils;
import org.apache.pinot.segment.local.realtime.impl.invertedindex.RealtimeLuceneIndexRefreshState;
import org.apache.pinot.segment.local.segment.memory.PinotDataBuffer;
import org.apache.pinot.server.api.access.AccessControlFactory;
@@ -318,6 +321,14 @@ public class HelixServerStarter implements ServiceStartable {
LOGGER.info("Starting Pinot server");
long startTimeMs = System.currentTimeMillis();
+ // install default SSL context if necessary (even if not force-enabled everywhere)
+ TlsConfig tlsDefaults = TlsUtils.extractTlsConfig(_serverConf, Server.SERVER_TLS_PREFIX);
+ if (StringUtils.isNotBlank(tlsDefaults.getKeyStorePath()) || StringUtils
+ .isNotBlank(tlsDefaults.getTrustStorePath())) {
+ LOGGER.info("Installing default SSL context for any client requests");
+ TlsUtils.installDefaultSSLSocketFactory(tlsDefaults);
+ }
+
LOGGER.info("Initializing Helix manager with zkAddress: {}, clusterName: {}, instanceId: {}", _zkAddress,
_helixClusterName, _instanceId);
setupHelixSystemProperties();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org