You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by xi...@apache.org on 2024/02/05 18:44:23 UTC

(pinot) branch master updated: log information about SSLFactory renewal (#12357)

This is an automated email from the ASF dual-hosted git repository.

xiangfu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git


The following commit(s) were added to refs/heads/master by this push:
     new 3cefed570b log information about SSLFactory renewal (#12357)
3cefed570b is described below

commit 3cefed570b663cf66d799f752985262bcd6bd954
Author: Haitao Zhang <ha...@startree.ai>
AuthorDate: Mon Feb 5 10:44:17 2024 -0800

    log information about SSLFactory renewal (#12357)
    
    * log infomation about SSLFactory renewal
    
    * update log
    
    * fix typo
---
 .../src/main/java/org/apache/pinot/common/utils/TlsUtils.java  | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
index 11084efcc6..e905f7aafa 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
@@ -433,6 +433,8 @@ public final class TlsUtils {
       String trustStoreType, String trustStorePath, String trustStorePassword,
       String sslContextProtocol, SecureRandom secureRandom)
       throws IOException, URISyntaxException, InterruptedException {
+    LOGGER.info("Enable auto renewal of SSLFactory {} when key store {} or trust store {} changes",
+        baseSslFactory, keyStorePath, trustStorePath);
     WatchService watchService = FileSystems.getDefault().newWatchService();
     Map<WatchKey, Set<Path>> watchKeyPathMap = new HashMap<>();
     registerFile(watchService, watchKeyPathMap, keyStorePath);
@@ -442,10 +444,15 @@ public final class TlsUtils {
       for (WatchEvent<?> event : key.pollEvents()) {
         Path changedFile = (Path) event.context();
         if (watchKeyPathMap.get(key).contains(changedFile)) {
+          LOGGER.info("Detected change in file: {}, try to renew SSLFactory {} "
+              + "(built from key store {} and truststore {})",
+              changedFile, baseSslFactory, keyStorePath, trustStorePath);
           SSLFactory updatedSslFactory = createSSLFactory(
               keyStoreType, keyStorePath, keyStorePassword, trustStoreType, trustStorePath, trustStorePassword,
               sslContextProtocol, secureRandom, false);
           SSLFactoryUtils.reload(baseSslFactory, updatedSslFactory);
+          LOGGER.info("Successfully renewed SSLFactory {} (built from key store {} and truststore {}) "
+                  + "on file {} changes", baseSslFactory, keyStorePath, trustStorePath, changedFile);
         }
       }
       key.reset();
@@ -514,6 +521,9 @@ public final class TlsUtils {
       if (trustStoreStream != null) {
         trustStoreStream.close();
       }
+      LOGGER.info("Successfully created SSLFactory {} with key store {} and trust store {}. "
+              + "Key and trust material swappable: {}",
+          sslFactory, keyStorePath, trustStorePath, keyAndTrustMaterialSwappable);
       return sslFactory;
     } catch (Exception e) {
       throw new IllegalStateException(e);


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org