You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@rocketmq.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/12/18 07:33:01 UTC
[jira] [Commented] (ROCKETMQ-335) Reload server certificate,
private key and root ca when these are changed
[ https://issues.apache.org/jira/browse/ROCKETMQ-335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294608#comment-16294608 ]
ASF GitHub Bot commented on ROCKETMQ-335:
-----------------------------------------
zhouxinyu opened a new pull request #207: [ROCKETMQ-335] Reload server certificate, private key and root ca when these are changed
URL: https://github.com/apache/rocketmq/pull/207
## What is the purpose of the change
JIRA: https://issues.apache.org/jira/browse/ROCKETMQ-335
TLS is supported in 4.2.0, but it doesn't support reload server certificate, private key and root ca when these are changed.
This feature can allow us to update the TLS pem files without downtime.
## Brief changelog
1. Add a FileWatchService to watch a target file when it's changed.
2. Support reload SSLContext for Broker and NameServer.
The multiple commits will be squashed when this PR is merged.
## Verifying this change
1. Run the FileWatchServiceTest to verify the notify mechanism for changed file.
2. Run the unit test `reloadSslContextForServer` to verify the SSLContext reload mechanism.
Follow this checklist to help us incorporate your contribution quickly and easily:
- [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/projects/ROCKETMQ/issues/) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
- [x] Format the pull request title like `[ROCKETMQ-XXX] Fix UnknownException when host config not exist`. Each commit in the pull request should have a meaningful subject line and body.
- [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
- [x] Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add integration-test in [test module](https://github.com/apache/rocketmq/tree/master/test).
- [x] Run `mvn -B clean apache-rat:check findbugs:findbugs checkstyle:checkstyle` to make sure basic checks pass. Run `mvn clean install -DskipITs` to make sure unit-test pass. Run `mvn clean test-compile failsafe:integration-test` to make sure integration-test pass.
- [x] If this contribution is large, please file an [Apache Individual Contributor License Agreement](http://www.apache.org/licenses/#clas).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> Reload server certificate, private key and root ca when these are changed
> -------------------------------------------------------------------------
>
> Key: ROCKETMQ-335
> URL: https://issues.apache.org/jira/browse/ROCKETMQ-335
> Project: Apache RocketMQ
> Issue Type: Improvement
> Components: rocketmq-broker, rocketmq-namesrv, rocketmq-remoting
> Reporter: yukon
> Assignee: yukon
> Fix For: 4.3.0
>
>
> Tls is supported in 4.2.0, but it doesn't support reload server certificate, private key and root ca when these are changed.
> This feature can allow us to update the TLS pem files without downtime.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)