Re: [SECURITY DISCUSSION] Refactoring Brokers to support multiple ports

[Joe Stein <jo...@stealth.ly>]

+1 to doing this, can you sub ticket in the security ticket when you create
the JIRA for this (unless you did it already and I missed it). I made one
comment in regards to the JSON returned on the confluence otherwise this
matches what we already agreed and discussed and like how it is breaking it
down into smaller chunks so that the different implementations can utilize
it.

/*******************************************
 Joe Stein
 Founder, Principal Consultant
 Big Data Open Source Security LLC
 http://www.stealth.ly
 Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop>
********************************************/

On Tue, Nov 25, 2014 at 2:13 PM, Gwen Shapira <gs...@cloudera.com> wrote:

> Hi Everyone,
>
> One of the pre-requisites we have for supporting multiple security
> protocols (SSL, Kerberos) is to support them on separate ports.
>
> This is done in KAFKA-1684 (The SSL Patch), but that patch addresses
> several different issues - Multiple ports, enriching the channels, SSL
> implementation - which makes it more challenging to review and to test.
>
> I'd like to split this into 3 separate patches: multi-port brokers,
> enriching SocketChannel, and  the actual security implementations.
>
> Since even just adding support for multiple listeners per broker is
> somewhat involved and touches multiple components, I wrote a short design
> document that covers the necessary changes and the upgrade process:
>
>
> https://cwiki.apache.org/confluence/display/KAFKA/Multiple+Listeners+for+Kafka+Brokers
>
> Comments are more than welcome :)
>
> If this is acceptable, hope to have a patch ready in few days.
>
> Gwen Shapira
>