You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/10/19 05:16:36 UTC

[GitHub] [pulsar] michaeljmarshall opened a new pull request, #18097: [feat][zk] Enable certificate refresh for Quorum and Netty Servers

michaeljmarshall opened a new pull request, #18097:
URL: https://github.com/apache/pulsar/pull/18097

   Fixes https://github.com/apache/pulsar-helm-chart/issues/285
   
   ### Motivation
   
   The current Pulsar SSL Server Contexts always reload certificates from the file system. Zookeeper supports such options, but we do not enable them by default. I propose we do that.
   
   Apache Zookeeper documentation:
   
   > sslQuorumReloadCertFiles : (No Java system property) New in 3.5.5, 3.6.0: Allows Quorum SSL keyStore and trustStore reloading when the certificates on the filesystem change without having to restart the ZK process. Default: false
   
   > client.certReload : (Java system property: zookeeper.client.certReload) New in 3.7.2, 3.8.1, 3.9.0: Allows client SSL keyStore and trustStore reloading when the certificates on the filesystem change without having to restart the ZK process. Default: false
   
   ### Modifications
   
   * Enable the Quorum server to update its context (already available)
   * Enable the Netty Server to update its context (not available until ZK 3.8.1 or 3.9.0 https://issues.apache.org/jira/browse/ZOOKEEPER-3806, but won't hurt anything to get for free when we upgrade)
   
   ### Verifying this change
   
   This is a trivial configuration change.
   
   ### Does this pull request potentially affect one of the following parts:
   
   - [x] The default values of configurations
   
   I do not believe this needs a PIP because our standard default is already to refresh certificates in the broker, function worker, the proxy, and the websocket proxy.
   
   ### Documentation
   
   - [x] `doc-not-needed` <!-- Your PR changes do not impact docs -->
   
   ### Matching PR in forked repository
   
   PR in forked repository: https://github.com/michaeljmarshall/pulsar/pull/5
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codecov-commenter commented on pull request #18097: [feat][zk] Enable certificate refresh for Quorum and Netty Servers

Posted by GitBox <gi...@apache.org>.

codecov-commenter commented on PR #18097:
URL: https://github.com/apache/pulsar/pull/18097#issuecomment-1283467715

   # [Codecov](https://codecov.io/gh/apache/pulsar/pull/18097?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
   > :exclamation: No coverage uploaded for pull request base (`master@69deb1f`). [Click here to learn what that means](https://docs.codecov.io/docs/error-reference?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#section-missing-base-commit).
   > The diff coverage is `n/a`.
   
   [![Impacted file tree graph](https://codecov.io/gh/apache/pulsar/pull/18097/graphs/tree.svg?width=650&height=150&src=pr&token=acYqCpsK9J&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)](https://codecov.io/gh/apache/pulsar/pull/18097?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   
   ```diff
   @@            Coverage Diff            @@
   ##             master   #18097   +/-   ##
   =========================================
     Coverage          ?   27.05%           
     Complexity        ?     3540           
   =========================================
     Files             ?      393           
     Lines             ?    43424           
     Branches          ?     4464           
   =========================================
     Hits              ?    11748           
     Misses            ?    29826           
     Partials          ?     1850           
   ```
   
   | Flag | Coverage Δ | |
   |---|---|---|
   | unittests | `27.05% <0.00%> (?)` | |
   
   Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nodece commented on pull request #18097: [feat][zk] Enable certificate refresh for Quorum and Netty Servers

Posted by GitBox <gi...@apache.org>.

nodece commented on PR #18097:
URL: https://github.com/apache/pulsar/pull/18097#issuecomment-1283293807

   ```
   sslQuorumReloadCertFiles : (No Java system property) New in 3.5.5, 3.6.0: Allows Quorum SSL keyStore and trustStore reloading when the certificates on the filesystem change without having to restart the ZK process. Default: false
   
   client.certReload : (Java system property: zookeeper.client.certReload) New in 3.7.2, 3.8.1, 3.9.0: Allows client SSL keyStore and trustStore reloading when the certificates on the filesystem change without having to restart the ZK process. Default: false
   ```
   
   LGTM
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] Technoboy- closed pull request #18097: [feat][zk] Enable certificate refresh for Quorum and Netty Servers

Posted by GitBox <gi...@apache.org>.

Technoboy- closed pull request #18097: [feat][zk] Enable certificate refresh for Quorum and Netty Servers
URL: https://github.com/apache/pulsar/pull/18097


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] michaeljmarshall commented on pull request #18097: [feat][zk] Enable certificate refresh for Quorum and Netty Servers

Posted by GitBox <gi...@apache.org>.

michaeljmarshall commented on PR #18097:
URL: https://github.com/apache/pulsar/pull/18097#issuecomment-1283307191

   Good idea to reference the ZK documentation @nodece. I updated my PR's description with it. Thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nodece merged pull request #18097: [feat][zk] Enable certificate refresh for Quorum and Netty Servers

Posted by GitBox <gi...@apache.org>.

nodece merged PR #18097:
URL: https://github.com/apache/pulsar/pull/18097


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org