You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by kw...@apache.org on 2017/04/28 19:28:18 UTC
[2/3] incubator-impala git commit: IMPALA-5253: Use appropriate
transport for StatestoreSubscriber
IMPALA-5253: Use appropriate transport for StatestoreSubscriber
This makes sure that the appropriate Thrift transport is used in
the StatestoreSubscriber.
This patch also adds a custom cluster test to improve our security
testing.
Change-Id: I711b994bd82533d2a6dfad3f4c103f7caecc427b
Reviewed-on: http://gerrit.cloudera.org:8080/6720
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
Tested-by: Impala Public Jenkins
Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/1213843d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/1213843d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/1213843d
Branch: refs/heads/master
Commit: 1213843d54c79bcfbf613d3fd29a00b3e44e1151
Parents: 5294bb2
Author: Sailesh Mukil <sa...@cloudera.com>
Authored: Thu Mar 30 14:44:36 2017 -0700
Committer: Impala Public Jenkins <im...@gerrit.cloudera.org>
Committed: Thu Apr 27 11:24:04 2017 +0000
----------------------------------------------------------------------
be/src/statestore/statestore-subscriber.cc | 10 ++++++++++
be/src/statestore/statestore.cc | 6 ++++--
2 files changed, 14 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/1213843d/be/src/statestore/statestore-subscriber.cc
----------------------------------------------------------------------
diff --git a/be/src/statestore/statestore-subscriber.cc b/be/src/statestore/statestore-subscriber.cc
index 28ac553..cb46e3b 100644
--- a/be/src/statestore/statestore-subscriber.cc
+++ b/be/src/statestore/statestore-subscriber.cc
@@ -48,6 +48,10 @@ DEFINE_int32(statestore_subscriber_cnxn_retry_interval_ms, 3000, "The interval,
"to wait between attempts to make an RPC connection to the statestore.");
DECLARE_string(ssl_client_ca_certificate);
+DECLARE_string(ssl_server_certificate);
+DECLARE_string(ssl_private_key);
+DECLARE_string(ssl_private_key_password_cmd);
+
namespace impala {
// Used to identify the statestore in the failure detector
@@ -189,7 +193,13 @@ Status StatestoreSubscriber::Start() {
heartbeat_server_.reset(new ThriftServer("StatestoreSubscriber", processor,
heartbeat_address_.port, NULL, NULL, 5));
+ if (EnableInternalSslConnections()) {
+ LOG(INFO) << "Enabling SSL for Statestore subscriber";
+ RETURN_IF_ERROR(heartbeat_server_->EnableSsl(FLAGS_ssl_server_certificate,
+ FLAGS_ssl_private_key, FLAGS_ssl_private_key_password_cmd));
+ }
RETURN_IF_ERROR(heartbeat_server_->Start());
+
LOG(INFO) << "Registering with statestore";
status = Register();
if (status.ok()) {
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/1213843d/be/src/statestore/statestore.cc
----------------------------------------------------------------------
diff --git a/be/src/statestore/statestore.cc b/be/src/statestore/statestore.cc
index 1b1034e..a19de2e 100644
--- a/be/src/statestore/statestore.cc
+++ b/be/src/statestore/statestore.cc
@@ -226,10 +226,12 @@ Statestore::Statestore(MetricGroup* metrics)
bind<void>(mem_fn(&Statestore::DoSubscriberUpdate), this, true, _1, _2)),
update_state_client_cache_(new ClientCache<StatestoreSubscriberClient>(1, 0,
FLAGS_statestore_update_tcp_timeout_seconds * 1000,
- FLAGS_statestore_update_tcp_timeout_seconds * 1000)),
+ FLAGS_statestore_update_tcp_timeout_seconds * 1000, "",
+ EnableInternalSslConnections())),
heartbeat_client_cache_(new ClientCache<StatestoreSubscriberClient>(1, 0,
FLAGS_statestore_heartbeat_tcp_timeout_seconds * 1000,
- FLAGS_statestore_heartbeat_tcp_timeout_seconds * 1000)),
+ FLAGS_statestore_heartbeat_tcp_timeout_seconds * 1000, "",
+ EnableInternalSslConnections())),
thrift_iface_(new StatestoreThriftIf(this)),
failure_detector_(new MissedHeartbeatFailureDetector(
FLAGS_statestore_max_missed_heartbeats,