You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rocketmq.apache.org by yu...@apache.org on 2017/12/14 06:08:40 UTC
[rocketmq] 01/02: Reload the cert and private key dynamically in
name server
This is an automated email from the ASF dual-hosted git repository.
yukon pushed a commit to branch enhancedTls
in repository https://gitbox.apache.org/repos/asf/rocketmq.git
commit 8c0759e3a6c89d4391ec7dce513eb04d57ecc606
Author: yukon <yu...@apache.org>
AuthorDate: Wed Dec 13 20:34:28 2017 +0800
Reload the cert and private key dynamically in name server
---
.../apache/rocketmq/namesrv/NamesrvController.java | 29 ++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/namesrv/src/main/java/org/apache/rocketmq/namesrv/NamesrvController.java b/namesrv/src/main/java/org/apache/rocketmq/namesrv/NamesrvController.java
index 51b20b4..00cebf5 100644
--- a/namesrv/src/main/java/org/apache/rocketmq/namesrv/NamesrvController.java
+++ b/namesrv/src/main/java/org/apache/rocketmq/namesrv/NamesrvController.java
@@ -16,6 +16,7 @@
*/
package org.apache.rocketmq.namesrv;
+import java.io.IOException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
@@ -30,8 +31,11 @@ import org.apache.rocketmq.namesrv.processor.DefaultRequestProcessor;
import org.apache.rocketmq.namesrv.routeinfo.BrokerHousekeepingService;
import org.apache.rocketmq.namesrv.routeinfo.RouteInfoManager;
import org.apache.rocketmq.remoting.RemotingServer;
+import org.apache.rocketmq.remoting.common.TlsMode;
import org.apache.rocketmq.remoting.netty.NettyRemotingServer;
import org.apache.rocketmq.remoting.netty.NettyServerConfig;
+import org.apache.rocketmq.remoting.netty.TlsSystemConfig;
+import org.apache.rocketmq.srvutil.FileWatchService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -54,6 +58,7 @@ public class NamesrvController {
private ExecutorService remotingExecutor;
private Configuration configuration;
+ private FileWatchService fileWatchService;
public NamesrvController(NamesrvConfig namesrvConfig, NettyServerConfig nettyServerConfig) {
this.namesrvConfig = namesrvConfig;
@@ -95,6 +100,22 @@ public class NamesrvController {
}
}, 1, 10, TimeUnit.MINUTES);
+ if (TlsSystemConfig.tlsMode != TlsMode.DISABLED) {
+ // Register a listener to reload SslContext
+ try {
+ fileWatchService = new FileWatchService(
+ new String[] {TlsSystemConfig.tlsServerCertPath, TlsSystemConfig.tlsServerKeyPath},
+ new FileWatchService.Listener() {
+ @Override
+ public void onChanged() {
+ ((NettyRemotingServer) remotingServer).loadSslContext();
+ }
+ });
+ } catch (IOException e) {
+ log.warn("FileWatchService created error, can't load the certificate dynamically");
+ }
+ }
+
return true;
}
@@ -111,12 +132,20 @@ public class NamesrvController {
public void start() throws Exception {
this.remotingServer.start();
+
+ if (this.fileWatchService != null) {
+ this.fileWatchService.start();
+ }
}
public void shutdown() {
this.remotingServer.shutdown();
this.remotingExecutor.shutdown();
this.scheduledExecutorService.shutdown();
+
+ if (this.fileWatchService != null) {
+ this.fileWatchService.shutdown();
+ }
}
public NamesrvConfig getNamesrvConfig() {
--
To stop receiving notification emails like this one, please contact
"commits@rocketmq.apache.org" <co...@rocketmq.apache.org>.