HDDS-5237. Add SSL support to the Ozone streaming API#2315
HDDS-5237. Add SSL support to the Ozone streaming API#2315elek merged 7 commits intoapache:masterfrom
Conversation
adoroszlai
changed the title
adoroszlai
changed the title
adoroszlai
left a comment
adoroszlai
left a comment
There was a problem hiding this comment.
Thanks @elek for the improvement, LGTM. Nice tests. Only some minor code items noted.
...s/container-service/src/test/java/org/apache/hadoop/ozone/container/stream/package-info.java
Outdated
Show resolved
Hide resolved
...s/container-service/src/test/java/org/apache/hadoop/ozone/container/stream/package-info.java
Outdated
Show resolved
Hide resolved
...ontainer-service/src/main/java/org/apache/hadoop/ozone/container/stream/StreamingServer.java
Outdated
Show resolved
Hide resolved
| } catch (InterruptedException ex) { | ||
| throw new RuntimeException(ex); |
There was a problem hiding this comment.
Can we keep throws InterruptedException instead? I think it's better for clarity.
There was a problem hiding this comment.
InterrputedException is a checked exception what I tried to avoid, especially as we don't see any added value in differentiating between this error or any other runtime error during the startup.
I would be happy to replace it with any more specific runtime exception -- if you have any suggestion -- but not sure how would it be more clear with keeping checked execption,
I tried how would it look like with keeping the checked InterruptedException here, but it doesn't look more clear to me, it requires same conversation (but later) plus maintaining additional checked execption in the method signature.
Looks to be more clear for me simple use runtime exception instead of checked one (BTW, the current practice to convert everything to IOException is also more closed to use RuntimeExceptions everywhere and do the differentating only if it's required.
Uploaded the experiment to here: elek@767b5fb, I can add it to this PR, if this is your strong preference...
There was a problem hiding this comment.
So if I understand correctly, the current patch itself does not need to handle InterruptedException, but a future change (replacing the current replication server implementation with the streaming one) will. So this is in anticipation of the next change.
If that's correct, I'm OK with converting it.
There was a problem hiding this comment.
I just pushed a new commit (0448a98) with another approach based on our offline discussion.
I created a StreamingException (runtime) which can be used instead of the generic RuntimeException but still unchecked.
Furthermore, I also updated existing streaming API to avoid using raw new RuntimeException everywhere in the streaming package.
Please let me know what do you think....
There was a problem hiding this comment.
Thanks for updating the patch. I think it's much cleaner.
Co-authored-by: Doroszlai, Attila <6454655+adoroszlai@users.noreply.github.com>
|
Thanks for the review @adoroszlai. I am merging it now... |
2 participants
What changes were proposed in this pull request?
HDDS-5142 will introduce a new streaming API for closed container replication / snapshot download and other data movement.
For server2server communication we need to support mTLS. We should configure pure mTLS on the netty server
What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-5237
How was this patch tested?
New unit test is added to test SSL option with self-signed certificate. During the tests I also found some intermittent issues in the DirstreamerClient. I added more unit tests there with minor changes.