Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store #737

Closed
wants to merge 2 commits into from
Closed

ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store #737

wants to merge 2 commits into from

Conversation

ivmaykov
Copy link
Contributor

Allow reloading SSL trust stores and key stores from disk when the files on disk change.

Added support for reloading key/trust stores when the file on disk changes

  • new property sslQuorumReloadCertFiles which controls the behavior for reloading the key and trust store files for QuorumX509Util. Reloading of key and trust store for ClientX509Util is not in this PR but could be added easily
  • this allows a ZK server to keep running on a machine that uses short-lived certs that refresh frequently without having to restart the ZK process.

This is the branch-3.5 version of #680

@ivmaykov
Copy link
Contributor Author

@anmolnar here you go

@ivmaykov ivmaykov closed this Dec 17, 2018
@ivmaykov ivmaykov reopened this Dec 17, 2018
@ivmaykov
Copy link
Contributor Author

@anmolnar I just added the commit in #739 to this PR as well. Since the 3.5 version is not yet landed, we can include the test flakiness fix at the same time.

anmolnar
anmolnar approved these changes Dec 18, 2018
View reviewed changes
Copy link
Contributor

@anmolnar anmolnar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@anmolnar
Copy link
Contributor

retest this please

@ivmaykov ivmaykov closed this Dec 18, 2018
@ivmaykov ivmaykov reopened this Dec 18, 2018
@ivmaykov ivmaykov closed this Dec 18, 2018
@ivmaykov ivmaykov reopened this Dec 18, 2018
@ivmaykov
Copy link
Contributor Author

@anmolnar ready to merge

lvfangmin
lvfangmin approved these changes Dec 19, 2018
View reviewed changes
Copy link
Contributor

@lvfangmin lvfangmin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

LGTM, thanks @ivmaykov.

asfgit pushed a commit that referenced this pull request Dec 19, 2018
@ivmaykov @anmolnar
ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store
1730774 
Allow reloading SSL trust stores and key stores from disk when the files on disk change.

## Added support for reloading key/trust stores when the file on disk changes

- new property sslQuorumReloadCertFiles which controls the behavior for reloading the key and trust store files for QuorumX509Util. Reloading of key and trust store for ClientX509Util is not in this PR but could be added easily
- this allows a ZK server to keep running on a machine that uses short-lived certs that refresh frequently without having to restart the ZK process.

This is the branch-3.5 version of #680

Author: Ilya Maykov <ilyam@fb.com>

Reviewers: fangmin@apache.org, andor@apache.org

Closes #737 from ivmaykov/ZOOKEEPER-3174-branch3.5 and squashes the following commits:

6cc1d62 [Ilya Maykov] ZOOKEEPER-3219: Fix flaky FileChangeWatcherTest
df72944 [Ilya Maykov] ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store
@anmolnar
Copy link
Contributor

Committed. Thanks @ivmaykov !

@anmolnar
Copy link
Contributor

Please close this PR.

@ivmaykov ivmaykov closed this Dec 19, 2018
@ivmaykov ivmaykov mentioned this pull request Dec 20, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lvfangmin lvfangmin lvfangmin approved these changes

@anmolnar anmolnar anmolnar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@ivmaykov @anmolnar @lvfangmin