[pulsar-broker] Broker auto refresh bk-client certs to avoid cnx fail…

…ure after cert refresh (apache#12107) * [pulsar-broker] Broker auto refresh bk-client certs to avoid cnx failure after cert refresh * fix readme
bharanic-dev · Oct 16, 2021 · eb195bf · eb195bf
1 parent 0304c72
commit eb195bf
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 0 deletions.
diff --git a/conf/broker.conf b/conf/broker.conf
@@ -842,6 +842,9 @@ bookkeeperTLSCertificateFilePath=
 # Path for the trusted TLS certificate file
 bookkeeperTLSTrustCertsFilePath=
 
+# Tls cert refresh duration at bookKeeper-client in seconds (0 to disable check)
+bookkeeperTlsCertFilesRefreshDurationSeconds=300
+
 # Enable/disable disk weight based placement. Default is false
 bookkeeperDiskWeightBasedPlacementEnabled=false
 

diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
@@ -1352,6 +1352,9 @@ public class ServiceConfiguration implements PulsarConfiguration {
     @FieldContext(category = CATEGORY_STORAGE_BK, doc = "Path for the trusted TLS certificate file")
     private String bookkeeperTLSTrustCertsFilePath;
 
+    @FieldContext(category = CATEGORY_STORAGE_BK, doc = "Tls cert refresh duration at bookKeeper-client in seconds (0 to disable check)")
+    private int bookkeeperTlsCertFilesRefreshDurationSeconds = 300;
+
     @FieldContext(category = CATEGORY_STORAGE_BK, doc = "Enable/disable disk weight based placement. Default is false")
     private boolean bookkeeperDiskWeightBasedPlacementEnabled = false;
 

diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/BookKeeperClientFactoryImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/BookKeeperClientFactoryImpl.java
@@ -109,6 +109,7 @@ ClientConfiguration createBkClientConfiguration(ServiceConfiguration conf) {
             bkConf.setTLSTrustStore(conf.getBookkeeperTLSTrustCertsFilePath());
             bkConf.setTLSTrustStoreType(conf.getBookkeeperTLSTrustCertTypes());
             bkConf.setTLSTrustStorePasswordPath(conf.getBookkeeperTLSTrustStorePasswordPath());
+            bkConf.setTLSCertFilesRefreshDurationSeconds(conf.getBookkeeperTlsCertFilesRefreshDurationSeconds());
         }
 
         bkConf.setBusyWaitEnabled(conf.isEnableBusyWait());

diff --git a/site2/docs/reference-configuration.md b/site2/docs/reference-configuration.md
@@ -597,6 +597,7 @@ You can set the log level and configuration in the  [log4j2.yaml](https://github
 | bookkeeperTLSKeyFilePath | Path for the TLS private key file. | |
 | bookkeeperTLSCertificateFilePath | Path for the TLS certificate file. | |
 | bookkeeperTLSTrustCertsFilePath | Path for the trusted TLS certificate file. | |
+| bookkeeperTlsCertFilesRefreshDurationSeconds | Tls cert refresh duration at bookKeeper-client in seconds (0 to disable check). | |
 | bookkeeperDiskWeightBasedPlacementEnabled | Enable/Disable disk weight based placement. | false |
 | bookkeeperExplicitLacIntervalInMills | Set the interval to check the need for sending an explicit LAC. When the value is set to 0, no explicit LAC is sent. | 0 |
 | bookkeeperClientExposeStatsToPrometheus | Expose BookKeeper client managed ledger stats to Prometheus. | false |