(doris) branch master updated: [Enhancement](brpc)Added enable_brpc_builtin_services parameter in be.conf (#40718)

Sat, 14 Sep 2024 08:22:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/master by this push:
     new 0cff2257291 [Enhancement](brpc)Added  enable_brpc_builtin_services  
parameter in be.conf (#40718)
0cff2257291 is described below

commit 0cff2257291989e7b9e3c1837e2e3ca961c2cd4b
Author: daidai <2017501...@qq.com>
AuthorDate: Sat Sep 14 23:22:04 2024 +0800

    [Enhancement](brpc)Added  enable_brpc_builtin_services  parameter in 
be.conf (#40718)
    
    ## Proposed changes
    
    Since [brpc's built-in
    
services](https://brpc.apache.org/zh/docs/builtin-services/buildin_services/)
    will expose some internal server status, for security reasons, add the
    parameter `enable_brpc_builtin_services` in `be.conf`. When the
    parameter is false, this built-in service can be disabled.
---
 be/src/common/config.cpp        | 4 ++++
 be/src/common/config.h          | 2 ++
 be/src/service/brpc_service.cpp | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/be/src/common/config.cpp b/be/src/common/config.cpp
index 88f7289dfbf..963d770276a 100644
--- a/be/src/common/config.cpp
+++ b/be/src/common/config.cpp
@@ -516,6 +516,10 @@ DEFINE_Int32(brpc_heavy_work_pool_max_queue_size, "-1");
 DEFINE_Int32(brpc_light_work_pool_max_queue_size, "-1");
 DEFINE_mBool(enable_bthread_transmit_block, "true");
 
+//Enable brpc builtin services, see:
+//https://brpc.apache.org/docs/server/basics/#disable-built-in-services-completely
+DEFINE_Bool(enable_brpc_builtin_services, "true");
+
 // The maximum amount of data that can be processed by a stream load
 DEFINE_mInt64(streaming_load_max_mb, "102400");
 // Some data formats, such as JSON, cannot be streamed.
diff --git a/be/src/common/config.h b/be/src/common/config.h
index f242a7ef512..ce42bd47fc1 100644
--- a/be/src/common/config.h
+++ b/be/src/common/config.h
@@ -988,6 +988,8 @@ DECLARE_mInt64(nodechannel_pending_queue_max_bytes);
 // The batch size for sending data by brpc streaming client
 DECLARE_mInt64(brpc_streaming_client_batch_bytes);
 
+DECLARE_Bool(enable_brpc_builtin_services);
+
 // Max waiting time to wait the "plan fragment start" rpc.
 // If timeout, the fragment will be cancelled.
 // This parameter is usually only used when the FE loses connection,
diff --git a/be/src/service/brpc_service.cpp b/be/src/service/brpc_service.cpp
index 4b5587741e7..8cf0e330aa9 100644
--- a/be/src/service/brpc_service.cpp
+++ b/be/src/service/brpc_service.cpp
@@ -83,6 +83,8 @@ Status BRpcService::start(int port, int num_threads) {
         sslOptions->default_cert.private_key = config::ssl_private_key_path;
     }
 
+    options.has_builtin_services = config::enable_brpc_builtin_services;
+
     butil::EndPoint point;
     if (butil::str2endpoint(BackendOptions::get_service_bind_address(), port, 
&point) < 0) {
         return Status::InternalError("convert address failed, host={}, 
port={}", "[::0]", port);


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to