[incubator-pinot] 01/01: initialize server tls early

[apucher]

This is an automated email from the ASF dual-hosted git repository.

apucher pushed a commit to branch early-tls-init-server
in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git

commit c96f07d97631ee8ad64a910be17b0dcadb7d6cdc
Author: Alexander Pucher <a...@alexpucher.com>
AuthorDate: Thu May 13 11:33:19 2021 -0700

    initialize server tls early
---
 .../apache/pinot/server/starter/helix/HelixServerStarter.java | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git 
a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
 
b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
index c4053a6..920b055 100644
--- 
a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
+++ 
b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
@@ -30,6 +30,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.helix.HelixAdmin;
 import org.apache.helix.HelixDataAccessor;
 import org.apache.helix.HelixManager;
@@ -56,7 +57,9 @@ import 
org.apache.pinot.core.common.datatable.DataTableBuilder;
 import org.apache.pinot.core.data.manager.InstanceDataManager;
 import org.apache.pinot.core.query.request.context.ThreadTimer;
 import org.apache.pinot.core.transport.ListenerConfig;
+import org.apache.pinot.core.transport.TlsConfig;
 import org.apache.pinot.core.util.ListenerConfigUtil;
+import org.apache.pinot.core.util.TlsUtils;
 import 
org.apache.pinot.segment.local.realtime.impl.invertedindex.RealtimeLuceneIndexRefreshState;
 import org.apache.pinot.segment.local.segment.memory.PinotDataBuffer;
 import org.apache.pinot.server.api.access.AccessControlFactory;
@@ -318,6 +321,14 @@ public class HelixServerStarter implements 
ServiceStartable {
     LOGGER.info("Starting Pinot server");
     long startTimeMs = System.currentTimeMillis();
 
+    // install default SSL context if necessary (even if not force-enabled 
everywhere)
+    TlsConfig tlsDefaults = TlsUtils.extractTlsConfig(_serverConf, 
Server.SERVER_TLS_PREFIX);
+    if (StringUtils.isNotBlank(tlsDefaults.getKeyStorePath()) || StringUtils
+        .isNotBlank(tlsDefaults.getTrustStorePath())) {
+      LOGGER.info("Installing default SSL context for any client requests");
+      TlsUtils.installDefaultSSLSocketFactory(tlsDefaults);
+    }
+
     LOGGER.info("Initializing Helix manager with zkAddress: {}, clusterName: 
{}, instanceId: {}", _zkAddress,
         _helixClusterName, _instanceId);
     setupHelixSystemProperties();

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org