This is an automated email from the ASF dual-hosted git repository.
xiangfu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 7b4d9b5 initialize server tls regardless of uploader https settings
(#6911)
7b4d9b5 is described below
commit 7b4d9b57729cf94ffe70e6c9df9c740c8105f6d0
Author: Alexander Pucher <apuc...@apache.org>
AuthorDate: Thu May 13 12:50:09 2021 -0700
initialize server tls regardless of uploader https settings (#6911)
* initialize server tls early
* use default ssl on null arg
Co-authored-by: Alexander Pucher <a...@alexpucher.com>
---
.../apache/pinot/common/utils/FileUploadDownloadClient.java | 3 +++
.../apache/pinot/server/starter/helix/HelixServerStarter.java | 11 +++++++++++
2 files changed, 14 insertions(+)
diff --git
a/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java
b/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java
index ba32144..91fb6ce 100644
---
a/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java
+++
b/pinot-common/src/main/java/org/apache/pinot/common/utils/FileUploadDownloadClient.java
@@ -132,6 +132,9 @@ public class FileUploadDownloadClient implements Closeable {
* @param sslContext SSL context
*/
public FileUploadDownloadClient(@Nullable SSLContext sslContext) {
+ if (sslContext == null) {
+ sslContext = _defaultSSLContext;
+ }
_httpClient = HttpClients.custom().setSSLContext(sslContext).build();
}
diff --git
a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
index c4053a6..920b055 100644
---
a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
+++
b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/HelixServerStarter.java
@@ -30,6 +30,7 @@ import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
import org.apache.helix.HelixAdmin;
import org.apache.helix.HelixDataAccessor;
import org.apache.helix.HelixManager;
@@ -56,7 +57,9 @@ import
org.apache.pinot.core.common.datatable.DataTableBuilder;
import org.apache.pinot.core.data.manager.InstanceDataManager;
import org.apache.pinot.core.query.request.context.ThreadTimer;
import org.apache.pinot.core.transport.ListenerConfig;
+import org.apache.pinot.core.transport.TlsConfig;
import org.apache.pinot.core.util.ListenerConfigUtil;
+import org.apache.pinot.core.util.TlsUtils;
import
org.apache.pinot.segment.local.realtime.impl.invertedindex.RealtimeLuceneIndexRefreshState;
import org.apache.pinot.segment.local.segment.memory.PinotDataBuffer;
import org.apache.pinot.server.api.access.AccessControlFactory;
@@ -318,6 +321,14 @@ public class HelixServerStarter implements
ServiceStartable {
LOGGER.info("Starting Pinot server");
long startTimeMs = System.currentTimeMillis();
+ // install default SSL context if necessary (even if not force-enabled
everywhere)
+ TlsConfig tlsDefaults = TlsUtils.extractTlsConfig(_serverConf,
Server.SERVER_TLS_PREFIX);
+ if (StringUtils.isNotBlank(tlsDefaults.getKeyStorePath()) || StringUtils
+ .isNotBlank(tlsDefaults.getTrustStorePath())) {
+ LOGGER.info("Installing default SSL context for any client requests");
+ TlsUtils.installDefaultSSLSocketFactory(tlsDefaults);
+ }
+
LOGGER.info("Initializing Helix manager with zkAddress: {}, clusterName:
{}, instanceId: {}", _zkAddress,
_helixClusterName, _instanceId);
setupHelixSystemProperties();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
