xiangfu0 commented on code in PR #12384:
URL: https://github.com/apache/pinot/pull/12384#discussion_r1483555919
##########
pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java:
##########
@@ -447,12 +450,32 @@ static void
reloadSslFactoryWhenFileStoreChanges(SSLFactory baseSslFactory,
LOGGER.info("Detected change in file: {}, try to renew SSLFactory {}
"
+ "(built from key store {} and truststore {})",
changedFile, baseSslFactory, keyStorePath, trustStorePath);
- SSLFactory updatedSslFactory = createSSLFactory(
- keyStoreType, keyStorePath, keyStorePassword, trustStoreType,
trustStorePath, trustStorePassword,
- sslContextProtocol, secureRandom, false);
- SSLFactoryUtils.reload(baseSslFactory, updatedSslFactory);
- LOGGER.info("Successfully renewed SSLFactory {} (built from key
store {} and truststore {}) "
- + "on file {} changes", baseSslFactory, keyStorePath,
trustStorePath, changedFile);
+ try {
+ // Need to retry a few times because when one file (key store or
trust store) is updated, the other file
+ // (trust store or key store) may not have been fully written yet,
so we need to wait a bit and retry.
Review Comment:
Please also add a note that it's ok for 3 retries failure, the watcher will
be triggered again and renew.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
