gortiz opened a new pull request, #14275: URL: https://github.com/apache/pinot/pull/14275
Pinot 1.2.0 doesn't support TLS connections between multi-stage nodes. PR https://github.com/apache/pinot/pull/13645 tried fix that, but there were a couple of issues in the implementation. Given it is difficult to test TLS without an actual environment, that PR was merged without testing it. That PR is partial in the sense that query servers are enabled with TLS but it is not enabled in query clients (basically the brokers). In general we tend to add new flags for new features whenever is possible to minimize the impact on deployment and in case there is an issue be able to disable the new feature. But the #13645 enabled the feature as long as TLS was configured for single-stage queries. As a result, when a cluster where TLS is enabled is started with the code in master, multi-stage queries fail because servers try to connect without TLS and while servers ask for it. This PR doesn't fix the original problem but: 1. Adds a new config to enable TLS on multi-stage. That config is disabled by default 2. Uses that config instead of the single stage one to decide whether multi-stage QueryServer should use TLS or not. 3. It also fails when this property is turned on, as we know it is not actually implemented. The reason to not fix the issue right now is the lack of time to test it properly. Instead we need to fix the regression in our test deployments. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
