[
https://issues.apache.org/jira/browse/HADOOP-15980?focusedWorklogId=732111&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-732111
]
ASF GitHub Bot logged work on HADOOP-15980:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 24/Feb/22 03:22
Start Date: 24/Feb/22 03:22
Worklog Time Spent: 10m
Work Description: vnhive commented on a change in pull request #3966:
URL: https://github.com/apache/hadoop/pull/3966#discussion_r813515195
##########
File path:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
##########
@@ -1957,4 +1969,261 @@ public void close() {
IOUtils.closeStream(in);
}
}
+
+ static class NioIpcStreams extends IpcStreams {
+ NioIpcStreams(Socket socket) throws IOException {
+ setInputStream(
+ new BufferedInputStream(NetUtils.getInputStream(socket)));
+ setOutputStream(
+ new BufferedOutputStream(NetUtils.getOutputStream(socket)));
+ }
+ @Override
+ Future<?> submit(Runnable call) {
+ return Client.getClientExecutor().submit(call);
+ }
+ }
+
+ static class NettyIpcStreams extends IpcStreams {
+ private final EventLoopGroup group;
+ private io.netty.channel.Channel channel;
+ private int soTimeout;
+ private IOException channelIOE;
+
+ NettyIpcStreams(Socket socket) throws IOException {
+ soTimeout = socket.getSoTimeout();
+ if (!LOG.isDebugEnabled()) {
+ ResourceLeakDetector.setLevel(ResourceLeakDetector.Level.DISABLED);
+ }
+ channel = new NioSocketChannel(socket.getChannel());
+ channel.config().setAutoRead(false);
+
+ SslContext sslCtx = null;
+
+ try {
+ sslCtx = SslContextBuilder.forClient()
+ .trustManager(InsecureTrustManagerFactory.INSTANCE).build();
+ } catch (SSLException e) {
+ throw new IOException("Exception while building SSL Context", e);
+ }
+
+ SslHandler sslHandler = sslCtx.newHandler(channel.alloc());
+
+ if (sslHandler != null) {
+ sslHandler.handshakeFuture().addListener(
+ new
GenericFutureListener<io.netty.util.concurrent.Future<Channel>>() {
+ @Override
+ public void operationComplete(
+ final io.netty.util.concurrent.Future<Channel> handshakeFuture)
+ throws Exception {
+ if (handshakeFuture.isSuccess()) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("TLS handshake success");
+ }
+ } else {
+ throw new IOException("TLS handshake failed." +
handshakeFuture.cause());
+ }
+ }
+ });
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Adding the SSLHandler to the pipeline");
+ }
+ channel.pipeline().addLast("SSL", sslHandler);
+
+ RpcChannelHandler handler = new RpcChannelHandler();
+ setInputStream(new BufferedInputStream(handler.getInputStream()));
+ setOutputStream(new BufferedOutputStream(handler.getOutputStream()));
+ channel.pipeline().addLast(handler);
+ group = new NioEventLoopGroup(1);
Review comment:
will look into this. I will try to update my next PR with this change,
or maybe subsequent PRs. If I am doing it in subsequent PRs, I will create a
JIRA issue for follow up.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 732111)
Time Spent: 2h 50m (was: 2h 40m)
> Enable TLS in RPC client/server
> -------------------------------
>
> Key: HADOOP-15980
> URL: https://issues.apache.org/jira/browse/HADOOP-15980
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc, security
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Major
> Labels: pull-request-available
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> Once the RPC client and server can be configured to use Netty, the TLS engine
> can be added to the channel pipeline. The server should allow QoS-like
> functionality to determine if TLS is mandatory or optional for a client.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
