THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
In the admin client (Incremental)AlterConfig API, we implicitly support a feature to reload key/trust store by sending an (Incremental)AlterConfig request directly to the target broker with the exact same store path. This special logic will no longer work once all the AlterConfig requests get forwarded to the active controller, and the target broker will not do a security store reload since the config change ZK notification contains the same key/trust store path as its local copy. In addition, the key/trust store reloading is a completely separate feature from AlterConfigs. It does not change any persistent broker config values in either ZK or metadata quorum. Instead of using client RPCs to directly trigger updates, we propose to use a file watcher on the security store file instead, to listen to any file content change and reload the config as necessary in the post-KIP-500 world. To protect the worst case where file-watch does not trigger properly, a time-based reloading mechanism will also be added.
Public Interfaces
We would enforce a file-watch based reloading mechanism to the following configs:
ssl.keystore.location
ssl.truststore.location
A shall add two broker side metrics will be added to track times of security store reloads for success and failure as:
...
where the current supported store types are: key_store|trust_store.
Additionally, a two dynamic broker config called `security.storecalled `ssl.keystore.location.refresh.windowinterval.ms` will and `ssl.truststore.location.refresh.interval.ms` will be added to control the time based guarantee for an automatic reloading in case of a missed file-watch.
| Code Block | ||||
|---|---|---|---|---|
| ||||
public static final String SECURITYSSL_KEYSTORE_STORELOCATION_REFRESH_WINDOWINTERVAL_MS_CONFIG = "securityssl.keystore.storelocation.refresh.windowinterval.ms"; public static final String SECURITYSSL_KEYSTORE_STORELOCATION_REFRESH_WINDOWINTERVAL_MS_DOC = "The refresh interval for in-place securityssl storekeystore updates. In general, " + "the update should trigger immediately when user modifies the security file path through file watch service, while " + "this configuration is defining a time based guarantee of store reloading in worst case"; |
The default value will be set to 5 minutes and could be changed through AlterConfig API.
...