Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-2083

Avro Source should not start if SSL is enabled and keystore cannot be opened

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.4.0
    • Component/s: None
    • Labels:
      None

      Description

      A couple of follow-up items from FLUME-997:

      1. If the server is configured for SSL but the keystore isn't there, the service should not start.
      2. We should fall back to the default behavior of the X509 TrustManagerFactory if there is no trust store specified by passing a null KeyStore, no need to look in the classpath for cacerts.

      1. FLUME-2083-2.patch
        11 kB
        Mike Percy
      2. FLUME-2083-1.patch
        9 kB
        Mike Percy

        Issue Links

          Activity

          Hide
          mpercy Mike Percy added a comment -

          Hmm also there is a formatting issue with the user guide rendered HTML

          Show
          mpercy Mike Percy added a comment - Hmm also there is a formatting issue with the user guide rendered HTML
          Hide
          mpercy Mike Percy added a comment -

          Other than some doc updates, also made one additional change here:

          Require ssl = true to be set in the AvroSource to enable SSL rather than just the existence of the keystore & keystorePassword params. Makes it consistent with the sink and also very explicit for people not familiar with Flume.

          Show
          mpercy Mike Percy added a comment - Other than some doc updates, also made one additional change here: Require ssl = true to be set in the AvroSource to enable SSL rather than just the existence of the keystore & keystorePassword params. Makes it consistent with the sink and also very explicit for people not familiar with Flume.
          Hide
          fwiffo Joey Echeverria added a comment -

          I did a quick review and the changes look good to me. Good catch finding this:

          http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager

          I was pretty sure there was an easier way to default to the standard truststore, but I didn't see that page.

          Show
          fwiffo Joey Echeverria added a comment - I did a quick review and the changes look good to me. Good catch finding this: http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager I was pretty sure there was an easier way to default to the standard truststore, but I didn't see that page.
          Hide
          mpercy Mike Percy added a comment -

          Thanks for the review Joey!

          Show
          mpercy Mike Percy added a comment - Thanks for the review Joey!
          Hide
          hshreedharan Hari Shreedharan added a comment -

          +1. This looks good. Will run full build and commit.

          Show
          hshreedharan Hari Shreedharan added a comment - +1. This looks good. Will run full build and commit.
          Hide
          hshreedharan Hari Shreedharan added a comment -

          Patch committed, rev: b8cf789b8509b1e5be05dd0b0b16c5d9af9698ae. Thanks Mike!

          Show
          hshreedharan Hari Shreedharan added a comment - Patch committed, rev: b8cf789b8509b1e5be05dd0b0b16c5d9af9698ae. Thanks Mike!
          Hide
          hudson Hudson added a comment -

          Integrated in flume-trunk #429 (See https://builds.apache.org/job/flume-trunk/429/)
          FLUME-2083. Avro Source should not start if SSL is enabled and keystore cannot be opened (Revision b8cf789b8509b1e5be05dd0b0b16c5d9af9698ae)

          Result = SUCCESS
          hshreedharan : http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=b8cf789b8509b1e5be05dd0b0b16c5d9af9698ae
          Files :

          • flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java
          • flume-ng-core/src/test/java/org/apache/flume/source/TestAvroSource.java
          • flume-ng-doc/sphinx/FlumeUserGuide.rst
          • flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
          • flume-ng-core/src/test/java/org/apache/flume/sink/TestAvroSink.java
          Show
          hudson Hudson added a comment - Integrated in flume-trunk #429 (See https://builds.apache.org/job/flume-trunk/429/ ) FLUME-2083 . Avro Source should not start if SSL is enabled and keystore cannot be opened (Revision b8cf789b8509b1e5be05dd0b0b16c5d9af9698ae) Result = SUCCESS hshreedharan : http://git-wip-us.apache.org/repos/asf/flume/repo?p=flume.git&a=commit&h=b8cf789b8509b1e5be05dd0b0b16c5d9af9698ae Files : flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java flume-ng-core/src/test/java/org/apache/flume/source/TestAvroSource.java flume-ng-doc/sphinx/FlumeUserGuide.rst flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java flume-ng-core/src/test/java/org/apache/flume/sink/TestAvroSink.java

            People

            • Assignee:
              mpercy Mike Percy
              Reporter:
              mpercy Mike Percy
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development