> On May 6, 2016, 4:25 p.m., Boris Shkolnik wrote: > > For my sake, can you explain why the first solution doesn't work with SSL?
I've lost the link, but I found a few resources online that say the ServerPort and RegistryPort must be distinct for SSL. The deeper "why" probably requires a better understanding of SSL than I currently have. :-) - Jake ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47029/#review132059 ----------------------------------------------------------- On May 5, 2016, 4:50 p.m., Jake Maes wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47029/ > ----------------------------------------------------------- > > (Updated May 5, 2016, 4:50 p.m.) > > > Review request for samza, Boris Shkolnik, Chris Pettitt, Jake Maes, Navina > Ramesh, Jagadish Venkatraman, Xinyu Liu, and Yi Pan (Data Infrastructure). > > > Bugs: SAMZA-932 > https://issues.apache.org/jira/browse/SAMZA-932 > > > Repository: samza > > > Description > ------- > > Experimented with 2 solutions: > 1. Simplify the JMXServiceUrl to use the same port for the registry and > server. This works with tunneling, but from what I read online, will not work > if/ SSL is enabled on the server. > 2. Just get another ephemeral port. This still has a small(er) risk of > port collision because of a race condition where the port is stolen by > another process before we bind to it. However, it works with tunneling and > should work with SSL because the registry and server ports are different. > > Went with option 2 because it'll work with SSL if we enable it in the future. > > > Diffs > ----- > > samza-core/src/main/scala/org/apache/samza/metrics/JmxServer.scala > e6204c10878589d34096378e6000709266a9b4a5 > > Diff: https://reviews.apache.org/r/47029/diff/ > > > Testing > ------- > > Tested both options in a test job behind a firewall. > > > Thanks, > > Jake Maes > >
