[jira] [Commented] (ZOOKEEPER-1045) Quorum Peer mutual authentication

Mon, 07 Dec 2015 00:28:49 -0800 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15044558#comment-15044558
 ] 

Powell Molleti commented on ZOOKEEPER-1045:
-------------------------------------------

Hi Raul,

For now I have written something that tries to replace QuorumCnxManager class 
using Netty 4.1 for ZOOKEEPER-901, which tries to address both issues of SSL 
and serialized connect.

Which would work something like this:
 1. Initialize as VoteBroadcast(Set<QuorumServer>) (QuorumPeer will do that)
 2. Then use it as follows FLE.sendNotifications(msg) -> 
VoteBroadcast.broadcast(msg) and FLE.WorkerReceiver.run() -> 
VoteBroadcast.getVotes(). 
     I am providing addServer() and removeServer() methods will could address 
3.5.x I think(not sure yet!).

I was hoping to use this stuff for Learner but I at this point in time SSL 
Sockets for Learner seems like a better way to get SSL working for it.
The transport/encode/decode is pretty entrenched there and making all of that 
async seems risky just to get SSL and implementing streaming interface on top 
of Netty channels seems like increasing complexity just to get SSL. Hence I am 
leaning towards SSL Sockets for Learner side of things. Let me know what you 
think or if I have gotten that wrong.

I will post a patches for 3.4 first since I am most familiar with it then work 
my way upstream. I will post two patches one for QCM and other for Learner. I 
have yet to start with Learner side of things.

Thanks
Powell.


> Quorum Peer mutual authentication
> ---------------------------------
>
>                 Key: ZOOKEEPER-1045
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Eugene Koontz
>
> ZOOKEEPER-938 addresses mutual authentication between clients and servers. 
> This bug, on the other hand, is for authentication among quorum peers. 
> Hopefully much of the work done on SASL integration with Zookeeper for 
> ZOOKEEPER-938 can be used as a foundation for this enhancement.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to