GitHub user ivmaykov reopened a pull request:
https://github.com/apache/zookeeper/pull/680
ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store
Allow reloading SSL trust stores and key stores from disk when the files on
disk change.
Note that this is stacked on top of #678 and #679 and thus includes them.
Please only consider the ZOOKEEPER-3174 commit when reviewing. Once the other
PRs are merged upstream, I will rebase this so it only contains one commit.
## Added support for reloading key/trust stores when the file on disk
changes
- new property `sslQuorumReloadCertFiles` which controls the behavior for
reloading the key and trust store files for `QuorumX509Util`. Reloading of key
and trust store for `ClientX509Util` is not in this PR but could be added easily
- this allows a ZK server to keep running on a machine that uses
short-lived certs that refresh frequently without having to restart the ZK
process.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ivmaykov/zookeeper ZOOKEEPER-3174
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/680.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #680
----
commit 33f7aaab6fe16122b7e1faedbb408d739bbe8a30
Author: Ilya Maykov <ilyam@...>
Date: 2018-10-25T01:22:24Z
ZOOKEEPER-3172: Quorum TLS - fix port unification to allow rolling upgrades
commit 30adde0fa951d5d99b6b33370eca9736e370a952
Author: Ilya Maykov <ilyam@...>
Date: 2018-10-25T01:54:06Z
ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store
----
---
