thelabdude commented on pull request #2010: URL: https://github.com/apache/lucene-solr/pull/2010#issuecomment-729783538
Hi @noblepaul thanks for taking a look ... so we decided to not try to handle the upgrade to TLS using a rolling restart (as described in my comment ^) in this PR ... also see Anshum's comments. I initially had a way to get the "current" urlScheme for each live node as with a rolling restart, you'll have a mix of nodes with TLS enabled and some not yet, but we felt that could be a little trappy b/c it really doesn't address the client applications. So our advice now is just suck it up and take the down time to enable TLS. Basically, we don't want to promise the community a zero-downtime upgrade to enable TLS, because it is a hard thing to promise. The live nodes approach (see commit history in this PR) works on the server side, but doesn't address client applications. Probably other weird issues too ... FWIW ~ that's the current experience as well, so we're not any worse off. I find it highly unlikely that users will enable TLS after building up a large production cluster anyway, that seems like it wouldn't happen in practice. Regarding migrating to this: I don't think these changes would require any migration process. Currently, `node_name` is stored in the state in ZK (as you know), so the stored `base_url` will just be ignored and re-created when reading from ZK using the `node_name`. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
