[
https://issues.apache.org/jira/browse/ROCKETMQ-335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294608#comment-16294608
]
ASF GitHub Bot commented on ROCKETMQ-335:
-----------------------------------------
zhouxinyu opened a new pull request #207: [ROCKETMQ-335] Reload server
certificate, private key and root ca when these are changed
URL: https://github.com/apache/rocketmq/pull/207
## What is the purpose of the change
JIRA: https://issues.apache.org/jira/browse/ROCKETMQ-335
TLS is supported in 4.2.0, but it doesn't support reload server certificate,
private key and root ca when these are changed.
This feature can allow us to update the TLS pem files without downtime.
## Brief changelog
1. Add a FileWatchService to watch a target file when it's changed.
2. Support reload SSLContext for Broker and NameServer.
The multiple commits will be squashed when this PR is merged.
## Verifying this change
1. Run the FileWatchServiceTest to verify the notify mechanism for changed
file.
2. Run the unit test `reloadSslContextForServer` to verify the SSLContext
reload mechanism.
Follow this checklist to help us incorporate your contribution quickly and
easily:
- [x] Make sure there is a [JIRA
issue](https://issues.apache.org/jira/projects/ROCKETMQ/issues/) filed for the
change (usually before you start working on it). Trivial changes like typos do
not require a JIRA issue. Your pull request should address just this issue,
without pulling in other changes - one PR resolves one issue.
- [x] Format the pull request title like `[ROCKETMQ-XXX] Fix
UnknownException when host config not exist`. Each commit in the pull request
should have a meaningful subject line and body.
- [x] Write a pull request description that is detailed enough to understand
what the pull request does, how, and why.
- [x] Write necessary unit-test to verify your logic correction, more mock a
little better when cross module dependency exist. If the new feature or
significant change is committed, please remember to add integration-test in
[test module](https://github.com/apache/rocketmq/tree/master/test).
- [x] Run `mvn -B clean apache-rat:check findbugs:findbugs
checkstyle:checkstyle` to make sure basic checks pass. Run `mvn clean install
-DskipITs` to make sure unit-test pass. Run `mvn clean test-compile
failsafe:integration-test` to make sure integration-test pass.
- [x] If this contribution is large, please file an [Apache Individual
Contributor License Agreement](http://www.apache.org/licenses/#clas).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Reload server certificate, private key and root ca when these are changed
> -------------------------------------------------------------------------
>
> Key: ROCKETMQ-335
> URL: https://issues.apache.org/jira/browse/ROCKETMQ-335
> Project: Apache RocketMQ
> Issue Type: Improvement
> Components: rocketmq-broker, rocketmq-namesrv, rocketmq-remoting
> Reporter: yukon
> Assignee: yukon
> Fix For: 4.3.0
>
>
> Tls is supported in 4.2.0, but it doesn't support reload server certificate,
> private key and root ca when these are changed.
> This feature can allow us to update the TLS pem files without downtime.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
