[ https://issues.apache.org/jira/browse/ZOOKEEPER-3577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mate Szalay-Beko updated ZOOKEEPER-3577: ---------------------------------------- Issue Type: Improvement (was: Bug) > SSL support in ZooKeeper Dynamic Reconfiguration > ------------------------------------------------ > > Key: ZOOKEEPER-3577 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3577 > Project: ZooKeeper > Issue Type: Improvement > Components: server > Affects Versions: 3.5.5 > Reporter: zhaoyan > Priority: Minor > > ZooKeeper Dynamic Reconfiguration currently doesn't support ssl. It > distributes the client port, but not the secure client port. An example line > from the configuration: > {code} > server.1=125.23.63.23:2780:2783:participant;2791 > {code} > in this example, {{2791}} is an un-secure (non-ssl) client port. So if any > client gets notification about configuration changes (e.g about a new quorum > member), then it won't be able to find out what SSL port to use. > The configuration format should could be extended with the secure client > ports, like: > {code} > server.1=125.23.63.23:2780:2783:participant;2791_2792ssl > {code} > Or something like this... It is important to note that in secure clusters it > is possible that we don't have any unsecure port open and only using secure > port. > The tricky thing with changing the config syntax is backward and forward > compatibility during rolling upgrades. Maybe easier would be to simply add > the (currently static) secureClientPort configuration parameter to the > dynamic configuration parameters. So it would be distributed among the > "server" and "version" configurations. > Also this change would require the changing of the {{EnsambleTracker}} class > in Curator. -- This message was sent by Atlassian Jira (v8.3.4#803005)