Start Pulsar in TLS Only mode and deprecate tlsEnabled flag. #2988
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jai1
force-pushed
the
servicePortDisables
branch
2 times, most recently
from
a92ed17 to
3311d9a
Compare
Contributor
Author
|
rerun java8 tests |
Contributor
Author
|
rerun C++ tests |
Contributor
Author
|
rerun cpp tests |
Contributor
Author
|
rerun integration tests |
Contributor
Author
|
rerun java8 tests |
sijie
approved these changes
Nov 16, 2018
Member
|
@jai1 I think you might need to look into the cpp tests and integration tests. I guess your changes change some tls settings. |
merlimat
reviewed
Nov 30, 2018
|
|
||
| ##### --- TLS --- ##### | ||
| # Enable TLS | ||
| # Deprecated - Use servicePortTls and webServicePortTls instead |
Contributor
There was a problem hiding this comment.
Should we just remove the deprecated keys from the example config file?
| @Deprecated | ||
| public boolean isTlsEnabled() { | ||
| return tlsEnabled; | ||
| return tlsEnabled || webServicePortTls != null || servicePortTls != null; |
Contributor
There was a problem hiding this comment.
If tlsEnabled=true but the port is null, we'll have a problem anyway.
jai1
force-pushed
the
servicePortDisables
branch
from
3311d9a to
d42a174
Compare
Contributor
Author
|
rerun java8 tests |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
Start Pulsar services (broker, proxy, websocket, discovery) in TLS only mode, so that they only listen on TLS ports.
Once TlsPort is set tlsEnabled flag becomes redundant information - hence getting rid of the flag in relevant components.
Modifications
a. Changed the Ports to Option in the configuration file.
b. In Websocket Service there was a bug where we used 'tlsEnabled' flag to start listening on a TLS port and to talk to broker in on serviceUrlTls - separated the flag into two (tlsEnabled and brokerClientTlsEnabled) and deprecated tlsEnabled.
c. Fixed a lot of tests which relied on tlsEnabled flag.
Result
Brokers can now listen to TLS only port.