impala-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sailesh Mukil (Code Review)" <>
Subject [Impala-ASF-CR] IMPALA-5054: [SECURITY] Enable KRPC w/ TLS in Impala
Date Tue, 28 Nov 2017 17:04:33 GMT
Sailesh Mukil has posted comments on this change. ( )

Change subject: IMPALA-5054: [SECURITY] Enable KRPC w/ TLS in Impala

Patch Set 1:

(1 comment)
File be/src/rpc/rpc-mgr.h:
PS1, Line 183:  /// The following strings preserve the Kudu flags original values to restore
             :   /// Shutdown() as they will be modified by us.
             :   string flag_save_ca_certificate_file;
             :   string flag_save_rpc_private_key_file;
             :   string flag_save_rpc_certificate_file;
             :   string flag_save_rpc_private_key_password_cmd;
             :   string flag_save_rpc_tls_ciphers;
             :   string flag_save_rpc_tls_min_protocol;
> why bother saving and restoring these flags?  what's the case that would be
In our Impala process we only always start one Messenger object ever. However, in our tests,
we start multiple Messenger objects within the context of the same process. So if we don't
save and restore the flags on exit, we leak the configuration of one Messenger object into
the following ones.

This is isn't great as we would ideally have all these as messenger options instead of process
wide flags, but that's something not done yet on the Kudu side. I have a WIP patch for that
but we decided against going forward with it now since that would change the APIs to use KRPC
quite a bit. But it is something we'll need to pick up again in the future.

To view, visit
To unsubscribe, visit

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I9a14a44fdea9ab668f3714eb69fdb188bce38f5a
Gerrit-Change-Number: 8439
Gerrit-PatchSet: 1
Gerrit-Owner: Sailesh Mukil <>
Gerrit-Reviewer: Dan Hecht <>
Gerrit-Reviewer: Michael Ho <>
Gerrit-Reviewer: Sailesh Mukil <>
Gerrit-Comment-Date: Tue, 28 Nov 2017 17:04:33 +0000
Gerrit-HasComments: Yes

  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message