xiangfu0 opened a new pull request, #16450: URL: https://github.com/apache/pinot/pull/16450
## Overview This PR adds comprehensive ZooKeeper SSL support across the entire Apache Pinot cluster, enabling secure communication between all Pinot components and ZooKeeper while maintaining full backward compatibility. ## Key Changes ### Core Infrastructure - **ZkSSLUtils**: New utility class for centralized SSL configuration management - **SSL Constants**: Added 20+ SSL configuration constants in CommonConstants - **Enhanced ZkStarter**: Added `startLocalZkServerWithSSL()` methods with automatic certificate generation - **Fixed Typos**: Corrected `CONFIG_OF_ZOOKEEPR_SERVER` → `CONFIG_OF_ZOOKEEPER_SERVER` ### Component Integration - **All Components**: Added SSL configuration to Controller, Broker, Server, Minion, and Java Client - **Service Integration**: SSL configuration in ServiceStartableUtils for cluster-wide setup ### Enhanced Test Framework - **Random SSL Testing**: ControllerTest and ClusterTest now randomly start SSL/non-SSL ZooKeeper (50% chance each) - **Automatic Fallback**: Graceful fallback to non-SSL if SSL setup fails - **Kafka Integration**: SSL-aware Kafka configuration for SSL-enabled ZooKeeper ## Key Features - **Automatic SSL Detection**: Components automatically detect SSL-enabled ZooKeeper - **Zero Configuration**: No code changes needed in existing tests - **Production Ready**: Support for KeyStore/TrustStore, protocols, cipher suites - **Backward Compatible**: All existing functionality continues to work ## Testing - Automated random SSL/non-SSL testing across all test scenarios - Manual verification of SSL connectivity across all components - Validated Kafka integration with SSL-enabled ZooKeeper ## Files Changed **New Files:** - `pinot-common/src/main/java/org/apache/pinot/common/utils/ZkSSLUtils.java` - `pinot-common/src/test/java/org/apache/pinot/common/utils/ZkStarterSSLTest.java` **Modified Files (17):** - Core infrastructure: ZkStarter, CommonConstants - Component startup: BaseControllerStarter, BaseBrokerStarter, BaseServerStarter, BaseMinionStarter - Test framework: ControllerTest, ClusterTest, BaseClusterIntegrationTest - Additional: KafkaStarterUtils, QuickStartBase, ConnectionFactory, and more ## Result Complete SSL testing coverage across the entire Pinot cluster with full backward compatibility. The framework automatically tests both SSL and non-SSL scenarios, ensuring robust compatibility for all deployment configurations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
