On Feb 7, 2014, at 4:25 PM, Mike Percy <mpe...@apache.org<mailto:mpe...@apache.org>> wrote:
I’ve posted sample code to the bug report I filed: https://issues.apache.org/jira/browse/FLUME-2204 OK, cool. Is AvroSource instantiated for every connection? https://github.com/apache/flume/blob/flume-1.4/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java It is not... AvroSource maintains a netty thread pool that multiplexes processing of connections. Basically a bunch of threads in a single AvroSource will handle many connections, so you would need to manage state per connection. I forget exactly how to do it with Netty but it should be relatively straightforward... the Netty guys might be able to help guide you in the right direction if you're not sure how to use the API to do SSL. I have not thought about it a lot but this came up on StackOverflow, maybe it's applicable here. http://stackoverflow.com/questions/9573894/set-up-netty-with-2-way-ssl-handsake-client-and-server-certificate SSL is already implemented in AvroSource.java. I included a snippet in my sample code. Grabbing the client info can come from ChannelHandlerContext (netty); available via messageReceived; via Source. Example: https://apache.googlesource.com/flume/+/trunk/flume-ng-core/src/main/java/org/apache/flume/source/SyslogTcpSource.java I’m finding it a challenge to see where in the AvroSource class I could actually push the data into Event headers. All of those methods are stateless when it comes to the connection — they have no access to ChannelHandlerContext. -Charles On Wed, Jan 29, 2014 at 12:23 PM, Pritchard, Charles X. -ND <charles.x.pritchard....@disney.com<mailto:charles.x.pritchard....@disney.com><mailto:charles.x.pritchard....@disney.com<mailto:charles.x.pritchard....@disney.com>>> wrote: I’m trying to add in the feature to expose the client’s peer cert into AvroSource: https://apache.googlesource.com/flume/+/trunk/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java Per the bug request I filed in October: https://issues.apache.org/jira/browse/FLUME-2204 Any ideas on how I might expose the data — it’s just a string for the CN from the peer cert. I’m having a difficult time figuring out how to expose this connection state information so that Flume’s configuration magic can take hold from there. It seems a little like I need to create yet-another-filter, kind of like IpFilter. Any pointers? The CN info may be used to route to a particular directory (in an HDFS sink) and/or set a header for the AvroEvent, or possibly just validate a header (header.CN == ssl peer CN or FAIL). -Charles
