Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PIP 95][Issue 12040][broker] Decouple advertised listeners from bind addresses #12079

Merged
merged 5 commits into from
Oct 15, 2021
Merged

[PIP 95][Issue 12040][broker] Decouple advertised listeners from bind addresses #12079

merged 5 commits into from
Oct 15, 2021

Conversation

EronWright
Copy link
Contributor

@EronWright EronWright commented Sep 17, 2021
edited
Loading

Master Issue: #12040
Related: #3501

Motivation

This PR decouples the advertised listener configuration from the broker bind addresses, and fixes a few places where the broker is assumed to have a plaintext cluster endpoint or conflates the TLS/plaintext endpoints.

The goal is to support a specific configuration, where the broker has an advertised listener corresponding to an Istio gateway, and the gateway terminates TLS (pulsar+ssl://broker1.gateway:6651/). Because Istio uses mTLS transparently within the mesh, the broker has only a plaintext server endpoint (pulsar://broker1.cluster:6650/). Without this patch, the broker rejects the configuration because it erroneously assumes that the broker should have a TLS binding to support a TLS advertised address.

This PR deprecates the PulsarService::getSafeBrokerServiceUrl method, which returns a plaintext endpoint if available, and a TLS endpoint otherwise. The resultant endpoint is then advertised to Pulsar clients but the scheme information isn't always considered. Observe that client code disregards the scheme in some cases:

pulsar/pulsar-client/src/main/java/org/apache/pulsar/client/impl/HttpLookupService.java

Lines 95 to 105 in d81b5f8

if (useTls) {
uri = new URI(lookupData.getBrokerUrlTls());
} else {
String serviceUrl = lookupData.getBrokerUrl();
if (serviceUrl == null) {
serviceUrl = lookupData.getNativeUrl();
}
uri = new URI(serviceUrl);
}
InetSocketAddress brokerAddress = InetSocketAddress.createUnresolved(uri.getHost(), uri.getPort());

Note that this PR is focused on the Pulsar protocol endpoints, not the REST API endpoints.

Modifications

  • Remove validation logic that compares the advertised listener against the bind addresses.
  • Deprecate PulsarService::getSafeBrokerServiceUrl and be explicit about which address is used.
  • Update broker code to not assume there's a plaintext endpoint for a given advertised listener (it might be pure-TLS).

Verifying this change

  • Make sure that the change passes the CI checks.

This change is already covered by existing tests, such as:

  • MultipleListenerValidatorTest

Does this pull request potentially affect one of the following parts:

  • The public API: yes

The information that is returned by the broker is slightly different in the case of a pure-TLS broker. In that case, lookup results (which consist of a pair of URLs) might not have a plaintext URL. In concept a client could break, though in practice this is unlikely since the broker didn't really work in such a configuration anyway.

Documentation

Need to update docs?

  • no-need-doc

Internal changes.

@Anonymitaet Anonymitaet added the doc-not-needed Your PR changes do not impact docs label Sep 18, 2021
@codelipenghui codelipenghui added this to the 2.9.0 milestone Sep 18, 2021
@eolivelli eolivelli changed the title [Issue 12040][broker] Decouple advertised listeners from bind addresses [PIP 95][Issue 12040][broker] Decouple advertised listeners from bind addresses Sep 20, 2021
@eolivelli eolivelli modified the milestones: 2.9.0, 2.10.0 Oct 6, 2021
@EronWright
Merge remote-tracking branch 'origin/master' into ewright/pip95-decouple
1b13e1b 
# Conflicts:
#	pulsar-broker/src/main/java/org/apache/pulsar/broker/MessagingServiceShutdownHook.java
#	pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
This was referenced Oct 13, 2021
Merged
Closed
@codelipenghui codelipenghui modified the milestones: 2.10.0, 2.9.0 Oct 14, 2021
eolivelli
eolivelli approved these changes Oct 15, 2021
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@codelipenghui @merlimat PTAL

@eolivelli eolivelli merged commit 38539b3 into apache:master Oct 15, 2021
@codelipenghui codelipenghui deleted the ewright/pip95-decouple branch October 15, 2021 11:31
bharanic-dev pushed a commit to bharanic-dev/pulsar that referenced this pull request Mar 18, 2022
@EronWright @ciaocloud
[PIP 95][Issue 12040][broker] Decouple advertised listeners from bind…
bbfcbf9 
… addresses (apache#12079)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eolivelli eolivelli eolivelli approved these changes

@codelipenghui codelipenghui codelipenghui approved these changes

@merlimat merlimat Awaiting requested review from merlimat

@rdhabalia rdhabalia Awaiting requested review from rdhabalia

@315157973 315157973 Awaiting requested review from 315157973

@hangc0276 hangc0276 Awaiting requested review from hangc0276

@sijie sijie Awaiting requested review from sijie

Assignees

@EronWright EronWright

Labels
doc-not-needed Your PR changes do not impact docs
Projects
None yet
Milestone
2.9.0
Development

Successfully merging this pull request may close these issues.
5 participants
@EronWright @eolivelli @codelipenghui @hangc0276 @Anonymitaet