Show ssl keystore expiration

apache · Dec 25, 2024 · 1707a96 · 1707a96
1 parent 5841e32
commit 1707a96
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 9 deletions.
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/service/TBinaryFrontendService.scala
@@ -97,13 +97,6 @@ abstract class TBinaryFrontendService(name: String)
               s"${FRONTEND_SSL_KEYSTORE_PASSWORD.key} not configured for SSL connection")
           }
 
-          getKeyStoreExpirationTime() match {
-            case Some(expiration) =>
-              info(
-                s"SSL Serve KeyStore will expire after: ${Utils.getDateFromTimestamp(expiration)}")
-            case _ =>
-          }
-
           getServerSSLSocket(
             keyStorePath.get,
             keyStorePassword.get,

diff --git a/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala b/kyuubi-metrics/src/main/scala/org/apache/kyuubi/metrics/MetricsConstants.scala
@@ -37,6 +37,8 @@ object MetricsConstants {
   final private val THRIFT_BINARY_CONN = KYUUBI + "thrift.binary.connection."
   final private val REST_CONN = KYUUBI + "rest.connection."
 
+  final val SSL_CERT_EXPIRATION = KYUUBI + "ssl.cert.expiration"
+
   final val CONN_OPEN: String = CONN + "opened"
   final val CONN_FAIL: String = CONN + "failed"
   final val CONN_TOTAL: String = CONN + "total"

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KyuubiTBinaryFrontendService.scala
@@ -21,14 +21,14 @@ import java.util.Base64
 
 import org.apache.hadoop.conf.Configuration
 
-import org.apache.kyuubi.KyuubiSQLException
+import org.apache.kyuubi.{KyuubiSQLException, Utils}
 import org.apache.kyuubi.cli.Handle
 import org.apache.kyuubi.config.KyuubiConf
 import org.apache.kyuubi.config.KyuubiConf.KYUUBI_SERVER_THRIFT_RESULTSET_DEFAULT_FETCH_SIZE
 import org.apache.kyuubi.config.KyuubiReservedKeys._
 import org.apache.kyuubi.ha.client.{KyuubiServiceDiscovery, ServiceDiscovery}
+import org.apache.kyuubi.metrics.{MetricsConstants, MetricsSystem}
 import org.apache.kyuubi.metrics.MetricsConstants._
-import org.apache.kyuubi.metrics.MetricsSystem
 import org.apache.kyuubi.service.{Serverable, Service, TBinaryFrontendService}
 import org.apache.kyuubi.service.TFrontendService.{CURRENT_SERVER_CONTEXT, FeServiceServerContext, OK_STATUS}
 import org.apache.kyuubi.session.KyuubiSessionImpl
@@ -122,4 +122,19 @@ final class KyuubiTBinaryFrontendService(
     resp.setStatus(notSupportTokenErrorStatus)
     resp
   }
+
+  override def start(): Unit = {
+    super.start()
+    getKeyStoreExpirationTime() match {
+      case Some(expiration) =>
+        info(s"SSL Serve KeyStore will expire at: ${Utils.getDateFromTimestamp(expiration)}")
+        MetricsSystem.tracing { ms =>
+          ms.registerGauge(
+            MetricsConstants.SSL_CERT_EXPIRATION,
+            expiration - System.currentTimeMillis(),
+            0L)
+        }
+      case None =>
+    }
+  }
 }