diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-12-20 14:29:35 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-12-20 14:44:10 +0100 |
commit | f5942840a46d6e402265d0c4cabb0772c53e688e (patch) | |
tree | 93bc263cb117b0eaae5a17e7ceb5fccad5033979 /config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainer.java | |
parent | 13bfda97a5427c17789e7b70f7dee5df32aaeb51 (diff) |
Add feature flag for OCSP Stapling on application container clusters
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainer.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainer.java | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainer.java b/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainer.java index 9ad257fad04..8b6e7163b6b 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainer.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainer.java @@ -23,6 +23,7 @@ public final class ApplicationContainer extends Container implements private static final String defaultHostedJVMArgs = "-XX:+SuppressFatalErrorMessage"; private final boolean isHostedVespa; + private final boolean enableServerOcspStapling; public ApplicationContainer(AbstractConfigProducer<?> parent, String name, int index, DeployState deployState) { this(parent, name, false, index, deployState); @@ -31,6 +32,7 @@ public final class ApplicationContainer extends Container implements public ApplicationContainer(AbstractConfigProducer<?> parent, String name, boolean retired, int index, DeployState deployState) { super(parent, name, retired, index, deployState); this.isHostedVespa = deployState.isHosted(); + this.enableServerOcspStapling = deployState.featureFlags().enableServerOcspStapling(); addComponent(new SimpleComponent("com.yahoo.container.jdisc.messagebus.NetworkMultiplexerHolder")); addComponent(new SimpleComponent("com.yahoo.container.jdisc.messagebus.NetworkMultiplexerProvider")); @@ -64,10 +66,23 @@ public final class ApplicationContainer extends Container implements /** Returns the jvm arguments this should start with */ @Override public String getJvmOptions() { + StringBuilder b = new StringBuilder(); + if (isHostedVespa) { + if (hasDocproc()) { + b.append(ApplicationContainer.defaultHostedJVMArgs).append(' '); + } + if (enableServerOcspStapling) { + b.append("-Djdk.tls.server.enableStatusRequestExtension=true ") + .append("-Djdk.tls.stapling.responseTimeout=2000 ") + .append("-Djdk.tls.stapling.cacheSize=256 ") + .append("-Djdk.tls.stapling.cacheLifetime=3600 "); + } + } String jvmArgs = super.getJvmOptions(); - return isHostedVespa && hasDocproc() - ? ("".equals(jvmArgs) ? defaultHostedJVMArgs : defaultHostedJVMArgs + " " + jvmArgs) - : jvmArgs; + if (!jvmArgs.isBlank()) { + b.append(jvmArgs.trim()).append(' '); + } + return b.toString().trim(); } private boolean hasDocproc() { |