Use HTTP and remove Athenz injection

author: Håkon Hallingstad <hakon@oath.com> 2018-06-06 09:43:49 +0200
committer: Håkon Hallingstad <hakon@oath.com> 2018-06-06 09:43:49 +0200
commit: c4ceb9be395a3d0ad0a878e978f7114311b5179c (patch)
tree: 46330b69d709382676cd32162b470c76afd1da31 /service-monitor/src/main
parent: d89b57282a3263927c8a000724e691b8bf4562b0 (diff)
6 files changed, 64 insertions, 82 deletions
diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java
index ff51b40e4dd..5ad38cebcfc 100644
--- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java
+++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java
@@ -14,9 +14,9 @@ import com.yahoo.vespa.applicationmodel.ConfigId;
 import com.yahoo.vespa.applicationmodel.ServiceType;
 import com.yahoo.vespa.applicationmodel.TenantId;
 import com.yahoo.vespa.service.monitor.internal.ModelGenerator;
+import com.yahoo.vespa.service.monitor.internal.health.ApplicationHealthMonitor;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -49,7 +49,7 @@ public class ConfigServerApplication extends HostedVespaApplication {
         List<ConfigserverConfig.Zookeeperserver> zooKeeperServers = config.zookeeperserver();
         for (int index = 0; index < zooKeeperServers.size(); ++index) {
             String hostname = zooKeeperServers.get(index).hostname();
-            hostInfos.add(makeHostInfo(hostname, index));
+            hostInfos.add(makeHostInfo(hostname, config.httpport(), index));
         }
 
         return new ApplicationInfo(
@@ -58,9 +58,8 @@ public class ConfigServerApplication extends HostedVespaApplication {
                 new HostsModel(hostInfos));
     }
 
-    private static HostInfo makeHostInfo(String hostname, int configIndex) {
-        // /state/v1/health API is available with STATE and either HTTP or HTTPS.
-        PortInfo portInfo = new PortInfo(4443, Arrays.asList("HTTPS", "STATE"));
+    private static HostInfo makeHostInfo(String hostname, int port, int configIndex) {
+        PortInfo portInfo = new PortInfo(port, ApplicationHealthMonitor.PORT_TAGS_HEALTH);
 
         Map<String, String> properties = new HashMap<>();
         properties.put(ModelGenerator.CLUSTER_ID_PROPERTY_NAME, CLUSTER_ID.s());
diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java
index e3d35f6d6e9..f241cd04d99 100644
--- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java
+++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java
@@ -6,35 +6,36 @@ import com.yahoo.config.model.api.HostInfo;
 import com.yahoo.config.model.api.PortInfo;
 import com.yahoo.config.model.api.ServiceInfo;
 import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.HostName;
 import com.yahoo.vespa.applicationmodel.ClusterId;
 import com.yahoo.vespa.applicationmodel.ConfigId;
 import com.yahoo.vespa.applicationmodel.ServiceStatus;
 import com.yahoo.vespa.applicationmodel.ServiceType;
-import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider;
 import com.yahoo.vespa.service.monitor.ServiceStatusProvider;
 import com.yahoo.vespa.service.monitor.application.ApplicationInstanceGenerator;
 import com.yahoo.vespa.service.monitor.internal.ServiceId;
 
-import java.net.URL;
-import java.util.Collection;
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
-import static com.yahoo.yolean.Exceptions.uncheck;
-
 /**
  * Responsible for monitoring a whole application using /state/v1/health.
  *
  * @author hakon
  */
 public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoCloseable {
+    public static final String PORT_TAG_STATE = "STATE";
+    public static final String PORT_TAG_HTTP = "HTTP";
+    /** Port tags implying /state/v1/health is served */
+    public static final List<String> PORT_TAGS_HEALTH = Arrays.asList(PORT_TAG_HTTP, PORT_TAG_STATE);
+
     private final Map<ServiceId, HealthMonitor> healthMonitors;
 
-    public static ApplicationHealthMonitor startMonitoring(
-            ApplicationInfo application,
-            ServiceIdentityProvider identityProvider) {
-        return new ApplicationHealthMonitor(makeHealthMonitors(application, identityProvider));
+    public static ApplicationHealthMonitor startMonitoring(ApplicationInfo application) {
+        return new ApplicationHealthMonitor(makeHealthMonitors(application));
     }
 
     private ApplicationHealthMonitor(Map<ServiceId, HealthMonitor> healthMonitors) {
@@ -61,9 +62,7 @@ public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoClos
         healthMonitors.clear();
     }
 
-    private static Map<ServiceId, HealthMonitor> makeHealthMonitors(
-            ApplicationInfo application,
-            ServiceIdentityProvider identityProvider) {
+    private static Map<ServiceId, HealthMonitor> makeHealthMonitors(ApplicationInfo application) {
         Map<ServiceId, HealthMonitor> healthMonitors = new HashMap<>();
         for (HostInfo hostInfo : application.getModel().getHosts()) {
             for (ServiceInfo serviceInfo : hostInfo.getServices()) {
@@ -72,8 +71,7 @@ public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoClos
                             application,
                             hostInfo,
                             serviceInfo,
-                            portInfo,
-                            identityProvider)
+                            portInfo)
                             .ifPresent(healthMonitor -> healthMonitors.put(
                                     ApplicationInstanceGenerator.getServiceId(application, serviceInfo),
                                     healthMonitor));
@@ -87,24 +85,14 @@ public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoClos
             ApplicationInfo applicationInfo,
             HostInfo hostInfo,
             ServiceInfo serviceInfo,
-            PortInfo portInfo,
-            ServiceIdentityProvider identityProvider) {
-        Collection<String> portTags = portInfo.getTags();
-        if (portTags.contains("STATE")) {
-            if (portTags.contains("HTTPS")) {
-                URL url = uncheck(() -> new URL(
-                        "https",
-                        hostInfo.getHostname(),
-                        portInfo.getPort(),
-                        "/state/v1/health"));
-                // todo: get hostname verifier
-                // "vespa.vespa[.cd].provider_%s_%s" from AthenzProviderServiceConfig
-                // new AthenzIdentityVerifier(Collections.singleton("vespa.vespa[.cd].provider_%s_%s"));
-                // HealthEndpoint healthEndpoint = HealthEndpoint.forHttps(...);
-                // HealthMonitor healthMonitor = new HealthMonitor(url, identityProvider, hostnameVerifier);
-                // healthMonitor.startMonitoring()
-                return Optional.empty();
-            }
+            PortInfo portInfo) {
+        if (portInfo.getTags().containsAll(PORT_TAGS_HEALTH)) {
+            HostName hostname = HostName.from(hostInfo.getHostname());
+            HealthEndpoint endpoint = HealthEndpoint.forHttp(hostname, portInfo.getPort());
+            // todo: make HealthMonitor
+            // HealthMonitor healthMonitor = new HealthMonitor(endpoint);
+            // healthMonitor.startMonitoring();
+            return Optional.empty();
         }
 
         return Optional.empty();
diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java
index 1ecdf432ada..43a02a385be 100644
--- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java
+++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java
@@ -2,7 +2,6 @@
 package com.yahoo.vespa.service.monitor.internal.health;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.yahoo.config.provision.HostName;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider;
 import org.apache.http.HttpEntity;
@@ -23,11 +22,7 @@ import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.util.EntityUtils;
 
-import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
-import java.net.URL;
-
-import static com.yahoo.yolean.Exceptions.uncheck;
 
 /**
  * @author hakon
@@ -51,35 +46,25 @@ public class HealthClient implements AutoCloseable, ServiceIdentityProvider.List
                 }
             };
 
-    private final URL url;
-    private final ServiceIdentityProvider serviceIdentityProvider;
-    private final HostnameVerifier hostnameVerifier;
+    private final HealthEndpoint endpoint;
 
     private volatile CloseableHttpClient httpClient;
 
-    public HealthClient(HostName hostname,
-                        int port,
-                        ServiceIdentityProvider identityProvider,
-                        HostnameVerifier hostnameVerifier) {
-        this(uncheck(() -> new URL("https", hostname.value(), port, "/state/v1/health")),
-                identityProvider,
-                hostnameVerifier);
+    public HealthClient(HealthEndpoint endpoint) {
+        this.endpoint = endpoint;
     }
 
-    public HealthClient(URL stateV1HealthEndpoint,
-                        ServiceIdentityProvider serviceIdentityProvider,
-                        HostnameVerifier hostnameVerifier) {
-        this.url = stateV1HealthEndpoint;
-        this.serviceIdentityProvider = serviceIdentityProvider;
-        this.hostnameVerifier = hostnameVerifier;
-
-        onCredentialsUpdate(serviceIdentityProvider.getIdentitySslContext(), null);
-        serviceIdentityProvider.addIdentityListener(this);
+    public void start() {
+        endpoint.getServiceIdentityProvider().ifPresent(provider -> {
+            onCredentialsUpdate(provider.getIdentitySslContext(), null);
+            provider.addIdentityListener(this);
+        });
     }
 
     @Override
     public void onCredentialsUpdate(SSLContext sslContext, AthenzService ignored) {
-        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+        SSLConnectionSocketFactory socketFactory =
+                new SSLConnectionSocketFactory(sslContext, endpoint.getHostnameVerifier().orElse(null));
 
         Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
                 .register("https", socketFactory)
@@ -111,7 +96,7 @@ public class HealthClient implements AutoCloseable, ServiceIdentityProvider.List
 
     @Override
     public void close() {
-        serviceIdentityProvider.removeIdentityListener(this);
+        endpoint.getServiceIdentityProvider().ifPresent(provider -> provider.removeIdentityListener(this));
 
         try {
             httpClient.close();
@@ -122,7 +107,7 @@ public class HealthClient implements AutoCloseable, ServiceIdentityProvider.List
     }
 
     private HealthInfo probeHealth() throws Exception {
-        HttpGet httpget = new HttpGet(url.toString());
+        HttpGet httpget = new HttpGet(endpoint.getStateV1HealthUrl().toString());
         CloseableHttpResponse httpResponse;
 
         CloseableHttpClient httpClient = this.httpClient;
diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java
index d3b81c213dc..e9d17a9ab70 100644
--- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java
+++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java
@@ -3,11 +3,13 @@ package com.yahoo.vespa.service.monitor.internal.health;
 
 import com.yahoo.config.provision.HostName;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
+import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider;
 import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier;
 
 import javax.net.ssl.HostnameVerifier;
 import java.net.URL;
 import java.util.Collections;
+import java.util.Optional;
 
 import static com.yahoo.yolean.Exceptions.uncheck;
 
@@ -16,16 +18,28 @@ import static com.yahoo.yolean.Exceptions.uncheck;
  */
 class HealthEndpoint {
     private final URL url;
-    private final HostnameVerifier hostnameVerifier;
+    private final Optional<HostnameVerifier> hostnameVerifier;
+    private final Optional<ServiceIdentityProvider> serviceIdentityProvider;
 
-    static HealthEndpoint forHttps(HostName hostname, int port, AthenzIdentity remoteIdentity) {
+    static HealthEndpoint forHttp(HostName hostname, int port) {
+        URL url = uncheck(() -> new URL("http", hostname.value(), port, "/state/v1/health"));
+        return new HealthEndpoint(url, Optional.empty(), Optional.empty());
+    }
+
+    static HealthEndpoint forHttps(HostName hostname,
+                                   int port,
+                                   ServiceIdentityProvider serviceIdentityProvider,
+                                   AthenzIdentity remoteIdentity) {
         URL url = uncheck(() -> new URL("https", hostname.value(), port, "/state/v1/health"));
         HostnameVerifier peerVerifier = new AthenzIdentityVerifier(Collections.singleton(remoteIdentity));
-        return new HealthEndpoint(url, peerVerifier);
+        return new HealthEndpoint(url, Optional.of(serviceIdentityProvider), Optional.of(peerVerifier));
     }
 
-    private HealthEndpoint(URL url, HostnameVerifier hostnameVerifier) {
+    private HealthEndpoint(URL url,
+                           Optional<ServiceIdentityProvider> serviceIdentityProvider,
+                           Optional<HostnameVerifier> hostnameVerifier) {
         this.url = url;
+        this.serviceIdentityProvider = serviceIdentityProvider;
         this.hostnameVerifier = hostnameVerifier;
     }
 
@@ -33,7 +47,11 @@ class HealthEndpoint {
         return url;
     }
 
-    public HostnameVerifier getHostnameVerifier() {
+    public Optional<ServiceIdentityProvider> getServiceIdentityProvider() {
+        return serviceIdentityProvider;
+    }
+
+    public Optional<HostnameVerifier> getHostnameVerifier() {
         return hostnameVerifier;
     }
 }
diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java
index 2ad623f15cf..fd809b32918 100644
--- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java
+++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java
@@ -3,10 +3,7 @@ package com.yahoo.vespa.service.monitor.internal.health;
 
 import com.yahoo.log.LogLevel;
 import com.yahoo.vespa.applicationmodel.ServiceStatus;
-import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider;
 
-import javax.net.ssl.HostnameVerifier;
-import java.net.URL;
 import java.time.Duration;
 import java.util.Random;
 import java.util.concurrent.ScheduledThreadPoolExecutor;
@@ -29,10 +26,8 @@ public class HealthMonitor implements AutoCloseable {
 
     private volatile HealthInfo lastHealthInfo = HealthInfo.empty();
 
-    public HealthMonitor(URL stateV1HealthEndpoint,
-                         ServiceIdentityProvider identityProvider,
-                         HostnameVerifier hostnameVerifier) {
-        this.healthClient = new HealthClient(stateV1HealthEndpoint, identityProvider, hostnameVerifier);
+    public HealthMonitor(HealthEndpoint stateV1HealthEndpoint) {
+        this.healthClient = new HealthClient(stateV1HealthEndpoint);
     }
 
     /** For testing. */
@@ -41,6 +36,7 @@ public class HealthMonitor implements AutoCloseable {
     }
 
     public void startMonitoring() {
+        healthClient.start();
         executor.scheduleWithFixedDelay(
                 this::updateSynchronously,
                 initialDelayInSeconds(DELAY.getSeconds()),
diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java
index 54d26798ad2..473ef5e3a94 100644
--- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java
+++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java
@@ -9,7 +9,6 @@ import com.yahoo.vespa.applicationmodel.ClusterId;
 import com.yahoo.vespa.applicationmodel.ConfigId;
 import com.yahoo.vespa.applicationmodel.ServiceStatus;
 import com.yahoo.vespa.applicationmodel.ServiceType;
-import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider;
 import com.yahoo.vespa.service.monitor.application.ZoneApplication;
 import com.yahoo.vespa.service.monitor.internal.MonitorManager;
 
@@ -22,20 +21,17 @@ import java.util.Map;
 public class HealthMonitorManager implements MonitorManager {
     private final Map<ApplicationId, ApplicationHealthMonitor> healthMonitors = new HashMap<>();
     private final ConfigserverConfig configserverConfig;
-    private final ServiceIdentityProvider serviceIdentityProvider;
 
     @Inject
-    public HealthMonitorManager(ConfigserverConfig configserverConfig,
-                                ServiceIdentityProvider serviceIdentityProvider) {
+    public HealthMonitorManager(ConfigserverConfig configserverConfig) {
         this.configserverConfig = configserverConfig;
-        this.serviceIdentityProvider = serviceIdentityProvider;
     }
 
     @Override
     public void applicationActivated(ApplicationInfo application) {
         if (applicationMonitored(application.getApplicationId())) {
             ApplicationHealthMonitor monitor =
-                    ApplicationHealthMonitor.startMonitoring(application, serviceIdentityProvider);
+                    ApplicationHealthMonitor.startMonitoring(application);
             healthMonitors.put(application.getApplicationId(), monitor);
         }
     }
author	Håkon Hallingstad <hakon@oath.com>	2018-06-06 09:43:49 +0200
committer	Håkon Hallingstad <hakon@oath.com>	2018-06-06 09:43:49 +0200
commit	c4ceb9be395a3d0ad0a878e978f7114311b5179c (patch)
tree	46330b69d709382676cd32162b470c76afd1da31 /service-monitor/src/main
parent	d89b57282a3263927c8a000724e691b8bf4562b0 (diff)