diff options
author | Håkon Hallingstad <hakon@oath.com> | 2018-06-06 09:43:49 +0200 |
---|---|---|
committer | Håkon Hallingstad <hakon@oath.com> | 2018-06-06 09:43:49 +0200 |
commit | c4ceb9be395a3d0ad0a878e978f7114311b5179c (patch) | |
tree | 46330b69d709382676cd32162b470c76afd1da31 /service-monitor/src/main | |
parent | d89b57282a3263927c8a000724e691b8bf4562b0 (diff) |
Use HTTP and remove Athenz injection
Diffstat (limited to 'service-monitor/src/main')
6 files changed, 64 insertions, 82 deletions
diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java index ff51b40e4dd..5ad38cebcfc 100644 --- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java +++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/application/ConfigServerApplication.java @@ -14,9 +14,9 @@ import com.yahoo.vespa.applicationmodel.ConfigId; import com.yahoo.vespa.applicationmodel.ServiceType; import com.yahoo.vespa.applicationmodel.TenantId; import com.yahoo.vespa.service.monitor.internal.ModelGenerator; +import com.yahoo.vespa.service.monitor.internal.health.ApplicationHealthMonitor; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -49,7 +49,7 @@ public class ConfigServerApplication extends HostedVespaApplication { List<ConfigserverConfig.Zookeeperserver> zooKeeperServers = config.zookeeperserver(); for (int index = 0; index < zooKeeperServers.size(); ++index) { String hostname = zooKeeperServers.get(index).hostname(); - hostInfos.add(makeHostInfo(hostname, index)); + hostInfos.add(makeHostInfo(hostname, config.httpport(), index)); } return new ApplicationInfo( @@ -58,9 +58,8 @@ public class ConfigServerApplication extends HostedVespaApplication { new HostsModel(hostInfos)); } - private static HostInfo makeHostInfo(String hostname, int configIndex) { - // /state/v1/health API is available with STATE and either HTTP or HTTPS. - PortInfo portInfo = new PortInfo(4443, Arrays.asList("HTTPS", "STATE")); + private static HostInfo makeHostInfo(String hostname, int port, int configIndex) { + PortInfo portInfo = new PortInfo(port, ApplicationHealthMonitor.PORT_TAGS_HEALTH); Map<String, String> properties = new HashMap<>(); properties.put(ModelGenerator.CLUSTER_ID_PROPERTY_NAME, CLUSTER_ID.s()); diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java index e3d35f6d6e9..f241cd04d99 100644 --- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java +++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/ApplicationHealthMonitor.java @@ -6,35 +6,36 @@ import com.yahoo.config.model.api.HostInfo; import com.yahoo.config.model.api.PortInfo; import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.HostName; import com.yahoo.vespa.applicationmodel.ClusterId; import com.yahoo.vespa.applicationmodel.ConfigId; import com.yahoo.vespa.applicationmodel.ServiceStatus; import com.yahoo.vespa.applicationmodel.ServiceType; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.service.monitor.ServiceStatusProvider; import com.yahoo.vespa.service.monitor.application.ApplicationInstanceGenerator; import com.yahoo.vespa.service.monitor.internal.ServiceId; -import java.net.URL; -import java.util.Collection; +import java.util.Arrays; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Optional; -import static com.yahoo.yolean.Exceptions.uncheck; - /** * Responsible for monitoring a whole application using /state/v1/health. * * @author hakon */ public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoCloseable { + public static final String PORT_TAG_STATE = "STATE"; + public static final String PORT_TAG_HTTP = "HTTP"; + /** Port tags implying /state/v1/health is served */ + public static final List<String> PORT_TAGS_HEALTH = Arrays.asList(PORT_TAG_HTTP, PORT_TAG_STATE); + private final Map<ServiceId, HealthMonitor> healthMonitors; - public static ApplicationHealthMonitor startMonitoring( - ApplicationInfo application, - ServiceIdentityProvider identityProvider) { - return new ApplicationHealthMonitor(makeHealthMonitors(application, identityProvider)); + public static ApplicationHealthMonitor startMonitoring(ApplicationInfo application) { + return new ApplicationHealthMonitor(makeHealthMonitors(application)); } private ApplicationHealthMonitor(Map<ServiceId, HealthMonitor> healthMonitors) { @@ -61,9 +62,7 @@ public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoClos healthMonitors.clear(); } - private static Map<ServiceId, HealthMonitor> makeHealthMonitors( - ApplicationInfo application, - ServiceIdentityProvider identityProvider) { + private static Map<ServiceId, HealthMonitor> makeHealthMonitors(ApplicationInfo application) { Map<ServiceId, HealthMonitor> healthMonitors = new HashMap<>(); for (HostInfo hostInfo : application.getModel().getHosts()) { for (ServiceInfo serviceInfo : hostInfo.getServices()) { @@ -72,8 +71,7 @@ public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoClos application, hostInfo, serviceInfo, - portInfo, - identityProvider) + portInfo) .ifPresent(healthMonitor -> healthMonitors.put( ApplicationInstanceGenerator.getServiceId(application, serviceInfo), healthMonitor)); @@ -87,24 +85,14 @@ public class ApplicationHealthMonitor implements ServiceStatusProvider, AutoClos ApplicationInfo applicationInfo, HostInfo hostInfo, ServiceInfo serviceInfo, - PortInfo portInfo, - ServiceIdentityProvider identityProvider) { - Collection<String> portTags = portInfo.getTags(); - if (portTags.contains("STATE")) { - if (portTags.contains("HTTPS")) { - URL url = uncheck(() -> new URL( - "https", - hostInfo.getHostname(), - portInfo.getPort(), - "/state/v1/health")); - // todo: get hostname verifier - // "vespa.vespa[.cd].provider_%s_%s" from AthenzProviderServiceConfig - // new AthenzIdentityVerifier(Collections.singleton("vespa.vespa[.cd].provider_%s_%s")); - // HealthEndpoint healthEndpoint = HealthEndpoint.forHttps(...); - // HealthMonitor healthMonitor = new HealthMonitor(url, identityProvider, hostnameVerifier); - // healthMonitor.startMonitoring() - return Optional.empty(); - } + PortInfo portInfo) { + if (portInfo.getTags().containsAll(PORT_TAGS_HEALTH)) { + HostName hostname = HostName.from(hostInfo.getHostname()); + HealthEndpoint endpoint = HealthEndpoint.forHttp(hostname, portInfo.getPort()); + // todo: make HealthMonitor + // HealthMonitor healthMonitor = new HealthMonitor(endpoint); + // healthMonitor.startMonitoring(); + return Optional.empty(); } return Optional.empty(); diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java index 1ecdf432ada..43a02a385be 100644 --- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java +++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthClient.java @@ -2,7 +2,6 @@ package com.yahoo.vespa.service.monitor.internal.health; import com.fasterxml.jackson.databind.ObjectMapper; -import com.yahoo.config.provision.HostName; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import org.apache.http.HttpEntity; @@ -23,11 +22,7 @@ import org.apache.http.impl.conn.BasicHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; import org.apache.http.util.EntityUtils; -import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; -import java.net.URL; - -import static com.yahoo.yolean.Exceptions.uncheck; /** * @author hakon @@ -51,35 +46,25 @@ public class HealthClient implements AutoCloseable, ServiceIdentityProvider.List } }; - private final URL url; - private final ServiceIdentityProvider serviceIdentityProvider; - private final HostnameVerifier hostnameVerifier; + private final HealthEndpoint endpoint; private volatile CloseableHttpClient httpClient; - public HealthClient(HostName hostname, - int port, - ServiceIdentityProvider identityProvider, - HostnameVerifier hostnameVerifier) { - this(uncheck(() -> new URL("https", hostname.value(), port, "/state/v1/health")), - identityProvider, - hostnameVerifier); + public HealthClient(HealthEndpoint endpoint) { + this.endpoint = endpoint; } - public HealthClient(URL stateV1HealthEndpoint, - ServiceIdentityProvider serviceIdentityProvider, - HostnameVerifier hostnameVerifier) { - this.url = stateV1HealthEndpoint; - this.serviceIdentityProvider = serviceIdentityProvider; - this.hostnameVerifier = hostnameVerifier; - - onCredentialsUpdate(serviceIdentityProvider.getIdentitySslContext(), null); - serviceIdentityProvider.addIdentityListener(this); + public void start() { + endpoint.getServiceIdentityProvider().ifPresent(provider -> { + onCredentialsUpdate(provider.getIdentitySslContext(), null); + provider.addIdentityListener(this); + }); } @Override public void onCredentialsUpdate(SSLContext sslContext, AthenzService ignored) { - SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); + SSLConnectionSocketFactory socketFactory = + new SSLConnectionSocketFactory(sslContext, endpoint.getHostnameVerifier().orElse(null)); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() .register("https", socketFactory) @@ -111,7 +96,7 @@ public class HealthClient implements AutoCloseable, ServiceIdentityProvider.List @Override public void close() { - serviceIdentityProvider.removeIdentityListener(this); + endpoint.getServiceIdentityProvider().ifPresent(provider -> provider.removeIdentityListener(this)); try { httpClient.close(); @@ -122,7 +107,7 @@ public class HealthClient implements AutoCloseable, ServiceIdentityProvider.List } private HealthInfo probeHealth() throws Exception { - HttpGet httpget = new HttpGet(url.toString()); + HttpGet httpget = new HttpGet(endpoint.getStateV1HealthUrl().toString()); CloseableHttpResponse httpResponse; CloseableHttpClient httpClient = this.httpClient; diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java index d3b81c213dc..e9d17a9ab70 100644 --- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java +++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthEndpoint.java @@ -3,11 +3,13 @@ package com.yahoo.vespa.service.monitor.internal.health; import com.yahoo.config.provision.HostName; import com.yahoo.vespa.athenz.api.AthenzIdentity; +import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; import javax.net.ssl.HostnameVerifier; import java.net.URL; import java.util.Collections; +import java.util.Optional; import static com.yahoo.yolean.Exceptions.uncheck; @@ -16,16 +18,28 @@ import static com.yahoo.yolean.Exceptions.uncheck; */ class HealthEndpoint { private final URL url; - private final HostnameVerifier hostnameVerifier; + private final Optional<HostnameVerifier> hostnameVerifier; + private final Optional<ServiceIdentityProvider> serviceIdentityProvider; - static HealthEndpoint forHttps(HostName hostname, int port, AthenzIdentity remoteIdentity) { + static HealthEndpoint forHttp(HostName hostname, int port) { + URL url = uncheck(() -> new URL("http", hostname.value(), port, "/state/v1/health")); + return new HealthEndpoint(url, Optional.empty(), Optional.empty()); + } + + static HealthEndpoint forHttps(HostName hostname, + int port, + ServiceIdentityProvider serviceIdentityProvider, + AthenzIdentity remoteIdentity) { URL url = uncheck(() -> new URL("https", hostname.value(), port, "/state/v1/health")); HostnameVerifier peerVerifier = new AthenzIdentityVerifier(Collections.singleton(remoteIdentity)); - return new HealthEndpoint(url, peerVerifier); + return new HealthEndpoint(url, Optional.of(serviceIdentityProvider), Optional.of(peerVerifier)); } - private HealthEndpoint(URL url, HostnameVerifier hostnameVerifier) { + private HealthEndpoint(URL url, + Optional<ServiceIdentityProvider> serviceIdentityProvider, + Optional<HostnameVerifier> hostnameVerifier) { this.url = url; + this.serviceIdentityProvider = serviceIdentityProvider; this.hostnameVerifier = hostnameVerifier; } @@ -33,7 +47,11 @@ class HealthEndpoint { return url; } - public HostnameVerifier getHostnameVerifier() { + public Optional<ServiceIdentityProvider> getServiceIdentityProvider() { + return serviceIdentityProvider; + } + + public Optional<HostnameVerifier> getHostnameVerifier() { return hostnameVerifier; } } diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java index 2ad623f15cf..fd809b32918 100644 --- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java +++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitor.java @@ -3,10 +3,7 @@ package com.yahoo.vespa.service.monitor.internal.health; import com.yahoo.log.LogLevel; import com.yahoo.vespa.applicationmodel.ServiceStatus; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; -import javax.net.ssl.HostnameVerifier; -import java.net.URL; import java.time.Duration; import java.util.Random; import java.util.concurrent.ScheduledThreadPoolExecutor; @@ -29,10 +26,8 @@ public class HealthMonitor implements AutoCloseable { private volatile HealthInfo lastHealthInfo = HealthInfo.empty(); - public HealthMonitor(URL stateV1HealthEndpoint, - ServiceIdentityProvider identityProvider, - HostnameVerifier hostnameVerifier) { - this.healthClient = new HealthClient(stateV1HealthEndpoint, identityProvider, hostnameVerifier); + public HealthMonitor(HealthEndpoint stateV1HealthEndpoint) { + this.healthClient = new HealthClient(stateV1HealthEndpoint); } /** For testing. */ @@ -41,6 +36,7 @@ public class HealthMonitor implements AutoCloseable { } public void startMonitoring() { + healthClient.start(); executor.scheduleWithFixedDelay( this::updateSynchronously, initialDelayInSeconds(DELAY.getSeconds()), diff --git a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java index 54d26798ad2..473ef5e3a94 100644 --- a/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java +++ b/service-monitor/src/main/java/com/yahoo/vespa/service/monitor/internal/health/HealthMonitorManager.java @@ -9,7 +9,6 @@ import com.yahoo.vespa.applicationmodel.ClusterId; import com.yahoo.vespa.applicationmodel.ConfigId; import com.yahoo.vespa.applicationmodel.ServiceStatus; import com.yahoo.vespa.applicationmodel.ServiceType; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.service.monitor.application.ZoneApplication; import com.yahoo.vespa.service.monitor.internal.MonitorManager; @@ -22,20 +21,17 @@ import java.util.Map; public class HealthMonitorManager implements MonitorManager { private final Map<ApplicationId, ApplicationHealthMonitor> healthMonitors = new HashMap<>(); private final ConfigserverConfig configserverConfig; - private final ServiceIdentityProvider serviceIdentityProvider; @Inject - public HealthMonitorManager(ConfigserverConfig configserverConfig, - ServiceIdentityProvider serviceIdentityProvider) { + public HealthMonitorManager(ConfigserverConfig configserverConfig) { this.configserverConfig = configserverConfig; - this.serviceIdentityProvider = serviceIdentityProvider; } @Override public void applicationActivated(ApplicationInfo application) { if (applicationMonitored(application.getApplicationId())) { ApplicationHealthMonitor monitor = - ApplicationHealthMonitor.startMonitoring(application, serviceIdentityProvider); + ApplicationHealthMonitor.startMonitoring(application); healthMonitors.put(application.getApplicationId(), monitor); } } |