diff options
author | Harald Musum <musum@oath.com> | 2018-03-08 11:24:27 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-08 11:24:27 +0100 |
commit | 6427e9a6086b34cfef4ef7e27be61881381ae328 (patch) | |
tree | c5901182f6d4824603d7123c4f8ca915727a1908 /zkfacade | |
parent | b962272721d50c8ed50ca6a292931a45fd8a03ec (diff) |
Revert "Only allow Zookeeper access for config servers in hosted Vespa"
Diffstat (limited to 'zkfacade')
3 files changed, 27 insertions, 28 deletions
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java index d7f42c7e6e9..a0c8b845aca 100644 --- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java +++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java @@ -71,9 +71,9 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory { return ZooKeeperServer.getAllowedClientHostnames(); } - private Set<String> toHostnameSet(String hostnamesString) { + private Set<String> toHostnameSet(String hosatnamesString) { Set<String> hostnames = new HashSet<>(); - for (String hostname : StringUtilities.split(hostnamesString)) { + for (String hostname : StringUtilities.split(hosatnamesString)) { if ( ! hostname.trim().isEmpty()) hostnames.add(hostname.trim()); } diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java index 352635ac920..74f9d01b833 100644 --- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java +++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java @@ -3,7 +3,6 @@ package com.yahoo.vespa.zookeeper; import com.google.common.collect.ImmutableSet; import com.google.inject.Inject; -import com.yahoo.cloud.config.ConfigserverConfig; import com.yahoo.cloud.config.ZookeeperServerConfig; import com.yahoo.component.AbstractComponent; import com.yahoo.log.LogLevel; @@ -11,41 +10,40 @@ import static com.yahoo.vespa.defaults.Defaults.getDefaults; import java.io.FileWriter; import java.io.IOException; +import java.util.Collection; import java.util.List; -import java.util.Set; +import java.util.Optional; import java.util.stream.Collectors; /** * Writes zookeeper config and starts zookeeper server. * - * @author Ulf Lilleengen + * @author lulf + * @since 5.3 */ public class ZooKeeperServer extends AbstractComponent implements Runnable { /** * The set of hosts which can access the ZooKeeper server in this VM, or empty * to allow access from anywhere. - * This belongs logically to the server instance and is final, but must be static to make it accessible + * This belongs logically to the server instance but must be static to make it accessible * from RestrictedServerCnxnFactory, which is created by ZK through reflection. */ - private static ImmutableSet<String> allowedClientHostnames = ImmutableSet.of(); + private static volatile ImmutableSet<String> allowedClientHostnames = ImmutableSet.of(); private static final java.util.logging.Logger log = java.util.logging.Logger.getLogger(ZooKeeperServer.class.getName()); private static final String ZOOKEEPER_JMX_LOG4J_DISABLE = "zookeeper.jmx.log4j.disable"; static final String ZOOKEEPER_JUTE_MAX_BUFFER = "jute.maxbuffer"; private final Thread zkServerThread; - private final ZookeeperServerConfig zookeeperServerConfig; + private final ZookeeperServerConfig config; - ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, ConfigserverConfig configserverConfig, boolean startServer) { - this.zookeeperServerConfig = zookeeperServerConfig; + ZooKeeperServer(ZookeeperServerConfig config, boolean startServer) { + this.config = config; System.setProperty("zookeeper.jmx.log4j.disable", "true"); - System.setProperty(ZOOKEEPER_JUTE_MAX_BUFFER, "" + zookeeperServerConfig.juteMaxBuffer()); + System.setProperty(ZOOKEEPER_JUTE_MAX_BUFFER, "" + config.juteMaxBuffer()); System.setProperty("zookeeper.serverCnxnFactory", "com.yahoo.vespa.zookeeper.RestrictedServerCnxnFactory"); - if (configserverConfig.hostedVespa()) // restrict access to config servers only - allowedClientHostnames = ImmutableSet.copyOf(zookeeperServerHostnames(zookeeperServerConfig)); - - writeConfigToDisk(zookeeperServerConfig); + writeConfigToDisk(config); zkServerThread = new Thread(this, "zookeeper server"); if (startServer) { zkServerThread.start(); @@ -53,10 +51,15 @@ public class ZooKeeperServer extends AbstractComponent implements Runnable { } @Inject - public ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, ConfigserverConfig configserverConfig) { - this(zookeeperServerConfig, configserverConfig, true); + public ZooKeeperServer(ZookeeperServerConfig config) { + this(config, true); } - + + /** Restrict access to this ZooKeeper server to the given client hosts */ + public static void setAllowedClientHostnames(Collection<String> hostnames) { + allowedClientHostnames = ImmutableSet.copyOf(hostnames); + } + /** Returns the hosts which are allowed to access this ZooKeeper server, or empty to allow access from anywhere */ public static ImmutableSet<String> getAllowedClientHostnames() { return allowedClientHostnames; } @@ -127,9 +130,10 @@ public class ZooKeeperServer extends AbstractComponent implements Runnable { @Override public void run() { System.setProperty(ZOOKEEPER_JMX_LOG4J_DISABLE, "true"); - String[] args = new String[]{getDefaults().underVespaHome(zookeeperServerConfig.zooKeeperConfigFile())}; + String[] args = new String[]{getDefaults().underVespaHome(config.zooKeeperConfigFile())}; log.log(LogLevel.DEBUG, "Starting ZooKeeper server with config: " + args[0]); - log.log(LogLevel.INFO, "Trying to establish ZooKeeper quorum (from " + zookeeperServerHostnames(zookeeperServerConfig) + ")"); + log.log(LogLevel.INFO, "Trying to establish ZooKeeper quorum (from " + + config.server().stream().map(ZookeeperServerConfig.Server::hostname).collect(Collectors.toList()) + ")"); org.apache.zookeeper.server.quorum.QuorumPeerMain.main(args); } @@ -139,10 +143,6 @@ public class ZooKeeperServer extends AbstractComponent implements Runnable { super.deconstruct(); } - public ZookeeperServerConfig getZookeeperServerConfig() { return zookeeperServerConfig; } - - private static Set<String> zookeeperServerHostnames(ZookeeperServerConfig zookeeperServerConfig) { - return zookeeperServerConfig.server().stream().map(ZookeeperServerConfig.Server::hostname).collect(Collectors.toSet()); - } + public ZookeeperServerConfig getConfig() { return config; } } diff --git a/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java b/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java index 626e5bf0627..8dd33f3d744 100644 --- a/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java +++ b/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java @@ -1,7 +1,6 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper; -import com.yahoo.cloud.config.ConfigserverConfig; import com.yahoo.cloud.config.ZookeeperServerConfig; import com.yahoo.io.IOUtils; import org.junit.Rule; @@ -54,11 +53,11 @@ public class ZooKeeperServerTest { } private void createServer(ZookeeperServerConfig.Builder builder) { - new ZooKeeperServer(new ZookeeperServerConfig(builder), new ConfigserverConfig(new ConfigserverConfig.Builder()), false); + new ZooKeeperServer(new ZookeeperServerConfig(builder), false); } @Test(expected = RuntimeException.class) - public void require_that_this_id_must_be_present_amongst_servers() { + public void require_that_this_id_must_be_present_amongst_servers() throws IOException { ZookeeperServerConfig.Builder builder = new ZookeeperServerConfig.Builder(); builder.server(newServer(2, "bar", 234, 432)); builder.server(newServer(3, "baz", 345, 543)); |