diff options
| author | Harald Musum <musum@oath.com> | 2018-10-24 14:59:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-24 14:59:07 +0200 |
| commit | 6bd76241cc28660edf0f63ce400f8ece6a367b3f (patch) | |
| tree | b8387e6898982c6776ed81cb41516033016ff4f8 /zkfacade | |
| parent | 99312e4f6fff510ce50ac0479ca47beacba083a5 (diff) | |
Revert "Revert "No need for restricting access to zookeeper in hosted vespa""
Diffstat (limited to 'zkfacade')
3 files changed, 8 insertions, 25 deletions
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java index d7f42c7e6e9..dab9ddb243b 100644 --- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java +++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java @@ -16,7 +16,8 @@ import java.util.Set; import java.util.logging.Logger; /** - * This class is created by zookeeper by reflection, see the ZooKeeperServer constructor. + * This class is created by zookeeper by reflection, see the ZooKeeperServer constructor. It will only work + * when using ZooKeeper 3.4 * * @author bratseth */ @@ -66,9 +67,8 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory { String environmentAllowedZooKeeperClients = System.getenv("vespa_zkfacade__restrict"); if (environmentAllowedZooKeeperClients != null) return ImmutableSet.copyOf(toHostnameSet(environmentAllowedZooKeeperClients)); - - // No environment setting -> use static field - return ZooKeeperServer.getAllowedClientHostnames(); + else + return ImmutableSet.of(); } private Set<String> toHostnameSet(String hostnamesString) { diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java index c42c1793c41..9c580b4f9ce 100644 --- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java +++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java @@ -1,9 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper; -import com.google.common.collect.ImmutableSet; import com.google.inject.Inject; -import com.yahoo.cloud.config.ConfigserverConfig; import com.yahoo.cloud.config.ZookeeperServerConfig; import com.yahoo.component.AbstractComponent; import com.yahoo.log.LogLevel; @@ -23,29 +21,18 @@ import java.util.stream.Collectors; */ public class ZooKeeperServer extends AbstractComponent implements Runnable { - /** - * The set of hosts which can access the ZooKeeper server in this VM, or empty - * to allow access from anywhere. - * This belongs logically to the server instance and is final, but must be static to make it accessible - * from RestrictedServerCnxnFactory, which is created by ZK through reflection. - */ - private static ImmutableSet<String> allowedClientHostnames = ImmutableSet.of(); - private static final java.util.logging.Logger log = java.util.logging.Logger.getLogger(ZooKeeperServer.class.getName()); private static final String ZOOKEEPER_JMX_LOG4J_DISABLE = "zookeeper.jmx.log4j.disable"; static final String ZOOKEEPER_JUTE_MAX_BUFFER = "jute.maxbuffer"; private final Thread zkServerThread; private final ZookeeperServerConfig zookeeperServerConfig; - ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, ConfigserverConfig configserverConfig, boolean startServer) { + ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, boolean startServer) { this.zookeeperServerConfig = zookeeperServerConfig; System.setProperty("zookeeper.jmx.log4j.disable", "true"); System.setProperty(ZOOKEEPER_JUTE_MAX_BUFFER, "" + zookeeperServerConfig.juteMaxBuffer()); System.setProperty("zookeeper.serverCnxnFactory", "com.yahoo.vespa.zookeeper.RestrictedServerCnxnFactory"); - if (configserverConfig.hostedVespa()) // restrict access to config servers only - allowedClientHostnames = ImmutableSet.copyOf(zookeeperServerHostnames(zookeeperServerConfig)); - writeConfigToDisk(zookeeperServerConfig); zkServerThread = new Thread(this, "zookeeper server"); if (startServer) { @@ -54,13 +41,10 @@ public class ZooKeeperServer extends AbstractComponent implements Runnable { } @Inject - public ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, ConfigserverConfig configserverConfig) { - this(zookeeperServerConfig, configserverConfig, true); + public ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig) { + this(zookeeperServerConfig, true); } - /** Returns the hosts which are allowed to access this ZooKeeper server, or empty to allow access from anywhere */ - public static ImmutableSet<String> getAllowedClientHostnames() { return allowedClientHostnames; } - private void writeConfigToDisk(ZookeeperServerConfig config) { String configFilePath = getDefaults().underVespaHome(config.zooKeeperConfigFile()); new File(configFilePath).getParentFile().mkdirs(); diff --git a/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java b/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java index 362ea901534..db1852d9d2a 100644 --- a/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java +++ b/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java @@ -1,7 +1,6 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper; -import com.yahoo.cloud.config.ConfigserverConfig; import com.yahoo.cloud.config.ZookeeperServerConfig; import com.yahoo.io.IOUtils; import org.junit.Rule; @@ -54,7 +53,7 @@ public class ZooKeeperServerTest { } private void createServer(ZookeeperServerConfig.Builder builder) { - new ZooKeeperServer(new ZookeeperServerConfig(builder), new ConfigserverConfig(new ConfigserverConfig.Builder()), false); + new ZooKeeperServer(new ZookeeperServerConfig(builder), false); } @Test(expected = RuntimeException.class) |