diff options
| author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2021-03-10 15:06:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-10 15:06:45 +0100 |
| commit | eab6c3cdaf9443d7af68995188335a48712320bb (patch) | |
| tree | cbee4255dfe6fd59297e16ed363d9c83c6a8b149 /zkfacade | |
| parent | 435f0d1ce38ace099907d7e81b83aece419f9d7a (diff) | |
Revert "Revert "Specify TLS configuration when enabling secure ZK client""
Diffstat (limited to 'zkfacade')
| -rw-r--r-- | zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java b/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java index adfd9bd051f..4cbb6c95cb4 100644 --- a/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java +++ b/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java @@ -10,6 +10,7 @@ import com.yahoo.text.Utf8; import com.yahoo.vespa.curator.api.VespaCurator; import com.yahoo.vespa.curator.recipes.CuratorCounter; import com.yahoo.vespa.defaults.Defaults; +import com.yahoo.vespa.zookeeper.VespaSslContextProvider; import com.yahoo.vespa.zookeeper.VespaZooKeeperServer; import org.apache.curator.RetryPolicy; import org.apache.curator.framework.CuratorFramework; @@ -124,9 +125,15 @@ public class Curator implements VespaCurator, AutoCloseable { private static ZKClientConfig createClientConfig(Optional<File> clientConfigFile) { if (clientConfigFile.isPresent()) { boolean useSecureClient = Boolean.parseBoolean(getEnvironmentVariable("VESPA_USE_TLS_FOR_ZOOKEEPER_CLIENT").orElse("false")); - String config = "zookeeper.client.secure=" + useSecureClient + "\n"; + StringBuilder configBuilder = new StringBuilder("zookeeper.client.secure=").append(useSecureClient).append("\n"); + if (useSecureClient) { + configBuilder.append("zookeeper.ssl.context.supplier.class=").append(VespaSslContextProvider.class.getName()).append("\n") + .append("zookeeper.ssl.enabledProtocols=").append(VespaSslContextProvider.enabledTlsProtocolConfigValue()).append("\n") + .append("zookeeper.ssl.ciphersuites=").append(VespaSslContextProvider.enabledTlsCiphersConfigValue()).append("\n") + .append("zookeeper.ssl.clientAuth=NEED\n"); + } clientConfigFile.get().getParentFile().mkdirs(); - IOUtils.writeFile(clientConfigFile.get(), Utf8.toBytes(config)); + IOUtils.writeFile(clientConfigFile.get(), Utf8.toBytes(configBuilder.toString())); try { return new ZKClientConfig(clientConfigFile.get()); } catch (QuorumPeerConfig.ConfigException e) { |