diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-03-18 14:53:14 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-03-18 14:53:14 +0100 |
commit | a66ebb8e7ade065d2fe78169301f1989da2001b4 (patch) | |
tree | 60a78e17893ff65cd19703823d03e97aca825bc3 /zookeeper-server/zookeeper-server-3.6.2 | |
parent | 85ad07ca7b5a1625048155ee3d55dffcd4da38c5 (diff) |
Another attempt at configuring secure only client port on ZK server
ZK dynamic reconfiguration logic assumes that insecure client port exists.
This commit introduces a new connection factory that overrides 'secure'
flag from configure() and makes the insecure client port become secure.
Diffstat (limited to 'zookeeper-server/zookeeper-server-3.6.2')
-rw-r--r-- | zookeeper-server/zookeeper-server-3.6.2/src/main/java/org/apache/zookeeper/server/VespaNettyServerCnxnFactory.java | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/zookeeper-server/zookeeper-server-3.6.2/src/main/java/org/apache/zookeeper/server/VespaNettyServerCnxnFactory.java b/zookeeper-server/zookeeper-server-3.6.2/src/main/java/org/apache/zookeeper/server/VespaNettyServerCnxnFactory.java new file mode 100644 index 00000000000..7efec454667 --- /dev/null +++ b/zookeeper-server/zookeeper-server-3.6.2/src/main/java/org/apache/zookeeper/server/VespaNettyServerCnxnFactory.java @@ -0,0 +1,37 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package org.apache.zookeeper.server; + +import com.yahoo.vespa.zookeeper.Configurator; + +import java.io.IOException; +import java.net.InetSocketAddress; +import java.util.logging.Logger; + +/** + * Overrides secure setting with value from {@link Configurator}. + * Workaround for incorrect handling of clientSecurePort in combination with ZooKeeper Dynamic Reconfiguration in 3.6.2 + * See https://issues.apache.org/jira/browse/ZOOKEEPER-3577. + * + * Using package {@link org.apache.zookeeper.server} as {@link NettyServerCnxnFactory#NettyServerCnxnFactory()} is package-private. + * + * @author bjorncs + */ +public class VespaNettyServerCnxnFactory extends NettyServerCnxnFactory { + + private static final Logger log = Logger.getLogger(VespaNettyServerCnxnFactory.class.getName()); + + private final boolean isSecure; + + public VespaNettyServerCnxnFactory() { + super(); + this.isSecure = Configurator.VespaNettyServerCnxnFactory_isSecure; + boolean portUnificationEnabled = Boolean.getBoolean(NettyServerCnxnFactory.PORT_UNIFICATION_KEY); + log.info(String.format("For %h: isSecure=%b, portUnification=%b", this, isSecure, portUnificationEnabled)); + } + + @Override + public void configure(InetSocketAddress addr, int maxClientCnxns, int backlog, boolean secure) throws IOException { + log.info(String.format("For %h: configured() invoked with parameter 'secure'=%b, overridden to %b", this, secure, isSecure)); + super.configure(addr, maxClientCnxns, backlog, isSecure); + } +} |