diff options
26 files changed, 176 insertions, 125 deletions
diff --git a/ann_benchmark/src/vespa/ann_benchmark/setup.py b/ann_benchmark/src/vespa/ann_benchmark/setup.py index 74f4e2d7307..d5d2bfbd171 100644 --- a/ann_benchmark/src/vespa/ann_benchmark/setup.py +++ b/ann_benchmark/src/vespa/ann_benchmark/setup.py @@ -1,6 +1,6 @@ # Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -import os +import subprocess import sys import platform import distutils.sysconfig @@ -11,8 +11,8 @@ class PreBuiltExt(build_ext): def build_extension(self, ext): print("Using prebuilt extension library") libdir="lib.%s-%s-%s" % (sys.platform, platform.machine(), distutils.sysconfig.get_python_version()) - os.system("mkdir -p build/%s" % libdir) - os.system("cp -p vespa_ann_benchmark.*.so build/%s" % libdir) + subprocess.run(["mkdir", "-p", "build/%s" % libdir]) + subprocess.run(["cp", "-p", "vespa_ann_benchmark.*.so build/%s" % libdir]) setup( name="vespa_ann_benchmark", diff --git a/config-model/src/main/java/com/yahoo/vespa/model/admin/clustercontroller/ClusterControllerContainer.java b/config-model/src/main/java/com/yahoo/vespa/model/admin/clustercontroller/ClusterControllerContainer.java index 69accef2fe4..5d60cec0679 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/admin/clustercontroller/ClusterControllerContainer.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/admin/clustercontroller/ClusterControllerContainer.java @@ -65,8 +65,7 @@ public class ClusterControllerContainer extends Container implements "com.yahoo.vespa.clustercontroller.apps.clustercontroller.StateRestApiV2Handler", "/cluster/v2/*", CLUSTERCONTROLLER_BUNDLE); - addComponent(new AccessLogComponent(containerCluster().orElse(null), - AccessLogComponent.AccessLogType.jsonAccessLog, + addComponent(new AccessLogComponent(containerCluster().orElse(null), AccessLogComponent.AccessLogType.jsonAccessLog, deployState.featureFlags().logFileCompressionAlgorithm("zstd"), Optional.of("controller"), deployState.isHosted())); diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidator.java index e2dc46be472..b225c25a8d3 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidator.java @@ -39,10 +39,12 @@ public class CertificateRemovalChangeValidator implements ChangeValidator { void validateClients(String clusterId, List<Client> current, List<Client> next, ValidationOverrides overrides, Instant now) { List<X509Certificate> currentCertificates = current.stream() + .filter(client -> !client.internal()) .map(Client::certificates) .flatMap(Collection::stream) .toList(); List<X509Certificate> nextCertificates = next.stream() + .filter(client -> !client.internal()) .map(Client::certificates) .flatMap(Collection::stream) .toList(); diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java b/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java index c0182c2f5ac..ec1776730b8 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java @@ -31,6 +31,7 @@ import com.yahoo.vespa.config.search.core.OnnxModelsConfig; import com.yahoo.vespa.config.search.core.RankingConstantsConfig; import com.yahoo.vespa.config.search.core.RankingExpressionsConfig; import com.yahoo.vespa.model.AbstractService; +import com.yahoo.vespa.model.VespaModel; import com.yahoo.vespa.model.admin.metricsproxy.MetricsProxyContainer; import com.yahoo.vespa.model.container.component.BindingPattern; import com.yahoo.vespa.model.container.component.Component; @@ -38,6 +39,7 @@ import com.yahoo.vespa.model.container.component.Handler; import com.yahoo.vespa.model.container.component.SystemBindingPattern; import com.yahoo.vespa.model.container.configserver.ConfigserverCluster; import com.yahoo.vespa.model.utils.FileSender; + import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -314,8 +316,8 @@ public final class ApplicationContainerCluster extends ContainerCluster<Applicat ! previousHosts.contains(container.getHostName())) .retired(container.isRetired()); builder.server(serverBuilder); + builder.dynamicReconfiguration(true); } - builder.dynamicReconfiguration(true); } @Override diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/configserver/ConfigserverCluster.java b/config-model/src/main/java/com/yahoo/vespa/model/container/configserver/ConfigserverCluster.java index 8f257110a04..a165b4862b5 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/configserver/ConfigserverCluster.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/configserver/ConfigserverCluster.java @@ -84,8 +84,6 @@ public class ConfigserverCluster extends AbstractConfigProducer if (options.hostedVespa().orElse(false)) { builder.vespaTlsConfigFile(Defaults.getDefaults().underVespaHome("var/zookeeper/conf/tls.conf.json")); } - - builder.dynamicReconfiguration(options.hostedVespa().orElse(false)); } @Override diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java index c851ab2bee6..7707949714e 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java @@ -13,11 +13,17 @@ public class Client { private String id; private List<String> permissions; private List<X509Certificate> certificates; + private boolean internal; public Client(String id, List<String> permissions, List<X509Certificate> certificates) { + this(id, permissions, certificates, false); + } + + private Client(String id, List<String> permissions, List<X509Certificate> certificates, boolean internal) { this.id = id; this.permissions = permissions; this.certificates = certificates; + this.internal = internal; } public String id() { @@ -31,4 +37,12 @@ public class Client { public List<X509Certificate> certificates() { return certificates; } + + public boolean internal() { + return internal; + } + + public static Client internalClient(List<X509Certificate> certificates) { + return new Client("_internal", List.of("read","write"), certificates, true); + } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index f3b7a28f227..2c12ddb34a3 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -114,10 +114,12 @@ import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; +import java.util.UUID; import java.util.function.Consumer; import java.util.logging.Level; import java.util.regex.Pattern; import java.util.stream.Collectors; +import java.util.stream.Stream; import static com.yahoo.vespa.model.container.ContainerCluster.VIP_HANDLER_BINDING; import static java.util.logging.Level.WARNING; @@ -491,7 +493,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { } protected void addClients(DeployState deployState, Element spec, ApplicationContainerCluster cluster) { - if (!deployState.isHosted() || !deployState.zone().system().isPublic() || !deployState.featureFlags().enableDataPlaneFilter()) return; + if (!deployState.isHosted() || !deployState.zone().system().isPublic()) return; List<Client> clients; Element clientsElement = XML.getChild(spec, "clients"); @@ -507,11 +509,16 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { .map(this::getCLient) .toList(); } + + List<X509Certificate> operatorAndTesterCertificates = deployState.getProperties().operatorCertificates(); + if(!operatorAndTesterCertificates.isEmpty()) + clients = Stream.concat(clients.stream(), Stream.of(Client.internalClient(operatorAndTesterCertificates))).toList(); cluster.setClients(legacyMode, clients); } private Client getCLient(Element clientElement) { String id = XML.attribute("id", clientElement).orElseThrow(); + if (id.startsWith("_")) throw new IllegalArgumentException("Invalid client id '%s', id cannot start with '_'".formatted(id)); List<String> permissions = XML.attribute("permissions", clientElement) .map(p -> p.split(",")).stream() .flatMap(Arrays::stream) @@ -520,6 +527,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { List<X509Certificate> x509Certificates = XML.getChildren(clientElement, "certificate").stream() .map(certElem -> Path.fromString(certElem.getAttribute("file"))) .map(path -> app.getFile(path)) + .filter(ApplicationFile::exists) .map(this::getCertificates) .flatMap(Collection::stream) .toList(); @@ -527,6 +535,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { } private List<X509Certificate> getCertificates(ApplicationFile file) { + if (!file.exists()) return List.of(); try { Reader reader = file.createReader(); String certPem = IOUtils.readAll(reader); @@ -556,12 +565,10 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { boolean proxyProtocolMixedMode = deployState.getProperties().featureFlags().enableProxyProtocolMixedMode(); if (deployState.endpointCertificateSecrets().isPresent()) { boolean authorizeClient = deployState.zone().system().isPublic(); - List<X509Certificate> clientCertificates = deployState.featureFlags().enableDataPlaneFilter() - ? getClientCertificates(cluster) - : deployState.tlsClientAuthority().map(X509CertificateUtils::certificateListFromPem).orElse(List.of()); + List<X509Certificate> clientCertificates = getClientCertificates(cluster); if (authorizeClient && clientCertificates.isEmpty()) { throw new IllegalArgumentException("Client certificate authority security/clients.pem is missing - " + - "see: https://cloud.vespa.ai/en/security-model#data-plane"); + "see: https://cloud.vespa.ai/en/security/guide#data-plane"); } EndpointCertificateSecrets endpointCertificateSecrets = deployState.endpointCertificateSecrets().get(); @@ -572,7 +579,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { connectorFactory = authorizeClient ? HostedSslConnectorFactory.withProvidedCertificateAndTruststore( - serverName, endpointCertificateSecrets, getTlsClientAuthorities(clientCertificates, deployState), tlsCiphersOverride, proxyProtocolMixedMode, HOSTED_VESPA_DATAPLANE_PORT) + serverName, endpointCertificateSecrets, X509CertificateUtils.toPem(clientCertificates), tlsCiphersOverride, proxyProtocolMixedMode, HOSTED_VESPA_DATAPLANE_PORT) : HostedSslConnectorFactory.withProvidedCertificate( serverName, endpointCertificateSecrets, enforceHandshakeClientAuth, tlsCiphersOverride, proxyProtocolMixedMode, HOSTED_VESPA_DATAPLANE_PORT); } else { @@ -582,7 +589,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { server.addConnector(connectorFactory); } - // Returns the client certificates defined in + // Returns the client certificates of the clients defined for an application cluster private List<X509Certificate> getClientCertificates(ApplicationContainerCluster cluster) { return cluster.getClients() .stream() @@ -591,16 +598,6 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { .toList(); } - /* - Return trusted certificates as a PEM encoded string containing the concatenation of - trusted certs from the application package and all operator certificates. - */ - String getTlsClientAuthorities(List<X509Certificate> applicationCertificates, DeployState deployState) { - ArrayList<X509Certificate> x509Certificates = new ArrayList<>(applicationCertificates); - x509Certificates.addAll(deployState.getProperties().operatorCertificates()); - return X509CertificateUtils.toPem(x509Certificates); - } - private static boolean isHostedTenantApplication(ConfigModelContext context) { var deployState = context.getDeployState(); boolean isTesterApplication = deployState.getProperties().applicationId().instance().isTester(); diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidatorTest.java index b6815db8b99..6b6621239b0 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidatorTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidatorTest.java @@ -33,11 +33,12 @@ public class CertificateRemovalChangeValidatorTest { Client c1 = new Client("c1", List.of(), List.of(certificate("cn=c1"))); Client c2 = new Client("c2", List.of(), List.of(certificate("cn=c2"))); Client c3 = new Client("c3", List.of(), List.of(certificate("cn=c3"))); + Client internal = Client.internalClient(List.of(certificate("cn=internal"))); CertificateRemovalChangeValidator validator = new CertificateRemovalChangeValidator(); // Adding certs -> ok - validator.validateClients("clusterId", List.of(c1,c2), List.of(c1, c2, c3), ValidationOverrides.empty, now); + validator.validateClients("clusterId", List.of(c1, c2), List.of(c1, c2, c3), ValidationOverrides.empty, now); // Removing certs -> fails assertThrows(ValidationOverrides.ValidationException.class, @@ -46,6 +47,9 @@ public class CertificateRemovalChangeValidatorTest { // Removing certs with validationoverrides -> ok validator.validateClients("clusterId", List.of(c1, c2, c3), List.of(c1, c3), ValidationOverrides.fromXml(validationOverrides), now); + // Adding and removing internal certs are ok: + validator.validateClients("clusterId", List.of(c1, c2), List.of(c1, c2, internal), ValidationOverrides.empty, now); + validator.validateClients("clusterId", List.of(c1, c2, internal), List.of(c1, c2), ValidationOverrides.empty, now); } static X509Certificate certificate(String cn) { diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java index 593fa7e76ba..bbc73e848d3 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java @@ -378,21 +378,16 @@ public class AccessControlTest extends ContainerModelBuilderTestBase { void missing_security_clients_pem_fails_in_public() { Element clusterElem = DomBuilderTest.parse("<container version='1.0' />"); - try { - DeployState state = new DeployState.Builder() - .properties( - new TestProperties() - .setHostedVespa(true) - .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))) - .zone(new Zone(SystemName.Public, Environment.prod, RegionName.defaultName())) - .build(); - createModel(root, state, null, clusterElem); - } catch (RuntimeException e) { - assertEquals("Client certificate authority security/clients.pem is missing - see: https://cloud.vespa.ai/en/security-model#data-plane", - e.getMessage()); - return; - } - fail(); + DeployState state = new DeployState.Builder() + .properties( + new TestProperties() + .setHostedVespa(true) + .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))) + .zone(new Zone(SystemName.Public, Environment.prod, RegionName.defaultName())) + .build(); + RuntimeException e = assertThrows(RuntimeException.class, () -> createModel(root, state, null, clusterElem)); + assertEquals("Client certificate authority security/clients.pem is missing - see: https://cloud.vespa.ai/en/security/guide#data-plane", + e.getMessage()); } @Test diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java index 1ccaa7d6325..2490e3df72f 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java @@ -167,6 +167,22 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { assertEquals("File security/foo.pem does not contain any certificates.", exception.getMessage()); } + @Test + public void it_rejects_invalid_client_ids() throws IOException { + Element clusterElem = DomBuilderTest.parse( + """ + <container version='1.0'> + <clients> + <client id="_foo" permissions="read,write"> + <certificate file="foo"/> + </client> + </clients> + </container> + """); + IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(true, clusterElem)); + assertEquals("Invalid client id '_foo', id cannot start with '_'", exception.getMessage()); + } + private ConnectorConfig connectorConfig() { ApplicationContainer container = (ApplicationContainer) root.getProducer("container/container.0"); List<ConnectorFactory> connectorFactories = container.getHttp().getHttpServer().get().getConnectorFactories(); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java index 903323fcd58..835381b316d 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java @@ -17,7 +17,6 @@ import com.yahoo.config.provision.Tags; import com.yahoo.config.provision.TenantName; import com.yahoo.path.Path; import com.yahoo.transaction.Transaction; -import com.yahoo.vespa.config.server.NotFoundException; import com.yahoo.vespa.config.server.application.ApplicationSet; import com.yahoo.vespa.config.server.tenant.TenantRepository; import java.security.cert.X509Certificate; @@ -158,10 +157,7 @@ public abstract class Session implements Comparable<Session> { } /** Returns application id read from ZooKeeper. Will throw RuntimeException if not found */ - public ApplicationId getApplicationId() { - return sessionZooKeeperClient.readApplicationId() - .orElseThrow(() -> new NotFoundException("Unable to read application id for session " + sessionId)); - } + public ApplicationId getApplicationId() { return sessionZooKeeperClient.readApplicationId(); } public Tags getTags() { return sessionZooKeeperClient.readTags(); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java index 07aca116683..d3ac3ec3100 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java @@ -873,8 +873,7 @@ public class SessionRepository { log.log(Level.FINE, () -> "File reference for session id " + sessionId + ": " + fileReference + " not found"); return; } - ApplicationId applicationId = sessionZKClient.readApplicationId() - .orElseThrow(() -> new RuntimeException("Could not find application id for session " + sessionId)); + ApplicationId applicationId = sessionZKClient.readApplicationId(); log.log(Level.FINE, () -> "Creating local session for tenant '" + tenantName + "' with session id " + sessionId); try { createLocalSession(sessionDir, applicationId, sessionZKClient.readTags(), sessionId); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java index 9218b03af1e..37688e2676c 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java @@ -169,8 +169,9 @@ public class SessionZooKeeperClient { curator.set(applicationIdPath(), Utf8.toBytes(id.serializedForm())); } - public Optional<ApplicationId> readApplicationId() { - return curator.getData(applicationIdPath()).map(d -> ApplicationId.fromSerializedForm(Utf8.toString(d))); + public ApplicationId readApplicationId() { + return curator.getData(applicationIdPath()).map(d -> ApplicationId.fromSerializedForm(Utf8.toString(d))) + .orElseThrow(() -> new RuntimeException("Could not find application id for session " + sessionId)); } private Path tagsPath() { diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java index 26fa26b67c3..79a6a3464ce 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java @@ -215,7 +215,7 @@ public class SessionPreparerTest { PrepareParams params = new PrepareParams.Builder().applicationId(applicationId()).build(); int sessionId = 1; prepare(testApp, params); - assertEquals(applicationId(), createSessionZooKeeperClient(sessionId).readApplicationId().get()); + assertEquals(applicationId(), createSessionZooKeeperClient(sessionId).readApplicationId()); } @Test diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClientTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClientTest.java index 2f6e6a19651..ec27f2a00d9 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClientTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClientTest.java @@ -162,8 +162,7 @@ public class SessionZooKeeperClientTest { SessionZooKeeperClient zkc = createSessionZKClient(sessionId); Path path = sessionPath(sessionId).append(SessionZooKeeperClient.APPLICATION_ID_PATH); curator.set(path, Utf8.toBytes(idString)); - ApplicationId applicationId = zkc.readApplicationId().get(); - assertEquals(expectedIdString, applicationId.serializedForm()); + assertEquals(expectedIdString, zkc.readApplicationId().serializedForm()); } private SessionZooKeeperClient createSessionZKClient(long sessionId) { diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailure.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailure.java index 20ce15d683f..0f4bb0b54af 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailure.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SslHandshakeFailure.java @@ -42,7 +42,7 @@ enum SslHandshakeFailure { "CONNECTION_CLOSED", e -> e.getCause() instanceof EofException && e.getCause().getCause() instanceof IOException - && e.getCause().getCause().getMessage().equals("Broken pipe")); + && "Broken pipe".equals(e.getCause().getCause().getMessage())); private final String metricName; private final String failureType; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index 444a0ea5ac1..727f2f58c90 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -101,6 +101,7 @@ import java.util.function.Supplier; import java.util.logging.Level; import java.util.logging.Logger; import java.util.stream.Collectors; +import java.util.stream.Stream; import static com.yahoo.vespa.flags.FetchVector.Dimension.APPLICATION_ID; import static com.yahoo.vespa.hosted.controller.api.integration.configserver.Node.State.active; @@ -504,8 +505,7 @@ public class ApplicationController { Version platform = run.versions().sourcePlatform().filter(__ -> deploySourceVersions).orElse(run.versions().targetPlatform()); RevisionId revision = run.versions().sourceRevision().filter(__ -> deploySourceVersions).orElse(run.versions().targetRevision()); - ApplicationPackageStream applicationPackage = new ApplicationPackageStream(() -> applicationStore.stream(deployment, revision), - ApplicationPackageStream.addingCertificate(run.testerCertificate())); + ApplicationPackageStream applicationPackage = new ApplicationPackageStream(() -> applicationStore.stream(deployment, revision)); AtomicReference<RevisionId> lastRevision = new AtomicReference<>(); Instance instance; Set<ContainerEndpoint> containerEndpoints; @@ -528,7 +528,7 @@ public class ApplicationController { // Carry out deployment without holding the application lock. DeploymentResult result = deploy(job.application(), instance.tags(), applicationPackage, zone, platform, containerEndpoints, - endpointCertificateMetadata, run.isDryRun()); + endpointCertificateMetadata, run.isDryRun(), run.testerCertificate()); // Record the quota usage for this application @@ -617,7 +617,7 @@ public class ApplicationController { ApplicationPackageStream applicationPackage = new ApplicationPackageStream( () -> new ByteArrayInputStream(artifactRepository.getSystemApplicationPackage(application.id(), zone, version)) ); - return deploy(application.id(), Tags.empty(), applicationPackage, zone, version, Set.of(), Optional::empty, false); + return deploy(application.id(), Tags.empty(), applicationPackage, zone, version, Set.of(), Optional::empty, false, Optional.empty()); } else { throw new RuntimeException("This system application does not have an application package: " + application.id().toShortString()); } @@ -625,13 +625,13 @@ public class ApplicationController { /** Deploys the given tester application to the given zone. */ public DeploymentResult deployTester(TesterId tester, ApplicationPackageStream applicationPackage, ZoneId zone, Version platform) { - return deploy(tester.id(), Tags.empty(), applicationPackage, zone, platform, Set.of(), Optional::empty, false); + return deploy(tester.id(), Tags.empty(), applicationPackage, zone, platform, Set.of(), Optional::empty, false, Optional.empty()); } private DeploymentResult deploy(ApplicationId application, Tags tags, ApplicationPackageStream applicationPackage, ZoneId zone, Version platform, Set<ContainerEndpoint> endpoints, Supplier<Optional<EndpointCertificateMetadata>> endpointCertificateMetadata, - boolean dryRun) { + boolean dryRun, Optional<X509Certificate> testerCertificate) { DeploymentId deployment = new DeploymentId(application, zone); try { Optional<DockerImage> dockerImageRepo = Optional.ofNullable( @@ -657,6 +657,9 @@ public class ApplicationController { List<X509Certificate> operatorCertificates = controller.supportAccess().activeGrantsFor(deployment).stream() .map(SupportAccessGrant::certificate) .collect(toList()); + if (testerCertificate.isPresent()) { + operatorCertificates = Stream.concat(operatorCertificates.stream(), testerCertificate.stream()).toList(); + } Supplier<Optional<CloudAccount>> cloudAccount = () -> decideCloudAccountOf(deployment, applicationPackage.truncatedPackage().deploymentSpec()); ConfigServer.PreparedApplication preparedApplication = configServer.deploy(new DeploymentData(application, tags, zone, applicationPackage::zipStream, platform, diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java index 2f245ab9736..c5ddc850611 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java @@ -510,10 +510,11 @@ public class InternalStepRunnerTest { assertEquals(unfinished, tester.jobs().run(id).stepStatuses().get(Step.deployTester)); assertEquals(unfinished, tester.jobs().run(id).stepStatuses().get(Step.deployReal)); - List<X509Certificate> oldTrusted = new ArrayList<>(DeploymentContext.publicApplicationPackage().trustedCertificates()); - X509Certificate oldCert = tester.jobs().run(id).testerCertificate().get(); - oldTrusted.add(oldCert); - assertEquals(oldTrusted, tester.configServer().application(app.instanceId(), id.type().zone()).get().applicationPackage().trustedCertificates()); + List<X509Certificate> oldApplicationTruststore = new ArrayList<>(DeploymentContext.publicApplicationPackage().trustedCertificates()); + List<X509Certificate> oldTesterCert = List.of(tester.jobs().run(id).testerCertificate().get()); + + assertEquals(oldApplicationTruststore, tester.configServer().application(app.instanceId(), id.type().zone()).get().applicationPackage().trustedCertificates()); + assertEquals(oldTesterCert, tester.configServer().additionalCertificates(app.deploymentIdIn(id.type().zone()))); tester.configServer().throwOnNextPrepare(null); tester.clock().advance(Duration.ofSeconds(450)); @@ -521,11 +522,13 @@ public class InternalStepRunnerTest { assertEquals(succeeded, tester.jobs().run(id).stepStatuses().get(Step.deployTester)); assertEquals(succeeded, tester.jobs().run(id).stepStatuses().get(Step.deployReal)); - List<X509Certificate> newTrusted = new ArrayList<>(DeploymentContext.publicApplicationPackage().trustedCertificates()); - X509Certificate newCert = tester.jobs().run(id).testerCertificate().get(); - newTrusted.add(newCert); - assertEquals(newTrusted, tester.configServer().application(app.instanceId(), id.type().zone()).get().applicationPackage().trustedCertificates()); - assertNotEquals(oldCert, newCert); + List<X509Certificate> newApplicationTruststore = new ArrayList<>(DeploymentContext.publicApplicationPackage().trustedCertificates()); + List<X509Certificate> newTesterCert = List.of(tester.jobs().run(id).testerCertificate().get()); + assertEquals(newApplicationTruststore, tester.configServer().application(app.instanceId(), id.type().zone()).get().applicationPackage().trustedCertificates()); + assertEquals(newTesterCert, tester.configServer().additionalCertificates(app.deploymentIdIn(id.type().zone()))); + + assertEquals(oldApplicationTruststore, newApplicationTruststore); + assertNotEquals(oldTesterCert, newTesterCert); } @Test @@ -535,7 +538,9 @@ public class InternalStepRunnerTest { RunId id = app.startSystemTestTests(); List<X509Certificate> trusted = new ArrayList<>(DeploymentContext.publicApplicationPackage().trustedCertificates()); - trusted.add(tester.jobs().run(id).testerCertificate().get()); + assertEquals(trusted, tester.configServer().application(app.instanceId(), id.type().zone()).get().applicationPackage().trustedCertificates()); + + assertEquals(List.of(tester.jobs().run(id).testerCertificate().get()), tester.configServer().additionalCertificates(app.deploymentIdIn(id.type().zone()))); assertEquals(trusted, tester.configServer().application(app.instanceId(), id.type().zone()).get().applicationPackage().trustedCertificates()); tester.clock().advance(InternalStepRunner.Timeouts.of(system()).testerCertificate().plus(Duration.ofSeconds(1))); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ConfigServerMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ConfigServerMock.java index 64d34e55a03..f576c90e195 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ConfigServerMock.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ConfigServerMock.java @@ -50,6 +50,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.UncheckedIOException; import java.net.URI; +import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; import java.util.Collection; @@ -95,6 +96,7 @@ public class ConfigServerMock extends AbstractComponent implements ConfigServer private final Map<DeploymentId, List<ClusterMetrics>> clusterMetrics = new HashMap<>(); private final Map<DeploymentId, TestReport> testReport = new HashMap<>(); private final Map<DeploymentId, CloudAccount> cloudAccounts = new HashMap<>(); + private final Map<DeploymentId, List<X509Certificate>> additionalCertificates = new HashMap<>(); private List<ProtonMetrics> protonMetrics; private Version lastPrepareVersion = null; @@ -307,6 +309,10 @@ public class ConfigServerMock extends AbstractComponent implements ConfigServer deferLoadBalancerProvisioning.addAll(environments); } + public List<X509Certificate> additionalCertificates(DeploymentId deployment) { + return additionalCertificates.getOrDefault(deployment, List.of()); + } + @Override public NodeRepositoryMock nodeRepository() { return nodeRepository; @@ -435,6 +441,7 @@ public class ConfigServerMock extends AbstractComponent implements ConfigServer 1)) .toList())); + additionalCertificates.put(id, deployment.operatorCertificates()); DeploymentResult result = new DeploymentResult("foo", warnings.getOrDefault(id, List.of())); return () -> result; } diff --git a/searchcore/src/vespa/searchcore/proton/server/disk_mem_usage_sampler.cpp b/searchcore/src/vespa/searchcore/proton/server/disk_mem_usage_sampler.cpp index f2fae014f0f..102d947e812 100644 --- a/searchcore/src/vespa/searchcore/proton/server/disk_mem_usage_sampler.cpp +++ b/searchcore/src/vespa/searchcore/proton/server/disk_mem_usage_sampler.cpp @@ -3,6 +3,7 @@ #include "disk_mem_usage_sampler.h" #include <vespa/searchcore/proton/common/i_scheduled_executor.h> #include <vespa/vespalib/util/lambdatask.h> +#include <vespa/vespalib/util/size_literals.h> #include <vespa/searchcore/proton/common/i_transient_resource_usage_provider.h> #include <filesystem> @@ -65,6 +66,10 @@ namespace { namespace fs = std::filesystem; +// Disk usage for symbolic links and directories +constexpr uint64_t symlink_disk_usage = 4_Ki; +constexpr uint64_t directory_disk_usage = 4_Ki; + uint64_t sampleDiskUsageOnFileSystem(const fs::path &path, const HwInfo::Disk &disk) { @@ -80,15 +85,19 @@ sampleDiskUsageOnFileSystem(const fs::path &path, const HwInfo::Disk &disk) uint64_t attemptSampleDirectoryDiskUsageOnce(const fs::path &path) { - uint64_t result = 0; + uint64_t result = directory_disk_usage; for (const auto &elem : fs::recursive_directory_iterator(path, fs::directory_options::skip_permission_denied)) { - if (fs::is_regular_file(elem.path()) && !fs::is_symlink(elem.path())) { + if (elem.is_symlink()) { + result += symlink_disk_usage; + } else if (elem.is_regular_file()) { std::error_code fsize_err; - const auto size = fs::file_size(elem.path(), fsize_err); + const auto size = elem.file_size(fsize_err); // Errors here typically happens when a file is removed while doing the directory scan. Ignore them. if (!fsize_err) { result += size; } + } else if (elem.is_directory()) { + result += directory_disk_usage; } } return result; diff --git a/vespajlib/src/main/java/com/yahoo/tensor/Tensor.java b/vespajlib/src/main/java/com/yahoo/tensor/Tensor.java index 2ad3212c424..f97e137af83 100644 --- a/vespajlib/src/main/java/com/yahoo/tensor/Tensor.java +++ b/vespajlib/src/main/java/com/yahoo/tensor/Tensor.java @@ -243,7 +243,7 @@ public interface Tensor { default Tensor notEqual(Tensor argument) { return join(argument, (a, b) -> ( a != b ? 1.0 : 0.0)); } default Tensor approxEqual(Tensor argument) { return join(argument, (a, b) -> ( approxEquals(a,b) ? 1.0 : 0.0)); } default Tensor bit(Tensor argument) { return join(argument, (a,b) -> ((int)b < 8 && (int)b >= 0 && ((int)a & (1 << (int)b)) != 0) ? 1.0 : 0.0); } - default Tensor hamming(Tensor argument) { return join(argument, (a,b) -> Hamming.hamming(a,b)); } + default Tensor hamming(Tensor argument) { return join(argument, Hamming::hamming); } default Tensor avg() { return avg(Collections.emptyList()); } default Tensor avg(String dimension) { return avg(Collections.singletonList(dimension)); } @@ -466,9 +466,12 @@ public interface Tensor { class Cell implements Map.Entry<TensorAddress, Double> { private final TensorAddress address; - private final Number value; + private final double value; Cell(TensorAddress address, Number value) { + this(address, value.doubleValue()); + } + Cell(TensorAddress address, double value) { this.address = address; this.value = value; } @@ -485,7 +488,7 @@ public interface Tensor { /** Returns the value as a double */ @Override - public Double getValue() { return value.doubleValue(); } + public Double getValue() { return value; } /** Returns the value as a float */ public float getFloatValue() { return getValue().floatValue(); } @@ -501,8 +504,7 @@ public interface Tensor { @Override public boolean equals(Object o) { if (o == this) return true; - if ( ! ( o instanceof Map.Entry)) return false; - Map.Entry<?,?> other = (Map.Entry)o; + if ( ! ( o instanceof Map.Entry<?,?> other)) return false; if ( ! this.getValue().equals(other.getValue())) return false; if ( ! this.getKey().equals(other.getKey())) return false; return true; @@ -531,7 +533,7 @@ public interface Tensor { /** Creates a suitable builder for the given type */ static Builder of(TensorType type) { - boolean containsIndexed = type.dimensions().stream().anyMatch(d -> d.isIndexed()); + boolean containsIndexed = type.dimensions().stream().anyMatch(TensorType.Dimension::isIndexed); boolean containsMapped = type.dimensions().stream().anyMatch( d -> ! d.isIndexed()); if (containsIndexed && containsMapped) return MixedTensor.Builder.of(type); @@ -543,7 +545,7 @@ public interface Tensor { /** Creates a suitable builder for the given type */ static Builder of(TensorType type, DimensionSizes dimensionSizes) { - boolean containsIndexed = type.dimensions().stream().anyMatch(d -> d.isIndexed()); + boolean containsIndexed = type.dimensions().stream().anyMatch(TensorType.Dimension::isIndexed); boolean containsMapped = type.dimensions().stream().anyMatch( d -> ! d.isIndexed()); if (containsIndexed && containsMapped) return MixedTensor.Builder.of(type); diff --git a/vespajlib/src/main/java/com/yahoo/tensor/TensorAddress.java b/vespajlib/src/main/java/com/yahoo/tensor/TensorAddress.java index 342aca5fb3d..5636150bca1 100644 --- a/vespajlib/src/main/java/com/yahoo/tensor/TensorAddress.java +++ b/vespajlib/src/main/java/com/yahoo/tensor/TensorAddress.java @@ -13,6 +13,21 @@ import java.util.stream.Collectors; * @author bratseth */ public abstract class TensorAddress implements Comparable<TensorAddress> { + private static final String [] SMALL_INDEXES = createSmallIndexesAsStrings(1000); + + private static String [] createSmallIndexesAsStrings(int count) { + String [] asStrings = new String[count]; + for (int i = 0; i < count; i++) { + asStrings[i] = String.valueOf(i); + } + return asStrings; + } + private static String asString(int index) { + return (index < SMALL_INDEXES.length) ? SMALL_INDEXES[index] : String.valueOf(index); + } + private static String asString(long index) { + return (index < SMALL_INDEXES.length) ? SMALL_INDEXES[(int)index] : String.valueOf(index); + } public static TensorAddress of(String[] labels) { return new StringTensorAddress(labels); @@ -127,7 +142,7 @@ public abstract class TensorAddress implements Comparable<TensorAddress> { @Override public TensorAddress withLabel(int index, long label) { String[] labels = Arrays.copyOf(this.labels, this.labels.length); - labels[index] = String.valueOf(label); + labels[index] = TensorAddress.asString(label); return new StringTensorAddress(labels); } @@ -151,7 +166,7 @@ public abstract class TensorAddress implements Comparable<TensorAddress> { public int size() { return labels.length; } @Override - public String label(int i) { return String.valueOf(labels[i]); } + public String label(int i) { return TensorAddress.asString(labels[i]); } @Override public long numericLabel(int i) { return labels[i]; } @@ -165,7 +180,7 @@ public abstract class TensorAddress implements Comparable<TensorAddress> { @Override public String toString() { - return "cell address (" + Arrays.stream(labels).mapToObj(String::valueOf).collect(Collectors.joining(",")) + ")"; + return "cell address (" + Arrays.stream(labels).mapToObj(TensorAddress::asString).collect(Collectors.joining(",")) + ")"; } } diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java index af42e30422b..0ad4a4b8294 100644 --- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java +++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java @@ -98,7 +98,7 @@ public class Configurator { sb.append("serverCnxnFactory=org.apache.zookeeper.server.VespaNettyServerCnxnFactory").append("\n"); sb.append("quorumListenOnAllIPs=true").append("\n"); sb.append("standaloneEnabled=false").append("\n"); - sb.append("reconfigEnabled=").append(config.dynamicReconfiguration()).append("\n"); + sb.append("reconfigEnabled=true").append("\n"); sb.append("skipACL=yes").append("\n"); ensureThisServerIsRepresented(config.myid(), config.server()); config.server().forEach(server -> sb.append(serverSpec(server, server.joining())).append("\n")); diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java index 5d0031d5b55..6dcdc76a593 100644 --- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java +++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java @@ -54,21 +54,26 @@ public class ConfiguratorTest { } @Test - public void config_is_written_correctly_with_one_server() { + public void config_is_written_correctly_when_one_server() { ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile); new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); - validateConfigFileSingleHost(cfgFile, false); + validateConfigFileSingleHost(cfgFile); validateIdFile(idFile, "0\n"); } @Test - public void config_is_written_correctly_with_multiple_servers() { - three_config_servers(false); - } - - @Test - public void config_is_written_correctly_with_multiple_servers_on_hosted_vespa() { - three_config_servers(true); + public void config_is_written_correctly_when_multiple_servers() { + ZookeeperServerConfig.Builder builder = new ZookeeperServerConfig.Builder(); + builder.zooKeeperConfigFile(cfgFile.getAbsolutePath()); + builder.server(newServer(0, "foo", 123, 321, false)); + builder.server(newServer(1, "bar", 234, 432, false)); + builder.server(newServer(2, "baz", 345, 543, true)); + builder.myidFile(idFile.getAbsolutePath()); + builder.myid(1); + builder.tickTime(1234); + new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); + validateConfigFileMultipleHosts(cfgFile); + validateIdFile(idFile, "1\n"); } @Test @@ -76,7 +81,7 @@ public class ConfiguratorTest { ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile); TlsContext tlsContext = createTlsContext(); new Configurator(builder.build()).writeConfigToDisk(new VespaTlsConfig(tlsContext, MixedMode.TLS_CLIENT_MIXED_SERVER)); - validateConfigFileTlsWithMixedMode(cfgFile, false); + validateConfigFileTlsWithMixedMode(cfgFile); } @Test @@ -84,7 +89,7 @@ public class ConfiguratorTest { ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile); TlsContext tlsContext = createTlsContext(); new Configurator(builder.build()).writeConfigToDisk(new VespaTlsConfig(tlsContext, MixedMode.DISABLED)); - validateConfigFileTlsWithoutMixedMode(cfgFile, false); + validateConfigFileTlsWithoutMixedMode(cfgFile); } @Test(expected = RuntimeException.class) @@ -117,21 +122,6 @@ public class ConfiguratorTest { assertEquals("" + max_buffer, System.getProperty(ZOOKEEPER_JUTE_MAX_BUFFER)); } - private void three_config_servers(boolean hosted) { - ZookeeperServerConfig.Builder builder = new ZookeeperServerConfig.Builder(); - builder.zooKeeperConfigFile(cfgFile.getAbsolutePath()); - builder.server(newServer(0, "foo", 123, 321, false)); - builder.server(newServer(1, "bar", 234, 432, false)); - builder.server(newServer(2, "baz", 345, 543, true)); - builder.myidFile(idFile.getAbsolutePath()); - builder.myid(1); - builder.tickTime(1234); - builder.dynamicReconfiguration(hosted); - new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); - validateConfigFileMultipleHosts(cfgFile, hosted); - validateIdFile(idFile, "1\n"); - } - private ZookeeperServerConfig.Builder createConfigBuilderForSingleHost(File cfgFile, File idFile) { ZookeeperServerConfig.Builder builder = new ZookeeperServerConfig.Builder(); builder.zooKeeperConfigFile(cfgFile.getAbsolutePath()); @@ -157,7 +147,7 @@ public class ConfiguratorTest { assertEquals(expected, actual); } - private String commonConfig(boolean hosted) { + private String commonConfig() { return "tickTime=1234\n" + "initLimit=20\n" + "syncLimit=15\n" + @@ -171,13 +161,13 @@ public class ConfiguratorTest { "serverCnxnFactory=org.apache.zookeeper.server.VespaNettyServerCnxnFactory\n" + "quorumListenOnAllIPs=true\n" + "standaloneEnabled=false\n" + - "reconfigEnabled=" + hosted + "\n" + + "reconfigEnabled=true\n" + "skipACL=yes\n"; } - private void validateConfigFileSingleHost(File cfgFile, boolean hosted) { + private void validateConfigFileSingleHost(File cfgFile) { String expected = - commonConfig(hosted) + + commonConfig() + "server.0=foo:321:123;2181\n" + "sslQuorum=false\n" + "portUnification=false\n" + @@ -201,9 +191,9 @@ public class ConfiguratorTest { "ssl.clientAuth=NEED\n"; } - private void validateConfigFileMultipleHosts(File cfgFile, boolean hosted) { + private void validateConfigFileMultipleHosts(File cfgFile) { String expected = - commonConfig(hosted) + + commonConfig() + "server.0=foo:321:123;2181\n" + "server.1=bar:432:234;2181\n" + "server.2=baz:543:345:observer;2181\n" + @@ -214,9 +204,9 @@ public class ConfiguratorTest { } - private void validateConfigFileTlsWithMixedMode(File cfgFile, boolean hosted) { + private void validateConfigFileTlsWithMixedMode(File cfgFile) { String expected = - commonConfig(hosted) + + commonConfig() + "server.0=foo:321:123;2181\n" + "sslQuorum=true\n" + "portUnification=true\n" + @@ -226,9 +216,9 @@ public class ConfiguratorTest { validateConfigFile(cfgFile, expected); } - private void validateConfigFileTlsWithoutMixedMode(File cfgFile, boolean hosted) { + private void validateConfigFileTlsWithoutMixedMode(File cfgFile) { String expected = - commonConfig(hosted) + + commonConfig() + "server.0=foo:321:123;2181\n" + "sslQuorum=true\n" + "portUnification=false\n" + diff --git a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/ReconfigurableVespaZooKeeperServer.java b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/ReconfigurableVespaZooKeeperServer.java index a4c34416b4a..e94110af2fb 100644 --- a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/ReconfigurableVespaZooKeeperServer.java +++ b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/ReconfigurableVespaZooKeeperServer.java @@ -1,12 +1,13 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper; -import ai.vespa.validation.Validation; +import com.yahoo.component.annotation.Inject; import com.yahoo.cloud.config.ZookeeperServerConfig; import com.yahoo.component.AbstractComponent; -import com.yahoo.component.annotation.Inject; + import java.nio.file.Path; import java.time.Duration; +import java.util.concurrent.atomic.AtomicReference; /** * Starts or reconfigures zookeeper cluster. @@ -21,7 +22,6 @@ public class ReconfigurableVespaZooKeeperServer extends AbstractComponent implem @Inject public ReconfigurableVespaZooKeeperServer(Reconfigurer reconfigurer, ZookeeperServerConfig zookeeperServerConfig) { - Validation.require(true, zookeeperServerConfig.dynamicReconfiguration(), "dynamicReconfiguration must be true"); peer = reconfigurer.startOrReconfigure(zookeeperServerConfig, this, () -> peer = new VespaQuorumPeer()); } diff --git a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java index 104af272bd3..48f95d28910 100644 --- a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java +++ b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java @@ -1,7 +1,6 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper; -import ai.vespa.validation.Validation; import com.yahoo.component.annotation.Inject; import com.yahoo.cloud.config.ZookeeperServerConfig; import com.yahoo.component.AbstractComponent; @@ -20,7 +19,6 @@ public class VespaZooKeeperServerImpl extends AbstractComponent implements Vespa @Inject public VespaZooKeeperServerImpl(ZookeeperServerConfig zookeeperServerConfig) { - Validation.require(false, zookeeperServerConfig.dynamicReconfiguration(), "dynamicReconfiguration must be false"); this.peer = new VespaQuorumPeer(); this.runner = new ZooKeeperRunner(zookeeperServerConfig, this); } |