diff options
11 files changed, 167 insertions, 75 deletions
diff --git a/config-model/src/main/perl/vespa-deploy b/config-model/src/main/perl/vespa-deploy index fede8b994c1..ffde937bea0 100755 --- a/config-model/src/main/perl/vespa-deploy +++ b/config-model/src/main/perl/vespa-deploy @@ -87,7 +87,7 @@ readConfFile(); use strict; use warnings; use feature qw(switch say); -use vars qw/ $opt_c $opt_h $opt_n $opt_v $opt_f $opt_t $opt_a $opt_e $opt_E $opt_r $opt_i $opt_p $opt_H $opt_R $opt_F $opt_V /; +use vars qw/ $opt_c $opt_h $opt_n $opt_v $opt_f $opt_t $opt_a $opt_e $opt_E $opt_r $opt_i $opt_p $opt_z $opt_H $opt_R $opt_F $opt_V /; use Env qw($HOME); use JSON; use Getopt::Std; @@ -101,6 +101,9 @@ my $configsource_url_used_file = "$cloudconfig_dir/deploy-configsource-url-used" my $pathPrefix; +my $siaPath; +my $siaCertsPath; +my $siaKeysPath; my $tenant = "default"; my $application = "default"; my $environment = "prod"; @@ -109,7 +112,8 @@ my $instance = "default"; my $version = "v2"; my $configserver = ""; my $port = "19071"; -getopts('c:fhnt:ve:E:r:a:i:p:HR:F:V:'); +my $cert = ""; +getopts('c:fhnt:ve:E:r:a:i:p:z:HR:F:V:'); if ($opt_h) { usage(); @@ -144,8 +148,18 @@ if ($opt_p) { $port = $opt_p; } +if ($opt_z) { + $cert = $opt_z; +} + $pathPrefix = "/application/v2/tenant/$tenant/session"; +$siaPath = "/var/lib/sia/"; + +$siaCertsPath = $siaPath . "certs/"; + +$siaKeysPath = $siaPath . "keys/"; + create_cloudconfig_dir(); $session_id_file = "$cloudconfig_dir/$tenant/deploy-session-id"; @@ -153,7 +167,10 @@ $session_id_file = "$cloudconfig_dir/$tenant/deploy-session-id"; my $command = shift; $command ||= "help"; -my $curl_command = $VESPA_HOME . '/libexec/vespa/vespa-curl-wrapper -A vespa-deploy --silent --show-error --connect-timeout 30 --max-time 1200'; +my $curl_command = 'curl -A vespa-deploy --silent --show-error --connect-timeout 30 --max-time 1200'; +if ($cert) { + $curl_command = $curl_command . " -k --cert " . $siaCertsPath . $cert . ".cert.pem --key " . $siaKeysPath . $cert . ".key.pem "; +} my $CURL_PUT = $curl_command . ' --write-out \%{http_code} --request PUT'; my $CURL_GET = $curl_command . ' --request GET'; @@ -247,6 +264,8 @@ sub usage { print " '-t <timeout>' (timeout in seconds)\n"; print " '-c <server>' (config server hostname)\n"; print " '-p <port>' (config server http port)\n"; + print " '-z <cert>' (cert/key name)\n\n"; + print "Try 'vespa-deploy help <command>' to get more help\n"; } @@ -328,7 +347,11 @@ sub get_configsource_url { my @configsources; if ($configserver and $configserver ne "") { - @configsources = ('http://' . $configserver . ':' . $port . '/'); + if ($cert and $cert ne "") { + @configsources = ('https://' . $configserver . ':' . $port . '/'); + } else { + @configsources = ('http://' . $configserver . ':' . $port . '/'); + } } else { @configsources = split(' ', `$VESPA_HOME/bin/vespa-print-default configservers_http`); } diff --git a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionAndUrlDownload.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionAndUrlDownload.java index 4eef3c40df4..0b7de6ed562 100644 --- a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionAndUrlDownload.java +++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionAndUrlDownload.java @@ -4,11 +4,8 @@ package com.yahoo.vespa.config.proxy.filedistribution; import com.yahoo.config.subscription.ConfigSourceSet; import com.yahoo.jrt.Supervisor; import com.yahoo.vespa.config.JRTConnectionPool; -import com.yahoo.vespa.filedistribution.FileDistributionRpcServer; import com.yahoo.vespa.filedistribution.FileDownloader; -import java.util.stream.Stream; - /** * Keeps track of file distribution and url download rpc servers. * diff --git a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileDistributionRpcServer.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java index cc76eef014f..33a8ed405a9 100644 --- a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileDistributionRpcServer.java +++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java @@ -1,5 +1,5 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.filedistribution; +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.config.proxy.filedistribution; import com.yahoo.concurrent.DaemonThreadFactory; import com.yahoo.config.FileReference; @@ -11,6 +11,8 @@ import com.yahoo.jrt.StringArray; import com.yahoo.jrt.StringValue; import com.yahoo.jrt.Supervisor; import com.yahoo.log.LogLevel; +import com.yahoo.vespa.filedistribution.FileDownloader; +import com.yahoo.vespa.filedistribution.FileReferenceDownload; import java.io.File; import java.util.Arrays; diff --git a/config-proxy/src/test/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServerTest.java b/config-proxy/src/test/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServerTest.java index ffaf5bafc59..48456d8ac23 100644 --- a/config-proxy/src/test/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServerTest.java +++ b/config-proxy/src/test/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServerTest.java @@ -15,6 +15,8 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; +import java.time.Duration; + import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertThat; @@ -295,7 +297,7 @@ public class ConfigProxyRpcServerTest { } void invoke(Request request) { - target.invokeSync(request, 0/*no timeout*/); + target.invokeSync(request, Duration.ofMinutes(10).getSeconds()); } @Override diff --git a/metrics-proxy/src/main/java/ai/vespa/metricsproxy/metric/ExternalMetrics.java b/metrics-proxy/src/main/java/ai/vespa/metricsproxy/metric/ExternalMetrics.java index 64ede137e8e..017b2c57370 100644 --- a/metrics-proxy/src/main/java/ai/vespa/metricsproxy/metric/ExternalMetrics.java +++ b/metrics-proxy/src/main/java/ai/vespa/metricsproxy/metric/ExternalMetrics.java @@ -35,12 +35,13 @@ import static java.util.stream.Collectors.toCollection; public class ExternalMetrics { private static final Logger log = Logger.getLogger(ExternalMetrics.class.getName()); + // NOTE: node service id must be kept in sync with the same constant _value_ used in docker-api:Metrics.java + public static final ServiceId VESPA_NODE_SERVICE_ID = toServiceId("vespa.node"); + public static final DimensionId ROLE_DIMENSION = toDimensionId("role"); public static final DimensionId STATE_DIMENSION = toDimensionId("state"); public static final DimensionId ORCHESTRATOR_STATE_DIMENSION = toDimensionId("orchestratorState"); - public static final ServiceId VESPA_NODE_SERVICE_ID = toServiceId("vespa.node"); - private volatile List<MetricsPacket.Builder> metrics = new ArrayList<>(); private final MetricsConsumers consumers; @@ -58,7 +59,6 @@ public class ExternalMetrics { log.log(DEBUG, () -> "Setting new external metrics with " + externalPackets.size() + " metrics packets."); externalPackets.forEach(packet -> { packet.addConsumers(consumers.getAllConsumers()) - .service(VESPA_NODE_SERVICE_ID) .retainMetrics(metricsToRetain()) .applyOutputNames(outputNamesById()); }); diff --git a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/core/MetricsManagerTest.java b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/core/MetricsManagerTest.java index e441c353292..bc83712ac70 100644 --- a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/core/MetricsManagerTest.java +++ b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/core/MetricsManagerTest.java @@ -15,6 +15,7 @@ import ai.vespa.metricsproxy.metric.dimensions.NodeDimensions; import ai.vespa.metricsproxy.metric.dimensions.NodeDimensionsConfig; import ai.vespa.metricsproxy.metric.model.DimensionId; import ai.vespa.metricsproxy.metric.model.MetricsPacket; +import ai.vespa.metricsproxy.metric.model.ServiceId; import ai.vespa.metricsproxy.service.DownService; import ai.vespa.metricsproxy.service.DummyService; import ai.vespa.metricsproxy.service.VespaService; @@ -38,6 +39,7 @@ import static ai.vespa.metricsproxy.metric.model.ServiceId.toServiceId; import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; @@ -162,6 +164,21 @@ public class MetricsManagerTest { } @Test + public void application_from_extra_metrics_packets_is_used_as_service_in_result_packets() { + final ServiceId serviceId = toServiceId("custom-service"); + metricsManager.setExtraMetrics(ImmutableList.of( + new MetricsPacket.Builder(serviceId) + .putMetrics(ImmutableList.of(new Metric(WHITELISTED_METRIC_ID, 0))))); + + List<MetricsPacket> packets = metricsManager.getMetrics(testServices, Instant.EPOCH); + MetricsPacket extraPacket = null; + for (MetricsPacket packet : packets) { + if (packet.service.equals(serviceId)) extraPacket = packet; + } + assertNotNull(extraPacket); + } + + @Test public void extra_dimensions_are_added_to_metrics_packets_that_do_not_have_those_dimensions() { metricsManager.setExtraMetrics(ImmutableList.of( new MetricsPacket.Builder(toServiceId("foo")) diff --git a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/http/GenericMetricsHandlerTest.java b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/http/GenericMetricsHandlerTest.java index 29ab8c66694..dc89e5bb9f2 100644 --- a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/http/GenericMetricsHandlerTest.java +++ b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/http/GenericMetricsHandlerTest.java @@ -37,6 +37,7 @@ import java.util.concurrent.Executors; import static ai.vespa.metricsproxy.core.VespaMetrics.INSTANCE_DIMENSION_ID; import static ai.vespa.metricsproxy.http.GenericMetricsHandler.DEFAULT_PUBLIC_CONSUMER_ID; +import static ai.vespa.metricsproxy.metric.ExternalMetrics.VESPA_NODE_SERVICE_ID; import static ai.vespa.metricsproxy.metric.model.ServiceId.toServiceId; import static ai.vespa.metricsproxy.metric.model.StatusCode.DOWN; import static ai.vespa.metricsproxy.metric.model.json.JacksonUtil.createObjectMapper; @@ -74,7 +75,7 @@ public class GenericMetricsHandlerTest { public static void setup() { MetricsManager metricsManager = TestUtil.createMetricsManager(vespaServices, getMetricsConsumers(), getApplicationDimensions(), getNodeDimensions()); metricsManager.setExtraMetrics(ImmutableList.of( - new MetricsPacket.Builder(toServiceId("foo")) + new MetricsPacket.Builder(VESPA_NODE_SERVICE_ID) .timestamp(Instant.now().getEpochSecond()) .putMetrics(ImmutableList.of(new Metric(CPU_METRIC, 12.345))))); GenericMetricsHandler handler = new GenericMetricsHandler(Executors.newSingleThreadExecutor(), metricsManager, vespaServices, getMetricsConsumers()); diff --git a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/metric/ExternalMetricsTest.java b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/metric/ExternalMetricsTest.java index 11c271d46e4..2cce2f66039 100644 --- a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/metric/ExternalMetricsTest.java +++ b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/metric/ExternalMetricsTest.java @@ -8,6 +8,7 @@ import ai.vespa.metricsproxy.core.ConsumersConfig; import ai.vespa.metricsproxy.core.MetricsConsumers; import ai.vespa.metricsproxy.metric.model.ConsumerId; import ai.vespa.metricsproxy.metric.model.MetricsPacket; +import ai.vespa.metricsproxy.metric.model.ServiceId; import com.google.common.collect.ImmutableList; import org.junit.Test; @@ -38,15 +39,17 @@ public class ExternalMetricsTest { } @Test - public void service_id_is_set_to_vespa_node_id() { + public void service_id_from_extra_packets_is_not_replaced() { + final ServiceId SERVICE_ID = toServiceId("do-not-replace"); + MetricsConsumers noConsumers = new MetricsConsumers(new ConsumersConfig.Builder().build()); ExternalMetrics externalMetrics = new ExternalMetrics(noConsumers); externalMetrics.setExtraMetrics(ImmutableList.of( - new MetricsPacket.Builder(toServiceId("replace_with_vespa_node_id")))); + new MetricsPacket.Builder(SERVICE_ID))); List<MetricsPacket.Builder> packets = externalMetrics.getMetrics(); assertEquals(1, packets.size()); - assertEquals(VESPA_NODE_SERVICE_ID, packets.get(0).build().service); + assertEquals(SERVICE_ID, packets.get(0).build().service); } @Test diff --git a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/rpc/RpcMetricsTest.java b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/rpc/RpcMetricsTest.java index d4777618546..d6084e3e03a 100644 --- a/metrics-proxy/src/test/java/ai/vespa/metricsproxy/rpc/RpcMetricsTest.java +++ b/metrics-proxy/src/test/java/ai/vespa/metricsproxy/rpc/RpcMetricsTest.java @@ -17,7 +17,9 @@ import com.yahoo.jrt.Transport; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; import java.util.List; @@ -34,6 +36,8 @@ import static org.hamcrest.CoreMatchers.notNullValue; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; /** * @author jobergum @@ -41,13 +45,60 @@ import static org.junit.Assert.assertThat; */ public class RpcMetricsTest { - private static final String METRICS_RESPONSE_CCL = - getFileContents("metrics-storage-simple.json").trim(); + private static final String METRICS_RESPONSE = getFileContents("metrics-storage-simple.json").trim(); + private static final String EXTRA_APP = "extra"; + + private static class RpcClient implements AutoCloseable { + private final Supervisor supervisor; + private final Target target; + + RpcClient(int port) { + supervisor = new Supervisor(new Transport()); + target = supervisor.connect(new Spec("localhost", port)); + } + + @Override + public void close() { + target.close(); + supervisor.transport().shutdown().join(); + } + } + + @Test + public void extra_metrics_are_added_to_output() throws Exception { + String extraMetricsPayload = "{\"timestamp\":1557754772,\"application\":\"" + EXTRA_APP + + "\",\"metrics\":{\"foo.count\":3},\"dimensions\":{\"role\":\"extra-role\"}}"; + + try (IntegrationTester tester = new IntegrationTester()) { + try (RpcClient rpcClient = new RpcClient(tester.rpcPort())) { + Request req = new Request("setExtraMetrics"); + req.parameters().add(new StringValue(extraMetricsPayload)); + invoke(req, rpcClient, false); + String allServicesResponse = getMetricsForYamas(ALL_SERVICES, rpcClient).trim(); + + // Verify that application is used as serviceId, and that metric exists. + JSONObject extraMetrics = findExtraMetricsObject(allServicesResponse); + assertThat(extraMetrics.getJSONObject("metrics").getInt("foo.count"), is(3)); + assertThat(extraMetrics.getJSONObject("dimensions").getString("role"), is("extra-role")); + } + } + } + + private JSONObject findExtraMetricsObject(String jsonResponse) throws JSONException { + JSONArray metrics = new JSONObject(jsonResponse).getJSONArray("metrics"); + for (int i = 0; i < metrics.length(); i++) { + JSONObject jsonObject = metrics.getJSONObject(i); + assertTrue(jsonObject.has("application")); + if (jsonObject.getString("application").equals(EXTRA_APP)) return jsonObject; + } + fail("Metrics from setExtraMetrics was missing."); + throw new RuntimeException(); + } @Test public void testGetMetrics() throws Exception { try (IntegrationTester tester = new IntegrationTester()) { - tester.httpServer().setResponse(METRICS_RESPONSE_CCL); + tester.httpServer().setResponse(METRICS_RESPONSE); List<VespaService> services = tester.vespaServices().getInstancesById(SERVICE_1_CONFIG_ID); assertThat("#Services should be 1 for config id " + SERVICE_1_CONFIG_ID, services.size(), is(1)); @@ -62,34 +113,29 @@ public class RpcMetricsTest { Metric m2 = metrics.getMetric("bar.count"); assertNotNull("Did not find expected metric with name 'bar.count'", m2); - // Setup RPC client - Supervisor supervisor = new Supervisor(new Transport()); - Target target = supervisor.connect(new Spec("localhost", tester.rpcPort())); + try (RpcClient rpcClient = new RpcClient(tester.rpcPort())) { + verifyMetricsFromRpcRequest(qrserver, rpcClient); - verifyMetricsFromRpcRequest(qrserver, target); + services = tester.vespaServices().getInstancesById(SERVICE_2_CONFIG_ID); + assertThat("#Services should be 1 for config id " + SERVICE_2_CONFIG_ID, services.size(), is(1)); - services = tester.vespaServices().getInstancesById(SERVICE_2_CONFIG_ID); - assertThat("#Services should be 1 for config id " + SERVICE_2_CONFIG_ID, services.size(), is(1)); + VespaService storageService = services.get(0); + verfiyMetricsFromServiceObject(storageService); - VespaService storageService = services.get(0); - verfiyMetricsFromServiceObject(storageService); + String metricsById = getMetricsById(storageService.getConfigId(), rpcClient); + assertThat(metricsById, is("'storage.cluster.storage.storage.0'.foo_count=1 ")); - String metricsById = getMetricsById(storageService.getConfigId(), target); - assertThat(metricsById, is("'storage.cluster.storage.storage.0'.foo_count=1 ")); + String jsonResponse = getMetricsForYamas("non-existing", rpcClient).trim(); + assertThat(jsonResponse, is("105: No service with name 'non-existing'")); - String jsonResponse = getMetricsForYamas("non-existing", target).trim(); - assertThat(jsonResponse, is("105: No service with name 'non-existing'")); + verifyMetricsFromRpcRequestForAllServices(rpcClient); - verifyMetricsFromRpcRequestForAllServices(target); - - // Shutdown RPC - target.close(); - supervisor.transport().shutdown().join(); + } } } - private static void verifyMetricsFromRpcRequest(VespaService service, Target target) throws JSONException { - String jsonResponse = getMetricsForYamas(service.getMonitoringName(), target).trim(); + private static void verifyMetricsFromRpcRequest(VespaService service, RpcClient client) throws JSONException { + String jsonResponse = getMetricsForYamas(service.getMonitoringName(), client).trim(); JSONArray metrics = new JSONObject(jsonResponse).getJSONArray("metrics"); assertThat("Expected 3 metric messages", metrics.length(), is(3)); for (int i = 0; i < metrics.length() - 1; i++) { // The last "metric message" contains only status code/message @@ -124,18 +170,18 @@ public class RpcMetricsTest { assertThat("Metric foo did not contain correct dimension for key = bar", foo.getDimensions().get(toDimensionId("bar")), is("foo")); } - private void verifyMetricsFromRpcRequestForAllServices(Target target) throws JSONException { + private void verifyMetricsFromRpcRequestForAllServices(RpcClient client) throws JSONException { // Verify that metrics for all services can be retrieved in one request. - String allServicesResponse = getMetricsForYamas(ALL_SERVICES, target).trim(); + String allServicesResponse = getMetricsForYamas(ALL_SERVICES, client).trim(); JSONArray allServicesMetrics = new JSONObject(allServicesResponse).getJSONArray("metrics"); assertThat(allServicesMetrics.length(), is(5)); } @Test - public void testGetAllMetricNames() { + public void testGetAllMetricNames() throws Exception { try (IntegrationTester tester = new IntegrationTester()) { - tester.httpServer().setResponse(METRICS_RESPONSE_CCL); + tester.httpServer().setResponse(METRICS_RESPONSE); List<VespaService> services = tester.vespaServices().getInstancesById(SERVICE_1_CONFIG_ID); assertThat(services.size(), is(1)); @@ -144,52 +190,48 @@ public class RpcMetricsTest { Metric m = metrics.getMetric("foo.count"); assertNotNull("Did not find expected metric with name 'foo.count'", m); - Metric m2 = metrics.getMetric("bar.count"); assertNotNull("Did not find expected metric with name 'bar'", m2); - // Setup RPC - Supervisor supervisor = new Supervisor(new Transport()); - Target target = supervisor.connect(new Spec("localhost", tester.rpcPort())); - - String response = getAllMetricNamesForService(services.get(0).getMonitoringName(), VESPA_CONSUMER_ID, target); - assertThat(response, is("foo.count=ON;output-name=foo_count,bar.count=OFF,")); - - // Shutdown RPC - target.close(); - supervisor.transport().shutdown().join(); + try (RpcClient rpcClient = new RpcClient(tester.rpcPort())) { + String response = getAllMetricNamesForService(services.get(0).getMonitoringName(), VESPA_CONSUMER_ID, rpcClient); + assertThat(response, is("foo.count=ON;output-name=foo_count,bar.count=OFF,")); + } } } - private static String getMetricsForYamas(String service, Target target) { + private static String getMetricsForYamas(String service, RpcClient client) { Request req = new Request("getMetricsForYamas"); req.parameters().add(new StringValue(service)); - return invoke(req, target); + return invoke(req, client, true); } - private String getMetricsById(String service, Target target) { + private String getMetricsById(String service, RpcClient client) { Request req = new Request("getMetricsById"); req.parameters().add(new StringValue(service)); - return invoke(req, target); + return invoke(req, client, true); } - private String getAllMetricNamesForService(String service, ConsumerId consumer, Target target) { + private String getAllMetricNamesForService(String service, ConsumerId consumer, RpcClient client) { Request req = new Request("getAllMetricNamesForService"); req.parameters().add(new StringValue(service)); req.parameters().add(new StringValue(consumer.id)); - return invoke(req, target); + return invoke(req, client, true); } - private static String invoke(Request req, Target target) { + private static String invoke(Request req, RpcClient client, boolean expectReturnValue) { String returnValue; - target.invokeSync(req, 20.0); + client.target.invokeSync(req, 20.0); if (req.checkReturnTypes("s")) { returnValue = req.returnValues().get(0).asString(); - } else { + } else if (expectReturnValue) { System.out.println(req.methodName() + " from rpcserver - Invocation failed " + req.errorCode() + ": " + req.errorMessage()); returnValue = req.errorCode() + ": " + req.errorMessage(); } + else { + return ""; + } return returnValue; } diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java index 367d7b9dd83..ae18700246c 100644 --- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java +++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java @@ -51,15 +51,17 @@ public class Main { Map<OutputVariable, String> outputVariables = new TreeMap<>(); Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars); - MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); - if (options.isPresent() && mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { + if (options.isPresent()) { outputVariables.put(OutputVariable.TLS_ENABLED, "1"); options.get().getCaCertificatesFile() .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString())); - options.get().getCertificatesFile() - .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); - options.get().getPrivateKeyFile() - .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); + MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); + if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { + options.get().getCertificatesFile() + .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); + options.get().getPrivateKeyFile() + .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); + } } shell.writeOutputVariables(stdOut, outputVariables); EnumSet<OutputVariable> unusedVariables = outputVariables.isEmpty() diff --git a/security-tools/src/main/sh/vespa-curl-wrapper b/security-tools/src/main/sh/vespa-curl-wrapper index da857984c01..7c2f31d7719 100755 --- a/security-tools/src/main/sh/vespa-curl-wrapper +++ b/security-tools/src/main/sh/vespa-curl-wrapper @@ -6,23 +6,26 @@ set -e -eval $(vespa-security-env) +. $(vespa-security-env) -CURL_PARAMETERS=("$@") +CURL_PARAMETERS=$1 +CONFIGSERVER_URI_WITHOUT_SCHEME=$2 if [ -n "${VESPA_TLS_ENABLED}" ] then - CURL_PARAMETERS=("${CURL_PARAMETERS[@]/http:/https:}") + CONFIGSERVER_URI="https://${CONFIGSERVER_URI_WITHOUT_SCHEME}" +else + CONFIGSERVER_URI="http://${CONFIGSERVER_URI_WITHOUT_SCHEME}" fi if [ -n "${VESPA_TLS_CA_CERT}" ] then - CURL_PARAMETERS=("--cacert" "${VESPA_TLS_CA_CERT}" "${CURL_PARAMETERS[@]}") + CURL_PARAMETERS="--cacert \"${VESPA_TLS_CA_CERT}\" ${CURL_PARAMETERS}" fi if [[ -n "${VESPA_TLS_CERT}" && -n "${VESPA_TLS_PRIVATE_KEY}" ]] then - CURL_PARAMETERS=("--cert" "${VESPA_TLS_CERT}" "--key" "${VESPA_TLS_PRIVATE_KEY}" "${CURL_PARAMETERS[@]}") + CURL_PARAMETERS="--cert \"${VESPA_TLS_CERT}\" --key \"${VESPA_TLS_PRIVATE_KEY}\" ${CURL_PARAMETERS}" fi -curl "${CURL_PARAMETERS[@]}" +curl ${CURL_PARAMETERS} "${CONFIGSERVER_URI}" |