summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java9
-rw-r--r--zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java9
-rw-r--r--zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java8
3 files changed, 19 insertions, 7 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
index 287f311163e..b0e178bea92 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
@@ -56,6 +56,7 @@ import java.util.stream.Collectors;
public class NodeRepository extends AbstractComponent {
private final CuratorDatabaseClient zkClient;
+ private final Curator curator;
/**
* Creates a node repository form a zookeeper provider.
@@ -72,6 +73,7 @@ public class NodeRepository extends AbstractComponent {
*/
public NodeRepository(NodeFlavors flavors, Curator curator, Clock clock) {
this.zkClient = new CuratorDatabaseClient(flavors, curator, clock);
+ this.curator = curator;
// read and write all nodes to make sure they are stored in the latest version of the serialized format
for (Node.State state : Node.State.values())
@@ -350,8 +352,15 @@ public class NodeRepository extends AbstractComponent {
private void updateAllowedHosts() {
StringBuilder s = new StringBuilder();
+
+ // Add tenant hosts
for (Node node : getNodes(Node.Type.tenant))
s.append(node.hostname()).append(",");
+
+ // Add the zooKeeper servers
+ for (String hostPort : curator.connectionSpec().split("/"))
+ s.append(hostPort.split(":")[0]).append(",");
+
if (s.length() > 0)
s.setLength(s.length()-1); // remove last comma
System.setProperty(ZooKeeperServer.ZOOKEEPER_VESPA_CLIENTS_PROPERTY, s.toString());
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java b/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java
index 4c08924f8de..66734036ce5 100644
--- a/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java
+++ b/zkfacade/src/main/java/com/yahoo/vespa/curator/Curator.java
@@ -54,7 +54,7 @@ public class Curator {
private final String connectionSpec;
private final int serverCount;
- /** Creates a curator instance from a comma-separated string of ZooKeeper host names */
+ /** Creates a curator instance from a comma-separated string of ZooKeeper host:port strings */
public static Curator create(String connectionSpec) {
return new Curator(connectionSpec);
}
@@ -64,7 +64,7 @@ public class Curator {
public Curator(ConfigserverConfig configserverConfig, ZooKeeperServer server) {
this(createConnectionSpec(configserverConfig));
}
-
+
private static String createConnectionSpec(ConfigserverConfig config) {
StringBuilder sb = new StringBuilder();
for (int i = 0; i < config.zookeeperserver().size(); i++) {
@@ -103,15 +103,14 @@ public class Curator {
}
private static void validateConnectionSpec(String connectionSpec) {
- if (connectionSpec == null || connectionSpec.isEmpty()) {
+ if (connectionSpec == null || connectionSpec.isEmpty())
throw new IllegalArgumentException(String.format("Connections spec '%s' is not valid", connectionSpec));
- }
}
/** Returns the number of zooKeeper servers in this cluster */
public int serverCount() { return serverCount; }
- /** Returns a comma-separated list of the zookeeper servers in this cluster */
+ /** Returns the servers in this cluster as a comma-separated list of host:port strings */
public String connectionSpec() { return connectionSpec; }
/** For internal use; prefer creating a {@link CuratorCounter} */
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
index 90c68461699..d8561c67767 100644
--- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
+++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
@@ -27,18 +27,22 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory {
@Override
protected NIOServerCnxn createConnection(SocketChannel socket, SelectionKey selection) throws IOException {
+ String remoteHost = ((InetSocketAddress)socket.getRemoteAddress()).getHostName(); // TODO: Move this line down
+
String zookeeperClients = System.getProperty(ZooKeeperServer.ZOOKEEPER_VESPA_CLIENTS_PROPERTY);
- if (zookeeperClients == null || zookeeperClients.isEmpty())
+ if (zookeeperClients == null || zookeeperClients.isEmpty()) {
+ log.info("Allowing connection to ZooKeeper from " + remoteHost + ", as " + ZooKeeperServer.ZOOKEEPER_VESPA_CLIENTS_PROPERTY + " is not set"); // TODO: Remove this line
return super.createConnection(socket, selection); // client checking is not activated
+ }
Set<String> zooKeeperClients = toHostnameSet(zookeeperClients);
- String remoteHost = ((InetSocketAddress)socket.getRemoteAddress()).getHostName();
if ( ! remoteHost.equals("localhost") && ! zooKeeperClients.contains(remoteHost)) {
String errorMessage = "Rejecting connection to ZooKeeper from " + remoteHost +
": This cluster only allow connection from hosts in: " + zooKeeperClients;
log.warning(errorMessage);
throw new IllegalArgumentException(errorMessage);
}
+ log.info("Allowing connection to ZooKeeper from " + remoteHost + ", as it is in " + zookeeperClients); // TODO: Remove this line
return super.createConnection(socket, selection);
}