summaryrefslogtreecommitdiffstats
path: root/node-repository
diff options
context:
space:
mode:
Diffstat (limited to 'node-repository')
-rw-r--r--node-repository/pom.xml14
-rw-r--r--node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/NodeRepositoryMaintenance.java3
-rw-r--r--node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainer.java49
-rw-r--r--node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/NoopFilter.java20
-rw-r--r--node-repository/src/test/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainerTest.java68
-rw-r--r--node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/maintenance.json3
6 files changed, 30 insertions, 127 deletions
diff --git a/node-repository/pom.xml b/node-repository/pom.xml
index 0959b5cc5b8..8efd4099773 100644
--- a/node-repository/pom.xml
+++ b/node-repository/pom.xml
@@ -77,6 +77,16 @@
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <scope>provided</scope>
+ </dependency>
<!-- compile -->
<dependency>
@@ -95,10 +105,6 @@
</exclusions>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- </dependency>
- <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/NodeRepositoryMaintenance.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/NodeRepositoryMaintenance.java
index 7b0606b809b..7b191538ad8 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/NodeRepositoryMaintenance.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/NodeRepositoryMaintenance.java
@@ -38,7 +38,6 @@ public class NodeRepositoryMaintenance extends AbstractComponent {
private final NodeFailer nodeFailer;
private final PeriodicApplicationMaintainer periodicApplicationMaintainer;
private final OperatorChangeApplicationMaintainer operatorChangeApplicationMaintainer;
- private final ZooKeeperAccessMaintainer zooKeeperAccessMaintainer;
private final ReservationExpirer reservationExpirer;
private final InactiveExpirer inactiveExpirer;
private final RetiredExpirer retiredExpirer;
@@ -70,7 +69,6 @@ public class NodeRepositoryMaintenance extends AbstractComponent {
nodeFailer = new NodeFailer(deployer, hostLivenessTracker, serviceMonitor, nodeRepository, durationFromEnv("fail_grace").orElse(defaults.failGrace), clock, orchestrator, throttlePolicyFromEnv("throttle_policy").orElse(defaults.throttlePolicy), metric, jobControl, configserverConfig);
periodicApplicationMaintainer = new PeriodicApplicationMaintainer(deployer, nodeRepository, durationFromEnv("periodic_redeploy_interval").orElse(defaults.periodicRedeployInterval), jobControl);
operatorChangeApplicationMaintainer = new OperatorChangeApplicationMaintainer(deployer, nodeRepository, clock, durationFromEnv("operator_change_redeploy_interval").orElse(defaults.operatorChangeRedeployInterval), jobControl);
- zooKeeperAccessMaintainer = new ZooKeeperAccessMaintainer(nodeRepository, curator, durationFromEnv("zookeeper_access_maintenance_interval").orElse(defaults.zooKeeperAccessMaintenanceInterval), jobControl);
reservationExpirer = new ReservationExpirer(nodeRepository, clock, durationFromEnv("reservation_expiry").orElse(defaults.reservationExpiry), jobControl);
retiredExpirer = new RetiredExpirer(nodeRepository, orchestrator, deployer, clock, durationFromEnv("retired_interval").orElse(defaults.retiredInterval), durationFromEnv("retired_expiry").orElse(defaults.retiredExpiry), jobControl);
inactiveExpirer = new InactiveExpirer(nodeRepository, clock, durationFromEnv("inactive_expiry").orElse(defaults.inactiveExpiry), jobControl);
@@ -91,7 +89,6 @@ public class NodeRepositoryMaintenance extends AbstractComponent {
nodeFailer.deconstruct();
periodicApplicationMaintainer.deconstruct();
operatorChangeApplicationMaintainer.deconstruct();
- zooKeeperAccessMaintainer.deconstruct();
reservationExpirer.deconstruct();
inactiveExpirer.deconstruct();
retiredExpirer.deconstruct();
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainer.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainer.java
deleted file mode 100644
index b392d670a77..00000000000
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainer.java
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.provision.maintenance;
-
-import com.yahoo.vespa.curator.Curator;
-import com.yahoo.vespa.hosted.provision.Node;
-import com.yahoo.vespa.hosted.provision.NodeRepository;
-import com.yahoo.vespa.zookeeper.ZooKeeperServer;
-
-import java.time.Duration;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * Maintains the list of hosts that should be allowed to access ZooKeeper in this runtime.
- * These are the zookeeper servers and all nodes in node repository. This is maintained in the background
- * because nodes could be added or removed on another server.
- *
- * We could limit access to the <i>active</i> subset of nodes, but that
- * does not seem to have any particular operational or security benefits and might make it more problematic
- * for this job to be behind actual changes to the active set of nodes.
- *
- * @author bratseth
- */
-public class ZooKeeperAccessMaintainer extends Maintainer {
-
- private final Curator curator;
-
- public ZooKeeperAccessMaintainer(NodeRepository nodeRepository, Curator curator, Duration maintenanceInterval,
- JobControl jobControl) {
- super(nodeRepository, maintenanceInterval, jobControl);
- this.curator = curator;
- }
-
- @Override
- protected void maintain() {
- Set<String> hosts = new HashSet<>();
-
- for (Node node : nodeRepository().getNodes())
- hosts.add(node.hostname());
-
- if ( ! hosts.isEmpty()) { // no nodes -> not a hosted instance: Pass an empty list to deactivate restriction
- for (String hostPort : curator.zooKeeperEnsembleConnectionSpec().split(","))
- hosts.add(hostPort.split(":")[0]);
- }
-
- ZooKeeperServer.setAllowedClientHostnames(hosts);
- }
-
-}
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/NoopFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/NoopFilter.java
new file mode 100644
index 00000000000..084095fa93c
--- /dev/null
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/NoopFilter.java
@@ -0,0 +1,20 @@
+// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.provision.restapi.v2.filter;
+
+import com.yahoo.jdisc.handler.ResponseHandler;
+import com.yahoo.jdisc.http.filter.DiscFilterRequest;
+import com.yahoo.jdisc.http.filter.SecurityRequestFilter;
+
+/**
+ * A no-op filter. Used for bindings that are whitelisted and do not require any authorization.
+ *
+ * @author mpolden
+ */
+@SuppressWarnings("unused") // Injected
+public class NoopFilter implements SecurityRequestFilter {
+
+ @Override
+ public void filter(DiscFilterRequest request, ResponseHandler handler) {
+ }
+
+}
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainerTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainerTest.java
deleted file mode 100644
index 93cf19f5450..00000000000
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/maintenance/ZooKeeperAccessMaintainerTest.java
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.provision.maintenance;
-
-import com.yahoo.config.provision.NodeType;
-import com.yahoo.vespa.hosted.provision.NodeRepositoryTester;
-import com.yahoo.vespa.hosted.provision.node.Agent;
-import com.yahoo.vespa.zookeeper.ZooKeeperServer;
-import org.junit.Test;
-
-import java.time.Duration;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-/**
- * @author bratseth
- */
-public class ZooKeeperAccessMaintainerTest {
-
- @Test
- public void test() {
- NodeRepositoryTester tester = new NodeRepositoryTester();
- tester.curator().setZooKeeperEnsembleConnectionSpec("server1:1234,server2:5678");
- ZooKeeperAccessMaintainer maintainer = new ZooKeeperAccessMaintainer(tester.nodeRepository(),
- tester.curator(), Duration.ofHours(1), new JobControl(tester.nodeRepository().database()));
- assertTrue(ZooKeeperServer.getAllowedClientHostnames().isEmpty());
- maintainer.maintain();
- assertTrue("We don't restrict to only config servers", ZooKeeperServer.getAllowedClientHostnames().isEmpty());
-
- tester.addNode("id1", "host1", "default", NodeType.tenant);
- tester.addNode("id2", "host2", "default", NodeType.tenant);
- tester.addNode("id3", "host3", "default", NodeType.tenant);
- maintainer.maintain();
-
- assertEquals(3, tester.getNodes(NodeType.tenant).size());
- assertEquals(0, tester.getNodes(NodeType.proxy).size());
- assertEquals(asSet("host1,host2,host3,server1,server2"), ZooKeeperServer.getAllowedClientHostnames());
-
- tester.addNode("proxy1", "host4", "default", NodeType.proxy);
- tester.addNode("proxy2", "host5", "default", NodeType.proxy);
- maintainer.maintain();
-
- assertEquals(3, tester.getNodes(NodeType.tenant).size());
- assertEquals(2, tester.getNodes(NodeType.proxy).size());
- assertEquals(asSet("host1,host2,host3,host4,host5,server1,server2"), ZooKeeperServer.getAllowedClientHostnames());
-
- tester.nodeRepository().park("host2", Agent.system, "Parking to unit test");
- tester.nodeRepository().removeRecursively("host2");
- maintainer.maintain();
-
- assertEquals(2, tester.getNodes(NodeType.tenant).size());
- assertEquals(2, tester.getNodes(NodeType.proxy).size());
- assertEquals(asSet("host1,host3,host4,host5,server1,server2"), ZooKeeperServer.getAllowedClientHostnames());
-
- tester.addNode("docker-host-1", "host6", "default", NodeType.host);
- tester.addNode("docker-host-2", "host7", "default", NodeType.host);
- maintainer.maintain();
- assertEquals(asSet("host1,host3,host4,host5,host6,host7,server1,server2"), ZooKeeperServer.getAllowedClientHostnames());
- }
-
- private Set<String> asSet(String s) {
- return new HashSet<>(Arrays.asList(s.split(",")));
- }
-
-}
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/maintenance.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/maintenance.json
index 979d846704e..28e28f9678e 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/maintenance.json
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/maintenance.json
@@ -34,9 +34,6 @@
"name":"MetricsReporter"
},
{
- "name":"ZooKeeperAccessMaintainer"
- },
- {
"name":"NodeFailer"
}
],