5 files changed, 249 insertions, 0 deletions

diff --git a/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/ReconfigurableVespaZooKeeperServer.java b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/ReconfigurableVespaZooKeeperServer.java
new file mode 100644
index 00000000000..c002ffa72ce
--- /dev/null
+++ b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/ReconfigurableVespaZooKeeperServer.java
@@ -0,0 +1,43 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.zookeeper;
+
+import com.google.inject.Inject;
+import com.yahoo.cloud.config.ZookeeperServerConfig;
+import com.yahoo.component.AbstractComponent;
+
+import java.nio.file.Path;
+import java.time.Duration;
+import java.util.concurrent.atomic.AtomicReference;
+
+/**
+ * Starts or reconfigures zookeeper cluster.
+ * The QuorumPeer conditionally created here is owned by the Reconfigurer;
+ * when it already has a peer, that peer is used here in case start or shutdown is required.
+ *
+ * @author hmusum
+ */
+public class ReconfigurableVespaZooKeeperServer extends AbstractComponent implements VespaZooKeeperServer {
+
+    private final AtomicReference<QuorumPeer> peer = new AtomicReference<>();
+
+    @Inject
+    public ReconfigurableVespaZooKeeperServer(Reconfigurer reconfigurer, ZookeeperServerConfig zookeeperServerConfig) {
+        reconfigurer.startOrReconfigure(zookeeperServerConfig, this, VespaQuorumPeer::new, peer::set);
+    }
+
+    @Override
+    public void shutdown() {
+        peer.get().shutdown(Duration.ofMinutes(1));
+    }
+
+    @Override
+    public void start(Path configFilePath) {
+        peer.get().start(configFilePath);
+    }
+
+    @Override
+    public boolean reconfigurable() {
+        return true;
+    }
+
+}
diff --git a/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java
new file mode 100644
index 00000000000..66742b0e05b
--- /dev/null
+++ b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java
@@ -0,0 +1,41 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.zookeeper;
+
+import org.apache.zookeeper.KeeperException;
+import org.apache.zookeeper.common.X509Exception;
+import org.apache.zookeeper.data.Id;
+import org.apache.zookeeper.server.ServerCnxn;
+import org.apache.zookeeper.server.auth.AuthenticationProvider;
+import org.apache.zookeeper.server.auth.X509AuthenticationProvider;
+
+import java.security.cert.X509Certificate;
+import java.util.logging.Logger;
+
+/**
+ * A {@link AuthenticationProvider} to be used in combination with Vespa mTLS
+ *
+ * @author bjorncs
+ */
+public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider {
+
+    private static final Logger log = Logger.getLogger(VespaMtlsAuthenticationProvider.class.getName());
+
+    public VespaMtlsAuthenticationProvider() throws X509Exception { super(null, null);}
+
+    @Override
+    public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) {
+        // Vespa's mTLS peer authorization rules are performed by the underlying trust manager implementation.
+        // The client is authorized once the SSL handshake has completed.
+        X509Certificate[] certificateChain = (X509Certificate[]) cnxn.getClientCertificateChain();
+        if (certificateChain == null || certificateChain.length == 0) {
+            log.warning("Client not authenticated - should not be possible with clientAuth=NEED");
+            return KeeperException.Code.AUTHFAILED;
+        }
+        X509Certificate certificate = certificateChain[0];
+        cnxn.addAuthInfo(new Id(getScheme(), certificate.getSubjectX500Principal().getName()));
+        return KeeperException.Code.OK;
+    }
+
+    @Override public String getScheme() { return "x509"; }
+
+}
diff --git a/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaQuorumPeer.java b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaQuorumPeer.java
new file mode 100644
index 00000000000..47ec03367c1
--- /dev/null
+++ b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaQuorumPeer.java
@@ -0,0 +1,60 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.zookeeper;
+
+import com.yahoo.protect.Process;
+import org.apache.zookeeper.server.admin.AdminServer;
+import org.apache.zookeeper.server.quorum.QuorumPeerConfig;
+import org.apache.zookeeper.server.quorum.QuorumPeerMain;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.time.Duration;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * Starts/stops a ZooKeeper server. Extends QuorumPeerMain to be able to call initializeAndRun() and wraps
+ * exceptions so it can be used by code that does not depend on ZooKeeper.
+ *
+ * @author hmusum
+ */
+class VespaQuorumPeer extends QuorumPeerMain implements QuorumPeer {
+
+    private static final Logger log = java.util.logging.Logger.getLogger(VespaQuorumPeer.class.getName());
+
+    @Override
+    public void start(Path path) {
+        initializeAndRun(new String[]{ path.toFile().getAbsolutePath()});
+    }
+
+    @Override
+    public void shutdown(Duration timeout) {
+        if (quorumPeer != null) {
+            log.log(Level.FINE, "Shutting down ZooKeeper server");
+            try {
+                quorumPeer.shutdown();
+                quorumPeer.join(timeout.toMillis()); // Wait for shutdown to complete
+                if (quorumPeer.isAlive())
+                    throw new IllegalStateException("Peer still alive after " + timeout);
+            } catch (RuntimeException | InterruptedException e) {
+                // If shutdown fails, we have no other option than forcing the JVM to stop and letting it be restarted.
+                //
+                // When a VespaZooKeeperServer component receives a new config, the container will try to start a new
+                // server with the new config, this will fail until the old server is deconstructed. If the old server
+                // fails to deconstruct/shut down, the new one will never start and if that happens forcing a restart is
+                // the better option.
+                Process.logAndDie("Failed to shut down ZooKeeper server properly, forcing shutdown", e);
+            }
+        }
+    }
+
+    @Override
+    protected void initializeAndRun(String[] args) {
+        try {
+            super.initializeAndRun(args);
+        } catch (QuorumPeerConfig.ConfigException | IOException | AdminServer.AdminServerException e) {
+            throw new RuntimeException("Exception when initializing or running ZooKeeper server", e);
+        }
+    }
+
+}
diff --git a/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperAdminImpl.java b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperAdminImpl.java
new file mode 100644
index 00000000000..27aa18c64c7
--- /dev/null
+++ b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperAdminImpl.java
@@ -0,0 +1,58 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.zookeeper;
+
+import com.yahoo.vespa.zookeeper.client.ZkClientConfigBuilder;
+import org.apache.zookeeper.KeeperException;
+import org.apache.zookeeper.admin.ZooKeeperAdmin;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * @author hmusum
+ */
+@SuppressWarnings("unused") // Created by injection
+public class VespaZooKeeperAdminImpl implements VespaZooKeeperAdmin {
+
+    private static final Logger log = java.util.logging.Logger.getLogger(VespaZooKeeperAdminImpl.class.getName());
+
+    @Override
+    public void reconfigure(String connectionSpec, String joiningServers, String leavingServers) throws ReconfigException {
+        ZooKeeperAdmin zooKeeperAdmin = null;
+        try {
+            zooKeeperAdmin = createAdmin(connectionSpec);
+            long fromConfig = -1;
+            // Using string parameters because the List variant of reconfigure fails to join empty lists (observed on 3.5.6, fixed in 3.7.0)
+            byte[] appliedConfig = zooKeeperAdmin.reconfigure(joiningServers, leavingServers, null, fromConfig, null);
+            log.log(Level.INFO, "Applied ZooKeeper config: " + new String(appliedConfig, StandardCharsets.UTF_8));
+        } catch (KeeperException e) {
+            if (retryOn(e))
+                throw new ReconfigException(e);
+            else
+                throw new RuntimeException(e);
+        } catch (IOException | InterruptedException e) {
+            throw new RuntimeException(e);
+        } finally {
+            if (zooKeeperAdmin != null) {
+                try {
+                    zooKeeperAdmin.close();
+                } catch (InterruptedException e) { /* ignore */}
+            }
+        }
+    }
+
+    private ZooKeeperAdmin createAdmin(String connectionSpec) throws IOException {
+        return new ZooKeeperAdmin(connectionSpec, (int) sessionTimeout().toMillis(),
+                                  (event) -> log.log(Level.INFO, event.toString()), new ZkClientConfigBuilder().toConfig());
+    }
+
+    private static boolean retryOn(KeeperException e) {
+        return e instanceof KeeperException.ReconfigInProgress ||
+               e instanceof KeeperException.ConnectionLossException ||
+               e instanceof KeeperException.NewConfigNoQuorum;
+    }
+
+}
+
diff --git a/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java
new file mode 100644
index 00000000000..8f3a5a91a43
--- /dev/null
+++ b/zookeeper-server/zookeeper-server-3.7.0/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServerImpl.java
@@ -0,0 +1,47 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.zookeeper;
+
+import com.google.inject.Inject;
+import com.yahoo.cloud.config.ZookeeperServerConfig;
+import com.yahoo.component.AbstractComponent;
+
+import java.nio.file.Path;
+import java.time.Duration;
+
+/**
+ * @author Ulf Lilleengen
+ * @author Harald Musum
+ */
+public class VespaZooKeeperServerImpl extends AbstractComponent implements VespaZooKeeperServer {
+
+    private final VespaQuorumPeer peer;
+    private final ZooKeeperRunner runner;
+
+    @Inject
+    public VespaZooKeeperServerImpl(ZookeeperServerConfig zookeeperServerConfig) {
+        this.peer = new VespaQuorumPeer();
+        this.runner = new ZooKeeperRunner(zookeeperServerConfig, this);
+    }
+
+    @Override
+    public void deconstruct() {
+        runner.shutdown();
+        super.deconstruct();
+    }
+
+    @Override
+    public void shutdown() {
+        peer.shutdown(Duration.ofMinutes(1));
+    }
+
+    @Override
+    public void start(Path configFilePath) {
+        peer.start(configFilePath);
+    }
+
+    @Override
+    public boolean reconfigurable() {
+        return false;
+    }
+
+}