aboutsummaryrefslogtreecommitdiffstats
path: root/zookeeper-server/zookeeper-server-common
diff options
context:
space:
mode:
Diffstat (limited to 'zookeeper-server/zookeeper-server-common')
-rw-r--r--zookeeper-server/zookeeper-server-common/pom.xml6
-rw-r--r--zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java37
-rw-r--r--zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/DummyVespaZooKeeperServer.java1
-rw-r--r--zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Reconfigurer.java1
-rw-r--r--zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java21
-rw-r--r--zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperRunner.java1
-rw-r--r--zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/server/VespaZooKeeperServer.java (renamed from zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServer.java)2
-rw-r--r--zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/server/package-info.java (renamed from zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/package-info.java)2
-rw-r--r--zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java20
-rw-r--r--zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ReconfigurerTest.java1
10 files changed, 37 insertions, 55 deletions
diff --git a/zookeeper-server/zookeeper-server-common/pom.xml b/zookeeper-server/zookeeper-server-common/pom.xml
index 86734ec6c56..2238f6ad086 100644
--- a/zookeeper-server/zookeeper-server-common/pom.xml
+++ b/zookeeper-server/zookeeper-server-common/pom.xml
@@ -13,6 +13,12 @@
<version>8-SNAPSHOT</version>
<dependencies>
<dependency>
+ <groupId>com.yahoo.vespa</groupId>
+ <artifactId>zookeeper-common</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java
index 727e369885e..06e4d0da00c 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java
@@ -3,10 +3,10 @@ package com.yahoo.vespa.zookeeper;
import com.yahoo.cloud.config.ZookeeperServerConfig;
import com.yahoo.cloud.config.ZookeeperServerConfig.Server;
-import com.yahoo.security.tls.ConfigFileBasedTlsContext;
import com.yahoo.security.tls.MixedMode;
import com.yahoo.security.tls.TlsContext;
import com.yahoo.security.tls.TransportSecurityUtils;
+import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils;
import java.io.FileWriter;
import java.io.IOException;
@@ -47,9 +47,8 @@ public class Configurator {
// Doc says that it is max size of data in a zookeeper node, but it goes for everything that
// needs to be serialized, see https://issues.apache.org/jira/browse/ZOOKEEPER-1162 for details
System.setProperty(ZOOKEEPER_JUTE_MAX_BUFFER, Integer.valueOf(zookeeperServerConfig.juteMaxBuffer()).toString());
- // Need to set these as a system properties instead of config, config does not work
+ // Need to set this as a system properties instead of config, config does not work
System.setProperty("zookeeper.authProvider.x509", "com.yahoo.vespa.zookeeper.VespaMtlsAuthenticationProvider");
- System.setProperty("zookeeper.ssl.authProvider", "x509");
// Need to set this as a system property, otherwise it will be parsed for _every_ packet and an exception will be thrown (and handled)
System.setProperty("zookeeper.globalOutstandingLimit", "1000");
System.setProperty("zookeeper.snapshot.compression.method", zookeeperServerConfig.snapshotMethod());
@@ -60,13 +59,9 @@ public class Configurator {
}
void writeConfigToDisk() {
- VespaTlsConfig config;
- String cfgFile = zookeeperServerConfig.vespaTlsConfigFile();
- if (cfgFile.isBlank()) {
- config = VespaTlsConfig.fromSystem();
- } else {
- config = VespaTlsConfig.fromConfig(Paths.get(cfgFile));
- }
+ VespaTlsConfig config = VespaZookeeperTlsContextUtils.tlsContext()
+ .map(ctx -> new VespaTlsConfig(ctx, TransportSecurityUtils.getInsecureMixedMode()))
+ .orElse(VespaTlsConfig.tlsDisabled());
writeConfigToDisk(config);
}
@@ -90,7 +85,7 @@ public class Configurator {
}
}
- private String transformConfigToString(ZookeeperServerConfig config, VespaTlsConfig vespaTlsConfig, Map<String, String> dynamicConfig) {
+ private static String transformConfigToString(ZookeeperServerConfig config, VespaTlsConfig vespaTlsConfig, Map<String, String> dynamicConfig) {
Map<String, String> configEntries = new LinkedHashMap<>();
configEntries.put("tickTime", Integer.toString(config.tickTime()));
configEntries.put("initLimit", Integer.toString(config.initLimit()));
@@ -118,7 +113,7 @@ public class Configurator {
return transformConfigToString(configEntries);
}
- void addServerSpecs(Map<String, String> configEntries, ZookeeperServerConfig config, Map<String, String> dynamicConfig) {
+ static void addServerSpecs(Map<String, String> configEntries, ZookeeperServerConfig config, Map<String, String> dynamicConfig) {
int myIndex = ensureThisServerIsRepresented(config.myid(), config.server());
// If dynamic config refers to servers that are not in the current config, we must ignore it.
@@ -210,7 +205,7 @@ public class Configurator {
.toList();
}
- Path makeAbsolutePath(String filename) {
+ static Path makeAbsolutePath(String filename) {
Path path = Paths.get(filename);
return path.isAbsolute() ? path : Paths.get(getDefaults().underVespaHome(filename));
}
@@ -220,9 +215,8 @@ public class Configurator {
default void appendSharedTlsConfig(Map<String, String> configEntries, VespaTlsConfig vespaTlsConfig) {
vespaTlsConfig.context().ifPresent(ctx -> {
- VespaSslContextProvider.set(ctx);
- configEntries.put(configFieldPrefix() + ".context.supplier.class", VespaSslContextProvider.class.getName());
String enabledCiphers = Arrays.stream(ctx.parameters().getCipherSuites()).sorted().collect(Collectors.joining(","));
+ configEntries.put(configFieldPrefix() + ".context.supplier.class", VespaSslContextProvider.class.getName());
configEntries.put(configFieldPrefix() + ".ciphersuites", enabledCiphers);
String enabledProtocols = Arrays.stream(ctx.parameters().getProtocols()).sorted().collect(Collectors.joining(","));
configEntries.put(configFieldPrefix() + ".enabledProtocols", enabledProtocols);
@@ -276,19 +270,6 @@ public class Configurator {
this.mixedMode = mixedMode;
}
- static VespaTlsConfig fromSystem() {
- return new VespaTlsConfig(
- TransportSecurityUtils.getSystemTlsContext().orElse(null),
- TransportSecurityUtils.getInsecureMixedMode());
- }
-
- static VespaTlsConfig fromConfig(Path file) {
- return new VespaTlsConfig(
- new ConfigFileBasedTlsContext(file, TransportSecurityUtils.getInsecureAuthorizationMode()),
- TransportSecurityUtils.getInsecureMixedMode());
- }
-
-
static VespaTlsConfig tlsDisabled() { return new VespaTlsConfig(null, MixedMode.defaultValue()); }
boolean tlsEnabled() { return context != null; }
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/DummyVespaZooKeeperServer.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/DummyVespaZooKeeperServer.java
index cc3d5117241..f99d4cb6881 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/DummyVespaZooKeeperServer.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/DummyVespaZooKeeperServer.java
@@ -3,6 +3,7 @@ package com.yahoo.vespa.zookeeper;
import com.yahoo.component.annotation.Inject;
import com.yahoo.component.AbstractComponent;
+import com.yahoo.vespa.zookeeper.server.VespaZooKeeperServer;
import java.nio.file.Path;
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Reconfigurer.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Reconfigurer.java
index f2886be93d7..201bb7af272 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Reconfigurer.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Reconfigurer.java
@@ -5,6 +5,7 @@ import com.yahoo.cloud.config.ZookeeperServerConfig;
import com.yahoo.component.AbstractComponent;
import com.yahoo.component.annotation.Inject;
import com.yahoo.protect.Process;
+import com.yahoo.vespa.zookeeper.server.VespaZooKeeperServer;
import com.yahoo.yolean.Exceptions;
import java.time.Duration;
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
index 71cc81a0db0..eca5df73dfb 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
@@ -1,11 +1,9 @@
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.zookeeper;
-import com.yahoo.security.X509SslContext;
-import com.yahoo.security.tls.TlsContext;
+import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils;
import javax.net.ssl.SSLContext;
-import java.util.Optional;
import java.util.function.Supplier;
/**
@@ -15,22 +13,11 @@ import java.util.function.Supplier;
*/
public class VespaSslContextProvider implements Supplier<SSLContext> {
- private static TlsContext tlsContext;
-
@Override
public SSLContext get() {
- return tlsContext().orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled")).context();
- }
-
- public Optional<X509SslContext> tlsContext() {
- synchronized (VespaSslContextProvider.class) {
- return Optional.ofNullable(tlsContext.sslContext());
- }
- }
-
- static synchronized void set(TlsContext ctx) {
- if (tlsContext != null) tlsContext.close();
- tlsContext = ctx;
+ return VespaZookeeperTlsContextUtils.tlsContext()
+ .orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled"))
+ .sslContext().context();
}
}
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperRunner.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperRunner.java
index eaae3c74d11..9c18dde3380 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperRunner.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperRunner.java
@@ -4,6 +4,7 @@ package com.yahoo.vespa.zookeeper;
import com.yahoo.cloud.config.ZookeeperServerConfig;
import com.yahoo.concurrent.DaemonThreadFactory;
import com.yahoo.protect.Process;
+import com.yahoo.vespa.zookeeper.server.VespaZooKeeperServer;
import com.yahoo.yolean.Exceptions;
import java.nio.file.Files;
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServer.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/server/VespaZooKeeperServer.java
index ef6083ae5f7..0eddf5175d4 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaZooKeeperServer.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/server/VespaZooKeeperServer.java
@@ -1,5 +1,5 @@
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.zookeeper;
+package com.yahoo.vespa.zookeeper.server;
import java.nio.file.Path;
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/package-info.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/server/package-info.java
index f43f095d66d..fd6967ffbe4 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/package-info.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/server/package-info.java
@@ -1,5 +1,5 @@
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
@ExportPackage
-package com.yahoo.vespa.zookeeper;
+package com.yahoo.vespa.zookeeper.server;
import com.yahoo.osgi.annotation.ExportPackage;
diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
index 3cf1d07be65..2c3c4ead420 100644
--- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
+++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
@@ -224,17 +224,21 @@ public class ConfiguratorTest {
}
private String tlsQuorumConfig() {
- return "ssl.quorum.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider\n" +
- "ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n" +
- "ssl.quorum.enabledProtocols=TLSv1.2,TLSv1.3\n" +
- "ssl.quorum.clientAuth=NEED\n";
+ return """
+ ssl.quorum.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider
+ ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ ssl.quorum.enabledProtocols=TLSv1.2,TLSv1.3
+ ssl.quorum.clientAuth=NEED
+ """;
}
private String tlsClientServerConfig() {
- return "ssl.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider\n" +
- "ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n" +
- "ssl.enabledProtocols=TLSv1.2,TLSv1.3\n" +
- "ssl.clientAuth=NEED\n";
+ return """
+ ssl.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider
+ ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ ssl.enabledProtocols=TLSv1.2,TLSv1.3
+ ssl.clientAuth=NEED
+ """;
}
private void validateConfigFileMultipleHosts(File cfgFile, boolean hosted) {
diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ReconfigurerTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ReconfigurerTest.java
index b21f907ec5d..ebf1194fdfe 100644
--- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ReconfigurerTest.java
+++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ReconfigurerTest.java
@@ -3,6 +3,7 @@ package com.yahoo.vespa.zookeeper;
import com.yahoo.cloud.config.ZookeeperServerConfig;
import com.yahoo.net.HostName;
+import com.yahoo.vespa.zookeeper.server.VespaZooKeeperServer;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;