Search in sources :

Example 6 with EndpointQualifier

use of com.hazelcast.instance.EndpointQualifier in project hazelcast by hazelcast.

the class ChannelInitializerFunction method init.

public void init() {
    AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
    if (!advancedNetworkConfig.isEnabled() || advancedNetworkConfig.getEndpointConfigs().isEmpty()) {
        initializerMap = Collections.emptyMap();
        return;
    }
    Map<EndpointQualifier, ChannelInitializer> map = new HashMap<EndpointQualifier, ChannelInitializer>();
    for (EndpointConfig endpointConfig : advancedNetworkConfig.getEndpointConfigs().values()) {
        checkSslConfigAvailability(endpointConfig.getSSLConfig());
        switch(endpointConfig.getProtocolType()) {
            case MEMBER:
                map.put(EndpointQualifier.MEMBER, provideMemberChannelInitializer(endpointConfig));
                break;
            case CLIENT:
                map.put(EndpointQualifier.CLIENT, provideClientChannelInitializer(endpointConfig));
                break;
            case REST:
                map.put(EndpointQualifier.REST, provideTextChannelInitializer(endpointConfig, true));
                break;
            case MEMCACHE:
                map.put(EndpointQualifier.MEMCACHE, provideTextChannelInitializer(endpointConfig, false));
                break;
            case WAN:
                map.put(endpointConfig.getQualifier(), provideMemberChannelInitializer(endpointConfig));
                break;
            default:
                throw new IllegalStateException("Cannot build channel initializer for protocol type " + endpointConfig.getProtocolType());
        }
    }
    initializerMap = map;
}
Also used : AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) HashMap(java.util.HashMap) EndpointQualifier(com.hazelcast.instance.EndpointQualifier) TextChannelInitializer(com.hazelcast.internal.nio.ascii.TextChannelInitializer) ChannelInitializer(com.hazelcast.internal.networking.ChannelInitializer) EndpointConfig(com.hazelcast.config.EndpointConfig)

Example 7 with EndpointQualifier

use of com.hazelcast.instance.EndpointQualifier in project hazelcast by hazelcast.

the class ConfigValidator method checkAdvancedNetworkConfig.

@SuppressWarnings({ "checkstyle:npathcomplexity", "checkstyle:cyclomaticcomplexity", "checkstyle:booleanexpressioncomplexity" })
public static void checkAdvancedNetworkConfig(Config config) {
    if (!config.getAdvancedNetworkConfig().isEnabled()) {
        return;
    }
    EnumMap<ProtocolType, MutableInteger> serverSocketsPerProtocolType = new EnumMap<>(ProtocolType.class);
    for (ProtocolType protocolType : ProtocolType.values()) {
        serverSocketsPerProtocolType.put(protocolType, new MutableInteger());
    }
    Map<EndpointQualifier, EndpointConfig> endpointConfigs = config.getAdvancedNetworkConfig().getEndpointConfigs();
    for (EndpointConfig endpointConfig : endpointConfigs.values()) {
        if (endpointConfig instanceof ServerSocketEndpointConfig) {
            serverSocketsPerProtocolType.get(endpointConfig.getProtocolType()).getAndInc();
        }
    }
    for (ProtocolType protocolType : ProtocolType.values()) {
        int serverSocketCount = serverSocketsPerProtocolType.get(protocolType).value;
        if (serverSocketCount > protocolType.getServerSocketCardinality()) {
            throw new InvalidConfigurationException(format("Protocol type %s allows definition " + "of up to %d server sockets but %d were configured", protocolType, protocolType.getServerSocketCardinality(), serverSocketCount));
        }
    }
    // ensure there is 1 MEMBER type server socket
    if (serverSocketsPerProtocolType.get(MEMBER).value != 1) {
        throw new InvalidConfigurationException("A member-server-socket-endpoint" + " configuration is required for the cluster to form.");
    }
    // endpoint qualifiers referenced by WAN publishers must exist
    for (WanReplicationConfig wanReplicationConfig : config.getWanReplicationConfigs().values()) {
        for (WanBatchPublisherConfig wanPublisherConfig : wanReplicationConfig.getBatchPublisherConfigs()) {
            if (wanPublisherConfig.getEndpoint() != null) {
                EndpointQualifier qualifier = EndpointQualifier.resolve(WAN, wanPublisherConfig.getEndpoint());
                if (endpointConfigs.get(qualifier) == null) {
                    throw new InvalidConfigurationException(format("WAN publisher config for cluster name '%s' requires an wan-endpoint " + "config with identifier '%s' but none was found", wanPublisherConfig.getClusterName(), wanPublisherConfig.getEndpoint()));
                }
            }
        }
    }
}
Also used : WanBatchPublisherConfig(com.hazelcast.config.WanBatchPublisherConfig) WanReplicationConfig(com.hazelcast.config.WanReplicationConfig) ProtocolType(com.hazelcast.instance.ProtocolType) MutableInteger(com.hazelcast.internal.util.MutableInteger) EndpointQualifier(com.hazelcast.instance.EndpointQualifier) ServerSocketEndpointConfig(com.hazelcast.config.ServerSocketEndpointConfig) EnumMap(java.util.EnumMap) EndpointConfig(com.hazelcast.config.EndpointConfig) ServerSocketEndpointConfig(com.hazelcast.config.ServerSocketEndpointConfig) InvalidConfigurationException(com.hazelcast.config.InvalidConfigurationException)

Example 8 with EndpointQualifier

use of com.hazelcast.instance.EndpointQualifier in project hazelcast by hazelcast.

the class ClientClusterServiceImpl method createSnapshot.

private MemberListSnapshot createSnapshot(int memberListVersion, Collection<MemberInfo> memberInfos) {
    LinkedHashMap<UUID, Member> newMembers = new LinkedHashMap<>();
    for (MemberInfo memberInfo : memberInfos) {
        MemberImpl.Builder memberBuilder;
        Map<EndpointQualifier, Address> addressMap = memberInfo.getAddressMap();
        if (addressMap == null || addressMap.isEmpty()) {
            memberBuilder = new MemberImpl.Builder(memberInfo.getAddress());
        } else {
            memberBuilder = new MemberImpl.Builder(addressMap).address(addressMap.getOrDefault(CLIENT, addressMap.get(MEMBER)));
        }
        memberBuilder.version(memberInfo.getVersion()).uuid(memberInfo.getUuid()).attributes(memberInfo.getAttributes()).liteMember(memberInfo.isLiteMember()).memberListJoinVersion(memberInfo.getMemberListJoinVersion());
        newMembers.put(memberInfo.getUuid(), memberBuilder.build());
    }
    return new MemberListSnapshot(memberListVersion, newMembers);
}
Also used : MemberInfo(com.hazelcast.internal.cluster.MemberInfo) Address(com.hazelcast.cluster.Address) InetSocketAddress(java.net.InetSocketAddress) MemberImpl(com.hazelcast.cluster.impl.MemberImpl) EndpointQualifier(com.hazelcast.instance.EndpointQualifier) UUID(java.util.UUID) Member(com.hazelcast.cluster.Member) LinkedHashMap(java.util.LinkedHashMap)

Example 9 with EndpointQualifier

use of com.hazelcast.instance.EndpointQualifier in project hazelcast by hazelcast.

the class Node method hasClientServerSocket.

private boolean hasClientServerSocket() {
    if (!config.getAdvancedNetworkConfig().isEnabled()) {
        return true;
    }
    Map<EndpointQualifier, EndpointConfig> endpointConfigs = config.getAdvancedNetworkConfig().getEndpointConfigs();
    EndpointConfig clientEndpointConfig = endpointConfigs.get(CLIENT);
    return clientEndpointConfig != null;
}
Also used : EndpointQualifier(com.hazelcast.instance.EndpointQualifier) EndpointConfig(com.hazelcast.config.EndpointConfig)

Example 10 with EndpointQualifier

use of com.hazelcast.instance.EndpointQualifier in project hazelcast by hazelcast.

the class NodeSecurityBanner method printSecurityFeaturesInfo.

@SuppressWarnings({ "checkstyle:CyclomaticComplexity", "checkstyle:MethodLength" })
private void printSecurityFeaturesInfo(Config config, Level logLevel) {
    StringBuilder sb = new StringBuilder("\n").append(getLockEmo()).append("Security recommendations and their status:");
    addSecurityFeatureCheck(sb, "Use a custom cluster name", !Config.DEFAULT_CLUSTER_NAME.equals(config.getClusterName()));
    addSecurityFeatureCheck(sb, "Disable member multicast discovery/join method", !multicastUsed);
    AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
    addSecurityFeatureCheck(sb, "Use advanced networking, separate client and member sockets", advancedNetworkConfig.isEnabled());
    boolean bindAny = properties.getBoolean(SOCKET_SERVER_BIND_ANY);
    addSecurityFeatureCheck(sb, "Bind Server sockets to a single network interface (disable " + SOCKET_SERVER_BIND_ANY.getName() + ")", !bindAny);
    StringBuilder tlsSb = new StringBuilder();
    boolean tlsUsed = true;
    if (advancedNetworkConfig.isEnabled()) {
        for (Map.Entry<EndpointQualifier, EndpointConfig> e : advancedNetworkConfig.getEndpointConfigs().entrySet()) {
            tlsUsed = addAdvNetworkTlsInfo(tlsSb, e.getKey(), e.getValue().getSSLConfig()) && tlsUsed;
        }
    } else {
        SSLConfig sslConfig = config.getNetworkConfig().getSSLConfig();
        tlsUsed = addSecurityFeatureCheck(tlsSb, "Use TLS communication protection (Enterprise)", sslConfig != null && sslConfig.isEnabled());
    }
    boolean jetEnabled = config.getJetConfig().isEnabled();
    if (jetEnabled) {
        boolean trustedEnv = tlsUsed || !bindAny;
        addSecurityFeatureCheck(sb, "Use Jet in trusted environments only (single network interface and/or TLS enabled)", trustedEnv);
        if (config.getJetConfig().isResourceUploadEnabled()) {
            addSecurityFeatureInfo(sb, "Jet resource upload is enabled. Any uploaded code can be executed within " + "Hazelcast. Use this in trusted environments only.");
        }
    }
    if (config.getUserCodeDeploymentConfig().isEnabled()) {
        addSecurityFeatureInfo(sb, "User code deployment is enabled. Any uploaded code can be executed within " + "Hazelcast. Use this in trusted environments only.");
    }
    addSecurityFeatureCheck(sb, "Disable scripting in the Management Center", !config.getManagementCenterConfig().isScriptingEnabled());
    addSecurityFeatureCheck(sb, "Disable console in the Management Center", !config.getManagementCenterConfig().isConsoleEnabled());
    SecurityConfig securityConfig = config.getSecurityConfig();
    boolean securityEnabled = securityConfig != null && securityConfig.isEnabled();
    addSecurityFeatureCheck(sb, "Enable Security (Enterprise)", securityEnabled);
    if (securityEnabled) {
        checkAuthnConfigured(sb, securityConfig, "member-authentication", securityConfig.getMemberRealm());
        checkAuthnConfigured(sb, securityConfig, "client-authentication", securityConfig.getClientRealm());
    }
    // TLS here
    sb.append(tlsSb.toString());
    PersistenceConfig persistenceConfig = config.getPersistenceConfig();
    if (persistenceConfig != null && persistenceConfig.isEnabled()) {
        EncryptionAtRestConfig encryptionAtRestConfig = persistenceConfig.getEncryptionAtRestConfig();
        addSecurityFeatureCheck(sb, "Enable encryption-at-rest in the Persistence config (Enterprise)", encryptionAtRestConfig != null && encryptionAtRestConfig.isEnabled());
    }
    AuditlogConfig auditlogConfig = config.getAuditlogConfig();
    addSecurityFeatureCheck(sb, "Enable auditlog (Enterprise)", auditlogConfig != null && auditlogConfig.isEnabled());
    sb.append("\nCheck the hazelcast-security-hardened.xml/yaml example config file to find why and how to configure" + " these security related settings.\n");
    securityLogger.log(logLevel, sb.toString());
}
Also used : AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) SSLConfig(com.hazelcast.config.SSLConfig) EncryptionAtRestConfig(com.hazelcast.config.EncryptionAtRestConfig) SecurityConfig(com.hazelcast.config.SecurityConfig) PersistenceConfig(com.hazelcast.config.PersistenceConfig) EndpointQualifier(com.hazelcast.instance.EndpointQualifier) AuditlogConfig(com.hazelcast.config.AuditlogConfig) Map(java.util.Map) EndpointConfig(com.hazelcast.config.EndpointConfig)

Aggregations

EndpointQualifier (com.hazelcast.instance.EndpointQualifier)22 Address (com.hazelcast.cluster.Address)9 ParallelJVMTest (com.hazelcast.test.annotation.ParallelJVMTest)9 QuickTest (com.hazelcast.test.annotation.QuickTest)9 Test (org.junit.Test)9 EndpointConfig (com.hazelcast.config.EndpointConfig)5 HashMap (java.util.HashMap)5 UUID (java.util.UUID)5 MemberImpl (com.hazelcast.cluster.impl.MemberImpl)3 ProtocolType (com.hazelcast.instance.ProtocolType)3 MemberInfo (com.hazelcast.internal.cluster.MemberInfo)3 ClientEndPointDTO (com.hazelcast.internal.management.dto.ClientEndPointDTO)3 Map (java.util.Map)3 AdvancedNetworkConfig (com.hazelcast.config.AdvancedNetworkConfig)2 ServerSocketEndpointConfig (com.hazelcast.config.ServerSocketEndpointConfig)2 ClusterHotRestartStatusDTO (com.hazelcast.internal.management.dto.ClusterHotRestartStatusDTO)2 MemberVersion (com.hazelcast.version.MemberVersion)2 Version (com.hazelcast.version.Version)2 InetSocketAddress (java.net.InetSocketAddress)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2