Search in sources :

Example 1 with SslContextBuilder

use of org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder in project ozone by apache.

the class ReplicationServer method init.

public void init() {
    NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port).maxInboundMessageSize(OzoneConsts.OZONE_SCM_CHUNK_MAX_SIZE).addService(ServerInterceptors.intercept(new GrpcReplicationService(new OnDemandContainerReplicationSource(controller)), new GrpcServerInterceptor()));
    if (secConf.isSecurityEnabled()) {
        try {
            SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(caClient.getPrivateKey(), caClient.getCertificate());
            sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, secConf.getGrpcSslProvider());
            sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
            sslContextBuilder.trustManager(HAUtils.buildCAX509List(caClient, secConf.getConfiguration()));
            nettyServerBuilder.sslContext(sslContextBuilder.build());
        } catch (IOException ex) {
            throw new IllegalArgumentException("Unable to setup TLS for secure datanode replication GRPC " + "endpoint.", ex);
        }
    }
    server = nettyServerBuilder.build();
}
Also used : NettyServerBuilder(org.apache.ratis.thirdparty.io.grpc.netty.NettyServerBuilder) SslContextBuilder(org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder) IOException(java.io.IOException) GrpcServerInterceptor(org.apache.hadoop.hdds.tracing.GrpcServerInterceptor)

Example 2 with SslContextBuilder

use of org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder in project ozone by apache.

the class XceiverClientGrpc method connectToDatanode.

private synchronized void connectToDatanode(DatanodeDetails dn) throws IOException {
    if (isConnected(dn)) {
        return;
    }
    // read port from the data node, on failure use default configured
    // port.
    int port = dn.getPort(DatanodeDetails.Port.Name.STANDALONE).getValue();
    if (port == 0) {
        port = config.getInt(OzoneConfigKeys.DFS_CONTAINER_IPC_PORT, OzoneConfigKeys.DFS_CONTAINER_IPC_PORT_DEFAULT);
    }
    // Add credential context to the client call
    if (LOG.isDebugEnabled()) {
        LOG.debug("Nodes in pipeline : {}", pipeline.getNodes());
        LOG.debug("Connecting to server : {}", dn.getIpAddress());
    }
    NettyChannelBuilder channelBuilder = NettyChannelBuilder.forAddress(dn.getIpAddress(), port).usePlaintext().maxInboundMessageSize(OzoneConsts.OZONE_SCM_CHUNK_MAX_SIZE).intercept(new GrpcClientInterceptor());
    if (secConfig.isGrpcTlsEnabled()) {
        SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
        if (caCerts != null) {
            sslContextBuilder.trustManager(caCerts);
        }
        if (secConfig.useTestCert()) {
            channelBuilder.overrideAuthority("localhost");
        }
        channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build());
    } else {
        channelBuilder.usePlaintext();
    }
    ManagedChannel channel = channelBuilder.build();
    XceiverClientProtocolServiceStub asyncStub = XceiverClientProtocolServiceGrpc.newStub(channel);
    asyncStubs.put(dn.getUuid(), asyncStub);
    channels.put(dn.getUuid(), channel);
}
Also used : XceiverClientProtocolServiceStub(org.apache.hadoop.hdds.protocol.datanode.proto.XceiverClientProtocolServiceGrpc.XceiverClientProtocolServiceStub) SslContextBuilder(org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder) NettyChannelBuilder(org.apache.ratis.thirdparty.io.grpc.netty.NettyChannelBuilder) GrpcClientInterceptor(org.apache.hadoop.hdds.tracing.GrpcClientInterceptor) ManagedChannel(org.apache.ratis.thirdparty.io.grpc.ManagedChannel)

Example 3 with SslContextBuilder

use of org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder in project incubator-ratis by apache.

the class GrpcService method startBuildingNettyServer.

private static NettyServerBuilder startBuildingNettyServer(int port, GrpcTlsConfig tlsConfig, SizeInBytes grpcMessageSizeMax, SizeInBytes flowControlWindow) {
    NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port).withChildOption(ChannelOption.SO_REUSEADDR, true).maxInboundMessageSize(grpcMessageSizeMax.getSizeInt()).flowControlWindow(flowControlWindow.getSizeInt());
    if (tlsConfig != null) {
        SslContextBuilder sslContextBuilder = tlsConfig.isFileBasedConfig() ? SslContextBuilder.forServer(tlsConfig.getCertChainFile(), tlsConfig.getPrivateKeyFile()) : SslContextBuilder.forServer(tlsConfig.getPrivateKey(), tlsConfig.getCertChain());
        if (tlsConfig.getMtlsEnabled()) {
            sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
            if (tlsConfig.isFileBasedConfig()) {
                sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile());
            } else {
                sslContextBuilder.trustManager(tlsConfig.getTrustStore());
            }
        }
        sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, OPENSSL);
        try {
            nettyServerBuilder.sslContext(sslContextBuilder.build());
        } catch (Exception ex) {
            throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex);
        }
    }
    return nettyServerBuilder;
}
Also used : NettyServerBuilder(org.apache.ratis.thirdparty.io.grpc.netty.NettyServerBuilder) SslContextBuilder(org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder) IOException(java.io.IOException)

Aggregations

SslContextBuilder (org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder)3 IOException (java.io.IOException)2 NettyServerBuilder (org.apache.ratis.thirdparty.io.grpc.netty.NettyServerBuilder)2 XceiverClientProtocolServiceStub (org.apache.hadoop.hdds.protocol.datanode.proto.XceiverClientProtocolServiceGrpc.XceiverClientProtocolServiceStub)1 GrpcClientInterceptor (org.apache.hadoop.hdds.tracing.GrpcClientInterceptor)1 GrpcServerInterceptor (org.apache.hadoop.hdds.tracing.GrpcServerInterceptor)1 ManagedChannel (org.apache.ratis.thirdparty.io.grpc.ManagedChannel)1 NettyChannelBuilder (org.apache.ratis.thirdparty.io.grpc.netty.NettyChannelBuilder)1