use of org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder in project ozone by apache.
the class ReplicationServer method init.
public void init() {
NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port).maxInboundMessageSize(OzoneConsts.OZONE_SCM_CHUNK_MAX_SIZE).addService(ServerInterceptors.intercept(new GrpcReplicationService(new OnDemandContainerReplicationSource(controller)), new GrpcServerInterceptor()));
if (secConf.isSecurityEnabled()) {
try {
SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(caClient.getPrivateKey(), caClient.getCertificate());
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, secConf.getGrpcSslProvider());
sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
sslContextBuilder.trustManager(HAUtils.buildCAX509List(caClient, secConf.getConfiguration()));
nettyServerBuilder.sslContext(sslContextBuilder.build());
} catch (IOException ex) {
throw new IllegalArgumentException("Unable to setup TLS for secure datanode replication GRPC " + "endpoint.", ex);
}
}
server = nettyServerBuilder.build();
}
use of org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder in project ozone by apache.
the class XceiverClientGrpc method connectToDatanode.
private synchronized void connectToDatanode(DatanodeDetails dn) throws IOException {
if (isConnected(dn)) {
return;
}
// read port from the data node, on failure use default configured
// port.
int port = dn.getPort(DatanodeDetails.Port.Name.STANDALONE).getValue();
if (port == 0) {
port = config.getInt(OzoneConfigKeys.DFS_CONTAINER_IPC_PORT, OzoneConfigKeys.DFS_CONTAINER_IPC_PORT_DEFAULT);
}
// Add credential context to the client call
if (LOG.isDebugEnabled()) {
LOG.debug("Nodes in pipeline : {}", pipeline.getNodes());
LOG.debug("Connecting to server : {}", dn.getIpAddress());
}
NettyChannelBuilder channelBuilder = NettyChannelBuilder.forAddress(dn.getIpAddress(), port).usePlaintext().maxInboundMessageSize(OzoneConsts.OZONE_SCM_CHUNK_MAX_SIZE).intercept(new GrpcClientInterceptor());
if (secConfig.isGrpcTlsEnabled()) {
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
if (caCerts != null) {
sslContextBuilder.trustManager(caCerts);
}
if (secConfig.useTestCert()) {
channelBuilder.overrideAuthority("localhost");
}
channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build());
} else {
channelBuilder.usePlaintext();
}
ManagedChannel channel = channelBuilder.build();
XceiverClientProtocolServiceStub asyncStub = XceiverClientProtocolServiceGrpc.newStub(channel);
asyncStubs.put(dn.getUuid(), asyncStub);
channels.put(dn.getUuid(), channel);
}
use of org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder in project incubator-ratis by apache.
the class GrpcService method startBuildingNettyServer.
private static NettyServerBuilder startBuildingNettyServer(int port, GrpcTlsConfig tlsConfig, SizeInBytes grpcMessageSizeMax, SizeInBytes flowControlWindow) {
NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port).withChildOption(ChannelOption.SO_REUSEADDR, true).maxInboundMessageSize(grpcMessageSizeMax.getSizeInt()).flowControlWindow(flowControlWindow.getSizeInt());
if (tlsConfig != null) {
SslContextBuilder sslContextBuilder = tlsConfig.isFileBasedConfig() ? SslContextBuilder.forServer(tlsConfig.getCertChainFile(), tlsConfig.getPrivateKeyFile()) : SslContextBuilder.forServer(tlsConfig.getPrivateKey(), tlsConfig.getCertChain());
if (tlsConfig.getMtlsEnabled()) {
sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
if (tlsConfig.isFileBasedConfig()) {
sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile());
} else {
sslContextBuilder.trustManager(tlsConfig.getTrustStore());
}
}
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, OPENSSL);
try {
nettyServerBuilder.sslContext(sslContextBuilder.build());
} catch (Exception ex) {
throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex);
}
}
return nettyServerBuilder;
}
Aggregations