Search in sources :

Example 36 with TServerSocket

use of org.apache.thrift.transport.TServerSocket in project accumulo by apache.

the class TServerUtils method createSaslThreadPoolServer.

public static ServerAddress createSaslThreadPoolServer(HostAndPort address, TProcessor processor, TProtocolFactory protocolFactory, long socketTimeout, SaslServerConnectionParams params, final String serverName, String threadName, final int numThreads, final int numSTThreads, long timeBetweenThreadChecks) throws TTransportException {
    // We'd really prefer to use THsHaServer (or similar) to avoid 1 RPC == 1 Thread that the TThreadPoolServer does,
    // but sadly this isn't the case. Because TSaslTransport needs to issue a handshake when it open()'s which will fail
    // when the server does an accept() to (presumably) wake up the eventing system.
    log.info("Creating SASL thread pool thrift server on listening on {}:{}", address.getHost(), address.getPort());
    TServerSocket transport = new TServerSocket(address.getPort(), (int) socketTimeout);
    String hostname, fqdn;
    try {
        hostname = InetAddress.getByName(address.getHost()).getCanonicalHostName();
        fqdn = InetAddress.getLocalHost().getCanonicalHostName();
    } catch (UnknownHostException e) {
        transport.close();
        throw new TTransportException(e);
    }
    // If we can't get a real hostname from the provided host test, use the hostname from DNS for localhost
    if ("0.0.0.0".equals(hostname)) {
        hostname = fqdn;
    }
    // their configuration.
    if (!hostname.equals(fqdn)) {
        log.error("Expected hostname of '{}' but got '{}'. Ensure the entries in the Accumulo hosts files (e.g. masters, tservers) are the FQDN for each host when using SASL.", fqdn, hostname);
        transport.close();
        throw new RuntimeException("SASL requires that the address the thrift server listens on is the same as the FQDN for this host");
    }
    final UserGroupInformation serverUser;
    try {
        serverUser = UserGroupInformation.getLoginUser();
    } catch (IOException e) {
        transport.close();
        throw new TTransportException(e);
    }
    log.debug("Logged in as {}, creating TSaslServerTransport factory with {}/{}", serverUser, params.getKerberosServerPrimary(), hostname);
    // Make the SASL transport factory with the instance and primary from the kerberos server principal, SASL properties
    // and the SASL callback handler from Hadoop to ensure authorization ID is the authentication ID. Despite the 'protocol' argument seeming to be useless, it
    // *must* be the primary of the server.
    TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory();
    saslTransportFactory.addServerDefinition(ThriftUtil.GSSAPI, params.getKerberosServerPrimary(), hostname, params.getSaslProperties(), new SaslRpcServer.SaslGssCallbackHandler());
    if (null != params.getSecretManager()) {
        log.info("Adding DIGEST-MD5 server definition for delegation tokens");
        saslTransportFactory.addServerDefinition(ThriftUtil.DIGEST_MD5, params.getKerberosServerPrimary(), hostname, params.getSaslProperties(), new SaslServerDigestCallbackHandler(params.getSecretManager()));
    } else {
        log.info("SecretManager is null, not adding support for delegation token authentication");
    }
    // Make sure the TTransportFactory is performing a UGI.doAs
    TTransportFactory ugiTransportFactory = new UGIAssumingTransportFactory(saslTransportFactory, serverUser);
    if (address.getPort() == 0) {
        // If we chose a port dynamically, make a new use it (along with the proper hostname)
        address = HostAndPort.fromParts(address.getHost(), transport.getServerSocket().getLocalPort());
        log.info("SASL thrift server bound on {}", address);
    }
    ThreadPoolExecutor pool = createSelfResizingThreadPool(serverName, numThreads, numSTThreads, timeBetweenThreadChecks);
    final TThreadPoolServer server = createTThreadPoolServer(transport, processor, ugiTransportFactory, protocolFactory, pool);
    return new ServerAddress(server, address);
}
Also used : SaslRpcServer(org.apache.hadoop.security.SaslRpcServer) UnknownHostException(java.net.UnknownHostException) TTransportException(org.apache.thrift.transport.TTransportException) LoggerFactory(org.slf4j.LoggerFactory) UGIAssumingTransportFactory(org.apache.accumulo.core.rpc.UGIAssumingTransportFactory) TSSLTransportFactory(org.apache.thrift.transport.TSSLTransportFactory) TProtocolFactory(org.apache.thrift.protocol.TProtocolFactory) TProcessorFactory(org.apache.thrift.TProcessorFactory) TTransportFactory(org.apache.thrift.transport.TTransportFactory) IOException(java.io.IOException) TTransportFactory(org.apache.thrift.transport.TTransportFactory) TServerSocket(org.apache.thrift.transport.TServerSocket) UGIAssumingTransportFactory(org.apache.accumulo.core.rpc.UGIAssumingTransportFactory) TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport) ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor) TThreadPoolServer(org.apache.thrift.server.TThreadPoolServer) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 37 with TServerSocket

use of org.apache.thrift.transport.TServerSocket in project accumulo by apache.

the class TServerUtils method createBlockingServer.

/**
 * Creates a TTheadPoolServer for normal unsecure operation. Useful for comparing performance against SSL or SASL transports.
 *
 * @param address
 *          Address to bind to
 * @param processor
 *          TProcessor for the server
 * @param maxMessageSize
 *          Maximum size of a Thrift message allowed
 * @return A configured TThreadPoolServer and its bound address information
 */
public static ServerAddress createBlockingServer(HostAndPort address, TProcessor processor, TProtocolFactory protocolFactory, long maxMessageSize, String serverName, int numThreads, int numSimpleTimerThreads, long timeBetweenThreadChecks) throws TTransportException {
    TServerSocket transport = new TServerSocket(address.getPort());
    ThreadPoolExecutor pool = createSelfResizingThreadPool(serverName, numThreads, numSimpleTimerThreads, timeBetweenThreadChecks);
    TThreadPoolServer server = createTThreadPoolServer(transport, processor, ThriftUtil.transportFactory(maxMessageSize), protocolFactory, pool);
    if (address.getPort() == 0) {
        address = HostAndPort.fromParts(address.getHost(), transport.getServerSocket().getLocalPort());
        log.info("Blocking Server bound on {}", address);
    }
    return new ServerAddress(server, address);
}
Also used : TServerSocket(org.apache.thrift.transport.TServerSocket) ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor) TThreadPoolServer(org.apache.thrift.server.TThreadPoolServer)

Example 38 with TServerSocket

use of org.apache.thrift.transport.TServerSocket in project accumulo by apache.

the class TServerUtils method getSslServerSocket.

/**
 * Create the Thrift server socket for RPC running over SSL.
 *
 * @param port
 *          Port of the server socket to bind to
 * @param timeout
 *          Socket timeout
 * @param address
 *          Address to bind the socket to
 * @param params
 *          SSL parameters
 * @return A configured TServerSocket configured to use SSL
 */
public static TServerSocket getSslServerSocket(int port, int timeout, InetAddress address, SslConnectionParams params) throws TTransportException {
    TServerSocket tServerSock;
    if (params.useJsse()) {
        tServerSock = TSSLTransportFactory.getServerSocket(port, timeout, params.isClientAuth(), address);
    } else {
        tServerSock = TSSLTransportFactory.getServerSocket(port, timeout, address, params.getTTransportParams());
    }
    final ServerSocket serverSock = tServerSock.getServerSocket();
    if (serverSock instanceof SSLServerSocket) {
        SSLServerSocket sslServerSock = (SSLServerSocket) serverSock;
        String[] protocols = params.getServerProtocols();
        // Be nice for the user and automatically remove protocols that might not exist in their JVM. Keeps us from forcing config alterations too
        // e.g. TLSv1.1 and TLSv1.2 don't exist in JDK6
        Set<String> socketEnabledProtocols = new HashSet<>(Arrays.asList(sslServerSock.getEnabledProtocols()));
        // Keep only the enabled protocols that were specified by the configuration
        socketEnabledProtocols.retainAll(Arrays.asList(protocols));
        if (socketEnabledProtocols.isEmpty()) {
            // Bad configuration...
            throw new RuntimeException("No available protocols available for secure socket. Availaable protocols: " + Arrays.toString(sslServerSock.getEnabledProtocols()) + ", allowed protocols: " + Arrays.toString(protocols));
        }
        // Set the protocol(s) on the server socket
        sslServerSock.setEnabledProtocols(socketEnabledProtocols.toArray(new String[0]));
    }
    return tServerSock;
}
Also used : TServerSocket(org.apache.thrift.transport.TServerSocket) ServerSocket(java.net.ServerSocket) TNonblockingServerSocket(org.apache.thrift.transport.TNonblockingServerSocket) TServerSocket(org.apache.thrift.transport.TServerSocket) SSLServerSocket(javax.net.ssl.SSLServerSocket) SSLServerSocket(javax.net.ssl.SSLServerSocket) HashSet(java.util.HashSet)

Example 39 with TServerSocket

use of org.apache.thrift.transport.TServerSocket in project accumulo by apache.

the class TServerUtils method createSslThreadPoolServer.

/**
 * Create a Thrift SSL server.
 *
 * @param address
 *          host and port to bind to
 * @param processor
 *          TProcessor for the server
 * @param socketTimeout
 *          Socket timeout
 * @param sslParams
 *          SSL parameters
 * @return A ServerAddress with the bound-socket information and the Thrift server
 */
public static ServerAddress createSslThreadPoolServer(HostAndPort address, TProcessor processor, TProtocolFactory protocolFactory, long socketTimeout, SslConnectionParams sslParams, String serverName, int numThreads, int numSimpleTimerThreads, long timeBetweenThreadChecks) throws TTransportException {
    TServerSocket transport;
    try {
        transport = getSslServerSocket(address.getPort(), (int) socketTimeout, InetAddress.getByName(address.getHost()), sslParams);
    } catch (UnknownHostException e) {
        throw new TTransportException(e);
    }
    if (address.getPort() == 0) {
        address = HostAndPort.fromParts(address.getHost(), transport.getServerSocket().getLocalPort());
        log.info("SSL Thread Pool Server bound on {}", address);
    }
    ThreadPoolExecutor pool = createSelfResizingThreadPool(serverName, numThreads, numSimpleTimerThreads, timeBetweenThreadChecks);
    return new ServerAddress(createTThreadPoolServer(transport, processor, ThriftUtil.transportFactory(), protocolFactory, pool), address);
}
Also used : TServerSocket(org.apache.thrift.transport.TServerSocket) UnknownHostException(java.net.UnknownHostException) TTransportException(org.apache.thrift.transport.TTransportException) ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor)

Example 40 with TServerSocket

use of org.apache.thrift.transport.TServerSocket in project accumulo by apache.

the class TServerUtilsTest method testStopTServer_ES.

@Test
public void testStopTServer_ES() {
    TServerSocket socket = createNiceMock(TServerSocket.class);
    TServerWithES s = new TServerWithES(socket);
    TServerUtils.stopTServer(s);
    assertTrue(s.stopCalled);
    verify(s.executorService_);
}
Also used : TServerSocket(org.apache.thrift.transport.TServerSocket) Test(org.junit.Test)

Aggregations

TServerSocket (org.apache.thrift.transport.TServerSocket)49 TThreadPoolServer (org.apache.thrift.server.TThreadPoolServer)30 TServerTransport (org.apache.thrift.transport.TServerTransport)20 TServer (org.apache.thrift.server.TServer)15 InetSocketAddress (java.net.InetSocketAddress)14 TBinaryProtocol (org.apache.thrift.protocol.TBinaryProtocol)14 TTransportException (org.apache.thrift.transport.TTransportException)13 TTransportFactory (org.apache.thrift.transport.TTransportFactory)11 ThreadPoolExecutor (java.util.concurrent.ThreadPoolExecutor)9 ArrayList (java.util.ArrayList)7 TProtocol (org.apache.thrift.protocol.TProtocol)7 TSimpleServer (org.apache.thrift.server.TSimpleServer)7 TTransport (org.apache.thrift.transport.TTransport)7 TProcessor (org.apache.thrift.TProcessor)6 TProtocolFactory (org.apache.thrift.protocol.TProtocolFactory)6 TServerEventHandler (org.apache.thrift.server.TServerEventHandler)6 IOException (java.io.IOException)5 ExecutorService (java.util.concurrent.ExecutorService)5 TCompactProtocol (org.apache.thrift.protocol.TCompactProtocol)5 ServerContext (org.apache.thrift.server.ServerContext)5