Repository: ambari Updated Branches: refs/heads/branch-dev-patch-upgrade 863d995c1 -> efcfced54
AMBARI-18827. Allow acceptor / seclector configuration for API and agent connectors. (swagle) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4d7d3cdc Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4d7d3cdc Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4d7d3cdc Branch: refs/heads/branch-dev-patch-upgrade Commit: 4d7d3cdc6380db63bf9b1b221f548cd4470e2a51 Parents: 95233eb Author: Siddharth Wagle <[email protected]> Authored: Mon Nov 14 10:33:10 2016 -0800 Committer: Siddharth Wagle <[email protected]> Committed: Mon Nov 14 10:33:10 2016 -0800 ---------------------------------------------------------------------- ambari-server/docs/configuration/index.md | 35 +-- .../server/configuration/Configuration.java | 115 ++++++---- .../ambari/server/controller/AmbariServer.java | 219 ++++++++++--------- .../security/unsecured/rest/ConnectionInfo.java | 2 +- .../server/configuration/ConfigurationTest.java | 6 +- 5 files changed, 212 insertions(+), 165 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/docs/configuration/index.md ---------------------------------------------------------------------- diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md index 2fc6b26..77d3a4d 100644 --- a/ambari-server/docs/configuration/index.md +++ b/ambari-server/docs/configuration/index.md @@ -37,6 +37,7 @@ The following are the properties which can be used to configure Ambari. | Property Name | Description | Default | | --- | --- | --- | | active.instance | Indicates whether the current ambari server instance is active or not. |`true` | +| agent.api.acceptor.count | Count of acceptors to configure for the jetty connector used for Ambari agent. | | | agent.api.gzip.compression.enabled | Determiens whether communication with the Ambari Agents should have the JSON payloads compressed with GZIP. |`true` | | agent.auto.cache.update | Determines whether the agents will automatically attempt to download updates to stack resources from the Ambari Server. |`true` | | agent.check.mounts.timeout | The timeout, used by the `timeout` command in linux, when checking mounts for free capacity. |`0` | @@ -104,11 +105,12 @@ The following are the properties which can be used to configure Ambari. | authentication.ldap.usernameAttribute | The attribute used for determining the user name, such as `uid`. |`uid` | | authorization.ldap.adminGroupMappingRules | A comma-separate list of groups which would give a user administrative access to Ambari when syncing from LDAP. This is only used when `authorization.ldap.groupSearchFilter` is blank.<br/><br/>The following are examples of valid values:<ul><li>`administrators`<li>`Hadoop Admins,Hadoop Admins.*,DC Admins,.*Hadoop Operators`</ul> |`Ambari Administrators` | | authorization.ldap.groupSearchFilter | The DN to use when searching for LDAP groups. | | -| bootstrap.dir | The directory on the Ambari Server file system used for storing Ambari Agent bootstrap information such as request responses. |`/home/crashtua/dev/ambari-work/var/run/ambari-server/bootstrap` | +| bootstrap.dir | The directory on the Ambari Server file system used for storing Ambari Agent bootstrap information such as request responses. |`/var/run/ambari-server/bootstrap` | | bootstrap.master_host_name | The host name of the Ambari Server which will be used by the Ambari Agents for communication. | | -| bootstrap.script | The location and name of the Python script used to bootstrap new Ambari Agent hosts. |`/home/crashtua/dev/ambari-work/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py` | +| bootstrap.script | The location and name of the Python script used to bootstrap new Ambari Agent hosts. |`/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py` | | bootstrap.setup_agent.password | The password to set on the `AMBARI_PASSPHRASE` environment variable before invoking the bootstrap script. |`password` | -| bootstrap.setup_agent.script | The location and name of the Python script executed on the Ambari Agent host during the bootstrap process. |`/home/crashtua/dev/ambari-work/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py` | +| bootstrap.setup_agent.script | The location and name of the Python script executed on the Ambari Agent host during the bootstrap process. |`/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py` | +| client.api.acceptor.count | Count of acceptors to configure for the jetty connector used for Ambari API. | | | client.api.port | The port that client connections will use with the REST API. The Ambari Web client runs on this port. |`8080` | | client.api.ssl.cert_pass_file | The filename which contains the password for the keystores, truststores, and certificates for the REST API when it's protected by SSL. |`https.pass.txt` | | client.api.ssl.crt_pass | The password for the keystores, truststores, and certificates for the REST API when it's protected by SSL. If not specified, then `client.api.ssl.cert_pass_file` should be used. | | @@ -121,7 +123,7 @@ The following are the properties which can be used to configure Ambari. | client.security | The type of authentication mechanism used by Ambari.<br/><br/>The following are examples of valid values:<ul><li>`local`<li>`ldap`</ul> | | | client.threadpool.size.max | The size of the Jetty connection pool used for handling incoming REST API requests. This should be large enough to handle requests from both web browsers and embedded Views. |`25` | | common.services.path | The location on the Ambari Server where common service resources exist. Stack services share the common service files.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/common-services`</ul> | | -| custom.action.definitions | The location on the Ambari Server where custom actions are defined. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/custom_action_definitions` | +| custom.action.definitions | The location on the Ambari Server where custom actions are defined. |`/var/lib/ambari-server/resources/custom_action_definitions` | | db.mysql.jdbc.name | The name of the MySQL JDBC JAR connector. |`mysql-connector-java.jar` | | db.oracle.jdbc.name | The name of the Oracle JDBC JAR connector. |`ojdbc6.jar` | | default.kdcserver.port | The port used to communicate with the Kerberos Key Distribution Center. |`88` | @@ -134,9 +136,10 @@ The following are the properties which can be used to configure Ambari. | jdk.name | The name of the JDK installation binary.<br/><br/>The following are examples of valid values:<ul><li>`jdk-7u45-linux-x64.tar.gz`</ul> | | | kdcserver.connection.check.timeout | The timeout, in milliseconds, to wait when communicating with a Kerberos Key Distribution Center. |`10000` | | kerberos.check.jaas.configuration | Determines whether Kerberos-enabled Ambari deployments should use JAAS to validate login credentials. |`false` | -| kerberos.keytab.cache.dir | The location on the Ambari Server where Kerberos keytabs are cached. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/data/cache` | +| kerberos.keytab.cache.dir | The location on the Ambari Server where Kerberos keytabs are cached. |`/var/lib/ambari-server/data/cache` | | kerberos.operation.retries | The number of times failed kerberos operations should be retried to execute. |`3` | | ldap.sync.username.collision.behavior | Determines how to handle username collision while updating from LDAP.<br/><br/>The following are examples of valid values:<ul><li>`skip`<li>`convert`</ul> |`convert` | +| log4j.monitor.delay | Indicates the delay, in milliseconds, for the log4j monitor to check for changes |`300000` | | metadata.path | The location on the Ambari Server where the stack resources exist.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/stacks`</ul> | | | metrics.retrieval-service.cache.timeout | The amount of time, in minutes, that JMX and REST metrics retrieved directly can remain in the cache. |`30` | | metrics.retrieval-service.request.ttl | The number of seconds to wait between issuing JMX or REST metric requests to the same endpoint. This property is used to throttle requests to the same URL being made too close together<br/><br/> This property is related to `metrics.retrieval-service.request.ttl.enabled`. |`5` | @@ -145,7 +148,7 @@ The following are the properties which can be used to configure Ambari. | packages.pre.installed | Determines whether Ambari Agent instances have already have the necessary stack software installed |`false` | | proxy.allowed.hostports | A comma-separated whitelist of host and port values which Ambari Server can use to determine if a proxy value is valid. |`*:*` | | recommendations.artifacts.lifetime | The amount of time that Recommendation API data is kept on the Ambari Server file system. This is specified using a `hdwmy` syntax for pairing the value with a time unit (hours, days, weeks, months, years)<br/><br/>The following are examples of valid values:<ul><li>`8h`<li>`2w`<li>`1m`</ul> |`1w` | -| recommendations.dir | The directory on the Ambari Server file system used for storing Recommendation API artifacts. |`/home/crashtua/dev/ambari-work/var/run/ambari-server/stack-recommendations` | +| recommendations.dir | The directory on the Ambari Server file system used for storing Recommendation API artifacts. |`/var/run/ambari-server/stack-recommendations` | | recovery.disabled_components | A comma-separated list of component names which are not included in automatic recovery attempts.<br/><br/>The following are examples of valid values:<ul><li>`NAMENODE,ZOOKEEPER_SERVER`</ul> | | | recovery.enabled_components | A comma-separated list of component names which are included in automatic recovery attempts.<br/><br/>The following are examples of valid values:<ul><li>`NAMENODE,ZOOKEEPER_SERVER`</ul> | | | recovery.lifetime_max_count | The maximum number of recovery attempts of a failed component during the lifetime of an Ambari Agent instance. This is reset when the Ambari Agent is restarted. | | @@ -155,7 +158,7 @@ The following are the properties which can be used to configure Ambari. | recovery.window_in_minutes | The length of a recovery window, in minutes, in which recovery attempts can be retried.<br/><br/> This property is related to `recovery.max_count`. | | | repo.validation.suffixes.default | The suffixes to use when validating most types of repositories. |`/repodata/repomd.xml` | | repo.validation.suffixes.ubuntu | The suffixes to use when validating Ubuntu repositories. |`/dists/%s/Release` | -| resources.dir | The location on the Ambari Server where all resources exist, including common services, stacks, and scripts. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/` | +| resources.dir | The location on the Ambari Server where all resources exist, including common services, stacks, and scripts. |`/var/lib/ambari-server/resources/` | | rolling.upgrade.skip.packages.prefixes | A comma-separated list of packages which will be skipped during a stack upgrade. | | | security.agent.hostname.validate | Determines whether the Ambari Agent host names should be validated against a regular expression to ensure that they are well-formed. |`true` | | security.master.key.location | The location on the Ambari Server of the master key file. This is the key to the master keystore. | | @@ -219,16 +222,16 @@ The following are the properties which can be used to configure Ambari. | server.jdbc.user.passwd | The password for the user when logging into the database. |`bigdata` | | server.locks.profiling | Enable the profiling of internal locks. |`false` | | server.metrics.retrieval-service.thread.priority | The priority of threads used by the service which retrieves JMX and REST metrics directly from their respective endpoints. |`5` | -| server.metrics.retrieval-service.threadpool.size.core | The core number of threads used to retrieve JMX and REST metrics directly from their respective endpoints. |`8` | -| server.metrics.retrieval-service.threadpool.size.max | The maximum number of threads used to retrieve JMX and REST metrics directly from their respective endpoints. |`16` | -| server.metrics.retrieval-service.threadpool.worker.size | The number of queued requests allowed for JMX and REST metrics before discarding old requests which have not been fullfilled. |`160` | +| server.metrics.retrieval-service.threadpool.size.core | The core number of threads used to retrieve JMX and REST metrics directly from their respective endpoints. |`16` | +| server.metrics.retrieval-service.threadpool.size.max | The maximum number of threads used to retrieve JMX and REST metrics directly from their respective endpoints. |`32` | +| server.metrics.retrieval-service.threadpool.worker.size | The number of queued requests allowed for JMX and REST metrics before discarding old requests which have not been fullfilled. |`320` | | server.operations.retry-attempts | The number of retry attempts for failed API and blueprint operations. |`0` | | server.os_family | The operating system family for all hosts in the cluster. This is used when bootstrapping agents and when enabling Kerberos.<br/><br/>The following are examples of valid values:<ul><li>`redhat`<li>`ubuntu`</ul> | | | server.os_type | The operating system version for all hosts in the cluster. This is used when bootstrapping agents and when enabling Kerberos.<br/><br/>The following are examples of valid values:<ul><li>`6`<li>`7`</ul> | | | server.persistence.type | The type of database connection being used. Unless using an embedded PostgresSQL server, then this should be `remote`.<br/><br/>The following are examples of valid values:<ul><li>`local`<li>`remote`</ul> |`local` | | server.property-provider.threadpool.completion.timeout | The maximum time, in milliseconds, that federated requests for data can execute before being terminated. Increasing this value could result in degraded performanc from the REST APIs. |`5000` | -| server.property-provider.threadpool.size.core | The core number of threads that will be used to retrieve data from federated datasources, such as remote JMX endpoints. |`8` | -| server.property-provider.threadpool.size.max | The maximum number of threads that will be used to retrieve data from federated datasources, such as remote JMX endpoints. |`16` | +| server.property-provider.threadpool.size.core | The core number of threads that will be used to retrieve data from federated datasources, such as remote JMX endpoints. |`16` | +| server.property-provider.threadpool.size.max | The maximum number of threads that will be used to retrieve data from federated datasources, such as remote JMX endpoints. |`32` | | server.property-provider.threadpool.worker.size | The maximum size of pending federated datasource requests, such as those to JMX endpoints, which can be queued before rejecting new requests. |`2147483647` | | server.script.timeout | The time, in milliseconds, until an external script is killed. |`5000` | | server.stage.command.execution_type | How to execute commands in one stage |`STAGE` | @@ -244,11 +247,11 @@ The following are the properties which can be used to configure Ambari. | server.timeline.metrics.cache.read.timeout.millis | The time, in milliseconds, that initial requests to populate metric data will wait while reading from Ambari Metrics.<br/><br/> This property is related to `server.timeline.metrics.cache.disabled`. |`10000` | | server.timeline.metrics.cache.use.custom.sizing.engine | Determines if a custom engine should be used to increase performance of calculating the current size of the cache for Ambari Metric data.<br/><br/> This property is related to `server.timeline.metrics.cache.disabled`. |`true` | | server.timeline.metrics.https.enabled | Determines whether to use to SSL to connect to Ambari Metrics when retrieving metric data. |`false` | -| server.tmp.dir | The location on the Ambari Server where temporary artifacts can be created. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/tmp` | +| server.tmp.dir | The location on the Ambari Server where temporary artifacts can be created. |`/var/lib/ambari-server/tmp` | | server.version.file | The full path to the file which contains the Ambari Server version. This is used to ensure that there is not a version mismatch between Ambari Agents and Ambari Server.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/version`</ul> | | | server.version_definition.connect.timeout.millis | The time, in milliseconds, that requests to connect to a URL to retrieve Version Definition Files (VDF) will wait before being terminated. |`5000` | | server.version_definition.read.timeout.millis | The time, in milliseconds, that requests to read from a connected URL to retrieve Version Definition Files (VDF) will wait before being terminated. |`5000` | -| shared.resources.dir | The location on the Ambari Server where resources are stored. This is exposed via HTTP in order for Ambari Agents to access them. |`/home/crashtua/dev/ambari-work/usr/lib/ambari-server/lib/ambari_commons/resources` | +| shared.resources.dir | The location on the Ambari Server where resources are stored. This is exposed via HTTP in order for Ambari Agents to access them. |`/usr/lib/ambari-server/lib/ambari_commons/resources` | | ssl.trustStore.password | The password to use when setting the `javax.net.ssl.trustStorePassword` property | | | ssl.trustStore.path | The location of the truststore to use when setting the `javax.net.ssl.trustStore` property. | | | ssl.trustStore.type | The type of truststore used by the `javax.net.ssl.trustStoreType` property. | | @@ -257,7 +260,7 @@ The following are the properties which can be used to configure Ambari. | stack.upgrade.auto.retry.command.names.to.ignore | A comma-separate list of upgrade tasks names to skip when retrying failed commands automatically. |`"ComponentVersionCheckAction","FinalizeUpgradeAction"` | | stack.upgrade.auto.retry.timeout.mins | The amount of time to wait in order to retry a command during a stack upgrade when an agent loses communication. This value must be greater than the `agent.task.timeout` value. |`0` | | stack.upgrade.bypass.prechecks | Determines whether pre-upgrade checks will be skipped when performing a rolling or express stack upgrade. |`false` | -| stackadvisor.script | The location and name of the Python stack advisor script executed when configuring services. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/scripts/stack_advisor.py` | +| stackadvisor.script | The location and name of the Python stack advisor script executed when configuring services. |`/var/lib/ambari-server/resources/scripts/stack_advisor.py` | | task.query.parameterlist.size | The maximum number of tasks which can be queried by ID from the database. |`999` | | view.extraction.threadpool.size.core | The number of threads used to extract Ambari Views when Ambari Server is starting up. |`10` | | view.extraction.threadpool.size.max | The maximum number of threads used to extract Ambari Views when Ambari Server is starting up. |`20` | @@ -266,7 +269,7 @@ The following are the properties which can be used to configure Ambari. | view.request.threadpool.timeout | The time, milliseconds, that REST API requests from embedded views can wait if there are no threads available to service the view's request. Setting this too low can cause views to timeout. |`2000` | | views.ambari.request.connect.timeout.millis | The amount of time, in milliseconds, that a view will wait when trying to connect on HTTP(S) operations to the Ambari REST API. |`30000` | | views.ambari.request.read.timeout.millis | The amount of time, in milliseconds, that a view will wait before terminating an HTTP(S) read request to the Ambari REST API. |`45000` | -| views.dir | The directory on the Ambari Server file system used for expanding Views and storing webapp work. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/views` | +| views.dir | The directory on the Ambari Server file system used for expanding Views and storing webapp work. |`/var/lib/ambari-server/resources/views` | | views.http.strict-transport-security | The value that will be used to set the `Strict-Transport-Security` HTTP response header for Ambari View requests. |`max-age=31536000` | | views.http.x-frame-options | The value that will be used to set the `X-Frame-Options` HTTP response header for Ambari View requests. |`SAMEORIGIN` | | views.http.x-xss-protection | The value that will be used to set the `X-XSS-Protection` HTTP response header for Ambari View requests. |`1; mode=block` | http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java index b5a29b3..0b8e195 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java @@ -17,42 +17,23 @@ */ package org.apache.ambari.server.configuration; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.io.FileWriter; -import java.io.IOException; -import java.io.InputStream; -import java.io.Writer; -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; -import java.lang.reflect.Field; -import java.security.cert.CertificateException; -import java.security.interfaces.RSAPublicKey; -import java.util.ArrayList; -import java.util.EnumSet; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; -import java.util.Set; -import java.util.SortedMap; -import java.util.TreeMap; -import java.util.concurrent.Callable; -import java.util.concurrent.ThreadPoolExecutor; -import java.util.concurrent.TimeUnit; - +import com.google.common.collect.Multimap; +import com.google.common.collect.Sets; +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.google.gson.JsonPrimitive; +import com.google.inject.Inject; +import com.google.inject.Singleton; import org.apache.ambari.annotations.Experimental; import org.apache.ambari.annotations.ExperimentalFeature; import org.apache.ambari.annotations.Markdown; import org.apache.ambari.server.AmbariException; +import org.apache.ambari.server.actionmanager.CommandExecutionType; import org.apache.ambari.server.actionmanager.HostRoleCommand; import org.apache.ambari.server.actionmanager.Stage; -import org.apache.ambari.server.actionmanager.CommandExecutionType; import org.apache.ambari.server.controller.spi.PropertyProvider; import org.apache.ambari.server.events.listeners.alerts.AlertReceivedListener; import org.apache.ambari.server.orm.JPATableGenerationStrategy; @@ -89,16 +70,34 @@ import org.apache.commons.lang.math.NumberUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.collect.Multimap; -import com.google.common.collect.Sets; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import com.google.gson.JsonPrimitive; -import com.google.inject.Inject; -import com.google.inject.Singleton; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.Writer; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; +import java.lang.reflect.Field; +import java.security.cert.CertificateException; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import java.util.Set; +import java.util.SortedMap; +import java.util.TreeMap; +import java.util.concurrent.Callable; +import java.util.concurrent.ThreadPoolExecutor; +import java.util.concurrent.TimeUnit; /** * The {@link Configuration} class is used to read from the @@ -2489,6 +2488,7 @@ public class Configuration { "log4j.monitor.delay", TimeUnit.MINUTES.toMillis(5)); /** +<<<<<<< a5fdae802210ae1f8d4fed2234f1651cbe61c2b5 * Indicates whether parallel topology task creation is enabled for blueprint cluster provisioning. * Defaults to <code>false</code>. * @see #TOPOLOGY_TASK_PARALLEL_CREATION_THREAD_COUNT @@ -2504,6 +2504,20 @@ public class Configuration { @Markdown(description = "The number of threads to use for parallel topology task creation if enabled") public static final ConfigurationProperty<Integer> TOPOLOGY_TASK_PARALLEL_CREATION_THREAD_COUNT = new ConfigurationProperty<>("topology.task.creation.parallel.threads", 10); + /** + * The number of acceptor threads for the agent jetty connector. + */ + @Markdown(description = "Count of acceptors to configure for the jetty connector used for Ambari agent.") + public static final ConfigurationProperty<Integer> SRVR_AGENT_ACCEPTOR_THREAD_COUNT = new ConfigurationProperty<>( + "agent.api.acceptor.count", null); + + /** + * The number of acceptor threads for the api jetty connector. + */ + @Markdown(description = "Count of acceptors to configure for the jetty connector used for Ambari API.") + public static final ConfigurationProperty<Integer> SRVR_API_ACCEPTOR_THREAD_COUNT = new ConfigurationProperty<>( + "client.api.acceptor.count", null); + private static final Logger LOG = LoggerFactory.getLogger( Configuration.class); @@ -3600,7 +3614,7 @@ public class Configuration { * * @return true two-way SSL authentication is enabled */ - public boolean getTwoWaySsl() { + public boolean isTwoWaySsl() { return Boolean.parseBoolean(getProperty(SRVR_TWO_WAY_SSL)); } @@ -5353,7 +5367,6 @@ public class Configuration { InputStream inputStream = null; try { if (System.getProperties().containsKey(AMBARI_CONFIGURATION_MD_TEMPLATE_PROPERTY)) { - // for using from IDEA or other tools without whole compilation inputStream = new FileInputStream(System.getProperties().getProperty(AMBARI_CONFIGURATION_MD_TEMPLATE_PROPERTY)); } else { inputStream = Configuration.class.getResourceAsStream(MARKDOWN_TEMPLATE_FILE); @@ -5715,7 +5728,23 @@ public class Configuration { return kerberosAuthProperties; } - public int getKerberosOperationRetries(){ + public int getKerberosOperationRetries() { return Integer.valueOf(getProperty(KERBEROS_OPERATION_RETRIES)); } + + /** + * Return configured acceptors for agent api connector. Default = null + */ + public Integer getAgentApiAcceptors() { + String acceptors = getProperty(SRVR_AGENT_ACCEPTOR_THREAD_COUNT); + return StringUtils.isEmpty(acceptors) ? null : Integer.parseInt(acceptors); + } + + /** + * Return configured acceptors for server api connector. Default = null + */ + public Integer getClientApiAcceptors() { + String acceptors = getProperty(SRVR_API_ACCEPTOR_THREAD_COUNT); + return StringUtils.isEmpty(acceptors) ? null : Integer.parseInt(acceptors); + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java index 6351720..e54d54e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java @@ -175,7 +175,7 @@ public class AmbariServer { /** * The thread name prefix for threads handling agent requests. */ - private static final String AGENT_THREAD_POOL_NAME = "ambari-agent-thread"; + private static final String AGENT_THREAD_POOL_NAME = "qtp-ambari-agent"; /** * The thread name prefix for threads handling REST API requests. @@ -414,73 +414,27 @@ public class AmbariServer { Map<String, String> configsMap = configs.getConfigsMap(); - if (configs.getAgentSSLAuthentication()) { - //Secured connector for 2-way auth - SslContextFactory contextFactoryTwoWay = new SslContextFactory(); - disableInsecureProtocols(contextFactoryTwoWay); - - SslSelectChannelConnector sslConnectorTwoWay = new SslSelectChannelConnector(contextFactoryTwoWay); - sslConnectorTwoWay.setPort(configs.getTwoWayAuthPort()); - - String keystore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator - + configsMap.get(Configuration.KSTR_NAME.getKey()); - - String truststore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator - + configsMap.get(Configuration.TSTR_NAME.getKey()); - - String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS.getKey()); - - sslConnectorTwoWay.setKeystore(keystore); - sslConnectorTwoWay.setTruststore(truststore); - sslConnectorTwoWay.setPassword(srvrCrtPass); - sslConnectorTwoWay.setKeyPassword(srvrCrtPass); - sslConnectorTwoWay.setTrustPassword(srvrCrtPass); - sslConnectorTwoWay.setKeystoreType(configsMap.get(Configuration.KSTR_TYPE.getKey())); - sslConnectorTwoWay.setTruststoreType(configsMap.get(Configuration.TSTR_TYPE.getKey())); - sslConnectorTwoWay.setNeedClientAuth(configs.getTwoWaySsl()); - sslConnectorTwoWay.setRequestHeaderSize(configs.getHttpRequestHeaderSize()); - sslConnectorTwoWay.setResponseHeaderSize(configs.getHttpResponseHeaderSize()); - - //SSL Context Factory - SslContextFactory contextFactoryOneWay = new SslContextFactory(true); - contextFactoryOneWay.setKeyStorePath(keystore); - contextFactoryOneWay.setTrustStore(truststore); - contextFactoryOneWay.setKeyStorePassword(srvrCrtPass); - contextFactoryOneWay.setKeyManagerPassword(srvrCrtPass); - contextFactoryOneWay.setTrustStorePassword(srvrCrtPass); - contextFactoryOneWay.setKeyStoreType(configsMap.get(Configuration.KSTR_TYPE.getKey())); - contextFactoryOneWay.setTrustStoreType(configsMap.get(Configuration.TSTR_TYPE.getKey())); - contextFactoryOneWay.setNeedClientAuth(false); - disableInsecureProtocols(contextFactoryOneWay); - - //Secured connector for 1-way auth - SslSelectChannelConnector sslConnectorOneWay = new SslSelectChannelConnector(contextFactoryOneWay); - sslConnectorOneWay.setPort(configs.getOneWayAuthPort()); - sslConnectorOneWay.setRequestHeaderSize(configs.getHttpRequestHeaderSize()); - sslConnectorOneWay.setResponseHeaderSize(configs.getHttpResponseHeaderSize()); - - // because there are two connectors sharing the same pool, cut each's - // acceptors in half - int sslAcceptors = sslConnectorOneWay.getAcceptors(); - sslConnectorOneWay.setAcceptors(Math.max(2, sslAcceptors / 2)); - sslConnectorTwoWay.setAcceptors(Math.max(2, sslAcceptors / 2)); - - // Agent Jetty thread pool - configureJettyThreadPool(serverForAgent, sslConnectorOneWay.getAcceptors(), - "qtp-ambari-agent", configs.getAgentThreadPoolSize()); - - serverForAgent.addConnector(sslConnectorOneWay); - serverForAgent.addConnector(sslConnectorTwoWay); - } else { - SelectChannelConnector agentConnector = new SelectChannelConnector(); - agentConnector.setPort(configs.getOneWayAuthPort()); - agentConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime()); - - // Agent Jetty thread pool - configureJettyThreadPool(serverForAgent, agentConnector.getAcceptors(), "qtp-ambari-agent", - configs.getAgentThreadPoolSize()); - - serverForAgent.addConnector(agentConnector); + SelectChannelConnector agentOneWayConnector = createSelectChannelConnectorForAgent(configs.getOneWayAuthPort(), false); + // Override acceptor defaults if configured or use Jetty defaults + Integer acceptors = configs.getAgentApiAcceptors() != null ? + configs.getAgentApiAcceptors() : agentOneWayConnector.getAcceptors(); + agentOneWayConnector.setAcceptors(acceptors); + + SelectChannelConnector agentTwoWayConnector = null; + if (configs.isTwoWaySsl()) { + agentTwoWayConnector = createSelectChannelConnectorForAgent(configs.getTwoWayAuthPort(), true); + agentTwoWayConnector.setAcceptors(acceptors); + } + + // Account for both the connectors if configured + int totalAgentAcceptorCount = configs.isTwoWaySsl() ? acceptors * 2 : acceptors; + // Agent Jetty thread pool - widen the thread pool if needed ! + configureJettyThreadPool(serverForAgent, totalAgentAcceptorCount, + AGENT_THREAD_POOL_NAME, configs.getAgentThreadPoolSize()); + + serverForAgent.addConnector(agentOneWayConnector); + if (agentTwoWayConnector != null) { + serverForAgent.addConnector(agentTwoWayConnector); } ServletHolder sh = new ServletHolder(ServletContainer.class); @@ -546,41 +500,15 @@ public class AmbariServer { } /* Configure the API server to use the NIO connectors */ - SelectChannelConnector apiConnector; - - if (configs.getApiSSLAuthentication()) { - String httpsKeystore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey()) + - File.separator + configsMap.get(Configuration.CLIENT_API_SSL_KSTR_NAME.getKey()); - String httpsTruststore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey()) + - File.separator + configsMap.get(Configuration.CLIENT_API_SSL_TSTR_NAME.getKey()); - LOG.info("API SSL Authentication is turned on. Keystore - " + httpsKeystore); - - String httpsCrtPass = configsMap.get(Configuration.CLIENT_API_SSL_CRT_PASS.getKey()); - - SslContextFactory contextFactoryApi = new SslContextFactory(); - disableInsecureProtocols(contextFactoryApi); - SslSelectChannelConnector sapiConnector = new SslSelectChannelConnector(contextFactoryApi); - sapiConnector.setPort(configs.getClientSSLApiPort()); - sapiConnector.setKeystore(httpsKeystore); - sapiConnector.setTruststore(httpsTruststore); - sapiConnector.setPassword(httpsCrtPass); - sapiConnector.setKeyPassword(httpsCrtPass); - sapiConnector.setTrustPassword(httpsCrtPass); - sapiConnector.setKeystoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey())); - sapiConnector.setTruststoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey())); - sapiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime()); - apiConnector = sapiConnector; - } else { - apiConnector = new SelectChannelConnector(); - apiConnector.setPort(configs.getClientApiPort()); - apiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime()); - } + SelectChannelConnector apiConnector = createSelectChannelConnectorForClient(); - apiConnector.setRequestHeaderSize(configs.getHttpRequestHeaderSize()); - apiConnector.setResponseHeaderSize(configs.getHttpResponseHeaderSize()); + acceptors = configs.getClientApiAcceptors() != null ? configs + .getClientApiAcceptors() : apiConnector.getAcceptors(); + apiConnector.setAcceptors(acceptors); - // Client Jetty thread pool - configureJettyThreadPool(server, apiConnector.getAcceptors(), CLIENT_THREAD_POOL_NAME, configs.getClientThreadPoolSize()); + // Client Jetty thread pool - widen the thread pool if needed ! + configureJettyThreadPool(server, acceptors, CLIENT_THREAD_POOL_NAME, + configs.getClientThreadPoolSize()); server.addConnector(apiConnector); server.setStopAtShutdown(true); @@ -662,6 +590,93 @@ public class AmbariServer { } /** + * Create org.eclipse.jetty.server.nio.SelectChannelConnector + * implementation for SSL or non-SSL based on configuration. + * + * @param port connector port + * @param needClientAuth one-way / two-way SSL + * @return org.eclipse.jetty.server.nio.SelectChannelConnector + */ + @SuppressWarnings("deprecation") + private SelectChannelConnector createSelectChannelConnectorForAgent(int port, boolean needClientAuth) { + Map<String, String> configsMap = configs.getConfigsMap(); + SelectChannelConnector agentConnector; + + if (configs.getAgentSSLAuthentication()) { + String keystore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator + + configsMap.get(Configuration.KSTR_NAME.getKey()); + + String truststore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator + + configsMap.get(Configuration.TSTR_NAME.getKey()); + + String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS.getKey()); + + // Secured connector - default constructor sets trustAll = true for certs + SslContextFactory contextFactory = new SslContextFactory(); + disableInsecureProtocols(contextFactory); + + SslSelectChannelConnector agentSslConnector = new SslSelectChannelConnector(contextFactory); + agentSslConnector.setKeystore(keystore); + agentSslConnector.setTruststore(truststore); + agentSslConnector.setPassword(srvrCrtPass); + agentSslConnector.setKeyPassword(srvrCrtPass); + agentSslConnector.setTrustPassword(srvrCrtPass); + agentSslConnector.setKeystoreType(configsMap.get(Configuration.KSTR_TYPE.getKey())); + agentSslConnector.setTruststoreType(configsMap.get(Configuration.TSTR_TYPE.getKey())); + agentSslConnector.setNeedClientAuth(needClientAuth); + agentSslConnector.setRequestHeaderSize(configs.getHttpRequestHeaderSize()); + agentSslConnector.setResponseHeaderSize(configs.getHttpResponseHeaderSize()); + agentConnector = agentSslConnector; + } else { + agentConnector = new SelectChannelConnector(); + agentConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime()); + } + + agentConnector.setPort(port); + + return agentConnector; + } + + @SuppressWarnings("deprecation") + private SelectChannelConnector createSelectChannelConnectorForClient() { + Map<String, String> configsMap = configs.getConfigsMap(); + SelectChannelConnector apiConnector; + + if (configs.getApiSSLAuthentication()) { + String httpsKeystore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey()) + + File.separator + configsMap.get(Configuration.CLIENT_API_SSL_KSTR_NAME.getKey()); + String httpsTruststore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey()) + + File.separator + configsMap.get(Configuration.CLIENT_API_SSL_TSTR_NAME.getKey()); + LOG.info("API SSL Authentication is turned on. Keystore - " + httpsKeystore); + + String httpsCrtPass = configsMap.get(Configuration.CLIENT_API_SSL_CRT_PASS.getKey()); + + SslContextFactory contextFactoryApi = new SslContextFactory(); + disableInsecureProtocols(contextFactoryApi); + SslSelectChannelConnector sapiConnector = new SslSelectChannelConnector(contextFactoryApi); + sapiConnector.setPort(configs.getClientSSLApiPort()); + sapiConnector.setKeystore(httpsKeystore); + sapiConnector.setTruststore(httpsTruststore); + sapiConnector.setPassword(httpsCrtPass); + sapiConnector.setKeyPassword(httpsCrtPass); + sapiConnector.setTrustPassword(httpsCrtPass); + sapiConnector.setKeystoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey())); + sapiConnector.setTruststoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey())); + sapiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime()); + apiConnector = sapiConnector; + } else { + apiConnector = new SelectChannelConnector(); + apiConnector.setPort(configs.getClientApiPort()); + apiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime()); + } + + apiConnector.setRequestHeaderSize(configs.getHttpRequestHeaderSize()); + apiConnector.setResponseHeaderSize(configs.getHttpResponseHeaderSize()); + + return apiConnector; + } + + /** * this method executes database consistency check if skip option was not added */ protected void runDatabaseConsistencyCheck() throws Exception { @@ -770,7 +785,7 @@ public class AmbariServer { private void disableInsecureProtocols(SslContextFactory factory) { // by default all protocols should be available factory.setExcludeProtocols(); - factory.setIncludeProtocols(new String[] { "SSLv2Hello","TLSv1"}); + factory.setIncludeProtocols(new String[] { "SSLv2Hello", "TLSv1" }); if (!configs.getSrvrDisabledCiphers().isEmpty()) { String[] masks = configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER); http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java b/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java index a1b5a6e..cb25f0b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java @@ -42,7 +42,7 @@ public class ConnectionInfo { @Inject public static void init(Configuration instance){ conf = instance; - response.put(Configuration.SRVR_TWO_WAY_SSL.getKey(),String.valueOf(conf.getTwoWaySsl())); + response.put(Configuration.SRVR_TWO_WAY_SSL.getKey(),String.valueOf(conf.isTwoWaySsl())); } @GET http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java index b0bcc58..d7cb8a3 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java @@ -119,7 +119,7 @@ public class ConfigurationTest { */ @Test public void testDefaultTwoWayAuthNotSet() throws Exception { - Assert.assertFalse(new Configuration().getTwoWaySsl()); + Assert.assertFalse(new Configuration().isTwoWaySsl()); } /** @@ -131,7 +131,7 @@ public class ConfigurationTest { Properties ambariProperties = new Properties(); ambariProperties.setProperty("security.server.two_way_ssl", "true"); Configuration conf = new Configuration(ambariProperties); - Assert.assertTrue(conf.getTwoWaySsl()); + Assert.assertTrue(conf.isTwoWaySsl()); } /** @@ -143,7 +143,7 @@ public class ConfigurationTest { Properties ambariProperties = new Properties(); ambariProperties.setProperty("security.server.two_way_ssl", "false"); Configuration conf = new Configuration(ambariProperties); - Assert.assertFalse(conf.getTwoWaySsl()); + Assert.assertFalse(conf.isTwoWaySsl()); } @Test
