org.apache.ratis.grpc.GrpcTlsConfig Java Examples
The following examples show how to use
org.apache.ratis.grpc.GrpcTlsConfig.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: XceiverServerRatis.java From hadoop-ozone with Apache License 2.0 | 6 votes |
public static XceiverServerRatis newXceiverServerRatis( DatanodeDetails datanodeDetails, ConfigurationSource ozoneConf, ContainerDispatcher dispatcher, ContainerController containerController, CertificateClient caClient, StateContext context) throws IOException { int localPort = ozoneConf.getInt( OzoneConfigKeys.DFS_CONTAINER_RATIS_IPC_PORT, OzoneConfigKeys.DFS_CONTAINER_RATIS_IPC_PORT_DEFAULT); // Get an available port on current node and // use that as the container port if (ozoneConf.getBoolean(OzoneConfigKeys .DFS_CONTAINER_RATIS_IPC_RANDOM_PORT, OzoneConfigKeys.DFS_CONTAINER_RATIS_IPC_RANDOM_PORT_DEFAULT)) { localPort = 0; } GrpcTlsConfig tlsConfig = createTlsServerConfigForDN( new SecurityConfig(ozoneConf), caClient); return new XceiverServerRatis(datanodeDetails, localPort, dispatcher, containerController, context, tlsConfig, ozoneConf); }
Example #2
Source File: RatisPipelineUtils.java From hadoop-ozone with Apache License 2.0 | 6 votes |
/** * Removes pipeline from SCM. Sends ratis command to destroy pipeline on all * the datanodes. * * @param pipeline - Pipeline to be destroyed * @param ozoneConf - Ozone configuration * @param grpcTlsConfig * @throws IOException */ public static void destroyPipeline(Pipeline pipeline, ConfigurationSource ozoneConf, GrpcTlsConfig grpcTlsConfig) { final RaftGroup group = RatisHelper.newRaftGroup(pipeline); if (LOG.isDebugEnabled()) { LOG.debug("destroying pipeline:{} with {}", pipeline.getId(), group); } for (DatanodeDetails dn : pipeline.getNodes()) { try { destroyPipeline(dn, pipeline.getId(), ozoneConf, grpcTlsConfig); } catch (IOException e) { LOG.warn("Pipeline destroy failed for pipeline={} dn={} exception={}", pipeline.getId(), dn, e.getMessage()); } } }
Example #3
Source File: RatisPipelineUtils.java From hadoop-ozone with Apache License 2.0 | 6 votes |
/** * Sends ratis command to destroy pipeline on the given datanode. * * @param dn - Datanode on which pipeline needs to be destroyed * @param pipelineID - ID of pipeline to be destroyed * @param ozoneConf - Ozone configuration * @param grpcTlsConfig - grpc tls configuration * @throws IOException */ static void destroyPipeline(DatanodeDetails dn, PipelineID pipelineID, ConfigurationSource ozoneConf, GrpcTlsConfig grpcTlsConfig) throws IOException { final String rpcType = ozoneConf .get(ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_KEY, ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_DEFAULT); final RetryPolicy retryPolicy = RatisHelper.createRetryPolicy(ozoneConf); final RaftPeer p = RatisHelper.toRaftPeer(dn); try(RaftClient client = RatisHelper .newRaftClient(SupportedRpcType.valueOfIgnoreCase(rpcType), p, retryPolicy, grpcTlsConfig, ozoneConf)) { client.groupRemove(RaftGroupId.valueOf(pipelineID.getId()), true, p.getId()); } }
Example #4
Source File: GrpcClientStreamer.java From ratis with Apache License 2.0 | 6 votes |
GrpcClientStreamer(RaftProperties prop, RaftGroup group, RaftPeerId leaderId, ClientId clientId, GrpcTlsConfig tlsConfig) { this.clientId = clientId; maxPendingNum = GrpcConfigKeys.OutputStream.outstandingAppendsMax(prop); maxMessageSize = GrpcConfigKeys.messageSizeMax(prop, LOG::debug); dataQueue = new ConcurrentLinkedDeque<>(); ackQueue = new ConcurrentLinkedDeque<>(); exceptionAndRetry = new ExceptionAndRetry(prop); this.groupId = group.getGroupId(); this.peers = group.getPeers().stream().collect( Collectors.toMap(RaftPeer::getId, Function.identity())); proxyMap = new PeerProxyMap<>(clientId.toString(), raftPeer -> new GrpcClientProtocolProxy(clientId, raftPeer, ResponseHandler::new, prop, tlsConfig)); proxyMap.addPeers(group.getPeers()); refreshLeaderProxy(leaderId, null); senderThread = new Sender(); senderThread.setName(this.toString() + "-sender"); senderThread.start(); }
Example #5
Source File: GrpcClientStreamer.java From incubator-ratis with Apache License 2.0 | 6 votes |
GrpcClientStreamer(RaftProperties prop, RaftGroup group, RaftPeerId leaderId, ClientId clientId, GrpcTlsConfig tlsConfig) { this.clientId = clientId; maxPendingNum = GrpcConfigKeys.OutputStream.outstandingAppendsMax(prop); maxMessageSize = GrpcConfigKeys.messageSizeMax(prop, LOG::debug); dataQueue = new ConcurrentLinkedDeque<>(); ackQueue = new ConcurrentLinkedDeque<>(); exceptionAndRetry = new ExceptionAndRetry(prop); this.groupId = group.getGroupId(); this.peers = group.getPeers().stream().collect( Collectors.toMap(RaftPeer::getId, Function.identity())); proxyMap = new PeerProxyMap<>(clientId.toString(), raftPeer -> new GrpcClientProtocolProxy(clientId, raftPeer, ResponseHandler::new, prop, tlsConfig)); proxyMap.addPeers(group.getPeers()); refreshLeaderProxy(leaderId, null); senderThread = new Sender(); senderThread.setName(this.toString() + "-sender"); senderThread.start(); }
Example #6
Source File: GrpcServerProtocolClient.java From ratis with Apache License 2.0 | 5 votes |
public GrpcServerProtocolClient(RaftPeer target, int flowControlWindow, TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) { NettyChannelBuilder channelBuilder = NettyChannelBuilder.forTarget(target.getAddress()); if (tlsConfig!= null) { SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (tlsConfig.getTrustStore() != null) { sslContextBuilder.trustManager(tlsConfig.getTrustStore()); } if (tlsConfig.getMtlsEnabled()) { sslContextBuilder.keyManager(tlsConfig.getCertChain(), tlsConfig.getPrivateKey()); } try { channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build()); } catch (Exception ex) { throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex); } } else { channelBuilder.negotiationType(NegotiationType.PLAINTEXT); } channel = channelBuilder.flowControlWindow(flowControlWindow).build(); blockingStub = RaftServerProtocolServiceGrpc.newBlockingStub(channel); asyncStub = RaftServerProtocolServiceGrpc.newStub(channel); this.requestTimeoutDuration = requestTimeoutDuration; }
Example #7
Source File: XceiverServerRatis.java From hadoop-ozone with Apache License 2.0 | 5 votes |
private XceiverServerRatis(DatanodeDetails dd, int port, ContainerDispatcher dispatcher, ContainerController containerController, StateContext context, GrpcTlsConfig tlsConfig, ConfigurationSource conf) throws IOException { this.conf = conf; Objects.requireNonNull(dd, "id == null"); datanodeDetails = dd; this.port = port; RaftProperties serverProperties = newRaftProperties(); this.context = context; this.dispatcher = dispatcher; this.containerController = containerController; this.raftPeerId = RatisHelper.toRaftPeerId(dd); chunkExecutors = createChunkExecutors(conf); RaftServer.Builder builder = RaftServer.newBuilder().setServerId(raftPeerId) .setProperties(serverProperties) .setStateMachineRegistry(this::getStateMachine); if (tlsConfig != null) { builder.setParameters(GrpcFactory.newRaftParameters(tlsConfig)); } this.server = builder.build(); this.requestTimeout = conf.getTimeDuration( HddsConfigKeys.HDDS_DATANODE_RATIS_SERVER_REQUEST_TIMEOUT, HddsConfigKeys.HDDS_DATANODE_RATIS_SERVER_REQUEST_TIMEOUT_DEFAULT, TimeUnit.MILLISECONDS); }
Example #8
Source File: GrpcService.java From ratis with Apache License 2.0 | 5 votes |
private GrpcService(RaftServer raftServer, Supplier<RaftPeerId> idSupplier, int port, SizeInBytes grpcMessageSizeMax, SizeInBytes appenderBufferSize, SizeInBytes flowControlWindow,TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) { super(idSupplier, id -> new PeerProxyMap<>(id.toString(), p -> new GrpcServerProtocolClient(p, flowControlWindow.getSizeInt(), requestTimeoutDuration, tlsConfig))); if (appenderBufferSize.getSize() > grpcMessageSizeMax.getSize()) { throw new IllegalArgumentException("Illegal configuration: " + RaftServerConfigKeys.Log.Appender.BUFFER_BYTE_LIMIT_KEY + " = " + appenderBufferSize + " > " + GrpcConfigKeys.MESSAGE_SIZE_MAX_KEY + " = " + grpcMessageSizeMax); } NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port) .maxInboundMessageSize(grpcMessageSizeMax.getSizeInt()) .flowControlWindow(flowControlWindow.getSizeInt()) .addService(new GrpcServerProtocolService(idSupplier, raftServer)) .addService(new GrpcClientProtocolService(idSupplier, raftServer)) .addService(new GrpcAdminProtocolService(raftServer)); if (tlsConfig != null) { SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(tlsConfig.getCertChain(), tlsConfig.getPrivateKey()); if (tlsConfig.getMtlsEnabled()) { sslContextBuilder.clientAuth(ClientAuth.REQUIRE); sslContextBuilder.trustManager(tlsConfig.getCertChain()); } sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, OPENSSL); try { nettyServerBuilder.sslContext(sslContextBuilder.build()); } catch (Exception ex) { throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex); } } server = nettyServerBuilder.build(); addressSupplier = JavaUtils.memoize(() -> new InetSocketAddress(port != 0? port: server.getPort())); }
Example #9
Source File: GrpcService.java From ratis with Apache License 2.0 | 5 votes |
private GrpcService(RaftServer server, GrpcTlsConfig tlsConfig) { this(server, server::getId, GrpcConfigKeys.Server.port(server.getProperties()), GrpcConfigKeys.messageSizeMax(server.getProperties(), LOG::info), RaftServerConfigKeys.Log.Appender.bufferByteLimit(server.getProperties()), GrpcConfigKeys.flowControlWindow(server.getProperties(), LOG::info), RaftServerConfigKeys.Rpc.requestTimeout(server.getProperties()), tlsConfig); }
Example #10
Source File: GrpcOutputStream.java From ratis with Apache License 2.0 | 5 votes |
public GrpcOutputStream(RaftProperties prop, ClientId clientId, RaftGroup group, RaftPeerId leaderId, GrpcTlsConfig tlsConfig) { final int bufferSize = GrpcConfigKeys.OutputStream.bufferSize(prop).getSizeInt(); buf = new byte[bufferSize]; count = 0; this.clientId = clientId; streamer = new GrpcClientStreamer(prop, group, leaderId, clientId, tlsConfig); }
Example #11
Source File: GrpcClientRpc.java From ratis with Apache License 2.0 | 5 votes |
public GrpcClientRpc(ClientId clientId, RaftProperties properties, GrpcTlsConfig tlsConfig) { super(new PeerProxyMap<>(clientId.toString(), p -> new GrpcClientProtocolClient(clientId, p, properties, tlsConfig))); this.clientId = clientId; this.maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug).getSizeInt(); this.tlsConfig = tlsConfig; }
Example #12
Source File: GrpcClientProtocolClient.java From ratis with Apache License 2.0 | 5 votes |
public GrpcClientProtocolClient(ClientId id, RaftPeer target, RaftProperties properties, GrpcTlsConfig tlsConf) { this.name = JavaUtils.memoize(() -> id + "->" + target.getId()); this.target = target; final SizeInBytes flowControlWindow = GrpcConfigKeys.flowControlWindow(properties, LOG::debug); final SizeInBytes maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug); NettyChannelBuilder channelBuilder = NettyChannelBuilder.forTarget(target.getAddress()); if (tlsConf!= null) { SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (tlsConf.getTrustStore() != null) { sslContextBuilder.trustManager(tlsConf.getTrustStore()); } if (tlsConf.getMtlsEnabled()) { sslContextBuilder.keyManager(tlsConf.getCertChain(), tlsConf.getPrivateKey()); } try { channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build()); } catch (Exception ex) { throw new RuntimeException(ex); } } else { channelBuilder.negotiationType(NegotiationType.PLAINTEXT); } channel = channelBuilder.flowControlWindow(flowControlWindow.getSizeInt()) .maxInboundMessageSize(maxMessageSize.getSizeInt()) .build(); blockingStub = RaftClientProtocolServiceGrpc.newBlockingStub(channel); asyncStub = RaftClientProtocolServiceGrpc.newStub(channel); adminBlockingStub = AdminProtocolServiceGrpc.newBlockingStub(channel); this.requestTimeoutDuration = RaftClientConfigKeys.Rpc.requestTimeout(properties); }
Example #13
Source File: GrpcServerProtocolClient.java From incubator-ratis with Apache License 2.0 | 5 votes |
public GrpcServerProtocolClient(RaftPeer target, int flowControlWindow, TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) { raftPeerId = target.getId(); NettyChannelBuilder channelBuilder = NettyChannelBuilder.forTarget(target.getAddress()); if (tlsConfig!= null) { SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (tlsConfig.isFileBasedConfig()) { sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile()); } else { sslContextBuilder.trustManager(tlsConfig.getTrustStore()); } if (tlsConfig.getMtlsEnabled()) { if (tlsConfig.isFileBasedConfig()) { sslContextBuilder.keyManager(tlsConfig.getCertChainFile(), tlsConfig.getPrivateKeyFile()); } else { sslContextBuilder.keyManager(tlsConfig.getPrivateKey(), tlsConfig.getCertChain()); } } try { channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build()); } catch (Exception ex) { throw new IllegalArgumentException("Failed to build SslContext, peerId=" + raftPeerId + ", tlsConfig=" + tlsConfig, ex); } } else { channelBuilder.negotiationType(NegotiationType.PLAINTEXT); } channel = channelBuilder.flowControlWindow(flowControlWindow).build(); blockingStub = RaftServerProtocolServiceGrpc.newBlockingStub(channel); asyncStub = RaftServerProtocolServiceGrpc.newStub(channel); this.requestTimeoutDuration = requestTimeoutDuration; }
Example #14
Source File: GrpcService.java From incubator-ratis with Apache License 2.0 | 5 votes |
private GrpcService(RaftServer server, GrpcTlsConfig tlsConfig) { this(server, server::getId, GrpcConfigKeys.Server.port(server.getProperties()), GrpcConfigKeys.messageSizeMax(server.getProperties(), LOG::info), RaftServerConfigKeys.Log.Appender.bufferByteLimit(server.getProperties()), GrpcConfigKeys.flowControlWindow(server.getProperties(), LOG::info), RaftServerConfigKeys.Rpc.requestTimeout(server.getProperties()), tlsConfig); }
Example #15
Source File: RatisHelper.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public static RaftClient newRaftClient(RpcType rpcType, RaftPeer leader, RetryPolicy retryPolicy, GrpcTlsConfig tlsConfig, ConfigurationSource configuration) { return newRaftClient(rpcType, leader.getId(), newRaftGroup(Collections.singletonList(leader)), retryPolicy, tlsConfig, configuration); }
Example #16
Source File: XceiverServerRatis.java From hadoop-ozone with Apache License 2.0 | 5 votes |
static GrpcTlsConfig createTlsServerConfigForDN(SecurityConfig conf, CertificateClient caClient) { if (conf.isSecurityEnabled() && conf.isGrpcTlsEnabled()) { return new GrpcTlsConfig( caClient.getPrivateKey(), caClient.getCertificate(), null, false); } return null; }
Example #17
Source File: StorageContainerManager.java From hadoop-ozone with Apache License 2.0 | 5 votes |
static GrpcTlsConfig createTlsClientConfigForSCM(SecurityConfig conf, CertificateServer certificateServer) throws IOException { if (conf.isSecurityEnabled() && conf.isGrpcTlsEnabled()) { try { X509Certificate caCert = CertificateCodec.getX509Certificate( certificateServer.getCACertificate()); return new GrpcTlsConfig(null, null, caCert, false); } catch (CertificateException ex) { throw new SCMSecurityException("Fail to find SCM CA certificate.", ex); } } return null; }
Example #18
Source File: XceiverClientRatis.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public static XceiverClientRatis newXceiverClientRatis( org.apache.hadoop.hdds.scm.pipeline.Pipeline pipeline, ConfigurationSource ozoneConf, X509Certificate caCert) { final String rpcType = ozoneConf .get(ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_KEY, ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_DEFAULT); final RetryPolicy retryPolicy = RatisHelper.createRetryPolicy(ozoneConf); final GrpcTlsConfig tlsConfig = RatisHelper.createTlsClientConfig(new SecurityConfig(ozoneConf), caCert); return new XceiverClientRatis(pipeline, SupportedRpcType.valueOfIgnoreCase(rpcType), retryPolicy, tlsConfig, ozoneConf); }
Example #19
Source File: XceiverClientRatis.java From hadoop-ozone with Apache License 2.0 | 5 votes |
/** * Constructs a client. */ private XceiverClientRatis(Pipeline pipeline, RpcType rpcType, RetryPolicy retryPolicy, GrpcTlsConfig tlsConfig, ConfigurationSource configuration) { super(); this.pipeline = pipeline; this.rpcType = rpcType; this.retryPolicy = retryPolicy; commitInfoMap = new ConcurrentHashMap<>(); this.tlsConfig = tlsConfig; metrics = XceiverClientManager.getXceiverClientMetrics(); this.ozoneConfiguration = configuration; }
Example #20
Source File: RatisHelper.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public static RaftClient newRaftClient(RpcType rpcType, Pipeline pipeline, RetryPolicy retryPolicy, GrpcTlsConfig tlsConfig, ConfigurationSource ozoneConfiguration) throws IOException { return newRaftClient(rpcType, toRaftPeerId(pipeline.getLeaderNode()), newRaftGroup(RaftGroupId.valueOf(pipeline.getId().getId()), pipeline.getNodes()), retryPolicy, tlsConfig, ozoneConfiguration); }
Example #21
Source File: GrpcOutputStream.java From incubator-ratis with Apache License 2.0 | 5 votes |
public GrpcOutputStream(RaftProperties prop, ClientId clientId, RaftGroup group, RaftPeerId leaderId, GrpcTlsConfig tlsConfig) { final int bufferSize = GrpcConfigKeys.OutputStream.bufferSize(prop).getSizeInt(); buf = new byte[bufferSize]; count = 0; this.clientId = clientId; streamer = new GrpcClientStreamer(prop, group, leaderId, clientId, tlsConfig); }
Example #22
Source File: RatisHelper.java From hadoop-ozone with Apache License 2.0 | 5 votes |
@SuppressWarnings("checkstyle:ParameterNumber") private static RaftClient newRaftClient(RpcType rpcType, RaftPeerId leader, RaftGroup group, RetryPolicy retryPolicy, GrpcTlsConfig tlsConfig, ConfigurationSource ozoneConfiguration) { if (LOG.isTraceEnabled()) { LOG.trace("newRaftClient: {}, leader={}, group={}", rpcType, leader, group); } final RaftProperties properties = new RaftProperties(); RaftConfigKeys.Rpc.setType(properties, rpcType); // Set the ratis client headers which are matching with regex. createRaftClientProperties(ozoneConfiguration, properties); RaftClient.Builder builder = RaftClient.newBuilder() .setRaftGroup(group) .setLeaderId(leader) .setProperties(properties) .setRetryPolicy(retryPolicy); // TODO: GRPC TLS only for now, netty/hadoop RPC TLS support later. if (tlsConfig != null && rpcType == SupportedRpcType.GRPC) { builder.setParameters(GrpcFactory.newRaftParameters(tlsConfig)); } return builder.build(); }
Example #23
Source File: GrpcClientRpc.java From incubator-ratis with Apache License 2.0 | 5 votes |
public GrpcClientRpc(ClientId clientId, RaftProperties properties, GrpcTlsConfig tlsConfig) { super(new PeerProxyMap<>(clientId.toString(), p -> new GrpcClientProtocolClient(clientId, p, properties, tlsConfig))); this.clientId = clientId; this.maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug).getSizeInt(); this.tlsConfig = tlsConfig; }
Example #24
Source File: GrpcClientProtocolClient.java From incubator-ratis with Apache License 2.0 | 4 votes |
GrpcClientProtocolClient(ClientId id, RaftPeer target, RaftProperties properties, GrpcTlsConfig tlsConf) { this.name = JavaUtils.memoize(() -> id + "->" + target.getId()); this.target = target; final SizeInBytes flowControlWindow = GrpcConfigKeys.flowControlWindow(properties, LOG::debug); final SizeInBytes maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug); NettyChannelBuilder channelBuilder = NettyChannelBuilder.forTarget(target.getAddress()); if (tlsConf!= null) { SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient(); if (tlsConf.isFileBasedConfig()) { sslContextBuilder.trustManager(tlsConf.getTrustStoreFile()); } else { sslContextBuilder.trustManager(tlsConf.getTrustStore()); } if (tlsConf.getMtlsEnabled()) { if (tlsConf.isFileBasedConfig()) { sslContextBuilder.keyManager(tlsConf.getCertChainFile(), tlsConf.getPrivateKeyFile()); } else { sslContextBuilder.keyManager(tlsConf.getPrivateKey(), tlsConf.getCertChain()); } } try { channelBuilder.useTransportSecurity().sslContext( sslContextBuilder.build()); } catch (Exception ex) { throw new RuntimeException(ex); } } else { channelBuilder.negotiationType(NegotiationType.PLAINTEXT); } channel = channelBuilder.flowControlWindow(flowControlWindow.getSizeInt()) .maxInboundMessageSize(maxMessageSize.getSizeInt()) .build(); blockingStub = RaftClientProtocolServiceGrpc.newBlockingStub(channel); asyncStub = RaftClientProtocolServiceGrpc.newStub(channel); adminBlockingStub = AdminProtocolServiceGrpc.newBlockingStub(channel); this.requestTimeoutDuration = RaftClientConfigKeys.Rpc.requestTimeout(properties); this.watchRequestTimeoutDuration = RaftClientConfigKeys.Rpc.watchRequestTimeout(properties); }
Example #25
Source File: GrpcService.java From incubator-ratis with Apache License 2.0 | 4 votes |
@SuppressWarnings("checkstyle:ParameterNumber") // private constructor private GrpcService(RaftServer raftServer, Supplier<RaftPeerId> idSupplier, int port, SizeInBytes grpcMessageSizeMax, SizeInBytes appenderBufferSize, SizeInBytes flowControlWindow,TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) { super(idSupplier, id -> new PeerProxyMap<>(id.toString(), p -> new GrpcServerProtocolClient(p, flowControlWindow.getSizeInt(), requestTimeoutDuration, tlsConfig))); if (appenderBufferSize.getSize() > grpcMessageSizeMax.getSize()) { throw new IllegalArgumentException("Illegal configuration: " + RaftServerConfigKeys.Log.Appender.BUFFER_BYTE_LIMIT_KEY + " = " + appenderBufferSize + " > " + GrpcConfigKeys.MESSAGE_SIZE_MAX_KEY + " = " + grpcMessageSizeMax); } this.clientProtocolService = new GrpcClientProtocolService(idSupplier, raftServer); NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port) .withChildOption(ChannelOption.SO_REUSEADDR, true) .maxInboundMessageSize(grpcMessageSizeMax.getSizeInt()) .flowControlWindow(flowControlWindow.getSizeInt()) .addService(new GrpcServerProtocolService(idSupplier, raftServer)) .addService(clientProtocolService) .addService(new GrpcAdminProtocolService(raftServer)); if (tlsConfig != null) { SslContextBuilder sslContextBuilder = tlsConfig.isFileBasedConfig()? SslContextBuilder.forServer(tlsConfig.getCertChainFile(), tlsConfig.getPrivateKeyFile()): SslContextBuilder.forServer(tlsConfig.getPrivateKey(), tlsConfig.getCertChain()); if (tlsConfig.getMtlsEnabled()) { sslContextBuilder.clientAuth(ClientAuth.REQUIRE); if (tlsConfig.isFileBasedConfig()) { sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile()); } else { sslContextBuilder.trustManager(tlsConfig.getTrustStore()); } } sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, OPENSSL); try { nettyServerBuilder.sslContext(sslContextBuilder.build()); } catch (Exception ex) { throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex); } } server = nettyServerBuilder.build(); addressSupplier = JavaUtils.memoize(() -> new InetSocketAddress(port != 0? port: server.getPort())); }
Example #26
Source File: GrpcClientProtocolProxy.java From ratis with Apache License 2.0 | 4 votes |
public GrpcClientProtocolProxy(ClientId clientId, RaftPeer target, Function<RaftPeer, CloseableStreamObserver> responseHandlerCreation, RaftProperties properties, GrpcTlsConfig tlsConfig) { proxy = new GrpcClientProtocolClient(clientId, target, properties, tlsConfig); this.responseHandlerCreation = responseHandlerCreation; }
Example #27
Source File: GrpcService.java From ratis with Apache License 2.0 | 4 votes |
public Builder setTlsConfig(GrpcTlsConfig tlsConfig) { this.tlsConfig = tlsConfig; return this; }
Example #28
Source File: GrpcService.java From ratis with Apache License 2.0 | 4 votes |
public GrpcTlsConfig getTlsConfig() { return tlsConfig; }
Example #29
Source File: GrpcService.java From incubator-ratis with Apache License 2.0 | 4 votes |
public GrpcTlsConfig getTlsConfig() { return tlsConfig; }
Example #30
Source File: GrpcService.java From incubator-ratis with Apache License 2.0 | 4 votes |
public Builder setTlsConfig(GrpcTlsConfig tlsConfig) { this.tlsConfig = tlsConfig; return this; }