[NO ISSUE][HYR] Enable extension of network security manager
- remove some premature resolution of configured hostnames to
ip address
Change-Id: Idad460b5894eeed5ef9b43d666d10cfd2e1e4cd6
Reviewed-on: https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/18159
Reviewed-by: Murtadha Hubail <mhubail@apache.org>
Tested-by: Michael Blow <mblow@apache.org>
diff --git a/asterixdb/asterix-app/src/test/java/org/apache/asterix/test/storage/DeallocatableTest.java b/asterixdb/asterix-app/src/test/java/org/apache/asterix/test/storage/DeallocatableTest.java
index cfd251b..368b17b 100644
--- a/asterixdb/asterix-app/src/test/java/org/apache/asterix/test/storage/DeallocatableTest.java
+++ b/asterixdb/asterix-app/src/test/java/org/apache/asterix/test/storage/DeallocatableTest.java
@@ -22,9 +22,9 @@
import java.util.concurrent.TimeUnit;
import org.apache.asterix.app.bootstrap.TestNodeController;
-import org.apache.asterix.replication.management.NetworkingUtil;
import org.apache.asterix.test.common.TestHelper;
import org.apache.asterix.test.runtime.LangExecutionUtil;
+import org.apache.hyracks.api.comm.NetworkAddress;
import org.apache.hyracks.api.context.IHyracksTaskContext;
import org.apache.hyracks.api.dataflow.ConnectorDescriptorId;
import org.apache.hyracks.api.dataflow.TaskAttemptId;
@@ -63,8 +63,8 @@
final IHyracksTaskContext ctx = nc.createTestContext(jobId, 0, true);
final ConnectorDescriptorId codId = new ConnectorDescriptorId(1);
final PartitionId pid = new PartitionId(ctx.getJobletContext().getJobId(), codId, 1, 1);
- final ChannelControlBlock ccb = ncs.getNetworkManager()
- .connect(NetworkingUtil.getSocketAddress(ncs.getNetworkManager().getLocalNetworkAddress()));
+ NetworkAddress netAddr = ncs.getNetworkManager().getLocalNetworkAddress();
+ final ChannelControlBlock ccb = ncs.getNetworkManager().connect(netAddr.toResolvedInetSocketAddress());
final NetworkOutputChannel networkOutputChannel = new NetworkOutputChannel(ccb, 0);
final MaterializingPipelinedPartition mpp =
new MaterializingPipelinedPartition(ctx, ncs.getPartitionManager(), pid, taId, ncs.getExecutor());
diff --git a/asterixdb/asterix-replication/src/main/java/org/apache/asterix/replication/management/NetworkingUtil.java b/asterixdb/asterix-replication/src/main/java/org/apache/asterix/replication/management/NetworkingUtil.java
index b38f0aa..9caaa79 100644
--- a/asterixdb/asterix-replication/src/main/java/org/apache/asterix/replication/management/NetworkingUtil.java
+++ b/asterixdb/asterix-replication/src/main/java/org/apache/asterix/replication/management/NetworkingUtil.java
@@ -21,18 +21,14 @@
import java.io.EOFException;
import java.io.IOException;
import java.net.InetAddress;
-import java.net.InetSocketAddress;
import java.net.NetworkInterface;
-import java.net.SocketAddress;
import java.net.SocketException;
-import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.channels.SocketChannel;
import java.util.Enumeration;
-import org.apache.hyracks.api.comm.NetworkAddress;
import org.apache.hyracks.api.network.ISocketChannel;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -131,16 +127,6 @@
fileChannel.transferFrom(socketChannel, pos, fileSize);
}
- public static InetSocketAddress getSocketAddress(SocketChannel socketChannel) {
- String hostAddress = socketChannel.socket().getInetAddress().getHostAddress();
- int port = socketChannel.socket().getPort();
- return InetSocketAddress.createUnresolved(hostAddress, port);
- }
-
- public static SocketAddress getSocketAddress(NetworkAddress netAddr) throws UnknownHostException {
- return new InetSocketAddress(InetAddress.getByAddress(netAddr.lookupIpAddress()), netAddr.getPort());
- }
-
public static boolean isHealthy(ISocketChannel sc) {
return sc != null && sc.getSocketChannel().isOpen() && sc.getSocketChannel().isConnected();
}
diff --git a/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/comm/NetworkAddress.java b/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/comm/NetworkAddress.java
index 75fbb92..9f9186b 100644
--- a/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/comm/NetworkAddress.java
+++ b/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/comm/NetworkAddress.java
@@ -35,8 +35,6 @@
private String address;
// Cached locally, not serialized
private volatile byte[] ipAddress;
- // Cached locally, not serialized
- private volatile InetSocketAddress inetSocketAddress;
private int port;
@@ -76,11 +74,12 @@
return ipAddress;
}
- public InetSocketAddress resolveInetSocketAddress() {
- if (inetSocketAddress == null) {
- inetSocketAddress = new InetSocketAddress(address, port);
+ public InetSocketAddress toResolvedInetSocketAddress() throws UnknownHostException {
+ InetSocketAddress addr = toInetSocketAddress();
+ if (addr.isUnresolved()) {
+ throw new UnknownHostException(getAddress());
}
- return inetSocketAddress;
+ return addr;
}
public InetSocketAddress toInetSocketAddress() {
diff --git a/hyracks-fullstack/hyracks/hyracks-client/src/main/java/org/apache/hyracks/client/result/ResultSetReader.java b/hyracks-fullstack/hyracks/hyracks-client/src/main/java/org/apache/hyracks/client/result/ResultSetReader.java
index b29e2ea2..992c8be 100644
--- a/hyracks-fullstack/hyracks/hyracks-client/src/main/java/org/apache/hyracks/client/result/ResultSetReader.java
+++ b/hyracks-fullstack/hyracks/hyracks-client/src/main/java/org/apache/hyracks/client/result/ResultSetReader.java
@@ -18,8 +18,6 @@
*/
package org.apache.hyracks.client.result;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
@@ -28,7 +26,6 @@
import org.apache.hyracks.api.channels.IInputChannelMonitor;
import org.apache.hyracks.api.comm.FrameHelper;
import org.apache.hyracks.api.comm.IFrame;
-import org.apache.hyracks.api.comm.NetworkAddress;
import org.apache.hyracks.api.context.IHyracksCommonContext;
import org.apache.hyracks.api.exceptions.ErrorCode;
import org.apache.hyracks.api.exceptions.HyracksDataException;
@@ -146,8 +143,7 @@
private SocketAddress getSocketAddress(ResultDirectoryRecord record) throws HyracksDataException {
try {
- final NetworkAddress netAddr = record.getNetworkAddress();
- return new InetSocketAddress(InetAddress.getByAddress(netAddr.lookupIpAddress()), netAddr.getPort());
+ return record.getNetworkAddress().toResolvedInetSocketAddress();
} catch (UnknownHostException e) {
throw HyracksDataException.create(e);
}
diff --git a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-cc/src/main/java/org/apache/hyracks/control/cc/ClusterControllerService.java b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-cc/src/main/java/org/apache/hyracks/control/cc/ClusterControllerService.java
index f11e7ff..d6698fe 100644
--- a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-cc/src/main/java/org/apache/hyracks/control/cc/ClusterControllerService.java
+++ b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-cc/src/main/java/org/apache/hyracks/control/cc/ClusterControllerService.java
@@ -35,6 +35,7 @@
import java.util.TreeMap;
import java.util.concurrent.ExecutorService;
+import org.apache.hyracks.api.application.IApplication;
import org.apache.hyracks.api.application.ICCApplication;
import org.apache.hyracks.api.client.ClusterControllerInfo;
import org.apache.hyracks.api.comm.NetworkAddress;
@@ -49,7 +50,6 @@
import org.apache.hyracks.api.job.JobIdFactory;
import org.apache.hyracks.api.job.JobParameterByteStore;
import org.apache.hyracks.api.job.resource.IJobCapacityController;
-import org.apache.hyracks.api.network.INetworkSecurityConfig;
import org.apache.hyracks.api.network.INetworkSecurityManager;
import org.apache.hyracks.api.service.IControllerService;
import org.apache.hyracks.api.topology.ClusterTopology;
@@ -170,8 +170,7 @@
File jobLogFolder = new File(ccConfig.getRootDir(), "logs/jobs");
jobLog = new LogFile(jobLogFolder);
- final INetworkSecurityConfig securityConfig = getNetworkSecurityConfig();
- networkSecurityManager = new NetworkSecurityManager(securityConfig);
+ networkSecurityManager = createNetworkSecurityManager(ccConfig.getAppConfig(), application);
// WorkQueue is in charge of heartbeat as well as other events.
workQueue = new WorkQueue("ClusterController", Thread.MAX_PRIORITY);
@@ -567,8 +566,9 @@
return networkSecurityManager;
}
- protected INetworkSecurityConfig getNetworkSecurityConfig() {
- return NetworkSecurityConfig.of(ccConfig.isSslEnabled(), ccConfig.getKeyStorePath(),
- ccConfig.getKeyStorePassword(), ccConfig.getTrustStorePath());
+ protected INetworkSecurityManager createNetworkSecurityManager(IApplicationConfig appConfig, IApplication app)
+ throws Exception {
+ return new NetworkSecurityManager(NetworkSecurityConfig.of(ccConfig.isSslEnabled(), ccConfig.getKeyStorePath(),
+ ccConfig.getKeyStorePassword(), ccConfig.getTrustStorePath()));
}
}
diff --git a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/NodeControllerService.java b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/NodeControllerService.java
index f69d106..e173dcb 100644
--- a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/NodeControllerService.java
+++ b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/NodeControllerService.java
@@ -45,6 +45,7 @@
import org.apache.hyracks.api.client.NodeControllerInfo;
import org.apache.hyracks.api.client.NodeStatus;
import org.apache.hyracks.api.comm.NetworkAddress;
+import org.apache.hyracks.api.config.IApplicationConfig;
import org.apache.hyracks.api.control.CcId;
import org.apache.hyracks.api.deployment.DeploymentId;
import org.apache.hyracks.api.exceptions.ErrorCode;
@@ -56,7 +57,6 @@
import org.apache.hyracks.api.job.JobParameterByteStore;
import org.apache.hyracks.api.lifecycle.ILifeCycleComponentManager;
import org.apache.hyracks.api.lifecycle.LifeCycleComponentManager;
-import org.apache.hyracks.api.network.INetworkSecurityConfig;
import org.apache.hyracks.api.network.INetworkSecurityManager;
import org.apache.hyracks.api.result.IResultPartitionManager;
import org.apache.hyracks.api.service.IControllerService;
@@ -197,8 +197,7 @@
if (application == null) {
throw new IllegalArgumentException("INCApplication cannot be null");
}
- final INetworkSecurityConfig securityConfig = getNetworkSecurityConfig();
- networkSecurityManager = new NetworkSecurityManager(securityConfig);
+ networkSecurityManager = createNetworkSecurityManager(ncConfig.getAppConfig(), application);
this.application = application;
id = ncConfig.getNodeId();
if (id == null) {
@@ -726,8 +725,9 @@
return networkSecurityManager;
}
- protected INetworkSecurityConfig getNetworkSecurityConfig() {
- return NetworkSecurityConfig.of(ncConfig.isSslEnabled(), ncConfig.getKeyStorePath(),
- ncConfig.getKeyStorePassword(), ncConfig.getTrustStorePath());
+ protected INetworkSecurityManager createNetworkSecurityManager(IApplicationConfig appConfig,
+ INCApplication application) {
+ return new NetworkSecurityManager(NetworkSecurityConfig.of(ncConfig.isSslEnabled(), ncConfig.getKeyStorePath(),
+ ncConfig.getKeyStorePassword(), ncConfig.getTrustStorePath()));
}
}
diff --git a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/ReportPartitionAvailabilityWork.java b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/ReportPartitionAvailabilityWork.java
index cfd69ce..a6952b9 100644
--- a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/ReportPartitionAvailabilityWork.java
+++ b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/ReportPartitionAvailabilityWork.java
@@ -18,8 +18,6 @@
*/
package org.apache.hyracks.control.nc.work;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
import java.util.Map;
import org.apache.hyracks.api.comm.NetworkAddress;
@@ -50,13 +48,8 @@
Map<JobId, Joblet> jobletMap = ncs.getJobletMap();
Joblet ji = jobletMap.get(pid.getJobId());
if (ji != null) {
- PartitionChannel channel =
- new PartitionChannel(pid,
- new NetworkInputChannel(ncs.getNetworkManager(),
- new InetSocketAddress(
- InetAddress.getByAddress(networkAddress.lookupIpAddress()),
- networkAddress.getPort()),
- pid, 5));
+ PartitionChannel channel = new PartitionChannel(pid, new NetworkInputChannel(ncs.getNetworkManager(),
+ networkAddress.toResolvedInetSocketAddress(), pid, 5));
ji.reportPartitionAvailability(channel);
}
} catch (Exception e) {
diff --git a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/StartTasksWork.java b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/StartTasksWork.java
index dd4a956..6225d4c 100644
--- a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/StartTasksWork.java
+++ b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-nc/src/main/java/org/apache/hyracks/control/nc/work/StartTasksWork.java
@@ -18,8 +18,6 @@
*/
package org.apache.hyracks.control.nc.work;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
@@ -301,12 +299,9 @@
NetworkAddress networkAddress = inputAddresses[i][j];
PartitionId pid = new PartitionId(jobId, inputs.get(i).getConnectorId(), j,
td.getTaskAttemptId().getTaskId().getPartition());
- PartitionChannel channel = new PartitionChannel(pid,
- new NetworkInputChannel(ncs.getNetworkManager(),
- new InetSocketAddress(
- InetAddress.getByAddress(networkAddress.lookupIpAddress()),
- networkAddress.getPort()),
- pid, 5));
+ PartitionChannel channel =
+ new PartitionChannel(pid, new NetworkInputChannel(ncs.getNetworkManager(),
+ networkAddress.toResolvedInetSocketAddress(), pid, 5));
channels.add(channel);
}
}
diff --git a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
index 42dacf5..db524ca 100644
--- a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
+++ b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
@@ -36,7 +36,7 @@
public class NetworkSecurityManager implements INetworkSecurityManager {
private volatile INetworkSecurityConfig config;
- private final ISocketChannelFactory sslSocketFactory;
+ protected final ISocketChannelFactory sslSocketFactory;
public static final String TSL_VERSION = "TLSv1.2";
public NetworkSecurityManager(INetworkSecurityConfig config) {