You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by fa...@apache.org on 2020/02/26 21:41:35 UTC
[zookeeper] branch master updated: ZOOKEEPER-3682: Stop initializing new SSL connection if ZK server is …
This is an automated email from the ASF dual-hosted git repository.
fangmin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new db87335 ZOOKEEPER-3682: Stop initializing new SSL connection if ZK server is …
db87335 is described below
commit db87335fd2593cacc49bc23c1b9065256d0d3d36
Author: Jie Huang <ji...@fb.com>
AuthorDate: Wed Feb 26 13:41:26 2020 -0800
ZOOKEEPER-3682: Stop initializing new SSL connection if ZK server is …
…shutting down
Author: Jie Huang <ji...@fb.com>
Author: Fangmin Lyu <al...@fb.com>
Reviewers: andor@apache.org, fangmin@apache.org
Closes #1210 from jhuan31/ZOOKEEPER-3682
---
.../src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java | 7 -------
.../java/org/apache/zookeeper/server/NettyServerCnxnFactory.java | 9 +++++++++
.../src/main/java/org/apache/zookeeper/server/ServerCnxn.java | 7 +++++++
.../src/main/java/org/apache/zookeeper/server/ServerMetrics.java | 4 ++++
4 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java
index 2ed7589..86fe85d 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java
@@ -555,13 +555,6 @@ public class NIOServerCnxn extends ServerCnxn {
return true;
}
- /**
- * @return true if the server is running, false otherwise.
- */
- boolean isZKServerRunning() {
- return zkServer != null && zkServer.isRunning();
- }
-
/*
* (non-Javadoc)
*
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java
index 78e0302..5d236ee 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java
@@ -224,6 +224,15 @@ public class NettyServerCnxnFactory extends ServerCnxnFactory {
NettyServerCnxn cnxn = new NettyServerCnxn(channel, zkServer, NettyServerCnxnFactory.this);
ctx.channel().attr(CONNECTION_ATTRIBUTE).set(cnxn);
+ // Check the zkServer assigned to the cnxn is still running,
+ // close it before starting the heavy TLS handshake
+ if (!cnxn.isZKServerRunning()) {
+ LOG.warn("Zookeeper server is not running, close the connection before starting the TLS handshake");
+ ServerMetrics.getMetrics().CNXN_CLOSED_WITHOUT_ZK_SERVER_RUNNING.add(1);
+ channel.close();
+ return;
+ }
+
if (handshakeThrottlingEnabled) {
// Favor to check and throttling even in dual mode which
// accepts both secure and insecure connections, since
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java
index 95f0534..d70551a 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java
@@ -602,6 +602,13 @@ public abstract class ServerCnxn implements Stats, Watcher {
}
/**
+ * @return true if the server is running, false otherwise.
+ */
+ public boolean isZKServerRunning() {
+ return zkServer != null && zkServer.isRunning();
+ }
+
+ /**
* Returns the IP address or empty string.
*/
public String getHostAddress() {
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java
index 5cd4abe..cbdb234 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java
@@ -230,6 +230,8 @@ public final class ServerMetrics {
DIGEST_MISMATCHES_COUNT = metricsContext.getCounter("digest_mismatches_count");
TLS_HANDSHAKE_EXCEEDED = metricsContext.getCounter("tls_handshake_exceeded");
+
+ CNXN_CLOSED_WITHOUT_ZK_SERVER_RUNNING = metricsContext.getCounter("cnxn_closed_without_zk_server_running");
}
/**
@@ -444,6 +446,8 @@ public final class ServerMetrics {
public final Counter TLS_HANDSHAKE_EXCEEDED;
+ public final Counter CNXN_CLOSED_WITHOUT_ZK_SERVER_RUNNING;
+
private final MetricsProvider metricsProvider;
public void resetAll() {