You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by fa...@apache.org on 2020/02/26 21:41:35 UTC

[zookeeper] branch master updated: ZOOKEEPER-3682: Stop initializing new SSL connection if ZK server is …

This is an automated email from the ASF dual-hosted git repository.

fangmin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new db87335  ZOOKEEPER-3682: Stop initializing new SSL connection if ZK server is …
db87335 is described below

commit db87335fd2593cacc49bc23c1b9065256d0d3d36
Author: Jie Huang <ji...@fb.com>
AuthorDate: Wed Feb 26 13:41:26 2020 -0800

    ZOOKEEPER-3682: Stop initializing new SSL connection if ZK server is …
    
    …shutting down
    
    Author: Jie Huang <ji...@fb.com>
    Author: Fangmin Lyu <al...@fb.com>
    
    Reviewers: andor@apache.org, fangmin@apache.org
    
    Closes #1210 from jhuan31/ZOOKEEPER-3682
---
 .../src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java | 7 -------
 .../java/org/apache/zookeeper/server/NettyServerCnxnFactory.java | 9 +++++++++
 .../src/main/java/org/apache/zookeeper/server/ServerCnxn.java    | 7 +++++++
 .../src/main/java/org/apache/zookeeper/server/ServerMetrics.java | 4 ++++
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java
index 2ed7589..86fe85d 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java
@@ -555,13 +555,6 @@ public class NIOServerCnxn extends ServerCnxn {
         return true;
     }
 
-    /**
-     * @return true if the server is running, false otherwise.
-     */
-    boolean isZKServerRunning() {
-        return zkServer != null && zkServer.isRunning();
-    }
-
     /*
      * (non-Javadoc)
      *
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java
index 78e0302..5d236ee 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java
@@ -224,6 +224,15 @@ public class NettyServerCnxnFactory extends ServerCnxnFactory {
             NettyServerCnxn cnxn = new NettyServerCnxn(channel, zkServer, NettyServerCnxnFactory.this);
             ctx.channel().attr(CONNECTION_ATTRIBUTE).set(cnxn);
 
+            // Check the zkServer assigned to the cnxn is still running,
+            // close it before starting the heavy TLS handshake
+            if (!cnxn.isZKServerRunning()) {
+                LOG.warn("Zookeeper server is not running, close the connection before starting the TLS handshake");
+                ServerMetrics.getMetrics().CNXN_CLOSED_WITHOUT_ZK_SERVER_RUNNING.add(1);
+                channel.close();
+                return;
+            }
+
             if (handshakeThrottlingEnabled) {
                 // Favor to check and throttling even in dual mode which
                 // accepts both secure and insecure connections, since
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java
index 95f0534..d70551a 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerCnxn.java
@@ -602,6 +602,13 @@ public abstract class ServerCnxn implements Stats, Watcher {
     }
 
     /**
+     * @return true if the server is running, false otherwise.
+     */
+    public boolean isZKServerRunning() {
+        return zkServer != null && zkServer.isRunning();
+    }
+
+    /**
      * Returns the IP address or empty string.
      */
     public String getHostAddress() {
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java
index 5cd4abe..cbdb234 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/ServerMetrics.java
@@ -230,6 +230,8 @@ public final class ServerMetrics {
 
         DIGEST_MISMATCHES_COUNT = metricsContext.getCounter("digest_mismatches_count");
         TLS_HANDSHAKE_EXCEEDED = metricsContext.getCounter("tls_handshake_exceeded");
+
+        CNXN_CLOSED_WITHOUT_ZK_SERVER_RUNNING = metricsContext.getCounter("cnxn_closed_without_zk_server_running");
     }
 
     /**
@@ -444,6 +446,8 @@ public final class ServerMetrics {
 
     public final Counter TLS_HANDSHAKE_EXCEEDED;
 
+    public final Counter CNXN_CLOSED_WITHOUT_ZK_SERVER_RUNNING;
+
     private final MetricsProvider metricsProvider;
 
     public void resetAll() {