You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rocketmq.apache.org by zh...@apache.org on 2022/12/09 11:53:51 UTC
[rocketmq] 10/26: [ISSUE #5486] polish tls config; add tcnative dependency
This is an automated email from the ASF dual-hosted git repository.
zhouxzhan pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git
commit 832fc57a08a1ee5aee18b662e1e7539e41caf50f
Author: kaiyi.lk <ka...@alibaba-inc.com>
AuthorDate: Wed Nov 9 18:03:00 2022 +0800
[ISSUE #5486] polish tls config; add tcnative dependency
---
pom.xml | 6 +++
proxy/pom.xml | 4 ++
.../apache/rocketmq/proxy/config/ProxyConfig.java | 48 ++++++++++++----------
.../rocketmq/proxy/grpc/GrpcServerBuilder.java | 6 +--
.../proxy/remoting/RemotingProtocolServer.java | 12 +++---
5 files changed, 45 insertions(+), 31 deletions(-)
diff --git a/pom.xml b/pom.xml
index 197cea783..e4324a5b0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -103,6 +103,7 @@
<commons-cli.version>1.5.0</commons-cli.version>
<netty.version>4.1.65.Final</netty.version>
+ <netty.tcnative.version>2.0.53.Final</netty.tcnative.version>
<bcpkix-jdk15on.version>1.69</bcpkix-jdk15on.version>
<fastjson.version>1.2.83</fastjson.version>
<javassist.version>3.20.0-GA</javassist.version>
@@ -900,6 +901,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ <version>${netty.tcnative.version}</version>
+ </dependency>
<dependency>
<groupId>org.springframework</groupId>
diff --git a/proxy/pom.xml b/proxy/pom.xml
index c15734f16..f5373e914 100644
--- a/proxy/pom.xml
+++ b/proxy/pom.xml
@@ -95,6 +95,10 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ </dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
diff --git a/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java b/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java
index b613c191e..bd7cf1113 100644
--- a/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java
+++ b/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java
@@ -73,14 +73,17 @@ public class ProxyConfig implements ConfigFile {
private String namesrvAddr = System.getProperty(MixAll.NAMESRV_ADDR_PROPERTY, System.getenv(MixAll.NAMESRV_ADDR_ENV));
private String namesrvDomain = "";
private String namesrvDomainSubgroup = "";
+ /**
+ * TLS
+ */
+ private boolean tlsTestModeEnable = true;
+ private String tlsKeyPath = ConfigurationManager.getProxyHome() + "/conf/tls/rocketmq.key";
+ private String tlsCertPath = ConfigurationManager.getProxyHome() + "/conf/tls/rocketmq.crt";
/**
* gRPC
*/
private String proxyMode = ProxyMode.CLUSTER.name();
private Integer grpcServerPort = 8081;
- private boolean grpcTlsTestModeEnable = true;
- private String grpcTlsKeyPath = ConfigurationManager.getProxyHome() + "/conf/tls/rocketmq.key";
- private String grpcTlsCertPath = ConfigurationManager.getProxyHome() + "/conf/tls/rocketmq.crt";
private int grpcBossLoopNum = 1;
private int grpcWorkerLoopNum = PROCESSOR_NUMBER * 2;
private boolean enableGrpcEpoll = false;
@@ -190,8 +193,6 @@ public class ProxyConfig implements ConfigFile {
private boolean traceOn = false;
- private String remotingAccessPoint = "";
-
private BrokerConfig.MetricsExporterType metricsExporterType = BrokerConfig.MetricsExporterType.DISABLE;
private String metricsGrpcExporterTarget = "";
@@ -210,9 +211,9 @@ public class ProxyConfig implements ConfigFile {
private long channelExpiredTimeout = 1000 * 120;
// remoting
-
private boolean enableRemotingLocalProxyGrpc = true;
private int localProxyConnectTimeoutMs = 3000;
+ private String remotingAccessAddr = "";
private int remotingListenPort = 8080;
private int remotingHeartbeatThreadPoolNums = 2 * PROCESSOR_NUMBER;
@@ -245,6 +246,9 @@ public class ProxyConfig implements ConfigFile {
if (StringUtils.isBlank(localServeAddr)) {
throw new ProxyException(ProxyExceptionCode.INTERNAL_SERVER_ERROR, "get local serve ip failed");
}
+ if (StringUtils.isBlank(remotingAccessAddr)) {
+ this.remotingAccessAddr = this.localServeAddr;
+ }
if (StringUtils.isBlank(systemTopicClusterName)) {
this.systemTopicClusterName = this.rocketMQClusterName;
}
@@ -407,28 +411,28 @@ public class ProxyConfig implements ConfigFile {
this.grpcServerPort = grpcServerPort;
}
- public boolean isGrpcTlsTestModeEnable() {
- return grpcTlsTestModeEnable;
+ public boolean isTlsTestModeEnable() {
+ return tlsTestModeEnable;
}
- public void setGrpcTlsTestModeEnable(boolean grpcTlsTestModeEnable) {
- this.grpcTlsTestModeEnable = grpcTlsTestModeEnable;
+ public void setTlsTestModeEnable(boolean tlsTestModeEnable) {
+ this.tlsTestModeEnable = tlsTestModeEnable;
}
- public String getGrpcTlsKeyPath() {
- return grpcTlsKeyPath;
+ public String getTlsKeyPath() {
+ return tlsKeyPath;
}
- public void setGrpcTlsKeyPath(String grpcTlsKeyPath) {
- this.grpcTlsKeyPath = grpcTlsKeyPath;
+ public void setTlsKeyPath(String tlsKeyPath) {
+ this.tlsKeyPath = tlsKeyPath;
}
- public String getGrpcTlsCertPath() {
- return grpcTlsCertPath;
+ public String getTlsCertPath() {
+ return tlsCertPath;
}
- public void setGrpcTlsCertPath(String grpcTlsCertPath) {
- this.grpcTlsCertPath = grpcTlsCertPath;
+ public void setTlsCertPath(String tlsCertPath) {
+ this.tlsCertPath = tlsCertPath;
}
public int getGrpcBossLoopNum() {
@@ -1059,12 +1063,12 @@ public class ProxyConfig implements ConfigFile {
this.traceOn = traceOn;
}
- public String getRemotingAccessPoint() {
- return remotingAccessPoint;
+ public String getRemotingAccessAddr() {
+ return remotingAccessAddr;
}
- public void setRemotingAccessPoint(String remotingAccessPoint) {
- this.remotingAccessPoint = remotingAccessPoint;
+ public void setRemotingAccessAddr(String remotingAccessAddr) {
+ this.remotingAccessAddr = remotingAccessAddr;
}
public BrokerConfig.MetricsExporterType getMetricsExporterType() {
diff --git a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java
index 00a738770..5e1b73505 100644
--- a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java
+++ b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/GrpcServerBuilder.java
@@ -118,7 +118,7 @@ public class GrpcServerBuilder {
return;
}
ProxyConfig proxyConfig = ConfigurationManager.getProxyConfig();
- boolean tlsTestModeEnable = proxyConfig.isGrpcTlsTestModeEnable();
+ boolean tlsTestModeEnable = proxyConfig.isTlsTestModeEnable();
if (tlsTestModeEnable) {
SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
serverBuilder.sslContext(GrpcSslContexts.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey())
@@ -128,8 +128,8 @@ public class GrpcServerBuilder {
return;
}
- String tlsKeyPath = ConfigurationManager.getProxyConfig().getGrpcTlsKeyPath();
- String tlsCertPath = ConfigurationManager.getProxyConfig().getGrpcTlsCertPath();
+ String tlsKeyPath = ConfigurationManager.getProxyConfig().getTlsKeyPath();
+ String tlsCertPath = ConfigurationManager.getProxyConfig().getTlsCertPath();
try (InputStream serverKeyInputStream = Files.newInputStream(Paths.get(tlsKeyPath));
InputStream serverCertificateStream = Files.newInputStream(Paths.get(tlsCertPath))) {
serverBuilder.sslContext(GrpcSslContexts.forServer(serverCertificateStream, serverKeyInputStream)
diff --git a/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java b/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java
index d0137b2b4..a173a79b6 100644
--- a/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java
+++ b/proxy/src/main/java/org/apache/rocketmq/proxy/remoting/RemotingProtocolServer.java
@@ -99,12 +99,12 @@ public class RemotingProtocolServer implements StartAndShutdown, RemotingProxyOu
ProxyConfig config = ConfigurationManager.getProxyConfig();
NettyServerConfig defaultServerConfig = new NettyServerConfig();
defaultServerConfig.setListenPort(config.getRemotingListenPort());
- TlsSystemConfig.tlsTestModeEnable = false;
- System.setProperty(TlsSystemConfig.TLS_TEST_MODE_ENABLE, "false");
- TlsSystemConfig.tlsServerCertPath = config.getGrpcTlsCertPath();
- System.setProperty(TlsSystemConfig.TLS_SERVER_CERTPATH, config.getGrpcTlsCertPath());
- TlsSystemConfig.tlsServerKeyPath = config.getGrpcTlsKeyPath();
- System.setProperty(TlsSystemConfig.TLS_SERVER_KEYPATH, config.getGrpcTlsKeyPath());
+ TlsSystemConfig.tlsTestModeEnable = config.isTlsTestModeEnable();
+ System.setProperty(TlsSystemConfig.TLS_TEST_MODE_ENABLE, Boolean.toString(config.isTlsTestModeEnable()));
+ TlsSystemConfig.tlsServerCertPath = config.getTlsCertPath();
+ System.setProperty(TlsSystemConfig.TLS_SERVER_CERTPATH, config.getTlsCertPath());
+ TlsSystemConfig.tlsServerKeyPath = config.getTlsKeyPath();
+ System.setProperty(TlsSystemConfig.TLS_SERVER_KEYPATH, config.getTlsKeyPath());
this.clientHousekeepingService = new ClientHousekeepingService(this.clientManagerActivity);