You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@calcite.apache.org by GitBox <gi...@apache.org> on 2021/07/06 15:11:12 UTC
[GitHub] [calcite-avatica] joshelser commented on a change in pull request #149: [CALCITE-4647] CALCITE-4676 Avatica client leaks TCP connections
joshelser commented on a change in pull request #149:
URL: https://github.com/apache/calcite-avatica/pull/149#discussion_r664621919
##########
File path: core/src/main/java/org/apache/calcite/avatica/remote/AvaticaHttpClientFactoryImpl.java
##########
@@ -57,70 +57,77 @@ public static AvaticaHttpClientFactoryImpl getInstance() {
KerberosConnection kerberosUtil) {
String className = config.httpClientClass();
if (null == className) {
- // Provide an implementation that works with SPNEGO if that's the authentication is use.
- if ("SPNEGO".equalsIgnoreCase(config.authentication())) {
- className = SPNEGO_HTTP_CLIENT_IMPL_DEFAULT;
- } else {
- className = HTTP_CLIENT_IMPL_DEFAULT;
- }
+ className = HTTP_CLIENT_IMPL_DEFAULT;
}
AvaticaHttpClient client = instantiateClient(className, url);
- if (client instanceof TrustStoreConfigurable) {
- File truststore = config.truststore();
- String truststorePassword = config.truststorePassword();
- if (null != truststore && null != truststorePassword) {
- ((TrustStoreConfigurable) client)
- .setTrustStore(truststore, truststorePassword);
- }
+ if (client instanceof HttpClientPoolConfigurable) {
+ PoolingHttpClientConnectionManager pool = CommonsHttpClientPoolCache.getPool(config);
+ ((HttpClientPoolConfigurable) client).setHttpClientPool(pool);
} else {
- LOG.debug("{} is not capable of SSL/TLS communication", client.getClass().getName());
- }
+ // Kept for backwards compatibility, the current AvaticaCommonsHttpClientImpl
+ // does not implement these interfaces
Review comment:
Should probably deprecate these interfaces if we don't use them anymore.
##########
File path: core/src/main/java/org/apache/calcite/avatica/remote/HttpClientPoolConfigurable.java
##########
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.avatica.remote;
+
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+
+/**
+ * Allows a http connection pool to be provided to enable TLS authentication.
+ * On clients with this interface MUST setHttpClientPool() MUST be called before using
Review comment:
nit: extra "MUST". Should just be..
`On clients with this interface, setHttpClientPool() MUST..`
##########
File path: core/src/main/java/org/apache/calcite/avatica/remote/CommonsHttpClientPoolCache.java
##########
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.avatica.remote;
+
+import org.apache.calcite.avatica.ConnectionConfig;
+import org.apache.calcite.avatica.remote.HostnameVerificationConfigurable.HostnameVerification;
+
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.concurrent.ConcurrentHashMap;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+
+/**
+ * Creates and returns a PoolingHttpClientConnectionManager object.
+ * If a pool exists for a given set of keystore, trustore, and hostanmeVerification
+ * parameters, then the existing pool is returned.
+ *
+ */
+public class CommonsHttpClientPoolCache {
+
+ // Some basic exposed configurations
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_KEY =
+ "avatica.pooled.connections.per.route";
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_DEFAULT = "25";
+ private static final String MAX_POOLED_CONNECTIONS_KEY = "avatica.pooled.connections.max";
+ private static final String MAX_POOLED_CONNECTIONS_DEFAULT = "100";
+
+ private static final Logger LOG = LoggerFactory.getLogger(CommonsHttpClientPoolCache.class);
+
+ private CommonsHttpClientPoolCache() {
+ //do not instantiate
+ }
+
+ private static final ConcurrentHashMap<String, PoolingHttpClientConnectionManager> CACHED_POOLS =
+ new ConcurrentHashMap<>();
+
+ public static PoolingHttpClientConnectionManager getPool(ConnectionConfig config) {
+ String sslDisc = extractSSLParameters(config);
+
+ PoolingHttpClientConnectionManager pool = CACHED_POOLS.get(sslDisc);
+ if (pool != null) {
+ //Debug
+ System.out.println("Reusing existing pool for sslDisc:" + sslDisc);
Review comment:
Logger
##########
File path: core/src/main/java/org/apache/calcite/avatica/remote/CommonsHttpClientPoolCache.java
##########
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.avatica.remote;
+
+import org.apache.calcite.avatica.ConnectionConfig;
+import org.apache.calcite.avatica.remote.HostnameVerificationConfigurable.HostnameVerification;
+
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.concurrent.ConcurrentHashMap;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+
+/**
+ * Creates and returns a PoolingHttpClientConnectionManager object.
+ * If a pool exists for a given set of keystore, trustore, and hostanmeVerification
+ * parameters, then the existing pool is returned.
+ *
+ */
+public class CommonsHttpClientPoolCache {
+
+ // Some basic exposed configurations
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_KEY =
+ "avatica.pooled.connections.per.route";
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_DEFAULT = "25";
+ private static final String MAX_POOLED_CONNECTIONS_KEY = "avatica.pooled.connections.max";
+ private static final String MAX_POOLED_CONNECTIONS_DEFAULT = "100";
+
+ private static final Logger LOG = LoggerFactory.getLogger(CommonsHttpClientPoolCache.class);
+
+ private CommonsHttpClientPoolCache() {
+ //do not instantiate
+ }
+
+ private static final ConcurrentHashMap<String, PoolingHttpClientConnectionManager> CACHED_POOLS =
+ new ConcurrentHashMap<>();
+
+ public static PoolingHttpClientConnectionManager getPool(ConnectionConfig config) {
+ String sslDisc = extractSSLParameters(config);
+
+ PoolingHttpClientConnectionManager pool = CACHED_POOLS.get(sslDisc);
+ if (pool != null) {
+ //Debug
+ System.out.println("Reusing existing pool for sslDisc:" + sslDisc);
+ return pool;
+ }
+
+ synchronized (CommonsHttpClientPoolCache.class) {
+ pool = CACHED_POOLS.get(sslDisc);
+ if (pool != null) {
+ //Debug
+ System.out.println("Reusing2 existing pool for sslDisc:" + sslDisc);
+ return pool;
+ }
+
+ Registry<ConnectionSocketFactory> csfr = createCSFRegistry(config);
+ pool = new PoolingHttpClientConnectionManager(csfr);
+ final String maxCnxns =
+ System.getProperty(MAX_POOLED_CONNECTIONS_KEY, MAX_POOLED_CONNECTIONS_DEFAULT);
+ pool.setMaxTotal(Integer.parseInt(maxCnxns));
+ // Increase default max connection per route to 25
+ final String maxCnxnsPerRoute = System.getProperty(MAX_POOLED_CONNECTION_PER_ROUTE_KEY,
+ MAX_POOLED_CONNECTION_PER_ROUTE_DEFAULT);
+ pool.setDefaultMaxPerRoute(Integer.parseInt(maxCnxnsPerRoute));
+ //Debug
+ System.out.println("Created new pool for sslDisc:" + sslDisc);
Review comment:
Logger
##########
File path: core/src/main/java/org/apache/calcite/avatica/remote/AvaticaCommonsHttpClientImpl.java
##########
@@ -31,50 +33,42 @@
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
-import org.apache.http.conn.socket.PlainConnectionSocketFactory;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.auth.BasicSchemeFactory;
import org.apache.http.impl.auth.DigestSchemeFactory;
+import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
-import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
+import org.ietf.jgss.GSSCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.File;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.Principal;
import java.util.Objects;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.SSLContext;
/**
* A common class to invoke HTTP requests against the Avatica server agnostic of the data being
* sent and received across the wire.
*/
-public class AvaticaCommonsHttpClientImpl implements AvaticaHttpClient,
- UsernamePasswordAuthenticateable, TrustStoreConfigurable,
- KeyStoreConfigurable, HostnameVerificationConfigurable {
Review comment:
We should deprecate `TrustStoreConfigurable`, `KeyStoreConfigurable`, and `HostnameVerificationConfigurable` since those are handled by the pool now?
##########
File path: core/src/main/java/org/apache/calcite/avatica/remote/CommonsHttpClientPoolCache.java
##########
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.avatica.remote;
+
+import org.apache.calcite.avatica.ConnectionConfig;
+import org.apache.calcite.avatica.remote.HostnameVerificationConfigurable.HostnameVerification;
+
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.concurrent.ConcurrentHashMap;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+
+/**
+ * Creates and returns a PoolingHttpClientConnectionManager object.
+ * If a pool exists for a given set of keystore, trustore, and hostanmeVerification
+ * parameters, then the existing pool is returned.
+ *
+ */
+public class CommonsHttpClientPoolCache {
+
+ // Some basic exposed configurations
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_KEY =
+ "avatica.pooled.connections.per.route";
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_DEFAULT = "25";
+ private static final String MAX_POOLED_CONNECTIONS_KEY = "avatica.pooled.connections.max";
+ private static final String MAX_POOLED_CONNECTIONS_DEFAULT = "100";
+
+ private static final Logger LOG = LoggerFactory.getLogger(CommonsHttpClientPoolCache.class);
+
+ private CommonsHttpClientPoolCache() {
+ //do not instantiate
+ }
+
+ private static final ConcurrentHashMap<String, PoolingHttpClientConnectionManager> CACHED_POOLS =
+ new ConcurrentHashMap<>();
+
+ public static PoolingHttpClientConnectionManager getPool(ConnectionConfig config) {
+ String sslDisc = extractSSLParameters(config);
+
+ PoolingHttpClientConnectionManager pool = CACHED_POOLS.get(sslDisc);
+ if (pool != null) {
+ //Debug
+ System.out.println("Reusing existing pool for sslDisc:" + sslDisc);
+ return pool;
+ }
+
+ synchronized (CommonsHttpClientPoolCache.class) {
+ pool = CACHED_POOLS.get(sslDisc);
+ if (pool != null) {
+ //Debug
+ System.out.println("Reusing2 existing pool for sslDisc:" + sslDisc);
Review comment:
Logger
##########
File path: core/src/main/java/org/apache/calcite/avatica/remote/CommonsHttpClientPoolCache.java
##########
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.calcite.avatica.remote;
+
+import org.apache.calcite.avatica.ConnectionConfig;
+import org.apache.calcite.avatica.remote.HostnameVerificationConfigurable.HostnameVerification;
+
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.concurrent.ConcurrentHashMap;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+
+/**
+ * Creates and returns a PoolingHttpClientConnectionManager object.
+ * If a pool exists for a given set of keystore, trustore, and hostanmeVerification
+ * parameters, then the existing pool is returned.
+ *
+ */
+public class CommonsHttpClientPoolCache {
+
+ // Some basic exposed configurations
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_KEY =
+ "avatica.pooled.connections.per.route";
+ private static final String MAX_POOLED_CONNECTION_PER_ROUTE_DEFAULT = "25";
+ private static final String MAX_POOLED_CONNECTIONS_KEY = "avatica.pooled.connections.max";
+ private static final String MAX_POOLED_CONNECTIONS_DEFAULT = "100";
+
+ private static final Logger LOG = LoggerFactory.getLogger(CommonsHttpClientPoolCache.class);
+
+ private CommonsHttpClientPoolCache() {
+ //do not instantiate
+ }
+
+ private static final ConcurrentHashMap<String, PoolingHttpClientConnectionManager> CACHED_POOLS =
+ new ConcurrentHashMap<>();
+
+ public static PoolingHttpClientConnectionManager getPool(ConnectionConfig config) {
+ String sslDisc = extractSSLParameters(config);
+
+ PoolingHttpClientConnectionManager pool = CACHED_POOLS.get(sslDisc);
Review comment:
Could simplify the double-checked locking of this to use `computeIfAbsent()` method on `ConcurrentHashMap`. If I'm reading the javadoc correctly, it will do the mutual exclusion on creating the pool for you.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@calcite.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org