You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by bs...@apache.org on 2020/04/07 21:45:55 UTC
[geode] branch feature/GEODE-7852doc created (now 2765825)
This is an automated email from the ASF dual-hosted git repository.
bschuchardt pushed a change to branch feature/GEODE-7852doc
in repository https://gitbox.apache.org/repos/asf/geode.git.
at 2765825 GEODE-7852: SNI extension support
This branch includes the following new commits:
new 2765825 GEODE-7852: SNI extension support
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[geode] 01/01: GEODE-7852: SNI extension support
Posted by bs...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bschuchardt pushed a commit to branch feature/GEODE-7852doc
in repository https://gitbox.apache.org/repos/asf/geode.git
commit 276582533c885092d8e1d076d426a4c9f2e0b908
Author: Bruce Schuchardt <bs...@pivotal.io>
AuthorDate: Tue Apr 7 14:27:38 2020 -0700
GEODE-7852: SNI extension support
Modified SNISocketFactory so it can be used in cache.xml
Added a test for the new cache.xml element.
Updated docs for cache.xml and updated client configuration
instructions.
---
.../geode/client/sni/ClientSNIAcceptanceTest.java | 1 +
.../cache/client/ClientCacheFactoryJUnitTest.java | 10 ++++++++-
.../ClientCacheFactoryJUnitTest_single_pool.xml | 9 ++++++++
.../geode/cache/client/proxy/SniSocketFactory.java | 20 ++++++++++++++---
.../topics/client-cache-elements-list.html.md.erb | 1 +
.../reference/topics/client-cache.html.md.erb | 26 ++++++++++++++++++++++
.../setting_up_a_client_server_system.html.md.erb | 17 ++++++++++++--
.../geode/test/dunit/internal/ProcessManager.java | 6 +++--
8 files changed, 82 insertions(+), 8 deletions(-)
diff --git a/geode-assembly/src/acceptanceTest/java/org/apache/geode/client/sni/ClientSNIAcceptanceTest.java b/geode-assembly/src/acceptanceTest/java/org/apache/geode/client/sni/ClientSNIAcceptanceTest.java
index 69aa5d8..4f47fd0 100644
--- a/geode-assembly/src/acceptanceTest/java/org/apache/geode/client/sni/ClientSNIAcceptanceTest.java
+++ b/geode-assembly/src/acceptanceTest/java/org/apache/geode/client/sni/ClientSNIAcceptanceTest.java
@@ -97,5 +97,6 @@ public class ClientSNIAcceptanceTest {
region.destroy("hello");
region.put("hello", "world");
assertThat(region.get("hello")).isEqualTo("world");
+ assertThat(region.get("foo")).isEqualTo("bar");
}
}
diff --git a/geode-core/src/integrationTest/java/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest.java b/geode-core/src/integrationTest/java/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest.java
index 9074473..e5147df 100644
--- a/geode-core/src/integrationTest/java/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest.java
+++ b/geode-core/src/integrationTest/java/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest.java
@@ -32,6 +32,7 @@ import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.net.Socket;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.Collections;
@@ -52,6 +53,7 @@ import org.apache.geode.DataSerializer;
import org.apache.geode.cache.RegionService;
import org.apache.geode.cache.client.internal.ProxyCache;
import org.apache.geode.cache.client.internal.UserAttributes;
+import org.apache.geode.cache.client.proxy.SniSocketFactory;
import org.apache.geode.cache.server.CacheServer;
import org.apache.geode.distributed.DistributedSystem;
import org.apache.geode.distributed.internal.InternalDistributedSystem;
@@ -62,6 +64,7 @@ import org.apache.geode.internal.cache.GemFireCacheImpl;
import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID;
import org.apache.geode.internal.cache.xmlcache.CacheXmlGenerator;
import org.apache.geode.internal.cache.xmlcache.ClientCacheCreation;
+import org.apache.geode.internal.inet.LocalHostUtil;
import org.apache.geode.internal.serialization.Version;
import org.apache.geode.internal.serialization.VersionedDataInputStream;
import org.apache.geode.pdx.ReflectionBasedAutoSerializer;
@@ -127,7 +130,7 @@ public class ClientCacheFactoryJUnitTest {
}
@Test
- public void test001FindDefaultFromXML() throws Exception {
+ public void test001FindDefaultPoolFromXML() throws Exception {
File cacheXmlFile = temporaryFolder.newFile("ClientCacheFactoryJUnitTest.xml");
URL url = ClientCacheFactoryJUnitTest.class
.getResource("ClientCacheFactoryJUnitTest_single_pool.xml");
@@ -149,6 +152,11 @@ public class ClientCacheFactoryJUnitTest {
.isEqualTo(PoolFactory.DEFAULT_SOCKET_CONNECT_TIMEOUT);
assertThat(defPool.getServers()).isEqualTo(
Collections.singletonList(new InetSocketAddress("localhost", CacheServer.DEFAULT_PORT)));
+
+ assertThat(defPool.getSocketFactory()).isInstanceOf(SniSocketFactory.class);
+ Socket socket = defPool.getSocketFactory().createSocket();
+ assertThat(socket.getPort()).isEqualTo(12345);
+ assertThat(socket.getInetAddress()).isEqualTo(LocalHostUtil.getLocalHost());
}
/**
diff --git a/geode-core/src/test/resources/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest_single_pool.xml b/geode-core/src/integrationTest/resources/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest_single_pool.xml
similarity index 82%
rename from geode-core/src/test/resources/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest_single_pool.xml
rename to geode-core/src/integrationTest/resources/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest_single_pool.xml
index f139459..82666d9 100644
--- a/geode-core/src/test/resources/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest_single_pool.xml
+++ b/geode-core/src/integrationTest/resources/org/apache/geode/cache/client/ClientCacheFactoryJUnitTest_single_pool.xml
@@ -27,5 +27,14 @@
version="1.0">
<pool name="my_pool_name" multiuser-authentication="true">
<server host="localhost" port="40404"/>
+ <socket-factory>
+ <class-name>org.apache.geode.cache.client.proxy.SniSocketFactory</class-name>
+ <parameter name="hostname">
+ <string>localhost</string>
+ </parameter>
+ <parameter name="port">
+ <string>40404</string>
+ </parameter>
+ </socket-factory>
</pool>
</client-cache>
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/proxy/SniSocketFactory.java b/geode-core/src/main/java/org/apache/geode/cache/client/proxy/SniSocketFactory.java
index 584a405..f7ee5c3 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/proxy/SniSocketFactory.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/proxy/SniSocketFactory.java
@@ -18,24 +18,38 @@ package org.apache.geode.cache.client.proxy;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
+import java.util.Properties;
+import org.apache.geode.cache.Cache;
+import org.apache.geode.cache.Declarable;
import org.apache.geode.cache.client.SocketFactory;
+import org.apache.geode.internal.DistributionLocator;
/**
* A {@link SocketFactory} that connects a client to locators and servers
* through a SNI proxy.
*/
-public class SniSocketFactory implements SocketFactory {
+public class SniSocketFactory implements SocketFactory, Declarable {
- private final String hostname;
- private final int port;
+ private String hostname;
+ private int port;
+
+ public SniSocketFactory() {} // required by Declarable
public SniSocketFactory(String hostname, int port) {
this.hostname = hostname;
this.port = port;
}
+ @Override // Declarable
+ public void initialize(Cache cache, Properties properties) {
+ this.hostname = properties.getProperty("hostname");
+ String portString =
+ properties.getProperty("port", "" + DistributionLocator.DEFAULT_LOCATOR_PORT);
+ this.port = Integer.parseInt(portString);
+ }
+
@Override
public Socket createSocket() throws IOException {
return new SniProxySocket(new InetSocketAddress(hostname, port));
diff --git a/geode-docs/reference/topics/client-cache-elements-list.html.md.erb b/geode-docs/reference/topics/client-cache-elements-list.html.md.erb
index 0d26303..edb6f6d 100644
--- a/geode-docs/reference/topics/client-cache-elements-list.html.md.erb
+++ b/geode-docs/reference/topics/client-cache-elements-list.html.md.erb
@@ -31,6 +31,7 @@ For details, see [<client-cache> Element Reference.](client-cache.html)
<pool>
<locator>
<server>
+ <socket-factory>
<disk-store>
<disk-dirs>
<disk-dir>
diff --git a/geode-docs/reference/topics/client-cache.html.md.erb b/geode-docs/reference/topics/client-cache.html.md.erb
index 0db531b..a221e3e 100644
--- a/geode-docs/reference/topics/client-cache.html.md.erb
+++ b/geode-docs/reference/topics/client-cache.html.md.erb
@@ -338,6 +338,32 @@ Provide a server list or `locator` list, but not both.
port="123456"/>
</pool>
```
+## <a id="cc-socket-factory" class="no-quick-link"></a><socket-factory>
+
+Defines a factory to create socket connections to locators and servers. A typical use of this element is to redirect connections to an ingress gateway such as Istio or HAProxy in a cluster where the TLS (SSL) Server Name Extension field is set to indicate the actual locator or server the client is trying to reach. This allows you to expose only the gateway hostname:port without the client needing to be able to resolve the names of the locator and server machines.
+
+**Note:**
+This setting may be used with either a Server list or a Locator list. It will be used to form connections to either.
+
+**Default:**
+
+**API:** `org.apache.geode.cache.client.proxy.ProxySocketFactories`
+
+**Example:**
+
+``` pre
+<pool ...>
+ <socket-factory>
+ <class-name>org.apache.geode.cache.client.proxy.SniSocketFactory</class-name>
+ <parameter name="hostname">
+ <string>my-haproxy-address</string>
+ </parameter>
+ <parameter name="port">
+ <string>12345</string>
+ </parameter>
+ </socket-factory>
+</pool>
+```
## <a id="cc-disk-store" class="no-quick-link"></a><disk-store>
diff --git a/geode-docs/topologies_and_comm/cs_configuration/setting_up_a_client_server_system.html.md.erb b/geode-docs/topologies_and_comm/cs_configuration/setting_up_a_client_server_system.html.md.erb
index 7bdeaa5..c032cac 100644
--- a/geode-docs/topologies_and_comm/cs_configuration/setting_up_a_client_server_system.html.md.erb
+++ b/geode-docs/topologies_and_comm/cs_configuration/setting_up_a_client_server_system.html.md.erb
@@ -53,8 +53,8 @@ Configure your server and client processes and data regions to run your client/s
<client-cache>
<pool name="publisher" subscription-enabled="true">
- <locator host="lucy" port="41111"/>
- <locator host="lucy" port="41111"/>
+ <locator host="lucy1" port="41111"/>
+ <locator host="lucy2" port="41111"/>
</pool>
...
<region name="clientRegion" ...
@@ -62,6 +62,19 @@ Configure your server and client processes and data regions to run your client/s
You do not need to provide the complete list of locators to the clients at startup, but you should provide as complete a list as possible. The locators maintain a dynamic list of locators and servers and provide the information to the clients as needed.
+ When TLS (SSL) is used clients can also be directed to go through a SNI gateway such as Istio or HAProxy to reach locators and servers. To do this add the following to your cache.xml pool configuration:
+ <pool... >
+ <socket-factory>
+ <class-name>org.apache.geode.cache.client.proxy.SniSocketFactory</class-name>
+ <parameter name="hostname">
+ <string>my-gateway-address</string>
+ </parameter>
+ <parameter name="port">
+ <string>my-gateway-port-number</string>
+ </parameter>
+ </socket-factory>
+ </pool>
+
3.
Configure the server data regions for client/server work, following these guidelines. These do not need to be performed in this order.
diff --git a/geode-dunit/src/main/java/org/apache/geode/test/dunit/internal/ProcessManager.java b/geode-dunit/src/main/java/org/apache/geode/test/dunit/internal/ProcessManager.java
index bee2551..73af9dd 100755
--- a/geode-dunit/src/main/java/org/apache/geode/test/dunit/internal/ProcessManager.java
+++ b/geode-dunit/src/main/java/org/apache/geode/test/dunit/internal/ProcessManager.java
@@ -258,8 +258,10 @@ class ProcessManager implements ChildVMLauncher {
// remove current-version product classes and resources from the classpath
dunitClasspath =
removeModulesFromPath(dunitClasspath, "geode-common", "geode-core", "geode-cq",
- "geode-http-service", "geode-json", "geode-log4j", "geode-lucene",
- "geode-serialization", "geode-wan", "geode-gfsh");
+ "geode-http-service", "geode-json", "geode-log4j", "geode-lucene", "geode-tcp-server",
+ "geode-membership", "geode-management", "geode-logging", "geode-web",
+ "geode-rebalancer",
+ "geode-serialization", "geode-wan", "geode-gfsh", "geode-lucene");
classPath = versionManager.getClasspath(version) + File.pathSeparator + dunitClasspath;
}