Merge branch 'stable-3.1' into stable-3.2
* stable-3.1:
Align testcontainers with v1.15 in Gerrit
Jenkinsfile: use gerrit-ci-library pipeline for plugin validation
Revert "Add SSL support for Zookeeper client"
Add SSL support for Zookeeper client
Change-Id: I6619b49ec070c6037d7f66b74bc81c21061f22bd
diff --git a/BUILD b/BUILD
index d5d34bf..f6dd094 100644
--- a/BUILD
+++ b/BUILD
@@ -7,6 +7,28 @@
)
gerrit_plugin(
+ name = "zookeeper-refdb-zk-3.5",
+ srcs = glob(["src/main/java/**/*.java"]),
+ manifest_entries = [
+ "Gerrit-PluginName: zookeeper-refdb",
+ "Gerrit-Module: com.googlesource.gerrit.plugins.validation.dfsrefdb.zookeeper.ZkValidationModule",
+ "Implementation-Title: zookeeper ref-db plugin",
+ "Implementation-URL: https://review.gerrithub.io/admin/repos/GerritForge/plugins_zookeeper",
+ ],
+ resources = glob(["src/main/resources/**/*"]),
+ dir_name = "zookeeper-refdb",
+ deps = [
+ "@curator-client//jar",
+ "@curator-framework//jar",
+ "@curator-recipes//jar",
+ "@global-refdb//jar",
+ "@zookeeper_3.5//jar",
+ "@zookeeper-jute_3.5//jar",
+ "@netty-all_3.5//jar",
+ ],
+)
+
+gerrit_plugin(
name = "zookeeper-refdb",
srcs = glob(["src/main/java/**/*.java"]),
manifest_entries = [
@@ -21,7 +43,7 @@
"@curator-framework//jar",
"@curator-recipes//jar",
"@global-refdb//jar",
- "@zookeeper//jar",
+ "@zookeeper_3.4//jar",
],
)
@@ -43,7 +65,7 @@
testonly = 1,
visibility = ["//visibility:public"],
exports = PLUGIN_DEPS + PLUGIN_TEST_DEPS + [
- ":zookeeper-refdb__plugin",
+ ":zookeeper-refdb-zk-3.5__plugin",
"@curator-framework//jar",
"@curator-recipes//jar",
"@curator-test//jar",
diff --git a/README.md b/README.md
index 74ba043..876d49b 100644
--- a/README.md
+++ b/README.md
@@ -5,12 +5,12 @@
Requirements for using this plugin are:
-- Gerrit v3.1 or later
+- Gerrit v3.2 or later
- Apache Zookeeper v3.4 or later
## Typical use-case
The global ref-db is a typical use-case of a Gerrit multi-master scenario
in a multi-site setup. Refer to the
-[Gerrit multi-site plugin](https://gerrit.googlesource.com/plugins/multi-site/+/stable-3.1/DESIGN.md)
+[Gerrit multi-site plugin](https://gerrit.googlesource.com/plugins/multi-site/+/master/DESIGN.md)
for more details on the high level architecture.
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index 5280f73..b68d6cc 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -28,7 +28,25 @@
)
maven_jar(
- name = "zookeeper",
+ name = "zookeeper_3.5",
+ artifact = "org.apache.zookeeper:zookeeper:3.5.7",
+ sha1 = "12bdf55ba8be7fc891996319d37f35eaad7e63ea",
+ )
+
+ maven_jar(
+ name = "zookeeper-jute_3.5",
+ artifact = "org.apache.zookeeper:zookeeper-jute:3.5.7",
+ sha1 = "1270f80b08904499a6839a2ee1800da687ad96b4",
+ )
+
+ maven_jar(
+ name = "netty-all_3.5",
+ artifact = "io.netty:netty-all:4.1.45.Final",
+ sha1 = "e830eae36d22f2bba3118a3bc08e17f15263a01d",
+ )
+
+ maven_jar(
+ name = "zookeeper_3.4",
artifact = "org.apache.zookeeper:zookeeper:3.4.14",
sha1 = "c114c1e1c8172a7cd3f6ae39209a635f7a06c1a1",
)
diff --git a/src/main/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperConfig.java b/src/main/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperConfig.java
index 7523d1f..d9c7a4a 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperConfig.java
@@ -20,6 +20,7 @@
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.inject.Inject;
+import java.util.Optional;
import org.apache.commons.lang.StringUtils;
import org.apache.curator.RetryPolicy;
import org.apache.curator.framework.CuratorFramework;
@@ -41,6 +42,7 @@
private final int DEFAULT_CAS_RETRY_POLICY_MAX_SLEEP_TIME_MS = 300;
private final int DEFAULT_CAS_RETRY_POLICY_MAX_RETRIES = 3;
private final int DEFAULT_TRANSACTION_LOCK_TIMEOUT = 1000;
+ private final boolean DEFAULT_SSL_CONNECTION = false;
static {
CuratorFrameworkFactory.Builder b = CuratorFrameworkFactory.builder();
@@ -56,6 +58,13 @@
public static final String KEY_RETRY_POLICY_MAX_SLEEP_TIME_MS = "retryPolicyMaxSleepTimeMs";
public static final String KEY_RETRY_POLICY_MAX_RETRIES = "retryPolicyMaxRetries";
public static final String KEY_ROOT_NODE = "rootNode";
+ public static final String SSL_CONNECTION = "sslConnection";
+ public static final String SSL_KEYSTORE_LOCATION = "sslKeyStoreLocation";
+ public static final String SSL_TRUSTSTORE_LOCATION = "sslTrustStoreLocation";
+
+ public static final String SSL_KEYSTORE_PASSWORD = "sslKeyStorePassword";
+ public static final String SSL_TRUSTSTORE_PASSWORD = "sslTrustStorePassword";
+
public final String KEY_CAS_RETRY_POLICY_BASE_SLEEP_TIME_MS = "casRetryPolicyBaseSleepTimeMs";
public final String KEY_CAS_RETRY_POLICY_MAX_SLEEP_TIME_MS = "casRetryPolicyMaxSleepTimeMs";
public final String KEY_CAS_RETRY_POLICY_MAX_RETRIES = "casRetryPolicyMaxRetries";
@@ -72,6 +81,12 @@
private final int casMaxSleepTimeMs;
private final int casMaxRetries;
+ private Boolean isSSLEnabled;
+ private Optional<String> sslKeyStoreLocation;
+ private Optional<String> sslTrustStoreLocation;
+ private Optional<String> sslKeyStorePassword;
+ private Optional<String> sslTrustStorePassword;
+
public static final String SECTION = "ref-database";
private final Long transactionLockTimeOut;
@@ -145,10 +160,39 @@
TRANSACTION_LOCK_TIMEOUT_KEY,
DEFAULT_TRANSACTION_LOCK_TIMEOUT);
+ isSSLEnabled =
+ getBoolean(zkConfig, SECTION, SUBSECTION, SSL_CONNECTION, DEFAULT_SSL_CONNECTION);
+
+ sslKeyStoreLocation = getOptionalString(zkConfig, SECTION, SUBSECTION, SSL_KEYSTORE_LOCATION);
+
+ sslTrustStoreLocation =
+ getOptionalString(zkConfig, SECTION, SUBSECTION, SSL_TRUSTSTORE_LOCATION);
+
+ sslKeyStorePassword = getOptionalString(zkConfig, SECTION, SUBSECTION, SSL_KEYSTORE_PASSWORD);
+
+ sslTrustStorePassword =
+ getOptionalString(zkConfig, SECTION, SUBSECTION, SSL_TRUSTSTORE_PASSWORD);
+
checkArgument(StringUtils.isNotEmpty(connectionString), "zookeeper.%s contains no servers");
}
public CuratorFramework buildCurator() {
+ if (isSSLEnabled) {
+
+ System.setProperty(
+ "zookeeper.clientCnxnSocket", "org.apache.zookeeper.ClientCnxnSocketNetty");
+ System.setProperty("zookeeper.client.secure", "true");
+
+ sslKeyStoreLocation.ifPresent(
+ location -> System.setProperty("zookeeper.ssl.keyStore.location", location));
+ sslTrustStoreLocation.ifPresent(
+ location -> System.setProperty("zookeeper.ssl.trustStore.location", location));
+ sslKeyStorePassword.ifPresent(
+ passw -> System.setProperty("zookeeper.ssl.keyStore.password", passw));
+ sslTrustStorePassword.ifPresent(
+ passw -> System.setProperty("zookeeper.ssl.trustStore.password", passw));
+ }
+
if (build == null) {
this.build =
CuratorFrameworkFactory.builder()
@@ -194,6 +238,11 @@
}
}
+ private Optional<String> getOptionalString(
+ Config cfg, String section, String subsection, String name) {
+ return Optional.ofNullable(cfg.getString(section, subsection, name)).filter(s -> !s.isEmpty());
+ }
+
private String getString(
Config cfg, String section, String subsection, String name, String defaultValue) {
String value = cfg.getString(section, subsection, name);
@@ -202,4 +251,9 @@
}
return defaultValue;
}
+
+ private Boolean getBoolean(
+ Config cfg, String section, String subSection, String name, Boolean defaultValue) {
+ return cfg.getBoolean(section, subSection, name, defaultValue);
+ }
}
diff --git a/src/main/resources/Documentation/about.md b/src/main/resources/Documentation/about.md
index 03ffab4..f3f6563 100644
--- a/src/main/resources/Documentation/about.md
+++ b/src/main/resources/Documentation/about.md
@@ -9,6 +9,10 @@
Originally this code was a part of [multi-site plugin](https://gerrit.googlesource.com/plugins/multi-site/) but currently can be use independently.
+## Requirements
+
+Supported Zookeeper version is 3.5.x. For SSL connection minimal Zookeeper version is 3.5.1[ZOOKEEPER-2125](https://issues.apache.org/jira/browse/ZOOKEEPER-2125).
+
## Setup
* Install @PLUGIN@ plugin
diff --git a/src/main/resources/Documentation/config.md b/src/main/resources/Documentation/config.md
index 5cd89a5..00a2468 100644
--- a/src/main/resources/Documentation/config.md
+++ b/src/main/resources/Documentation/config.md
@@ -16,6 +16,15 @@
transactionLockTimeoutMs = 1000
```
+## Sample SSL configuration
+```
+[ref-database "zookeeper"]
+ connectString = "zookeeperhost:2281"
+ sslConnection = true
+ rootNode = "/gerrit/multi-site"
+ transactionLockTimeoutMs = 1000
+```
+
## Configuration parameters
```ref-database.zookeeper.connectString```
@@ -81,3 +90,25 @@
acquires the exclusive lock for a reference.
Defaults: 1000
+
+```ref-database.zookeeper.sslConnection```
+: Enable ssl for Zookeeper connection.
+
+ Defaults: false
+
+```ref-database.zookeeper.sslKeyStoreLocation```
+: Optional configuration of the path to the ssl key store location.
+
+```ref-database.zookeeper.sslTrustStoreLocation```
+: Optional configuration of the path to the ssl trust store for server-side X.509 certificate validation.
+
+File '@PLUGIN@.secure.config'
+--------------------
+
+## Configuration parameters
+
+```ref-database.zookeeper.sslKeyStorePassword```
+: Optional configuration for the password to the ssl key store.
+
+```ref-database.zookeeper.sslTrustStorePassword```
+: Optional configuration for the password to the ssl trust store.
diff --git a/src/test/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperTestContainerSupport.java b/src/test/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperTestContainerSupport.java
index 59b7afd..107ece9 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperTestContainerSupport.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/validation/dfsrefdb/zookeeper/ZookeeperTestContainerSupport.java
@@ -33,7 +33,7 @@
public class ZookeeperTestContainerSupport {
static class ZookeeperContainer extends GenericContainer<ZookeeperContainer> {
- public static String ZOOKEEPER_VERSION = "3.4.13";
+ public static String ZOOKEEPER_VERSION = "3.5.5";
public ZookeeperContainer() {
super("zookeeper:" + ZOOKEEPER_VERSION);
