hadoop git commit: HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen
Repository: hadoop Updated Branches: refs/heads/branch-2.7 4f4360731 -> 1d0170406 HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen. Branch-2 patch contributed by Wei-Chiu Chuang. (cherry picked from commit dfcbc12026b591745a7d7279f2b840152cb53a91) (cherry picked from commit 8bc33bf343b7e9005e04f0dc6078bfb06fb22815) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/1d017040 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/1d017040 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/1d017040 Branch: refs/heads/branch-2.7 Commit: 1d017040605b64c7092d8e83d057f4427044aa87 Parents: 4f43607 Author: Zhe ZhangAuthored: Tue Aug 23 14:46:08 2016 -0700 Committer: Zhe Zhang Committed: Mon Aug 29 10:10:47 2016 -0700 -- hadoop-common-project/hadoop-common/pom.xml | 5 ++ .../org/apache/hadoop/http/HttpServer2.java | 76 +++- .../ssl/SslSelectChannelConnectorSecure.java| 58 +++ .../security/ssl/SslSocketConnectorSecure.java | 58 --- .../hadoop/crypto/key/kms/server/MiniKMS.java | 9 +-- .../org/apache/hadoop/test/TestJettyHelper.java | 6 +- hadoop-project/pom.xml | 5 ++ 7 files changed, 118 insertions(+), 99 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/1d017040/hadoop-common-project/hadoop-common/pom.xml -- diff --git a/hadoop-common-project/hadoop-common/pom.xml b/hadoop-common-project/hadoop-common/pom.xml index d2acb46..b304bab 100644 --- a/hadoop-common-project/hadoop-common/pom.xml +++ b/hadoop-common-project/hadoop-common/pom.xml @@ -105,6 +105,11 @@ + org.mortbay.jetty + jetty-sslengine + compile + + javax.servlet.jsp jsp-api runtime http://git-wip-us.apache.org/repos/asf/hadoop/blob/1d017040/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index 6575fc8..4293a03 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -59,7 +59,7 @@ import org.apache.hadoop.security.authentication.util.FileSignerSecretProvider; import org.apache.hadoop.security.authentication.util.RandomSignerSecretProvider; import org.apache.hadoop.security.authentication.util.SignerSecretProvider; import org.apache.hadoop.security.authentication.util.ZKSignerSecretProvider; -import org.apache.hadoop.security.ssl.SslSocketConnectorSecure; +import org.apache.hadoop.security.ssl.SslSelectChannelConnectorSecure; import org.apache.hadoop.jmx.JMXJsonServlet; import org.apache.hadoop.log.LogLevel; import org.apache.hadoop.metrics.MetricsServlet; @@ -81,7 +81,7 @@ import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.HandlerCollection; import org.mortbay.jetty.handler.RequestLogHandler; import org.mortbay.jetty.nio.SelectChannelConnector; -import org.mortbay.jetty.security.SslSocketConnector; +import org.mortbay.jetty.security.SslSelectChannelConnector; import org.mortbay.jetty.servlet.AbstractSessionManager; import org.mortbay.jetty.servlet.Context; import org.mortbay.jetty.servlet.DefaultServlet; @@ -305,29 +305,7 @@ public final class HttpServer2 implements FilterContainer { if ("http".equals(scheme)) { listener = HttpServer2.createDefaultChannelConnector(); } else if ("https".equals(scheme)) { - SslSocketConnector c = new SslSocketConnectorSecure(); - c.setHeaderBufferSize(1024*64); - c.setNeedClientAuth(needsClientAuth); - c.setKeyPassword(keyPassword); - - if (keyStore != null) { -c.setKeystore(keyStore); -c.setKeystoreType(keyStoreType); -c.setPassword(keyStorePassword); - } - - if (trustStore != null) { -c.setTruststore(trustStore); -c.setTruststoreType(trustStoreType); -c.setTrustPassword(trustStorePassword); - } - - if(null != excludeCiphers && !excludeCiphers.isEmpty()) { -c.setExcludeCipherSuites(excludeCiphers.split(",")); -LOG.info("Excluded Cipher List:" + excludeCiphers); - } - -
hadoop git commit: HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen
Repository: hadoop Updated Branches: refs/heads/branch-2.8 80d8e79e2 -> 8bc33bf34 HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen. Branch-2 patch contributed by Wei-Chiu Chuang. (cherry picked from commit dfcbc12026b591745a7d7279f2b840152cb53a91) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/8bc33bf3 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/8bc33bf3 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/8bc33bf3 Branch: refs/heads/branch-2.8 Commit: 8bc33bf343b7e9005e04f0dc6078bfb06fb22815 Parents: 80d8e79 Author: Zhe ZhangAuthored: Tue Aug 23 14:46:08 2016 -0700 Committer: Zhe Zhang Committed: Tue Aug 23 14:46:47 2016 -0700 -- hadoop-common-project/hadoop-common/pom.xml | 5 ++ .../org/apache/hadoop/http/HttpServer2.java | 76 +++- .../ssl/SslSelectChannelConnectorSecure.java| 58 +++ .../security/ssl/SslSocketConnectorSecure.java | 58 --- .../hadoop/crypto/key/kms/server/MiniKMS.java | 9 +-- .../org/apache/hadoop/test/TestJettyHelper.java | 6 +- hadoop-project/pom.xml | 5 ++ 7 files changed, 118 insertions(+), 99 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/8bc33bf3/hadoop-common-project/hadoop-common/pom.xml -- diff --git a/hadoop-common-project/hadoop-common/pom.xml b/hadoop-common-project/hadoop-common/pom.xml index 9fc4afc..42a2f21 100644 --- a/hadoop-common-project/hadoop-common/pom.xml +++ b/hadoop-common-project/hadoop-common/pom.xml @@ -106,6 +106,11 @@ + org.mortbay.jetty + jetty-sslengine + compile + + javax.servlet.jsp jsp-api runtime http://git-wip-us.apache.org/repos/asf/hadoop/blob/8bc33bf3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index 2a46836..4b1e6ab 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -56,7 +56,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.security.AuthenticationFilterInitializer; import org.apache.hadoop.security.authentication.util.SignerSecretProvider; -import org.apache.hadoop.security.ssl.SslSocketConnectorSecure; +import org.apache.hadoop.security.ssl.SslSelectChannelConnectorSecure; import org.apache.hadoop.jmx.JMXJsonServlet; import org.apache.hadoop.log.LogLevel; import org.apache.hadoop.metrics.MetricsServlet; @@ -78,7 +78,7 @@ import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.HandlerCollection; import org.mortbay.jetty.handler.RequestLogHandler; import org.mortbay.jetty.nio.SelectChannelConnector; -import org.mortbay.jetty.security.SslSocketConnector; +import org.mortbay.jetty.security.SslSelectChannelConnector; import org.mortbay.jetty.servlet.AbstractSessionManager; import org.mortbay.jetty.servlet.Context; import org.mortbay.jetty.servlet.DefaultServlet; @@ -333,29 +333,7 @@ public final class HttpServer2 implements FilterContainer { if ("http".equals(scheme)) { listener = HttpServer2.createDefaultChannelConnector(); } else if ("https".equals(scheme)) { - SslSocketConnector c = new SslSocketConnectorSecure(); - c.setHeaderBufferSize(1024*64); - c.setNeedClientAuth(needsClientAuth); - c.setKeyPassword(keyPassword); - - if (keyStore != null) { -c.setKeystore(keyStore); -c.setKeystoreType(keyStoreType); -c.setPassword(keyStorePassword); - } - - if (trustStore != null) { -c.setTruststore(trustStore); -c.setTruststoreType(trustStoreType); -c.setTrustPassword(trustStorePassword); - } - - if(null != excludeCiphers && !excludeCiphers.isEmpty()) { -c.setExcludeCipherSuites(excludeCiphers.split(",")); -LOG.info("Excluded Cipher List:" + excludeCiphers); - } - - listener = c; + listener = createHttpsChannelConnector(); } else { throw new HadoopIllegalArgumentException( @@ -368,6
hadoop git commit: HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen
Repository: hadoop Updated Branches: refs/heads/branch-2 5fa241daa -> dfcbc1202 HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen. Branch-2 patch contributed by Wei-Chiu Chuang. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/dfcbc120 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/dfcbc120 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/dfcbc120 Branch: refs/heads/branch-2 Commit: dfcbc12026b591745a7d7279f2b840152cb53a91 Parents: 5fa241d Author: Zhe ZhangAuthored: Tue Aug 23 14:46:08 2016 -0700 Committer: Zhe Zhang Committed: Tue Aug 23 14:46:08 2016 -0700 -- hadoop-common-project/hadoop-common/pom.xml | 5 ++ .../org/apache/hadoop/http/HttpServer2.java | 76 +++- .../ssl/SslSelectChannelConnectorSecure.java| 58 +++ .../security/ssl/SslSocketConnectorSecure.java | 58 --- .../hadoop/crypto/key/kms/server/MiniKMS.java | 9 +-- .../org/apache/hadoop/test/TestJettyHelper.java | 6 +- hadoop-project/pom.xml | 5 ++ 7 files changed, 118 insertions(+), 99 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/dfcbc120/hadoop-common-project/hadoop-common/pom.xml -- diff --git a/hadoop-common-project/hadoop-common/pom.xml b/hadoop-common-project/hadoop-common/pom.xml index 09f630c..b35a40e 100644 --- a/hadoop-common-project/hadoop-common/pom.xml +++ b/hadoop-common-project/hadoop-common/pom.xml @@ -106,6 +106,11 @@ + org.mortbay.jetty + jetty-sslengine + compile + + javax.servlet.jsp jsp-api runtime http://git-wip-us.apache.org/repos/asf/hadoop/blob/dfcbc120/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index c179bd0..62fb4b6 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -56,7 +56,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.security.AuthenticationFilterInitializer; import org.apache.hadoop.security.authentication.util.SignerSecretProvider; -import org.apache.hadoop.security.ssl.SslSocketConnectorSecure; +import org.apache.hadoop.security.ssl.SslSelectChannelConnectorSecure; import org.apache.hadoop.jmx.JMXJsonServlet; import org.apache.hadoop.log.LogLevel; import org.apache.hadoop.metrics.MetricsServlet; @@ -78,7 +78,7 @@ import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.HandlerCollection; import org.mortbay.jetty.handler.RequestLogHandler; import org.mortbay.jetty.nio.SelectChannelConnector; -import org.mortbay.jetty.security.SslSocketConnector; +import org.mortbay.jetty.security.SslSelectChannelConnector; import org.mortbay.jetty.servlet.AbstractSessionManager; import org.mortbay.jetty.servlet.Context; import org.mortbay.jetty.servlet.DefaultServlet; @@ -333,29 +333,7 @@ public final class HttpServer2 implements FilterContainer { if ("http".equals(scheme)) { listener = HttpServer2.createDefaultChannelConnector(); } else if ("https".equals(scheme)) { - SslSocketConnector c = new SslSocketConnectorSecure(); - c.setHeaderBufferSize(1024*64); - c.setNeedClientAuth(needsClientAuth); - c.setKeyPassword(keyPassword); - - if (keyStore != null) { -c.setKeystore(keyStore); -c.setKeystoreType(keyStoreType); -c.setPassword(keyStorePassword); - } - - if (trustStore != null) { -c.setTruststore(trustStore); -c.setTruststoreType(trustStoreType); -c.setTrustPassword(trustStorePassword); - } - - if(null != excludeCiphers && !excludeCiphers.isEmpty()) { -c.setExcludeCipherSuites(excludeCiphers.split(",")); -LOG.info("Excluded Cipher List:" + excludeCiphers); - } - - listener = c; + listener = createHttpsChannelConnector(); } else { throw new HadoopIllegalArgumentException( @@ -368,6 +346,32 @@ public final class HttpServer2 implements FilterContainer {
hadoop git commit: HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen
Repository: hadoop Updated Branches: refs/heads/trunk 2550371f6 -> 03a9343d5 HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/03a9343d Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/03a9343d Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/03a9343d Branch: refs/heads/trunk Commit: 03a9343d5798384b66fbd21e1e028acaf55b00e9 Parents: 2550371 Author: Wei-Chiu ChuangAuthored: Fri Aug 19 09:22:49 2016 -0700 Committer: Wei-Chiu Chuang Committed: Fri Aug 19 09:22:49 2016 -0700 -- hadoop-common-project/hadoop-common/pom.xml | 5 ++ .../org/apache/hadoop/http/HttpServer2.java | 76 +++- .../ssl/SslSelectChannelConnectorSecure.java| 58 +++ .../security/ssl/SslSocketConnectorSecure.java | 58 --- .../hadoop/crypto/key/kms/server/MiniKMS.java | 9 +-- .../org/apache/hadoop/test/TestJettyHelper.java | 6 +- hadoop-project/pom.xml | 5 ++ 7 files changed, 118 insertions(+), 99 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/03a9343d/hadoop-common-project/hadoop-common/pom.xml -- diff --git a/hadoop-common-project/hadoop-common/pom.xml b/hadoop-common-project/hadoop-common/pom.xml index ef2fdf5..c28a05c 100644 --- a/hadoop-common-project/hadoop-common/pom.xml +++ b/hadoop-common-project/hadoop-common/pom.xml @@ -106,6 +106,11 @@ compile + org.mortbay.jetty + jetty-sslengine + compile + + javax.servlet.jsp jsp-api runtime http://git-wip-us.apache.org/repos/asf/hadoop/blob/03a9343d/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index 8199c9b..a2bb18f 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -56,7 +56,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.security.AuthenticationFilterInitializer; import org.apache.hadoop.security.authentication.util.SignerSecretProvider; -import org.apache.hadoop.security.ssl.SslSocketConnectorSecure; +import org.apache.hadoop.security.ssl.SslSelectChannelConnectorSecure; import org.apache.hadoop.jmx.JMXJsonServlet; import org.apache.hadoop.log.LogLevel; import org.apache.hadoop.security.SecurityUtil; @@ -77,7 +77,7 @@ import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.HandlerCollection; import org.mortbay.jetty.handler.RequestLogHandler; import org.mortbay.jetty.nio.SelectChannelConnector; -import org.mortbay.jetty.security.SslSocketConnector; +import org.mortbay.jetty.security.SslSelectChannelConnector; import org.mortbay.jetty.servlet.AbstractSessionManager; import org.mortbay.jetty.servlet.Context; import org.mortbay.jetty.servlet.DefaultServlet; @@ -332,29 +332,7 @@ public final class HttpServer2 implements FilterContainer { if ("http".equals(scheme)) { listener = HttpServer2.createDefaultChannelConnector(); } else if ("https".equals(scheme)) { - SslSocketConnector c = new SslSocketConnectorSecure(); - c.setHeaderBufferSize(1024*64); - c.setNeedClientAuth(needsClientAuth); - c.setKeyPassword(keyPassword); - - if (keyStore != null) { -c.setKeystore(keyStore); -c.setKeystoreType(keyStoreType); -c.setPassword(keyStorePassword); - } - - if (trustStore != null) { -c.setTruststore(trustStore); -c.setTruststoreType(trustStoreType); -c.setTrustPassword(trustStorePassword); - } - - if(null != excludeCiphers && !excludeCiphers.isEmpty()) { -c.setExcludeCipherSuites(excludeCiphers.split(",")); -LOG.info("Excluded Cipher List:" + excludeCiphers); - } - - listener = c; + listener = createHttpsChannelConnector(); } else { throw new HadoopIllegalArgumentException( @@ -367,6 +345,32 @@ public final class HttpServer2 implements FilterContainer { server.loadListeners();