diff --git a/core/store/dist/BUILD b/core/store/dist/BUILD index fb42f8d46b..e3e702ccdb 100644 --- a/core/store/dist/BUILD +++ b/core/store/dist/BUILD @@ -3,10 +3,10 @@ COMPILE_DEPS = CORE_DEPS + NETTY + JACKSON + KRYO + [ "//utils/rest:onlab-rest", "//core/store/serializers:onos-core-serializers", "@io_netty_netty_transport//jar", - "@io_netty_netty_transport_native_epoll//jar", - "@io_netty_netty_transport_native_unix_common//jar", "@io_netty_netty_codec//jar", "@io_netty_netty_handler//jar", + "@io_netty_netty_transport_native_epoll//jar", + "@io_netty_netty_transport_native_unix_common//jar", "@io_netty_netty_resolver//jar", "@commons_math3//jar", ] diff --git a/lib/deps.json b/lib/deps.json index aa77cc4af3..5948c01e02 100644 --- a/lib/deps.json +++ b/lib/deps.json @@ -251,7 +251,6 @@ "io_netty_netty_common": "mvn:io.netty:netty-common:4.1.27.Final", "io_netty_netty_handler": "mvn:io.netty:netty-handler:4.1.27.Final", "io_netty_netty_handler_proxy": "mvn:io.netty:netty-handler-proxy:4.1.27.Final", - "io_netty_netty_tcnative_boringssl": "mvn:io.netty:netty-tcnative-boringssl-static:2.0.12.Final", "io_netty_netty_transport": "mvn:io.netty:netty-transport:4.1.27.Final", "io_netty_netty_transport_native_unix_common": "mvn:io.netty:netty-transport-native-unix-common:4.1.27.Final", "io_netty_netty_transport-native-epoll": "mvn:io.netty:netty-transport-native-epoll:4.1.27.Final", diff --git a/protocols/grpc/BUILD b/protocols/grpc/BUILD index a3f3f46e06..26e178c553 100644 --- a/protocols/grpc/BUILD +++ b/protocols/grpc/BUILD @@ -18,6 +18,18 @@ BUNDLES = [ "@io_opencensus_opencensus_api//jar", "@io_opencensus_opencensus_contrib_grpc_metrics//jar", "@com_google_code_gson_gson//jar", + # Lazily adding all netty-related packages. + # Some of them might not be necessary. + "@io_netty_netty//jar", + "@io_netty_netty_buffer//jar", + "@io_netty_netty_codec//jar", + "@io_netty_netty_codec_http//jar", + "@io_netty_netty_codec_http2//jar", + "@io_netty_netty_common//jar", + "@io_netty_netty_handler//jar", + "@io_netty_netty_transport//jar", + "@io_netty_netty_transport_native_epoll//jar", + "@io_netty_netty_resolver//jar", ] onos_app( diff --git a/protocols/grpc/ctl/BUILD b/protocols/grpc/ctl/BUILD index 475a90e6b5..ac0703d1ec 100644 --- a/protocols/grpc/ctl/BUILD +++ b/protocols/grpc/ctl/BUILD @@ -3,7 +3,6 @@ COMPILE_DEPS = CORE_DEPS + [ "//protocols/grpc/proto:onos-protocols-grpc-proto", "@io_grpc_grpc_java//core", "@io_grpc_grpc_java//netty", - "@io_netty_netty_handler//jar", ] osgi_jar( diff --git a/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java b/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java index 4f0403af8f..e5f4884a5d 100644 --- a/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java +++ b/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java @@ -19,12 +19,8 @@ package org.onosproject.grpc.ctl; import com.google.common.collect.Maps; import com.google.common.util.concurrent.Striped; import io.grpc.ManagedChannel; -import io.grpc.StatusRuntimeException; -import io.grpc.netty.GrpcSslContexts; +import io.grpc.ManagedChannelBuilder; import io.grpc.netty.NettyChannelBuilder; -import io.netty.handler.ssl.NotSslRecordException; -import io.netty.handler.ssl.SslContext; -import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import org.onosproject.event.AbstractListenerManager; import org.onosproject.event.Event; import org.onosproject.event.EventListener; @@ -40,7 +36,6 @@ import org.osgi.service.component.annotations.Reference; import org.osgi.service.component.annotations.ReferenceCardinality; import org.slf4j.Logger; -import javax.net.ssl.SSLException; import java.util.Map; import java.util.concurrent.locks.Lock; import java.util.function.Supplier; @@ -96,18 +91,14 @@ public abstract class AbstractGrpcClientController @Override public boolean createClient(K clientKey) { checkNotNull(clientKey); - /* - FIXME we might want to move "useTls" and "fallback" to properties of the netcfg and clientKey - For now, we will first try to connect with TLS (accepting any cert), then fall back to - plaintext for every device - */ - return withDeviceLock(() -> doCreateClient(clientKey, true, true), clientKey.deviceId()); + return withDeviceLock(() -> doCreateClient(clientKey), clientKey.deviceId()); } - private boolean doCreateClient(K clientKey, boolean useTls, boolean fallbackToPlainText) { - final DeviceId deviceId = clientKey.deviceId(); - final String serverAddr = clientKey.serverAddr(); - final int serverPort = clientKey.serverPort(); + + private boolean doCreateClient(K clientKey) { + DeviceId deviceId = clientKey.deviceId(); + String serverAddr = clientKey.serverAddr(); + int serverPort = clientKey.serverPort(); if (clientKeys.containsKey(deviceId)) { final GrpcClientKey existingKey = clientKeys.get(deviceId); @@ -122,69 +113,18 @@ public abstract class AbstractGrpcClientController } } - log.info("Creating new {}... (key={}, useTls={}, fallbackToPlainText={})", - clientName(clientKey), clientKey, useTls, - fallbackToPlainText); - - final GrpcChannelId channelId = GrpcChannelId.of( - clientKey.deviceId(), clientKey.toString()); - final NettyChannelBuilder channelBuilder = NettyChannelBuilder + log.info("Creating client for {} (server={}:{})...", + deviceId, serverAddr, serverPort); + GrpcChannelId channelId = GrpcChannelId.of(clientKey.deviceId(), clientKey.toString()); + ManagedChannelBuilder channelBuilder = NettyChannelBuilder .forAddress(serverAddr, serverPort) - .maxInboundMessageSize(DEFAULT_MAX_INBOUND_MSG_SIZE * MEGABYTES); - - if (useTls) { - // FIXME: logic to create/manage SSL properties of a channel builder - // should belong to the GrpcChannelController. - log.debug("Using SSL for {}", clientName(clientKey), deviceId); - final SslContext sslContext; - try { - // Accept any server certificate; this is insecure and should - // not be used in production - sslContext = GrpcSslContexts.forClient() - .trustManager(InsecureTrustManagerFactory.INSTANCE) - .build(); - } catch (SSLException e) { - log.error("Failed to build SSL context for {}", clientName(clientKey), e); - return false; - } - channelBuilder - .sslContext(sslContext) - .useTransportSecurity(); - } else { - log.debug("Using plaintext TCP for {}", clientName(clientKey)); - channelBuilder.usePlaintext(); - } + .maxInboundMessageSize(DEFAULT_MAX_INBOUND_MSG_SIZE * MEGABYTES) + .usePlaintext(); final ManagedChannel channel; - try { - channel = grpcChannelController.connectChannel(channelId, channelBuilder); - } catch (Throwable e) { - for (Throwable cause = e; cause != null; cause = cause.getCause()) { - if (useTls && cause instanceof NotSslRecordException) { - // Likely root cause is that server is using plaintext - log.warn("Failed to connect {} using TLS", clientName(clientKey)); - log.debug("TLS connection exception", e); - if (fallbackToPlainText) { - log.info("Falling back to plaintext TCP for {}", clientName(clientKey)); - return doCreateClient(clientKey, false, false); - } - } - if (!useTls && "Connection reset by peer".equals(cause.getMessage())) { - // Not a great signal, but could indicate the server is expected a TLS connection - log.warn("Failed to connect {} using plaintext TCP; " + - "is the server using TLS?", - clientName(clientKey)); - break; - } - } - if (e instanceof StatusRuntimeException) { - log.warn("Unable to connect {}: {}", clientName(clientKey), e.getMessage()); - log.debug("Connection exception", e); - } else { - log.error("Exception while connecting {}", clientName(clientKey), e); - } - return false; - } + + channel = grpcChannelController.connectChannel(channelId, channelBuilder); + final C client; try { diff --git a/tools/build/bazel/generate_workspace.bzl b/tools/build/bazel/generate_workspace.bzl index 6ae7dd0983..8d9f17251a 100644 --- a/tools/build/bazel/generate_workspace.bzl +++ b/tools/build/bazel/generate_workspace.bzl @@ -1,4 +1,4 @@ -# ***** This file was auto-generated at Tue, 18 Dec 2018 21:54:15 GMT. Do not edit this file manually. ***** +# ***** This file was auto-generated at Wed, 19 Dec 2018 17:57:55 GMT. Do not edit this file manually. ***** # ***** Use onos-lib-gen ***** load("//tools/build/bazel:variables.bzl", "ONOS_GROUP_ID", "ONOS_VERSION") @@ -771,12 +771,6 @@ def generated_maven_jars(): jar_sha256 = "84b00dd1cd25a99b88bd598577825b4be9ad592e2d78b08bd703e7e999fe3498", licenses = ["notice"], jar_urls = ["http://repo1.maven.org/maven2/io/netty/netty-handler-proxy/4.1.27.Final/netty-handler-proxy-4.1.27.Final.jar"], ) - if "io_netty_netty_tcnative_boringssl" not in native.existing_rules(): - java_import_external( - name = "io_netty_netty_tcnative_boringssl", - jar_sha256 = "3df756e569504137e90ff368c2fe09f1f953efeddb717d47ed391dfa6ba8b7e3", - licenses = ["notice"], - jar_urls = ["http://repo1.maven.org/maven2/io/netty/netty-tcnative-boringssl-static/2.0.12.Final/netty-tcnative-boringssl-static-2.0.12.Final.jar"], ) if "io_netty_netty_transport" not in native.existing_rules(): java_import_external( name = "io_netty_netty_transport", @@ -1525,7 +1519,6 @@ artifact_map["@io_netty_netty_codec//:io_netty_netty_codec"] = "mvn:io.netty:net artifact_map["@io_netty_netty_common//:io_netty_netty_common"] = "mvn:io.netty:netty-common:jar:4.1.27.Final" artifact_map["@io_netty_netty_handler//:io_netty_netty_handler"] = "mvn:io.netty:netty-handler:jar:4.1.27.Final" artifact_map["@io_netty_netty_handler_proxy//:io_netty_netty_handler_proxy"] = "mvn:io.netty:netty-handler-proxy:jar:4.1.27.Final" -artifact_map["@io_netty_netty_tcnative_boringssl//:io_netty_netty_tcnative_boringssl"] = "mvn:io.netty:netty-tcnative-boringssl-static:jar:2.0.12.Final" artifact_map["@io_netty_netty_transport//:io_netty_netty_transport"] = "mvn:io.netty:netty-transport:jar:4.1.27.Final" artifact_map["@io_netty_netty_transport_native_unix_common//:io_netty_netty_transport_native_unix_common"] = "mvn:io.netty:netty-transport-native-unix-common:jar:4.1.27.Final" artifact_map["@io_netty_netty_transport_native_epoll//:io_netty_netty_transport_native_epoll"] = "mvn:io.netty:netty-transport-native-epoll:jar:4.1.27.Final" diff --git a/tools/build/bazel/modules.bzl b/tools/build/bazel/modules.bzl index bead8f25aa..1872d2b8d1 100644 --- a/tools/build/bazel/modules.bzl +++ b/tools/build/bazel/modules.bzl @@ -299,7 +299,6 @@ APP_JARS = [ ] FEATURES = [ - "//tools/package/features:onos-netty", "//tools/package/features:onos-thirdparty-base", "//tools/package/features:onos-thirdparty-web", "//tools/package/features:onos-api", diff --git a/tools/package/etc/org.apache.karaf.features.cfg b/tools/package/etc/org.apache.karaf.features.cfg index 56eca2a603..4b7735125a 100644 --- a/tools/package/etc/org.apache.karaf.features.cfg +++ b/tools/package/etc/org.apache.karaf.features.cfg @@ -30,24 +30,22 @@ featuresRepositories = \ # # Comma separated list of features to install at startup -# Groups of features within parens are brought up in parallel -# Groups of features are brought up sequentially -# Features without a paren group are assigned to an implicit paren group that ends when the next paren is found # featuresBoot = \ - (instance/4.2.1, \ - package/4.2.1, \ - log/4.2.1, \ - framework/4.2.1, \ - system/4.2.1, \ - eventadmin/4.2.1, \ - feature/4.2.1, \ - shell/4.2.1, \ - management/4.2.1, \ - service/4.2.1, \ - jaas/4.2.1, \ - deployer/4.2.1, \ - diagnostic/4.2.1), \ + instance/4.2.1, \ + package/4.2.1, \ + log/4.2.1, \ + ssh/4.2.1, \ + framework/4.2.1, \ + system/4.2.1, \ + eventadmin/4.2.1, \ + feature/4.2.1, \ + shell/4.2.1, \ + management/4.2.1, \ + service/4.2.1, \ + jaas/4.2.1, \ + deployer/4.2.1, \ + diagnostic/4.2.1, \ (wrap/2.5.4), \ (bundle/4.2.1, \ config/4.2.1, \ diff --git a/tools/package/features/BUILD b/tools/package/features/BUILD index a0c918640b..7d31d252c3 100644 --- a/tools/package/features/BUILD +++ b/tools/package/features/BUILD @@ -7,27 +7,6 @@ osgi_feature_repo( visibility = ["//visibility:public"], ) -osgi_feature( - name = "onos-netty", - description = "ONOS Netty dependencies", - included_bundles = [ - "@io_netty_netty//jar", - "@io_netty_netty_common//jar", - "@io_netty_netty_buffer//jar", - "@io_netty_netty_handler//jar", - "@io_netty_netty_tcnative_boringssl//jar", - "@io_netty_netty_codec//jar", - "@io_netty_netty_codec_http//jar", - "@io_netty_netty_codec_http2//jar", - "@io_netty_netty_transport//jar", - "@io_netty_netty_transport_native_epoll//jar", - "@io_netty_netty_transport_native_unix_common//jar", - "@io_netty_netty_resolver//jar", - ], - required_features = [], - visibility = ["//visibility:public"], -) - osgi_feature( name = "onos-thirdparty-base", description = "ONOS 3rd party dependencies", @@ -38,6 +17,15 @@ osgi_feature( "@commons_codec//jar", "@commons_configuration//jar", "@com_google_guava_guava//jar", + "@io_netty_netty//jar", + "@io_netty_netty_common//jar", + "@io_netty_netty_buffer//jar", + "@io_netty_netty_transport//jar", + "@io_netty_netty_handler//jar", + "@io_netty_netty_codec//jar", + "@io_netty_netty_transport_native_epoll//jar", + "@io_netty_netty_transport_native_unix_common//jar", + "@io_netty_netty_resolver//jar", "@commons_pool//jar", "@commons_math3//jar", "@joda_time//jar", @@ -65,7 +53,7 @@ osgi_feature( "@org_osgi_util_function//jar", "@org_osgi_util_promise//jar", ], - required_features = ["onos-netty"], + required_features = [], visibility = ["//visibility:public"], ) diff --git a/tools/test/bin/onos-check-logs b/tools/test/bin/onos-check-logs index 86b199ce78..d668287db9 100755 --- a/tools/test/bin/onos-check-logs +++ b/tools/test/bin/onos-check-logs @@ -110,6 +110,7 @@ else # Sanctioned exclusions for exceptions in third-party code; one pattern per exclusion /at org\.apache\.felix\.scr\.impl\.ComponentRegistry\.getComponentHolders\(ComponentRegistry\.java:356\)/ { exclusion = 1; } /at org\.apache\.karaf\.service\.guard\.impl\.GuardProxyCatalog.1.run\(GuardProxyCatalog\.java:253\)/ { exclusion = 1; } + /at org\.apache\.sshd\.server\.SshServer\.start/ { exclusion = 1; } END { exit fail; } ' > $aux