Revert "Re-enabled TLS netty"
This reverts commit 1a37866929ca05acba71cdadad87dd563b6064dd.
Change-Id: I04cdfe02f70b608b1951c4dee38cb4e345f198d5
diff --git a/core/store/dist/BUILD b/core/store/dist/BUILD
index fb42f8d..e3e702c 100644
--- a/core/store/dist/BUILD
+++ b/core/store/dist/BUILD
@@ -3,10 +3,10 @@
"//utils/rest:onlab-rest",
"//core/store/serializers:onos-core-serializers",
"@io_netty_netty_transport//jar",
- "@io_netty_netty_transport_native_epoll//jar",
- "@io_netty_netty_transport_native_unix_common//jar",
"@io_netty_netty_codec//jar",
"@io_netty_netty_handler//jar",
+ "@io_netty_netty_transport_native_epoll//jar",
+ "@io_netty_netty_transport_native_unix_common//jar",
"@io_netty_netty_resolver//jar",
"@commons_math3//jar",
]
diff --git a/lib/deps.json b/lib/deps.json
index aa77cc4..5948c01 100644
--- a/lib/deps.json
+++ b/lib/deps.json
@@ -251,7 +251,6 @@
"io_netty_netty_common": "mvn:io.netty:netty-common:4.1.27.Final",
"io_netty_netty_handler": "mvn:io.netty:netty-handler:4.1.27.Final",
"io_netty_netty_handler_proxy": "mvn:io.netty:netty-handler-proxy:4.1.27.Final",
- "io_netty_netty_tcnative_boringssl": "mvn:io.netty:netty-tcnative-boringssl-static:2.0.12.Final",
"io_netty_netty_transport": "mvn:io.netty:netty-transport:4.1.27.Final",
"io_netty_netty_transport_native_unix_common": "mvn:io.netty:netty-transport-native-unix-common:4.1.27.Final",
"io_netty_netty_transport-native-epoll": "mvn:io.netty:netty-transport-native-epoll:4.1.27.Final",
diff --git a/protocols/grpc/BUILD b/protocols/grpc/BUILD
index a3f3f46..26e178c 100644
--- a/protocols/grpc/BUILD
+++ b/protocols/grpc/BUILD
@@ -18,6 +18,18 @@
"@io_opencensus_opencensus_api//jar",
"@io_opencensus_opencensus_contrib_grpc_metrics//jar",
"@com_google_code_gson_gson//jar",
+ # Lazily adding all netty-related packages.
+ # Some of them might not be necessary.
+ "@io_netty_netty//jar",
+ "@io_netty_netty_buffer//jar",
+ "@io_netty_netty_codec//jar",
+ "@io_netty_netty_codec_http//jar",
+ "@io_netty_netty_codec_http2//jar",
+ "@io_netty_netty_common//jar",
+ "@io_netty_netty_handler//jar",
+ "@io_netty_netty_transport//jar",
+ "@io_netty_netty_transport_native_epoll//jar",
+ "@io_netty_netty_resolver//jar",
]
onos_app(
diff --git a/protocols/grpc/ctl/BUILD b/protocols/grpc/ctl/BUILD
index 475a90e..ac0703d 100644
--- a/protocols/grpc/ctl/BUILD
+++ b/protocols/grpc/ctl/BUILD
@@ -3,7 +3,6 @@
"//protocols/grpc/proto:onos-protocols-grpc-proto",
"@io_grpc_grpc_java//core",
"@io_grpc_grpc_java//netty",
- "@io_netty_netty_handler//jar",
]
osgi_jar(
diff --git a/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java b/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java
index 4f0403a..e5f4884 100644
--- a/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java
+++ b/protocols/grpc/ctl/src/main/java/org/onosproject/grpc/ctl/AbstractGrpcClientController.java
@@ -19,12 +19,8 @@
import com.google.common.collect.Maps;
import com.google.common.util.concurrent.Striped;
import io.grpc.ManagedChannel;
-import io.grpc.StatusRuntimeException;
-import io.grpc.netty.GrpcSslContexts;
+import io.grpc.ManagedChannelBuilder;
import io.grpc.netty.NettyChannelBuilder;
-import io.netty.handler.ssl.NotSslRecordException;
-import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.onosproject.event.AbstractListenerManager;
import org.onosproject.event.Event;
import org.onosproject.event.EventListener;
@@ -40,7 +36,6 @@
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.slf4j.Logger;
-import javax.net.ssl.SSLException;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.function.Supplier;
@@ -96,18 +91,14 @@
@Override
public boolean createClient(K clientKey) {
checkNotNull(clientKey);
- /*
- FIXME we might want to move "useTls" and "fallback" to properties of the netcfg and clientKey
- For now, we will first try to connect with TLS (accepting any cert), then fall back to
- plaintext for every device
- */
- return withDeviceLock(() -> doCreateClient(clientKey, true, true), clientKey.deviceId());
+ return withDeviceLock(() -> doCreateClient(clientKey), clientKey.deviceId());
}
- private boolean doCreateClient(K clientKey, boolean useTls, boolean fallbackToPlainText) {
- final DeviceId deviceId = clientKey.deviceId();
- final String serverAddr = clientKey.serverAddr();
- final int serverPort = clientKey.serverPort();
+
+ private boolean doCreateClient(K clientKey) {
+ DeviceId deviceId = clientKey.deviceId();
+ String serverAddr = clientKey.serverAddr();
+ int serverPort = clientKey.serverPort();
if (clientKeys.containsKey(deviceId)) {
final GrpcClientKey existingKey = clientKeys.get(deviceId);
@@ -122,69 +113,18 @@
}
}
- log.info("Creating new {}... (key={}, useTls={}, fallbackToPlainText={})",
- clientName(clientKey), clientKey, useTls,
- fallbackToPlainText);
-
- final GrpcChannelId channelId = GrpcChannelId.of(
- clientKey.deviceId(), clientKey.toString());
- final NettyChannelBuilder channelBuilder = NettyChannelBuilder
+ log.info("Creating client for {} (server={}:{})...",
+ deviceId, serverAddr, serverPort);
+ GrpcChannelId channelId = GrpcChannelId.of(clientKey.deviceId(), clientKey.toString());
+ ManagedChannelBuilder channelBuilder = NettyChannelBuilder
.forAddress(serverAddr, serverPort)
- .maxInboundMessageSize(DEFAULT_MAX_INBOUND_MSG_SIZE * MEGABYTES);
-
- if (useTls) {
- // FIXME: logic to create/manage SSL properties of a channel builder
- // should belong to the GrpcChannelController.
- log.debug("Using SSL for {}", clientName(clientKey), deviceId);
- final SslContext sslContext;
- try {
- // Accept any server certificate; this is insecure and should
- // not be used in production
- sslContext = GrpcSslContexts.forClient()
- .trustManager(InsecureTrustManagerFactory.INSTANCE)
- .build();
- } catch (SSLException e) {
- log.error("Failed to build SSL context for {}", clientName(clientKey), e);
- return false;
- }
- channelBuilder
- .sslContext(sslContext)
- .useTransportSecurity();
- } else {
- log.debug("Using plaintext TCP for {}", clientName(clientKey));
- channelBuilder.usePlaintext();
- }
+ .maxInboundMessageSize(DEFAULT_MAX_INBOUND_MSG_SIZE * MEGABYTES)
+ .usePlaintext();
final ManagedChannel channel;
- try {
- channel = grpcChannelController.connectChannel(channelId, channelBuilder);
- } catch (Throwable e) {
- for (Throwable cause = e; cause != null; cause = cause.getCause()) {
- if (useTls && cause instanceof NotSslRecordException) {
- // Likely root cause is that server is using plaintext
- log.warn("Failed to connect {} using TLS", clientName(clientKey));
- log.debug("TLS connection exception", e);
- if (fallbackToPlainText) {
- log.info("Falling back to plaintext TCP for {}", clientName(clientKey));
- return doCreateClient(clientKey, false, false);
- }
- }
- if (!useTls && "Connection reset by peer".equals(cause.getMessage())) {
- // Not a great signal, but could indicate the server is expected a TLS connection
- log.warn("Failed to connect {} using plaintext TCP; " +
- "is the server using TLS?",
- clientName(clientKey));
- break;
- }
- }
- if (e instanceof StatusRuntimeException) {
- log.warn("Unable to connect {}: {}", clientName(clientKey), e.getMessage());
- log.debug("Connection exception", e);
- } else {
- log.error("Exception while connecting {}", clientName(clientKey), e);
- }
- return false;
- }
+
+ channel = grpcChannelController.connectChannel(channelId, channelBuilder);
+
final C client;
try {
diff --git a/tools/build/bazel/generate_workspace.bzl b/tools/build/bazel/generate_workspace.bzl
index 6ae7dd0..8d9f172 100644
--- a/tools/build/bazel/generate_workspace.bzl
+++ b/tools/build/bazel/generate_workspace.bzl
@@ -1,4 +1,4 @@
-# ***** This file was auto-generated at Tue, 18 Dec 2018 21:54:15 GMT. Do not edit this file manually. *****
+# ***** This file was auto-generated at Wed, 19 Dec 2018 17:57:55 GMT. Do not edit this file manually. *****
# ***** Use onos-lib-gen *****
load("//tools/build/bazel:variables.bzl", "ONOS_GROUP_ID", "ONOS_VERSION")
@@ -771,12 +771,6 @@
jar_sha256 = "84b00dd1cd25a99b88bd598577825b4be9ad592e2d78b08bd703e7e999fe3498",
licenses = ["notice"],
jar_urls = ["http://repo1.maven.org/maven2/io/netty/netty-handler-proxy/4.1.27.Final/netty-handler-proxy-4.1.27.Final.jar"], )
- if "io_netty_netty_tcnative_boringssl" not in native.existing_rules():
- java_import_external(
- name = "io_netty_netty_tcnative_boringssl",
- jar_sha256 = "3df756e569504137e90ff368c2fe09f1f953efeddb717d47ed391dfa6ba8b7e3",
- licenses = ["notice"],
- jar_urls = ["http://repo1.maven.org/maven2/io/netty/netty-tcnative-boringssl-static/2.0.12.Final/netty-tcnative-boringssl-static-2.0.12.Final.jar"], )
if "io_netty_netty_transport" not in native.existing_rules():
java_import_external(
name = "io_netty_netty_transport",
@@ -1525,7 +1519,6 @@
artifact_map["@io_netty_netty_common//:io_netty_netty_common"] = "mvn:io.netty:netty-common:jar:4.1.27.Final"
artifact_map["@io_netty_netty_handler//:io_netty_netty_handler"] = "mvn:io.netty:netty-handler:jar:4.1.27.Final"
artifact_map["@io_netty_netty_handler_proxy//:io_netty_netty_handler_proxy"] = "mvn:io.netty:netty-handler-proxy:jar:4.1.27.Final"
-artifact_map["@io_netty_netty_tcnative_boringssl//:io_netty_netty_tcnative_boringssl"] = "mvn:io.netty:netty-tcnative-boringssl-static:jar:2.0.12.Final"
artifact_map["@io_netty_netty_transport//:io_netty_netty_transport"] = "mvn:io.netty:netty-transport:jar:4.1.27.Final"
artifact_map["@io_netty_netty_transport_native_unix_common//:io_netty_netty_transport_native_unix_common"] = "mvn:io.netty:netty-transport-native-unix-common:jar:4.1.27.Final"
artifact_map["@io_netty_netty_transport_native_epoll//:io_netty_netty_transport_native_epoll"] = "mvn:io.netty:netty-transport-native-epoll:jar:4.1.27.Final"
diff --git a/tools/build/bazel/modules.bzl b/tools/build/bazel/modules.bzl
index bead8f2..1872d2b 100644
--- a/tools/build/bazel/modules.bzl
+++ b/tools/build/bazel/modules.bzl
@@ -299,7 +299,6 @@
]
FEATURES = [
- "//tools/package/features:onos-netty",
"//tools/package/features:onos-thirdparty-base",
"//tools/package/features:onos-thirdparty-web",
"//tools/package/features:onos-api",
diff --git a/tools/package/etc/org.apache.karaf.features.cfg b/tools/package/etc/org.apache.karaf.features.cfg
index 56eca2a..4b77351 100644
--- a/tools/package/etc/org.apache.karaf.features.cfg
+++ b/tools/package/etc/org.apache.karaf.features.cfg
@@ -30,24 +30,22 @@
#
# Comma separated list of features to install at startup
-# Groups of features within parens are brought up in parallel
-# Groups of features are brought up sequentially
-# Features without a paren group are assigned to an implicit paren group that ends when the next paren is found
#
featuresBoot = \
- (instance/4.2.1, \
- package/4.2.1, \
- log/4.2.1, \
- framework/4.2.1, \
- system/4.2.1, \
- eventadmin/4.2.1, \
- feature/4.2.1, \
- shell/4.2.1, \
- management/4.2.1, \
- service/4.2.1, \
- jaas/4.2.1, \
- deployer/4.2.1, \
- diagnostic/4.2.1), \
+ instance/4.2.1, \
+ package/4.2.1, \
+ log/4.2.1, \
+ ssh/4.2.1, \
+ framework/4.2.1, \
+ system/4.2.1, \
+ eventadmin/4.2.1, \
+ feature/4.2.1, \
+ shell/4.2.1, \
+ management/4.2.1, \
+ service/4.2.1, \
+ jaas/4.2.1, \
+ deployer/4.2.1, \
+ diagnostic/4.2.1, \
(wrap/2.5.4), \
(bundle/4.2.1, \
config/4.2.1, \
diff --git a/tools/package/features/BUILD b/tools/package/features/BUILD
index a0c9186..7d31d25 100644
--- a/tools/package/features/BUILD
+++ b/tools/package/features/BUILD
@@ -8,27 +8,6 @@
)
osgi_feature(
- name = "onos-netty",
- description = "ONOS Netty dependencies",
- included_bundles = [
- "@io_netty_netty//jar",
- "@io_netty_netty_common//jar",
- "@io_netty_netty_buffer//jar",
- "@io_netty_netty_handler//jar",
- "@io_netty_netty_tcnative_boringssl//jar",
- "@io_netty_netty_codec//jar",
- "@io_netty_netty_codec_http//jar",
- "@io_netty_netty_codec_http2//jar",
- "@io_netty_netty_transport//jar",
- "@io_netty_netty_transport_native_epoll//jar",
- "@io_netty_netty_transport_native_unix_common//jar",
- "@io_netty_netty_resolver//jar",
- ],
- required_features = [],
- visibility = ["//visibility:public"],
-)
-
-osgi_feature(
name = "onos-thirdparty-base",
description = "ONOS 3rd party dependencies",
included_bundles = ATOMIX + [
@@ -38,6 +17,15 @@
"@commons_codec//jar",
"@commons_configuration//jar",
"@com_google_guava_guava//jar",
+ "@io_netty_netty//jar",
+ "@io_netty_netty_common//jar",
+ "@io_netty_netty_buffer//jar",
+ "@io_netty_netty_transport//jar",
+ "@io_netty_netty_handler//jar",
+ "@io_netty_netty_codec//jar",
+ "@io_netty_netty_transport_native_epoll//jar",
+ "@io_netty_netty_transport_native_unix_common//jar",
+ "@io_netty_netty_resolver//jar",
"@commons_pool//jar",
"@commons_math3//jar",
"@joda_time//jar",
@@ -65,7 +53,7 @@
"@org_osgi_util_function//jar",
"@org_osgi_util_promise//jar",
],
- required_features = ["onos-netty"],
+ required_features = [],
visibility = ["//visibility:public"],
)
diff --git a/tools/test/bin/onos-check-logs b/tools/test/bin/onos-check-logs
index 86b199c..d668287 100755
--- a/tools/test/bin/onos-check-logs
+++ b/tools/test/bin/onos-check-logs
@@ -110,6 +110,7 @@
# Sanctioned exclusions for exceptions in third-party code; one pattern per exclusion
/at org\.apache\.felix\.scr\.impl\.ComponentRegistry\.getComponentHolders\(ComponentRegistry\.java:356\)/ { exclusion = 1; }
/at org\.apache\.karaf\.service\.guard\.impl\.GuardProxyCatalog.1.run\(GuardProxyCatalog\.java:253\)/ { exclusion = 1; }
+ /at org\.apache\.sshd\.server\.SshServer\.start/ { exclusion = 1; }
END { exit fail; }
' > $aux