DRILL-3725: Add HTTPS support for Drill web interface

apache · Sep 30, 2015 · e7e018a · e7e018a
1 parent cf4f745
commit e7e018a
Show file tree

Hide file tree

Showing 7 changed files with 276 additions and 60 deletions.
diff --git a/distribution/src/resources/drill-override-example.conf b/distribution/src/resources/drill-override-example.conf
@@ -82,6 +82,7 @@ drill.exec: {
   },
   http: {
     enabled: true,
+    ssl_enabled: false,
     port: 8047
   },
   functions: ["org.apache.drill.expr.fn.impl"],
@@ -159,3 +160,12 @@ drill.exec: {
   },
   debug.error_on_leak: true
 }
+
+# Below SSL parameters need to be set for custom transport layer settings.
+javax.net.ssl {
+  keyStore: "/keystore.file",
+  keyStorePassword: "ks_passwd",
+  trustStore: "/truststore.file",
+  trustStorePassword: "ts_passwd"
+}
+
diff --git a/exec/java-exec/pom.xml b/exec/java-exec/pom.xml
@@ -143,6 +143,10 @@
       <groupId>net.sf.jpam</groupId>
       <artifactId>jpam</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk15on</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.freemarker</groupId>
       <artifactId>freemarker</artifactId>

diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java b/exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java
@@ -80,6 +80,11 @@ public interface ExecConstants {
   public static final String TOP_LEVEL_MAX_ALLOC = "drill.exec.memory.top.max";
   public static final String HTTP_ENABLE = "drill.exec.http.enabled";
   public static final String HTTP_PORT = "drill.exec.http.port";
+  public static final String HTTP_ENABLE_SSL = "drill.exec.http.ssl_enabled";
+  public static final String HTTP_KEYSTORE_PATH = "javax.net.ssl.keyStore";
+  public static final String HTTP_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
+  public static final String HTTP_TRUSTSTORE_PATH = "javax.net.ssl.trustStore";
+  public static final String HTTP_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
   public static final String SYS_STORE_PROVIDER_CLASS = "drill.exec.sys.store.provider.class";
   public static final String SYS_STORE_PROVIDER_LOCAL_PATH = "drill.exec.sys.store.provider.local.path";
   public static final String SYS_STORE_PROVIDER_LOCAL_ENABLE_WRITE = "drill.exec.sys.store.provider.local.write";

diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/server/Drillbit.java b/exec/java-exec/src/main/java/org/apache/drill/exec/server/Drillbit.java
@@ -32,24 +32,15 @@
 import org.apache.drill.exec.server.options.OptionManager;
 import org.apache.drill.exec.server.options.OptionValue;
 import org.apache.drill.exec.server.options.OptionValue.OptionType;
-import org.apache.drill.exec.server.rest.DrillRestServer;
+import org.apache.drill.exec.server.rest.WebServer;
 import org.apache.drill.exec.service.ServiceEngine;
 import org.apache.drill.exec.store.sys.CachingStoreProvider;
 import org.apache.drill.exec.store.sys.PStoreProvider;
 import org.apache.drill.exec.store.sys.PStoreRegistry;
 import org.apache.drill.exec.store.sys.local.LocalPStoreProvider;
 import org.apache.drill.exec.work.WorkManager;
 import org.apache.zookeeper.Environment;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.handler.ErrorHandler;
-import org.eclipse.jetty.servlet.DefaultServlet;
-import org.eclipse.jetty.servlet.ServletContextHandler;
-import org.eclipse.jetty.servlet.ServletHolder;
-import org.eclipse.jetty.util.resource.Resource;
-import org.glassfish.jersey.servlet.ServletContainer;
-
-import com.codahale.metrics.servlets.MetricsServlet;
-import com.codahale.metrics.servlets.ThreadDumpServlet;
+
 import com.google.common.base.Stopwatch;
 
 /**
@@ -172,24 +163,19 @@ public static void main(final String[] cli) throws DrillbitStartupException {
   private final PStoreProvider storeProvider;
   private final WorkManager manager;
   private final BootStrapContext context;
-  private final Server embeddedJetty;
+  private final WebServer webServer;
   private RegistrationHandle registrationHandle;
 
   public Drillbit(final DrillConfig config, final RemoteServiceSet serviceSet) throws Exception {
     final Stopwatch w = new Stopwatch().start();
     logger.debug("Construction started.");
     final boolean allowPortHunting = serviceSet != null;
-    final boolean enableHttp = config.getBoolean(ExecConstants.HTTP_ENABLE);
     context = new BootStrapContext(config);
     manager = new WorkManager(context);
     engine = new ServiceEngine(manager.getControlMessageHandler(), manager.getUserWorker(), context,
         manager.getWorkBus(), manager.getDataHandler(), allowPortHunting);
 
-    if (enableHttp) {
-      embeddedJetty = new Server(config.getInt(ExecConstants.HTTP_PORT));
-    } else {
-      embeddedJetty = null;
-    }
+    webServer = new WebServer(config, context.getMetrics(), manager);
 
     if (serviceSet != null) {
       coord = serviceSet.getCoordinator();
@@ -201,39 +187,6 @@ public Drillbit(final DrillConfig config, final RemoteServiceSet serviceSet) thr
     logger.info("Construction completed ({} ms).", w.elapsed(TimeUnit.MILLISECONDS));
   }
 
-  private void startJetty() throws Exception {
-    if (embeddedJetty == null) {
-      return;
-    }
-
-    final ErrorHandler errorHandler = new ErrorHandler();
-    errorHandler.setShowStacks(true);
-    errorHandler.setShowMessageInTitle(true);
-
-    final ServletContextHandler servletContextHandler =
-        new ServletContextHandler(ServletContextHandler.NO_SESSIONS);
-    servletContextHandler.setErrorHandler(errorHandler);
-    servletContextHandler.setContextPath("/");
-    embeddedJetty.setHandler(servletContextHandler);
-
-    final ServletHolder servletHolder = new ServletHolder(new ServletContainer(new DrillRestServer(manager)));
-//    servletHolder.setInitParameter(ServerProperties.PROVIDER_PACKAGES, "org.apache.drill.exec.server");
-    servletHolder.setInitOrder(1);
-    servletContextHandler.addServlet(servletHolder, "/*");
-
-    servletContextHandler.addServlet(
-        new ServletHolder(new MetricsServlet(context.getMetrics())), "/status/metrics");
-    servletContextHandler.addServlet(new ServletHolder(new ThreadDumpServlet()), "/status/threads");
-
-    final ServletHolder staticHolder = new ServletHolder("static", DefaultServlet.class);
-    staticHolder.setInitParameter("resourceBase", Resource.newClassPathResource("/rest/static").toString());
-    staticHolder.setInitParameter("dirAllowed","false");
-    staticHolder.setInitParameter("pathInfoOnly","true");
-    servletContextHandler.addServlet(staticHolder,"/static/*");
-
-    embeddedJetty.start();
-  }
-
   public void run() throws Exception {
     final Stopwatch w = new Stopwatch().start();
     logger.debug("Startup begun.");
@@ -246,7 +199,7 @@ public void run() throws Exception {
     drillbitContext.getOptionManager().init();
     javaPropertiesToSystemOptions();
     registrationHandle = coord.register(md);
-    startJetty();
+    webServer.start();
 
     Runtime.getRuntime().addShutdownHook(new ShutdownThread(this, new StackTrace()));
     logger.info("Startup completed ({} ms).", w.elapsed(TimeUnit.MILLISECONDS));
@@ -278,15 +231,8 @@ public synchronized void close() {
       Thread.currentThread().interrupt();
     }
 
-    if (embeddedJetty != null) {
-      try {
-        embeddedJetty.stop();
-      } catch (final Exception e) {
-        logger.warn("Failure while shutting down embedded jetty server.");
-      }
-    }
-
     // TODO these should use a DeferredException
+    AutoCloseables.close(webServer, logger);
     AutoCloseables.close(engine, logger);
     AutoCloseables.close(storeProvider, logger);
     AutoCloseables.close(coord, logger);