2 * Copyright (c) 2014, 2015 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.lib.impl;
11 import com.fasterxml.jackson.annotation.JsonInclude.Include;
12 import com.fasterxml.jackson.databind.DeserializationFeature;
13 import com.fasterxml.jackson.databind.ObjectMapper;
14 import com.google.common.collect.Sets;
15 import com.google.common.util.concurrent.FutureCallback;
16 import com.google.common.util.concurrent.Futures;
17 import com.google.common.util.concurrent.ListenableFuture;
18 import com.google.common.util.concurrent.ThreadFactoryBuilder;
19 import io.netty.bootstrap.Bootstrap;
20 import io.netty.bootstrap.ServerBootstrap;
21 import io.netty.channel.AdaptiveRecvByteBufAllocator;
22 import io.netty.channel.Channel;
23 import io.netty.channel.ChannelFuture;
24 import io.netty.channel.ChannelInitializer;
25 import io.netty.channel.ChannelOption;
26 import io.netty.channel.EventLoopGroup;
27 import io.netty.channel.nio.NioEventLoopGroup;
28 import io.netty.channel.socket.SocketChannel;
29 import io.netty.channel.socket.nio.NioServerSocketChannel;
30 import io.netty.channel.socket.nio.NioSocketChannel;
31 import io.netty.handler.codec.string.StringEncoder;
32 import io.netty.handler.logging.LogLevel;
33 import io.netty.handler.logging.LoggingHandler;
34 import io.netty.handler.ssl.SslHandler;
35 import io.netty.handler.timeout.IdleStateHandler;
36 import io.netty.handler.timeout.ReadTimeoutHandler;
37 import io.netty.util.CharsetUtil;
38 import java.net.InetAddress;
39 import java.util.ArrayList;
40 import java.util.Arrays;
41 import java.util.Collection;
42 import java.util.List;
45 import java.util.concurrent.ConcurrentHashMap;
46 import java.util.concurrent.ExecutorService;
47 import java.util.concurrent.Executors;
48 import java.util.concurrent.ScheduledExecutorService;
49 import java.util.concurrent.ThreadFactory;
50 import java.util.concurrent.TimeUnit;
51 import javax.annotation.Nullable;
52 import javax.net.ssl.SSLContext;
53 import javax.net.ssl.SSLEngine;
54 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
55 import javax.net.ssl.SSLPeerUnverifiedException;
56 import org.opendaylight.aaa.cert.api.ICertificateManager;
57 import org.opendaylight.ovsdb.lib.OvsdbClient;
58 import org.opendaylight.ovsdb.lib.OvsdbConnection;
59 import org.opendaylight.ovsdb.lib.OvsdbConnectionInfo.ConnectionType;
60 import org.opendaylight.ovsdb.lib.OvsdbConnectionInfo.SocketConnectionType;
61 import org.opendaylight.ovsdb.lib.OvsdbConnectionListener;
62 import org.opendaylight.ovsdb.lib.jsonrpc.ExceptionHandler;
63 import org.opendaylight.ovsdb.lib.jsonrpc.JsonRpcDecoder;
64 import org.opendaylight.ovsdb.lib.jsonrpc.JsonRpcEndpoint;
65 import org.opendaylight.ovsdb.lib.jsonrpc.JsonRpcServiceBinderHandler;
66 import org.opendaylight.ovsdb.lib.message.OvsdbRPC;
67 import org.slf4j.Logger;
68 import org.slf4j.LoggerFactory;
71 * OvsDBConnectionService provides OVSDB connection management functionality which includes
72 * both Active and Passive connections.
73 * From the Library perspective, Active OVSDB connections are those that are initiated from
74 * the Controller towards the ovsdb-manager.
75 * While Passive OVSDB connections are those that are initiated from the ovs towards
78 * <p>Applications that use OvsDBConnectionService can use the OvsDBConnection class' connect APIs
79 * to initiate Active connections and can listen to the asynchronous Passive connections via
80 * registerConnectionListener listener API.
82 * <p>The library is designed as Java modular component that can work in both OSGi and non-OSGi
83 * environment. Hence a single instance of the service will be active (via Service Registry in OSGi)
84 * and a Singleton object in a non-OSGi environment.
86 public class OvsdbConnectionService implements AutoCloseable, OvsdbConnection {
87 private static final Logger LOG = LoggerFactory.getLogger(OvsdbConnectionService.class);
89 private static ThreadFactory passiveConnectionThreadFactory = new ThreadFactoryBuilder()
90 .setNameFormat("OVSDBPassiveConnServ-%d").build();
91 private static ScheduledExecutorService executorService
92 = Executors.newScheduledThreadPool(10, passiveConnectionThreadFactory);
94 private static ThreadFactory connectionNotifierThreadFactory = new ThreadFactoryBuilder()
95 .setNameFormat("OVSDBConnNotifSer-%d").build();
96 private static ExecutorService connectionNotifierService
97 = Executors.newCachedThreadPool(connectionNotifierThreadFactory);
99 private static Set<OvsdbConnectionListener> connectionListeners = Sets.newHashSet();
100 private static Map<OvsdbClient, Channel> connections = new ConcurrentHashMap<>();
101 private static OvsdbConnection connectionService;
102 private static volatile boolean singletonCreated = false;
103 private static final int IDLE_READER_TIMEOUT = 30;
104 private static final int READ_TIMEOUT = 180;
105 private static final String OVSDB_RPC_TASK_TIMEOUT_PARAM = "ovsdb-rpc-task-timeout";
106 private static final String USE_SSL = "use-ssl";
107 private static boolean useSSL = false;
108 private static ICertificateManager certManagerSrv = null;
110 private static final StalePassiveConnectionService STALE_PASSIVE_CONNECTION_SERVICE =
111 new StalePassiveConnectionService(executorService);
113 private static int retryPeriod = 100; // retry after 100 milliseconds
116 public static OvsdbConnection getService() {
117 if (connectionService == null) {
118 connectionService = new OvsdbConnectionService();
120 return connectionService;
124 * If the SSL flag is enabled, the method internally will establish TLS communication using the default
125 * ODL certificateManager SSLContext and attributes.
128 public OvsdbClient connect(final InetAddress address, final int port) {
130 if (certManagerSrv == null) {
131 LOG.error("Certificate Manager service is not available cannot establish the SSL communication.");
134 return connectWithSsl(address, port, certManagerSrv.getServerContext());
136 return connectWithSsl(address, port, null /* SslContext */);
141 public OvsdbClient connectWithSsl(final InetAddress address, final int port,
142 final SSLContext sslContext) {
144 Bootstrap bootstrap = new Bootstrap();
145 bootstrap.group(new NioEventLoopGroup());
146 bootstrap.channel(NioSocketChannel.class);
147 bootstrap.option(ChannelOption.TCP_NODELAY, true);
148 bootstrap.option(ChannelOption.RCVBUF_ALLOCATOR, new AdaptiveRecvByteBufAllocator(65535, 65535, 65535));
150 bootstrap.handler(new ChannelInitializer<SocketChannel>() {
152 public void initChannel(SocketChannel channel) throws Exception {
153 if (sslContext != null) {
154 /* First add ssl handler if ssl context is given */
156 sslContext.createSSLEngine(address.toString(), port);
157 engine.setUseClientMode(true);
158 channel.pipeline().addLast("ssl", new SslHandler(engine));
160 channel.pipeline().addLast(
161 //new LoggingHandler(LogLevel.INFO),
162 new JsonRpcDecoder(100000),
163 new StringEncoder(CharsetUtil.UTF_8),
164 new IdleStateHandler(IDLE_READER_TIMEOUT, 0, 0),
165 new ReadTimeoutHandler(READ_TIMEOUT),
166 new ExceptionHandler());
170 ChannelFuture future = bootstrap.connect(address, port).sync();
171 Channel channel = future.channel();
172 return getChannelClient(channel, ConnectionType.ACTIVE, SocketConnectionType.SSL);
173 } catch (InterruptedException e) {
174 LOG.warn("Failed to connect {}:{}", address, port, e);
180 public void disconnect(OvsdbClient client) {
181 if (client == null) {
184 Channel channel = connections.get(client);
185 if (channel != null) {
186 channel.disconnect();
188 connections.remove(client);
192 public void registerConnectionListener(OvsdbConnectionListener listener) {
193 LOG.info("registerConnectionListener: registering {}", listener.getClass().getSimpleName());
194 connectionListeners.add(listener);
195 notifyAlreadyExistingConnectionsToListener(listener);
198 private void notifyAlreadyExistingConnectionsToListener(final OvsdbConnectionListener listener) {
199 for (final OvsdbClient client : getConnections()) {
200 connectionNotifierService.submit(new Runnable() {
203 LOG.trace("Connection {} notified to listener {}", client.getConnectionInfo(), listener);
204 listener.connected(client);
211 public void unregisterConnectionListener(OvsdbConnectionListener listener) {
212 connectionListeners.remove(listener);
215 private static OvsdbClient getChannelClient(Channel channel, ConnectionType type,
216 SocketConnectionType socketConnType) {
217 ObjectMapper objectMapper = new ObjectMapper();
218 objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
219 objectMapper.setSerializationInclusion(Include.NON_NULL);
221 JsonRpcEndpoint factory = new JsonRpcEndpoint(objectMapper, channel);
222 JsonRpcServiceBinderHandler binderHandler = new JsonRpcServiceBinderHandler(factory);
223 binderHandler.setContext(channel);
224 channel.pipeline().addLast(binderHandler);
226 OvsdbRPC rpc = factory.getClient(channel, OvsdbRPC.class);
227 OvsdbClientImpl client = new OvsdbClientImpl(rpc, channel, type, socketConnType);
228 client.setConnectionPublished(true);
229 connections.put(client, channel);
230 ChannelFuture closeFuture = channel.closeFuture();
231 closeFuture.addListener(new ChannelConnectionHandler(client));
236 * Method that initiates the Passive OVSDB channel listening functionality.
237 * By default the ovsdb passive connection will listen in port 6640 which can
238 * be overridden using the ovsdb.listenPort system property.
241 public synchronized boolean startOvsdbManager(final int ovsdbListenPort) {
242 if (!singletonCreated) {
243 LOG.info("startOvsdbManager: Starting");
247 ovsdbManager(ovsdbListenPort);
250 singletonCreated = true;
258 * Method that initiates the Passive OVSDB channel listening functionality
259 * with ssl.By default the ovsdb passive connection will listen in port
260 * 6640 which can be overridden using the ovsdb.listenPort system property.
263 public synchronized boolean startOvsdbManagerWithSsl(final int ovsdbListenPort,
264 final SSLContext sslContext, String[] protocols, String[] cipherSuites) {
265 if (!singletonCreated) {
269 ovsdbManagerWithSsl(ovsdbListenPort, sslContext, protocols, cipherSuites);
272 singletonCreated = true;
280 * OVSDB Passive listening thread that uses Netty ServerBootstrap to open
281 * passive connection handle channel callbacks.
282 * If the SSL flag is enabled, the method internally will establish TLS communication using the default
283 * ODL certificateManager SSLContext and attributes.
285 private static void ovsdbManager(int port) {
287 if (certManagerSrv == null) {
288 LOG.error("Certificate Manager service is not available cannot establish the SSL communication.");
291 ovsdbManagerWithSsl(port, certManagerSrv.getServerContext(), certManagerSrv.getTlsProtocols(),
292 certManagerSrv.getCipherSuites());
294 ovsdbManagerWithSsl(port, null /* SslContext */, null, null);
299 * OVSDB Passive listening thread that uses Netty ServerBootstrap to open
300 * passive connection with Ssl and handle channel callbacks.
302 private static void ovsdbManagerWithSsl(int port, final SSLContext sslContext, final String[] protocols,
303 final String[] cipherSuites) {
304 EventLoopGroup bossGroup = new NioEventLoopGroup();
305 EventLoopGroup workerGroup = new NioEventLoopGroup();
307 ServerBootstrap serverBootstrap = new ServerBootstrap();
308 serverBootstrap.group(bossGroup, workerGroup)
309 .channel(NioServerSocketChannel.class)
310 .option(ChannelOption.SO_BACKLOG, 100)
311 .handler(new LoggingHandler(LogLevel.INFO))
312 .childHandler(new ChannelInitializer<SocketChannel>() {
314 public void initChannel(SocketChannel channel) throws Exception {
315 LOG.debug("New Passive channel created : {}", channel);
316 if (sslContext != null) {
317 /* Add SSL handler first if SSL context is provided */
318 SSLEngine engine = sslContext.createSSLEngine();
319 engine.setUseClientMode(false); // work in a server mode
320 engine.setNeedClientAuth(true); // need client authentication
321 if (protocols != null && protocols.length > 0) {
322 //Set supported protocols
323 engine.setEnabledProtocols(protocols);
324 LOG.debug("Supported ssl protocols {}",
325 Arrays.toString(engine.getSupportedProtocols()));
326 LOG.debug("Enabled ssl protocols {}",
327 Arrays.toString(engine.getEnabledProtocols()));
329 if (cipherSuites != null && cipherSuites.length > 0) {
330 //Set supported cipher suites
331 engine.setEnabledCipherSuites(cipherSuites);
332 LOG.debug("Enabled cipher suites {}",
333 Arrays.toString(engine.getEnabledCipherSuites()));
335 channel.pipeline().addLast("ssl", new SslHandler(engine));
338 channel.pipeline().addLast(
339 new JsonRpcDecoder(100000),
340 new StringEncoder(CharsetUtil.UTF_8),
341 new IdleStateHandler(IDLE_READER_TIMEOUT, 0, 0),
342 new ReadTimeoutHandler(READ_TIMEOUT),
343 new ExceptionHandler());
345 handleNewPassiveConnection(channel);
348 serverBootstrap.option(ChannelOption.TCP_NODELAY, true);
349 serverBootstrap.option(ChannelOption.RCVBUF_ALLOCATOR,
350 new AdaptiveRecvByteBufAllocator(65535, 65535, 65535));
352 ChannelFuture channelFuture = serverBootstrap.bind(port).sync();
353 Channel serverListenChannel = channelFuture.channel();
354 // Wait until the server socket is closed.
355 serverListenChannel.closeFuture().sync();
356 } catch (InterruptedException e) {
357 LOG.error("Thread interrupted", e);
359 // Shut down all event loops to terminate all threads.
360 bossGroup.shutdownGracefully();
361 workerGroup.shutdownGracefully();
365 private static void handleNewPassiveConnection(OvsdbClient client) {
366 ListenableFuture<List<String>> echoFuture = client.echo();
367 LOG.debug("Send echo message to probe the OVSDB switch {}",client.getConnectionInfo());
368 Futures.addCallback(echoFuture, new FutureCallback<List<String>>() {
370 public void onSuccess(@Nullable List<String> result) {
371 LOG.debug("Probe was successful to OVSDB switch {}",client.getConnectionInfo());
372 List<OvsdbClient> clientsFromSameNode = getPassiveClientsFromSameNode(client);
373 if (clientsFromSameNode.size() == 0) {
374 notifyListenerForPassiveConnection(client);
376 STALE_PASSIVE_CONNECTION_SERVICE.handleNewPassiveConnection(client, clientsFromSameNode);
381 public void onFailure(Throwable failureException) {
382 LOG.error("Probe failed to OVSDB switch. Disconnecting the channel {}", client.getConnectionInfo());
385 }, connectionNotifierService);
388 private static void handleNewPassiveConnection(final Channel channel) {
389 if (!channel.isOpen()) {
390 LOG.warn("Channel {} is not open, skipped further processing of the connection.",channel);
393 SslHandler sslHandler = (SslHandler) channel.pipeline().get("ssl");
394 if (sslHandler != null) {
395 class HandleNewPassiveSslRunner implements Runnable {
396 public SslHandler sslHandler;
397 public final Channel channel;
398 private int retryTimes;
400 HandleNewPassiveSslRunner(Channel channel, SslHandler sslHandler) {
401 this.channel = channel;
402 this.sslHandler = sslHandler;
408 HandshakeStatus status = sslHandler.engine().getHandshakeStatus();
409 LOG.debug("Handshake status {}", status);
412 case NOT_HANDSHAKING:
413 if (sslHandler.engine().getSession().getCipherSuite()
414 .equals("SSL_NULL_WITH_NULL_NULL")) {
415 // Not begin handshake yet. Retry later.
416 LOG.debug("handshake not begin yet {}", status);
417 executorService.schedule(this, retryPeriod, TimeUnit.MILLISECONDS);
419 //Check if peer is trusted before notifying listeners
421 sslHandler.engine().getSession().getPeerCertificates();
422 //Handshake done. Notify listener.
423 OvsdbClient client = getChannelClient(channel, ConnectionType.PASSIVE,
424 SocketConnectionType.SSL);
425 handleNewPassiveConnection(client);
426 } catch (SSLPeerUnverifiedException e) {
427 //Trust manager is still checking peer certificate. Retry later
428 LOG.debug("Peer certifiacte is not verified yet {}", status);
429 executorService.schedule(this, retryPeriod, TimeUnit.MILLISECONDS);
436 //Handshake still ongoing. Retry later.
437 LOG.debug("handshake not done yet {}", status);
438 executorService.schedule(this, retryPeriod, TimeUnit.MILLISECONDS);
442 if (sslHandler.engine().getSession().getCipherSuite()
443 .equals("SSL_NULL_WITH_NULL_NULL")) {
444 /* peer not authenticated. No need to notify listener in this case. */
445 LOG.error("Ssl handshake fail. channel {}", channel);
448 * peer is authenticated. Give some time to wait for completion.
449 * If status is still NEED_WRAP, client might already disconnect.
450 * This happens when the first time client connects to controller in two-way handshake.
451 * After obtaining controller certificate, client will disconnect and start
452 * new connection with controller certificate it obtained.
453 * In this case no need to do anything for the first connection attempt. Just skip
454 * since client will reconnect later.
456 LOG.debug("handshake not done yet {}", status);
457 if (retryTimes > 0) {
458 executorService.schedule(this, retryPeriod, TimeUnit.MILLISECONDS);
460 LOG.debug("channel closed {}", channel);
467 LOG.error("unknown hadshake status {}", status);
472 executorService.schedule(new HandleNewPassiveSslRunner(channel, sslHandler),
473 retryPeriod, TimeUnit.MILLISECONDS);
475 executorService.execute(new Runnable() {
478 OvsdbClient client = getChannelClient(channel, ConnectionType.PASSIVE,
479 SocketConnectionType.NON_SSL);
480 handleNewPassiveConnection(client);
486 public static void channelClosed(final OvsdbClient client) {
487 LOG.info("Connection closed {}", client.getConnectionInfo().toString());
488 connections.remove(client);
489 if (client.isConnectionPublished()) {
490 for (OvsdbConnectionListener listener : connectionListeners) {
491 listener.disconnected(client);
494 STALE_PASSIVE_CONNECTION_SERVICE.clientDisconnected(client);
498 public Collection<OvsdbClient> getConnections() {
499 return connections.keySet();
503 public void close() throws Exception {
504 LOG.info("OvsdbConnectionService closed");
505 JsonRpcEndpoint.close();
509 public OvsdbClient getClient(Channel channel) {
510 for (OvsdbClient client : connections.keySet()) {
511 Channel ctx = connections.get(client);
512 if (ctx.equals(channel)) {
519 private static List<OvsdbClient> getPassiveClientsFromSameNode(OvsdbClient ovsdbClient) {
520 List<OvsdbClient> passiveClients = new ArrayList<>();
521 for (OvsdbClient client : connections.keySet()) {
522 if (!client.equals(ovsdbClient)
523 && client.getConnectionInfo().getRemoteAddress()
524 .equals(ovsdbClient.getConnectionInfo().getRemoteAddress())
525 && client.getConnectionInfo().getType() == ConnectionType.PASSIVE) {
526 passiveClients.add(client);
529 return passiveClients;
532 public static void notifyListenerForPassiveConnection(final OvsdbClient client) {
533 client.setConnectionPublished(true);
534 for (final OvsdbConnectionListener listener : connectionListeners) {
535 connectionNotifierService.submit(new Runnable() {
538 LOG.trace("Connection {} notified to listener {}", client.getConnectionInfo(), listener);
539 listener.connected(client);
545 public void setOvsdbRpcTaskTimeout(int timeout) {
546 JsonRpcEndpoint.setReaperInterval(timeout);
552 * @param flag boolean for using ssl
554 public void setUseSsl(boolean flag) {
559 * Set default Certificate manager service.
561 * @param certificateManagerSrv reference
563 public void setCertificatManager(ICertificateManager certificateManagerSrv) {
564 certManagerSrv = certificateManagerSrv;
567 public void updateConfigParameter(Map<String, Object> configParameters) {
568 LOG.debug("Config parameters received : {}", configParameters.entrySet());
569 if (configParameters != null && !configParameters.isEmpty()) {
570 for (Map.Entry<String, Object> paramEntry : configParameters.entrySet()) {
571 if (paramEntry.getKey().equalsIgnoreCase(OVSDB_RPC_TASK_TIMEOUT_PARAM)) {
572 setOvsdbRpcTaskTimeout(Integer.parseInt((String)paramEntry.getValue()));
573 } else if (paramEntry.getKey().equalsIgnoreCase(USE_SSL)) {
574 useSSL = Boolean.parseBoolean(paramEntry.getValue().toString());