-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DSIP-76] Support ssl in netty #16673
base: dev
Are you sure you want to change the base?
Changes from 78 commits
4ab065a
9d0515b
7c5b8c2
71a167a
60fc3ee
d3dc34f
18ab0df
8252269
006581a
46e9db3
32d0edb
0333f83
332fdfd
289dd80
a23a59c
be8df43
a4ed1d0
a9638b4
60ed520
7a0e835
3bc797e
190546b
9607b2d
932d5ea
5fb575a
3e29c45
e01ee10
6355226
829a29d
9307642
5a1b13d
5890d8a
d79514e
614d584
452f51c
edbe7aa
e9038fd
526d82b
6b4c53c
852f155
80cc92d
c24b79c
37797c6
c85215b
d53d050
734038c
5d836e9
e403cb0
d642c1f
4feeb56
35d256c
ba980d4
1354ab6
35ecb71
88f8512
f91ab40
7839def
d0ca502
865a4f5
136f298
a3b0d07
fb39e08
fbfb5b9
cd5055c
e6806a3
0ccc213
d6797c9
5b5046d
ac36bc2
800ee93
13ef350
21a8025
2b08d2f
8dcbf9f
d1bbd7e
7d798bb
c1c4386
c9e4352
876a4a4
5961df6
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -200,4 +200,4 @@ jobs: | |
if [[ ${{ needs.e2e.result }} != 'success' ]]; then | ||
echo "E2E Failed!" | ||
exit -1 | ||
fi | ||
fi | ||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,6 +8,53 @@ If you are a new hand and want to experience DolphinScheduler functions, we reco | |
|
||
Cluster deployment uses the same scripts and configuration files as [pseudo-cluster deployment](pseudo-cluster.md), so the preparation and deployment steps are the same as pseudo-cluster deployment. The difference is that pseudo-cluster deployment is for one machine, while cluster deployment (Cluster) is for multiple machines. And steps of "Modify Configuration" are quite different between pseudo-cluster deployment and cluster deployment. | ||
|
||
## Enable SSL (optional) | ||
|
||
In cluster deployment, you can enable SSL for secure internal communication. The DolphinScheduler cluster can be configured to use secured communication with internal authentication of the nodes in the cluster. | ||
To enable SLL authentication, you have two things to do. Firstly, you need to generate `cert.crt` and `private.pem` files. | ||
|
||
Step 1: Generate private key (private.pem) | ||
|
||
Open the terminal and run the following command to generate a private key: | ||
|
||
```bash | ||
openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048 | ||
``` | ||
|
||
This command will generate a 2048 bit RSA private key and save it as a private.pem file. | ||
|
||
Step 2: Generate Certificate Signing Request (CSR) | ||
|
||
Before generating a certificate, you need to generate a Certificate Signing Request (CSR). Run the following command: | ||
|
||
```bash | ||
openssl req -new -key private.pem -out request.csr | ||
``` | ||
|
||
This command will prompt you to enter some information, such as country, state/province, organization name, etc. The information you input will be embedded into the generated certificate. | ||
|
||
Step 3: Generate a self signed certificate (cert.crt) | ||
|
||
Use CSR to generate self signed certificates. Run the following command: | ||
|
||
```bash | ||
openssl x509 -req -days 365 -in request.csr -signkey private.pem -out cert.crt | ||
``` | ||
|
||
Comment on lines
+14
to
+43
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We don't need to address how to generate |
||
This command will generate a self signed certificate with a validity period of 365 days and save it as a cert.crt file. | ||
|
||
Then modify the `application.yaml` file in the `dolphinscheduler-master`, `dolphinscheduler-worker`, `dolphinscheduler-api` and `dolphinscheduler-alert-server` modules. | ||
|
||
```yaml | ||
rpc: | ||
ssl: | ||
enabled: true | ||
cert-file-path: /path/cert.crt | ||
key-file-path: /path/private.pem | ||
``` | ||
|
||
You need to change `enabled` to `true` and configure the file routing for `cert-file-path` and `key-file-path`. | ||
|
||
### Prerequisites and DolphinScheduler Startup Environment Preparations | ||
|
||
Distribute the installation package to each server of each cluster and perform all the steps in [pseudo-cluster deployment](pseudo-cluster.md) on each machine. | ||
|
Original file line number | Diff line number | Diff line change | ||||||
---|---|---|---|---|---|---|---|---|
|
@@ -25,6 +25,7 @@ | |||||||
import org.apache.dolphinscheduler.common.thread.DefaultUncaughtExceptionHandler; | ||||||||
import org.apache.dolphinscheduler.common.thread.ThreadUtils; | ||||||||
import org.apache.dolphinscheduler.dao.DaoConfiguration; | ||||||||
import org.apache.dolphinscheduler.extract.base.config.NettySslConfig; | ||||||||
import org.apache.dolphinscheduler.registry.api.RegistryConfiguration; | ||||||||
|
||||||||
import javax.annotation.PostConstruct; | ||||||||
|
@@ -40,7 +41,8 @@ | |||||||
@Slf4j | ||||||||
@Import({CommonConfiguration.class, | ||||||||
DaoConfiguration.class, | ||||||||
RegistryConfiguration.class}) | ||||||||
RegistryConfiguration.class, | ||||||||
NettySslConfig.class}) | ||||||||
Comment on lines
+44
to
+45
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why mark these resolved? |
||||||||
@SpringBootApplication | ||||||||
public class AlertServer { | ||||||||
|
||||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one or more | ||
* contributor license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright ownership. | ||
* The ASF licenses this file to You under the Apache License, Version 2.0 | ||
* (the "License"); you may not use this file except in compliance with | ||
* the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.apache.dolphinscheduler.e2e.cases.cluster; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
|
||
import org.apache.dolphinscheduler.e2e.cases.workflow.BaseWorkflowE2ETest; | ||
import org.apache.dolphinscheduler.e2e.core.DolphinScheduler; | ||
import org.apache.dolphinscheduler.e2e.core.WebDriverHolder; | ||
import org.apache.dolphinscheduler.e2e.pages.LoginPage; | ||
import org.apache.dolphinscheduler.e2e.pages.project.ProjectPage; | ||
import org.apache.dolphinscheduler.e2e.pages.project.workflow.TaskInstanceTab; | ||
import org.apache.dolphinscheduler.e2e.pages.project.workflow.WorkflowDefinitionTab; | ||
import org.apache.dolphinscheduler.e2e.pages.project.workflow.WorkflowForm; | ||
import org.apache.dolphinscheduler.e2e.pages.project.workflow.WorkflowInstanceTab; | ||
import org.apache.dolphinscheduler.e2e.pages.project.workflow.task.ShellTaskForm; | ||
import org.apache.dolphinscheduler.e2e.pages.security.SecurityPage; | ||
import org.apache.dolphinscheduler.e2e.pages.security.TenantPage; | ||
import org.apache.dolphinscheduler.e2e.pages.security.UserPage; | ||
|
||
import org.junit.jupiter.api.BeforeAll; | ||
import org.junit.jupiter.api.MethodOrderer; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.TestMethodOrder; | ||
import org.junitpioneer.jupiter.DisableIfTestFails; | ||
|
||
@TestMethodOrder(MethodOrderer.MethodName.class) | ||
@DolphinScheduler(composeFiles = "docker/cluster-test/docker-compose.yaml") | ||
@DisableIfTestFails | ||
public class ClusterShellTaskE2ETest extends BaseWorkflowE2ETest { | ||
|
||
@BeforeAll | ||
public static void setup() { | ||
browser = WebDriverHolder.getWebDriver(); | ||
|
||
TenantPage tenantPage = new LoginPage(browser) | ||
.login(adminUser) | ||
.goToNav(SecurityPage.class) | ||
.goToTab(TenantPage.class); | ||
|
||
if (tenantPage.tenants().stream().noneMatch(tenant -> tenant.tenantCode().equals(adminUser.getTenant()))) { | ||
tenantPage | ||
.create(adminUser.getTenant()) | ||
.goToNav(SecurityPage.class) | ||
.goToTab(UserPage.class) | ||
.update(adminUser); | ||
} | ||
|
||
tenantPage | ||
.goToNav(ProjectPage.class) | ||
.createProjectUntilSuccess(projectName); | ||
} | ||
|
||
@Test | ||
void testRunShellTasks_SuccessCase() { | ||
WorkflowDefinitionTab workflowDefinitionPage = | ||
new ProjectPage(browser) | ||
.goToNav(ProjectPage.class) | ||
.goTo(projectName) | ||
.goToTab(WorkflowDefinitionTab.class); | ||
|
||
// todo: use yaml to define the workflow | ||
String workflowName = "SslSuccessCase"; | ||
String taskName = "SslShellSuccess"; | ||
workflowDefinitionPage | ||
.createWorkflow() | ||
.<ShellTaskForm>addTask(WorkflowForm.TaskType.SHELL) | ||
.script("echo hello world\n") | ||
.name(taskName) | ||
.submit() | ||
|
||
.submit() | ||
.name(workflowName) | ||
.submit(); | ||
|
||
untilWorkflowDefinitionExist(workflowName); | ||
|
||
workflowDefinitionPage.publish(workflowName); | ||
|
||
runWorkflow(workflowName); | ||
untilWorkflowInstanceExist(workflowName); | ||
WorkflowInstanceTab.Row workflowInstance = untilWorkflowInstanceSuccess(workflowName); | ||
assertThat(workflowInstance.executionTime()).isEqualTo(1); | ||
|
||
TaskInstanceTab.Row taskInstance = untilTaskInstanceSuccess(workflowName, taskName); | ||
assertThat(taskInstance.retryTimes()).isEqualTo(0); | ||
} | ||
|
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# | ||
# Licensed to the Apache Software Foundation (ASF) under one or more | ||
# contributor license agreements. See the NOTICE file distributed with | ||
# this work for additional information regarding copyright ownership. | ||
# The ASF licenses this file to You under the Apache License, Version 2.0 | ||
# (the "License"); you may not use this file except in compliance with | ||
# the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
|
||
FROM eclipse-temurin:8-jdk | ||
|
||
ENV DOCKER=true | ||
ENV TZ=Asia/Shanghai | ||
ENV DOLPHINSCHEDULER_HOME=/opt/dolphinscheduler | ||
|
||
RUN apt update ; \ | ||
apt install -y sudo ; \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
WORKDIR $DOLPHINSCHEDULER_HOME | ||
|
||
COPY /tmp/apache-dolphinscheduler-*-bin.tar.gz $DOLPHINSCHEDULER_HOME | ||
RUN tar -zxvf apache-dolphinscheduler-*-bin.tar.gz ; \ | ||
rm -rf apache-dolphinscheduler-*-bin.tar.gz ; \ | ||
mv apache-dolphinscheduler-*-bin/* . ; \ | ||
rm -rf apache-dolphinscheduler-*-bin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please revert these unrelated changes, this can help the reviewer have a better review.