ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From swa...@apache.org
Subject ambari git commit: AMBARI-18827. Allow acceptor / seclector configuration for API and agent connectors. (swagle)
Date Mon, 14 Nov 2016 18:33:15 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 95233eb3a -> 4d7d3cdc6


AMBARI-18827. Allow acceptor / seclector configuration for API and agent connectors. (swagle)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4d7d3cdc
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4d7d3cdc
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4d7d3cdc

Branch: refs/heads/trunk
Commit: 4d7d3cdc6380db63bf9b1b221f548cd4470e2a51
Parents: 95233eb
Author: Siddharth Wagle <swagle@hortonworks.com>
Authored: Mon Nov 14 10:33:10 2016 -0800
Committer: Siddharth Wagle <swagle@hortonworks.com>
Committed: Mon Nov 14 10:33:10 2016 -0800

----------------------------------------------------------------------
 ambari-server/docs/configuration/index.md       |  35 +--
 .../server/configuration/Configuration.java     | 115 ++++++----
 .../ambari/server/controller/AmbariServer.java  | 219 ++++++++++---------
 .../security/unsecured/rest/ConnectionInfo.java |   2 +-
 .../server/configuration/ConfigurationTest.java |   6 +-
 5 files changed, 212 insertions(+), 165 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/docs/configuration/index.md
----------------------------------------------------------------------
diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md
index 2fc6b26..77d3a4d 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -37,6 +37,7 @@ The following are the properties which can be used to configure Ambari.
 | Property Name | Description | Default |
 | --- | --- | --- |
 | active.instance | Indicates whether the current ambari server instance is active or not.
|`true` | 
+| agent.api.acceptor.count | Count of acceptors to configure for the jetty connector used
for Ambari agent. | | 
 | agent.api.gzip.compression.enabled | Determiens whether communication with the Ambari Agents
should have the JSON payloads compressed with GZIP. |`true` | 
 | agent.auto.cache.update | Determines whether the agents will automatically attempt to download
updates to stack resources from the Ambari Server. |`true` | 
 | agent.check.mounts.timeout | The timeout, used by the `timeout` command in linux, when
checking mounts for free capacity. |`0` | 
@@ -104,11 +105,12 @@ The following are the properties which can be used to configure Ambari.
 | authentication.ldap.usernameAttribute | The attribute used for determining the user name,
such as `uid`. |`uid` | 
 | authorization.ldap.adminGroupMappingRules | A comma-separate list of groups which would
give a user administrative access to Ambari when syncing from LDAP. This is only used when
`authorization.ldap.groupSearchFilter` is blank.<br/><br/>The following are examples
of valid values:<ul><li>`administrators`<li>`Hadoop Admins,Hadoop Admins.*,DC
Admins,.*Hadoop Operators`</ul> |`Ambari Administrators` | 
 | authorization.ldap.groupSearchFilter | The DN to use when searching for LDAP groups. |
| 
-| bootstrap.dir | The directory on the Ambari Server file system used for storing Ambari
Agent bootstrap information such as request responses. |`/home/crashtua/dev/ambari-work/var/run/ambari-server/bootstrap`
| 
+| bootstrap.dir | The directory on the Ambari Server file system used for storing Ambari
Agent bootstrap information such as request responses. |`/var/run/ambari-server/bootstrap`
| 
 | bootstrap.master_host_name | The host name of the Ambari Server which will be used by the
Ambari Agents for communication. | | 
-| bootstrap.script | The location and name of the Python script used to bootstrap new Ambari
Agent hosts. |`/home/crashtua/dev/ambari-work/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py`
| 
+| bootstrap.script | The location and name of the Python script used to bootstrap new Ambari
Agent hosts. |`/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py` | 
 | bootstrap.setup_agent.password | The password to set on the `AMBARI_PASSPHRASE` environment
variable before invoking the bootstrap script. |`password` | 
-| bootstrap.setup_agent.script | The location and name of the Python script executed on the
Ambari Agent host during the bootstrap process. |`/home/crashtua/dev/ambari-work/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py`
| 
+| bootstrap.setup_agent.script | The location and name of the Python script executed on the
Ambari Agent host during the bootstrap process. |`/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py`
| 
+| client.api.acceptor.count | Count of acceptors to configure for the jetty connector used
for Ambari API. | | 
 | client.api.port | The port that client connections will use with the REST API. The Ambari
Web client runs on this port. |`8080` | 
 | client.api.ssl.cert_pass_file | The filename which contains the password for the keystores,
truststores, and certificates for the REST API when it's protected by SSL. |`https.pass.txt`
| 
 | client.api.ssl.crt_pass | The password for the keystores, truststores, and certificates
for the REST API when it's protected by SSL. If not specified, then `client.api.ssl.cert_pass_file`
should be used. | | 
@@ -121,7 +123,7 @@ The following are the properties which can be used to configure Ambari.
 | client.security | The type of authentication mechanism used by Ambari.<br/><br/>The
following are examples of valid values:<ul><li>`local`<li>`ldap`</ul>
| | 
 | client.threadpool.size.max | The size of the Jetty connection pool used for handling incoming
REST API requests. This should be large enough to handle requests from both web browsers and
embedded Views. |`25` | 
 | common.services.path | The location on the Ambari Server where common service resources
exist. Stack services share the common service files.<br/><br/>The following are
examples of valid values:<ul><li>`/var/lib/ambari-server/resources/common-services`</ul>
| | 
-| custom.action.definitions | The location on the Ambari Server where custom actions are
defined. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/custom_action_definitions`
| 
+| custom.action.definitions | The location on the Ambari Server where custom actions are
defined. |`/var/lib/ambari-server/resources/custom_action_definitions` | 
 | db.mysql.jdbc.name | The name of the MySQL JDBC JAR connector. |`mysql-connector-java.jar`
| 
 | db.oracle.jdbc.name | The name of the Oracle JDBC JAR connector. |`ojdbc6.jar` | 
 | default.kdcserver.port | The port used to communicate with the Kerberos Key Distribution
Center. |`88` | 
@@ -134,9 +136,10 @@ The following are the properties which can be used to configure Ambari.
 | jdk.name | The name of the JDK installation binary.<br/><br/>The following
are examples of valid values:<ul><li>`jdk-7u45-linux-x64.tar.gz`</ul> |
| 
 | kdcserver.connection.check.timeout | The timeout, in milliseconds, to wait when communicating
with a Kerberos Key Distribution Center. |`10000` | 
 | kerberos.check.jaas.configuration | Determines whether Kerberos-enabled Ambari deployments
should use JAAS to validate login credentials. |`false` | 
-| kerberos.keytab.cache.dir | The location on the Ambari Server where Kerberos keytabs are
cached. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/data/cache` | 
+| kerberos.keytab.cache.dir | The location on the Ambari Server where Kerberos keytabs are
cached. |`/var/lib/ambari-server/data/cache` | 
 | kerberos.operation.retries | The number of times failed kerberos operations should be retried
to execute. |`3` | 
 | ldap.sync.username.collision.behavior | Determines how to handle username collision while
updating from LDAP.<br/><br/>The following are examples of valid values:<ul><li>`skip`<li>`convert`</ul>
|`convert` | 
+| log4j.monitor.delay | Indicates the delay, in milliseconds, for the log4j monitor to check
for changes |`300000` | 
 | metadata.path | The location on the Ambari Server where the stack resources exist.<br/><br/>The
following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/stacks`</ul>
| | 
 | metrics.retrieval-service.cache.timeout | The amount of time, in minutes, that JMX and
REST metrics retrieved directly can remain in the cache. |`30` | 
 | metrics.retrieval-service.request.ttl | The number of seconds to wait between issuing JMX
or REST metric requests to the same endpoint. This property is used to throttle requests to
the same URL being made too close together<br/><br/> This property is related
to `metrics.retrieval-service.request.ttl.enabled`. |`5` | 
@@ -145,7 +148,7 @@ The following are the properties which can be used to configure Ambari.
 | packages.pre.installed | Determines whether Ambari Agent instances have already have the
necessary stack software installed |`false` | 
 | proxy.allowed.hostports | A comma-separated whitelist of host and port values which Ambari
Server can use to determine if a proxy value is valid. |`*:*` | 
 | recommendations.artifacts.lifetime | The amount of time that Recommendation API data is
kept on the Ambari Server file system. This is specified using a `hdwmy` syntax for pairing
the value with a time unit (hours, days, weeks, months, years)<br/><br/>The following
are examples of valid values:<ul><li>`8h`<li>`2w`<li>`1m`</ul>
|`1w` | 
-| recommendations.dir | The directory on the Ambari Server file system used for storing Recommendation
API artifacts. |`/home/crashtua/dev/ambari-work/var/run/ambari-server/stack-recommendations`
| 
+| recommendations.dir | The directory on the Ambari Server file system used for storing Recommendation
API artifacts. |`/var/run/ambari-server/stack-recommendations` | 
 | recovery.disabled_components | A comma-separated list of component names which are not
included in automatic recovery attempts.<br/><br/>The following are examples of
valid values:<ul><li>`NAMENODE,ZOOKEEPER_SERVER`</ul> | | 
 | recovery.enabled_components | A comma-separated list of component names which are included
in automatic recovery attempts.<br/><br/>The following are examples of valid values:<ul><li>`NAMENODE,ZOOKEEPER_SERVER`</ul>
| | 
 | recovery.lifetime_max_count | The maximum number of recovery attempts of a failed component
during the lifetime of an Ambari Agent instance. This is reset when the Ambari Agent is restarted.
| | 
@@ -155,7 +158,7 @@ The following are the properties which can be used to configure Ambari.
 | recovery.window_in_minutes | The length of a recovery window, in minutes, in which recovery
attempts can be retried.<br/><br/> This property is related to `recovery.max_count`.
| | 
 | repo.validation.suffixes.default | The suffixes to use when validating most types of repositories.
|`/repodata/repomd.xml` | 
 | repo.validation.suffixes.ubuntu | The suffixes to use when validating Ubuntu repositories.
|`/dists/%s/Release` | 
-| resources.dir | The location on the Ambari Server where all resources exist, including
common services, stacks, and scripts. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/`
| 
+| resources.dir | The location on the Ambari Server where all resources exist, including
common services, stacks, and scripts. |`/var/lib/ambari-server/resources/` | 
 | rolling.upgrade.skip.packages.prefixes | A comma-separated list of packages which will
be skipped during a stack upgrade. | | 
 | security.agent.hostname.validate | Determines whether the Ambari Agent host names should
be validated against a regular expression to ensure that they are well-formed. |`true` | 
 | security.master.key.location | The location on the Ambari Server of the master key file.
This is the key to the master keystore. | | 
@@ -219,16 +222,16 @@ The following are the properties which can be used to configure Ambari.
 | server.jdbc.user.passwd | The password for the user when logging into the database. |`bigdata`
| 
 | server.locks.profiling | Enable the profiling of internal locks. |`false` | 
 | server.metrics.retrieval-service.thread.priority | The priority of threads used by the
service which retrieves JMX and REST metrics directly from their respective endpoints. |`5`
| 
-| server.metrics.retrieval-service.threadpool.size.core | The core number of threads used
to retrieve JMX and REST metrics directly from their respective endpoints. |`8` | 
-| server.metrics.retrieval-service.threadpool.size.max | The maximum number of threads used
to retrieve JMX and REST metrics directly from their respective endpoints. |`16` | 
-| server.metrics.retrieval-service.threadpool.worker.size | The number of queued requests
allowed for JMX and REST metrics before discarding old requests which have not been fullfilled.
|`160` | 
+| server.metrics.retrieval-service.threadpool.size.core | The core number of threads used
to retrieve JMX and REST metrics directly from their respective endpoints. |`16` | 
+| server.metrics.retrieval-service.threadpool.size.max | The maximum number of threads used
to retrieve JMX and REST metrics directly from their respective endpoints. |`32` | 
+| server.metrics.retrieval-service.threadpool.worker.size | The number of queued requests
allowed for JMX and REST metrics before discarding old requests which have not been fullfilled.
|`320` | 
 | server.operations.retry-attempts | The number of retry attempts for failed API and blueprint
operations. |`0` | 
 | server.os_family | The operating system family for all hosts in the cluster. This is used
when bootstrapping agents and when enabling Kerberos.<br/><br/>The following are
examples of valid values:<ul><li>`redhat`<li>`ubuntu`</ul> | | 
 | server.os_type | The operating system version for all hosts in the cluster. This is used
when bootstrapping agents and when enabling Kerberos.<br/><br/>The following are
examples of valid values:<ul><li>`6`<li>`7`</ul> | | 
 | server.persistence.type | The type of database connection being used. Unless using an embedded
PostgresSQL server, then this should be `remote`.<br/><br/>The following are examples
of valid values:<ul><li>`local`<li>`remote`</ul> |`local` | 
 | server.property-provider.threadpool.completion.timeout | The maximum time, in milliseconds,
that federated requests for data can execute before being terminated. Increasing this value
could result in degraded performanc from the REST APIs. |`5000` | 
-| server.property-provider.threadpool.size.core | The core number of threads that will be
used to retrieve data from federated datasources, such as remote JMX endpoints. |`8` | 
-| server.property-provider.threadpool.size.max | The maximum number of threads that will
be used to retrieve data from federated datasources, such as remote JMX endpoints. |`16` |

+| server.property-provider.threadpool.size.core | The core number of threads that will be
used to retrieve data from federated datasources, such as remote JMX endpoints. |`16` | 
+| server.property-provider.threadpool.size.max | The maximum number of threads that will
be used to retrieve data from federated datasources, such as remote JMX endpoints. |`32` |

 | server.property-provider.threadpool.worker.size | The maximum size of pending federated
datasource requests, such as those to JMX endpoints, which can be queued before rejecting
new requests. |`2147483647` | 
 | server.script.timeout | The time, in milliseconds, until an external script is killed.
|`5000` | 
 | server.stage.command.execution_type | How to execute commands in one stage |`STAGE` | 
@@ -244,11 +247,11 @@ The following are the properties which can be used to configure Ambari.
 | server.timeline.metrics.cache.read.timeout.millis | The time, in milliseconds, that initial
requests to populate metric data will wait while reading from Ambari Metrics.<br/><br/>
This property is related to `server.timeline.metrics.cache.disabled`. |`10000` | 
 | server.timeline.metrics.cache.use.custom.sizing.engine | Determines if a custom engine
should be used to increase performance of calculating the current size of the cache for Ambari
Metric data.<br/><br/> This property is related to `server.timeline.metrics.cache.disabled`.
|`true` | 
 | server.timeline.metrics.https.enabled | Determines whether to use to SSL to connect to
Ambari Metrics when retrieving metric data. |`false` | 
-| server.tmp.dir | The location on the Ambari Server where temporary artifacts can be created.
|`/home/crashtua/dev/ambari-work/var/lib/ambari-server/tmp` | 
+| server.tmp.dir | The location on the Ambari Server where temporary artifacts can be created.
|`/var/lib/ambari-server/tmp` | 
 | server.version.file | The full path to the file which contains the Ambari Server version.
This is used to ensure that there is not a version mismatch between Ambari Agents and Ambari
Server.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/version`</ul>
| | 
 | server.version_definition.connect.timeout.millis | The time, in milliseconds, that requests
to connect to a URL to retrieve Version Definition Files (VDF) will wait before being terminated.
|`5000` | 
 | server.version_definition.read.timeout.millis | The time, in milliseconds, that requests
to read from a connected URL to retrieve Version Definition Files (VDF) will wait before being
terminated. |`5000` | 
-| shared.resources.dir | The location on the Ambari Server where resources are stored. This
is exposed via HTTP in order for Ambari Agents to access them. |`/home/crashtua/dev/ambari-work/usr/lib/ambari-server/lib/ambari_commons/resources`
| 
+| shared.resources.dir | The location on the Ambari Server where resources are stored. This
is exposed via HTTP in order for Ambari Agents to access them. |`/usr/lib/ambari-server/lib/ambari_commons/resources`
| 
 | ssl.trustStore.password | The password to use when setting the `javax.net.ssl.trustStorePassword`
property | | 
 | ssl.trustStore.path | The location of the truststore to use when setting the `javax.net.ssl.trustStore`
property. | | 
 | ssl.trustStore.type | The type of truststore used by the `javax.net.ssl.trustStoreType`
property. | | 
@@ -257,7 +260,7 @@ The following are the properties which can be used to configure Ambari.
 | stack.upgrade.auto.retry.command.names.to.ignore | A comma-separate list of upgrade tasks
names to skip when retrying failed commands automatically. |`"ComponentVersionCheckAction","FinalizeUpgradeAction"`
| 
 | stack.upgrade.auto.retry.timeout.mins | The amount of time to wait in order to retry a
command during a stack upgrade when an agent loses communication. This value must be greater
than the `agent.task.timeout` value. |`0` | 
 | stack.upgrade.bypass.prechecks | Determines whether pre-upgrade checks will be skipped
when performing a rolling or express stack upgrade. |`false` | 
-| stackadvisor.script | The location and name of the Python stack advisor script executed
when configuring services. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/scripts/stack_advisor.py`
| 
+| stackadvisor.script | The location and name of the Python stack advisor script executed
when configuring services. |`/var/lib/ambari-server/resources/scripts/stack_advisor.py` |

 | task.query.parameterlist.size | The maximum number of tasks which can be queried by ID
from the database. |`999` | 
 | view.extraction.threadpool.size.core | The number of threads used to extract Ambari Views
when Ambari Server is starting up. |`10` | 
 | view.extraction.threadpool.size.max | The maximum number of threads used to extract Ambari
Views when Ambari Server is starting up. |`20` | 
@@ -266,7 +269,7 @@ The following are the properties which can be used to configure Ambari.
 | view.request.threadpool.timeout | The time, milliseconds, that REST API requests from embedded
views can wait if there are no threads available to service the view's request. Setting this
too low can cause views to timeout. |`2000` | 
 | views.ambari.request.connect.timeout.millis | The amount of time, in milliseconds, that
a view will wait when trying to connect on HTTP(S) operations to the Ambari REST API. |`30000`
| 
 | views.ambari.request.read.timeout.millis | The amount of time, in milliseconds, that a
view will wait before terminating an HTTP(S) read request to the Ambari REST API. |`45000`
| 
-| views.dir | The directory on the Ambari Server file system used for expanding Views and
storing webapp work. |`/home/crashtua/dev/ambari-work/var/lib/ambari-server/resources/views`
| 
+| views.dir | The directory on the Ambari Server file system used for expanding Views and
storing webapp work. |`/var/lib/ambari-server/resources/views` | 
 | views.http.strict-transport-security | The value that will be used to set the `Strict-Transport-Security`
HTTP response header for Ambari View requests. |`max-age=31536000` | 
 | views.http.x-frame-options | The value that will be used to set the `X-Frame-Options` HTTP
response header for Ambari View requests. |`SAMEORIGIN` | 
 | views.http.x-xss-protection | The value that will be used to set the `X-XSS-Protection`
HTTP response header for Ambari View requests. |`1; mode=block` | 

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index b5a29b3..0b8e195 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -17,42 +17,23 @@
  */
 package org.apache.ambari.server.configuration;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.Writer;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-import java.lang.reflect.Field;
-import java.security.cert.CertificateException;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-import java.util.Set;
-import java.util.SortedMap;
-import java.util.TreeMap;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ThreadPoolExecutor;
-import java.util.concurrent.TimeUnit;
-
+import com.google.common.collect.Multimap;
+import com.google.common.collect.Sets;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonPrimitive;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
 import org.apache.ambari.annotations.Experimental;
 import org.apache.ambari.annotations.ExperimentalFeature;
 import org.apache.ambari.annotations.Markdown;
 import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.actionmanager.CommandExecutionType;
 import org.apache.ambari.server.actionmanager.HostRoleCommand;
 import org.apache.ambari.server.actionmanager.Stage;
-import org.apache.ambari.server.actionmanager.CommandExecutionType;
 import org.apache.ambari.server.controller.spi.PropertyProvider;
 import org.apache.ambari.server.events.listeners.alerts.AlertReceivedListener;
 import org.apache.ambari.server.orm.JPATableGenerationStrategy;
@@ -89,16 +70,34 @@ import org.apache.commons.lang.math.NumberUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.Multimap;
-import com.google.common.collect.Sets;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
-import com.google.gson.JsonPrimitive;
-import com.google.inject.Inject;
-import com.google.inject.Singleton;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Writer;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.lang.reflect.Field;
+import java.security.cert.CertificateException;
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.Set;
+import java.util.SortedMap;
+import java.util.TreeMap;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
 
 /**
  * The {@link Configuration} class is used to read from the
@@ -2489,6 +2488,7 @@ public class Configuration {
           "log4j.monitor.delay", TimeUnit.MINUTES.toMillis(5));
 
   /**
+<<<<<<< a5fdae802210ae1f8d4fed2234f1651cbe61c2b5
    * Indicates whether parallel topology task creation is enabled for blueprint cluster provisioning.
    * Defaults to <code>false</code>.
    * @see #TOPOLOGY_TASK_PARALLEL_CREATION_THREAD_COUNT
@@ -2504,6 +2504,20 @@ public class Configuration {
   @Markdown(description = "The number of threads to use for parallel topology task creation
if enabled")
   public static final ConfigurationProperty<Integer> TOPOLOGY_TASK_PARALLEL_CREATION_THREAD_COUNT
= new ConfigurationProperty<>("topology.task.creation.parallel.threads", 10);
 
+  /**
+   * The number of acceptor threads for the agent jetty connector.
+   */
+  @Markdown(description = "Count of acceptors to configure for the jetty connector used for
Ambari agent.")
+  public static final ConfigurationProperty<Integer> SRVR_AGENT_ACCEPTOR_THREAD_COUNT
= new ConfigurationProperty<>(
+      "agent.api.acceptor.count", null);
+
+  /**
+   * The number of acceptor threads for the api jetty connector.
+   */
+  @Markdown(description = "Count of acceptors to configure for the jetty connector used for
Ambari API.")
+  public static final ConfigurationProperty<Integer> SRVR_API_ACCEPTOR_THREAD_COUNT
= new ConfigurationProperty<>(
+      "client.api.acceptor.count", null);
+
   private static final Logger LOG = LoggerFactory.getLogger(
     Configuration.class);
 
@@ -3600,7 +3614,7 @@ public class Configuration {
    *
    * @return true two-way SSL authentication is enabled
    */
-  public boolean getTwoWaySsl() {
+  public boolean isTwoWaySsl() {
     return Boolean.parseBoolean(getProperty(SRVR_TWO_WAY_SSL));
   }
 
@@ -5353,7 +5367,6 @@ public class Configuration {
     InputStream inputStream = null;
     try {
       if (System.getProperties().containsKey(AMBARI_CONFIGURATION_MD_TEMPLATE_PROPERTY))
{
-        // for using from IDEA or other tools without whole compilation
         inputStream = new FileInputStream(System.getProperties().getProperty(AMBARI_CONFIGURATION_MD_TEMPLATE_PROPERTY));
       } else {
         inputStream = Configuration.class.getResourceAsStream(MARKDOWN_TEMPLATE_FILE);
@@ -5715,7 +5728,23 @@ public class Configuration {
     return kerberosAuthProperties;
   }
 
-  public int getKerberosOperationRetries(){
+  public int getKerberosOperationRetries() {
     return Integer.valueOf(getProperty(KERBEROS_OPERATION_RETRIES));
   }
+
+  /**
+   * Return configured acceptors for agent api connector. Default = null
+   */
+  public Integer getAgentApiAcceptors() {
+    String acceptors = getProperty(SRVR_AGENT_ACCEPTOR_THREAD_COUNT);
+    return StringUtils.isEmpty(acceptors) ? null : Integer.parseInt(acceptors);
+  }
+
+  /**
+   * Return configured acceptors for server api connector. Default = null
+   */
+  public Integer getClientApiAcceptors() {
+    String acceptors = getProperty(SRVR_API_ACCEPTOR_THREAD_COUNT);
+    return StringUtils.isEmpty(acceptors) ? null : Integer.parseInt(acceptors);
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 6351720..e54d54e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -175,7 +175,7 @@ public class AmbariServer {
   /**
    * The thread name prefix for threads handling agent requests.
    */
-  private static final String AGENT_THREAD_POOL_NAME = "ambari-agent-thread";
+  private static final String AGENT_THREAD_POOL_NAME = "qtp-ambari-agent";
 
   /**
    * The thread name prefix for threads handling REST API requests.
@@ -414,73 +414,27 @@ public class AmbariServer {
 
       Map<String, String> configsMap = configs.getConfigsMap();
 
-      if (configs.getAgentSSLAuthentication()) {
-        //Secured connector for 2-way auth
-        SslContextFactory contextFactoryTwoWay = new SslContextFactory();
-        disableInsecureProtocols(contextFactoryTwoWay);
-
-        SslSelectChannelConnector sslConnectorTwoWay = new SslSelectChannelConnector(contextFactoryTwoWay);
-        sslConnectorTwoWay.setPort(configs.getTwoWayAuthPort());
-
-        String keystore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator
-            + configsMap.get(Configuration.KSTR_NAME.getKey());
-
-        String truststore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator
-            + configsMap.get(Configuration.TSTR_NAME.getKey());
-
-        String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS.getKey());
-
-        sslConnectorTwoWay.setKeystore(keystore);
-        sslConnectorTwoWay.setTruststore(truststore);
-        sslConnectorTwoWay.setPassword(srvrCrtPass);
-        sslConnectorTwoWay.setKeyPassword(srvrCrtPass);
-        sslConnectorTwoWay.setTrustPassword(srvrCrtPass);
-        sslConnectorTwoWay.setKeystoreType(configsMap.get(Configuration.KSTR_TYPE.getKey()));
-        sslConnectorTwoWay.setTruststoreType(configsMap.get(Configuration.TSTR_TYPE.getKey()));
-        sslConnectorTwoWay.setNeedClientAuth(configs.getTwoWaySsl());
-        sslConnectorTwoWay.setRequestHeaderSize(configs.getHttpRequestHeaderSize());
-        sslConnectorTwoWay.setResponseHeaderSize(configs.getHttpResponseHeaderSize());
-
-        //SSL Context Factory
-        SslContextFactory contextFactoryOneWay = new SslContextFactory(true);
-        contextFactoryOneWay.setKeyStorePath(keystore);
-        contextFactoryOneWay.setTrustStore(truststore);
-        contextFactoryOneWay.setKeyStorePassword(srvrCrtPass);
-        contextFactoryOneWay.setKeyManagerPassword(srvrCrtPass);
-        contextFactoryOneWay.setTrustStorePassword(srvrCrtPass);
-        contextFactoryOneWay.setKeyStoreType(configsMap.get(Configuration.KSTR_TYPE.getKey()));
-        contextFactoryOneWay.setTrustStoreType(configsMap.get(Configuration.TSTR_TYPE.getKey()));
-        contextFactoryOneWay.setNeedClientAuth(false);
-        disableInsecureProtocols(contextFactoryOneWay);
-
-        //Secured connector for 1-way auth
-        SslSelectChannelConnector sslConnectorOneWay = new SslSelectChannelConnector(contextFactoryOneWay);
-        sslConnectorOneWay.setPort(configs.getOneWayAuthPort());
-        sslConnectorOneWay.setRequestHeaderSize(configs.getHttpRequestHeaderSize());
-        sslConnectorOneWay.setResponseHeaderSize(configs.getHttpResponseHeaderSize());
-
-        // because there are two connectors sharing the same pool, cut each's
-        // acceptors in half
-        int sslAcceptors = sslConnectorOneWay.getAcceptors();
-        sslConnectorOneWay.setAcceptors(Math.max(2, sslAcceptors / 2));
-        sslConnectorTwoWay.setAcceptors(Math.max(2, sslAcceptors / 2));
-
-        // Agent Jetty thread pool
-        configureJettyThreadPool(serverForAgent, sslConnectorOneWay.getAcceptors(),
-          "qtp-ambari-agent", configs.getAgentThreadPoolSize());
-
-        serverForAgent.addConnector(sslConnectorOneWay);
-        serverForAgent.addConnector(sslConnectorTwoWay);
-      } else {
-        SelectChannelConnector agentConnector = new SelectChannelConnector();
-        agentConnector.setPort(configs.getOneWayAuthPort());
-        agentConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime());
-
-        // Agent Jetty thread pool
-        configureJettyThreadPool(serverForAgent, agentConnector.getAcceptors(), "qtp-ambari-agent",
-          configs.getAgentThreadPoolSize());
-
-        serverForAgent.addConnector(agentConnector);
+      SelectChannelConnector agentOneWayConnector = createSelectChannelConnectorForAgent(configs.getOneWayAuthPort(),
false);
+      // Override acceptor defaults if configured or use Jetty defaults
+      Integer acceptors = configs.getAgentApiAcceptors() != null ?
+        configs.getAgentApiAcceptors() : agentOneWayConnector.getAcceptors();
+      agentOneWayConnector.setAcceptors(acceptors);
+
+      SelectChannelConnector agentTwoWayConnector = null;
+      if (configs.isTwoWaySsl()) {
+        agentTwoWayConnector = createSelectChannelConnectorForAgent(configs.getTwoWayAuthPort(),
true);
+        agentTwoWayConnector.setAcceptors(acceptors);
+      }
+
+      // Account for both the connectors if configured
+      int totalAgentAcceptorCount = configs.isTwoWaySsl() ? acceptors * 2 : acceptors;
+      // Agent Jetty thread pool - widen the thread pool if needed !
+      configureJettyThreadPool(serverForAgent, totalAgentAcceptorCount,
+        AGENT_THREAD_POOL_NAME, configs.getAgentThreadPoolSize());
+
+      serverForAgent.addConnector(agentOneWayConnector);
+      if (agentTwoWayConnector != null) {
+        serverForAgent.addConnector(agentTwoWayConnector);
       }
 
       ServletHolder sh = new ServletHolder(ServletContainer.class);
@@ -546,41 +500,15 @@ public class AmbariServer {
       }
 
       /* Configure the API server to use the NIO connectors */
-      SelectChannelConnector apiConnector;
-
-      if (configs.getApiSSLAuthentication()) {
-        String httpsKeystore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey())
+
-            File.separator + configsMap.get(Configuration.CLIENT_API_SSL_KSTR_NAME.getKey());
-        String httpsTruststore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey())
+
-            File.separator + configsMap.get(Configuration.CLIENT_API_SSL_TSTR_NAME.getKey());
-        LOG.info("API SSL Authentication is turned on. Keystore - " + httpsKeystore);
-
-        String httpsCrtPass = configsMap.get(Configuration.CLIENT_API_SSL_CRT_PASS.getKey());
-
-        SslContextFactory contextFactoryApi = new SslContextFactory();
-        disableInsecureProtocols(contextFactoryApi);
-        SslSelectChannelConnector sapiConnector = new SslSelectChannelConnector(contextFactoryApi);
-        sapiConnector.setPort(configs.getClientSSLApiPort());
-        sapiConnector.setKeystore(httpsKeystore);
-        sapiConnector.setTruststore(httpsTruststore);
-        sapiConnector.setPassword(httpsCrtPass);
-        sapiConnector.setKeyPassword(httpsCrtPass);
-        sapiConnector.setTrustPassword(httpsCrtPass);
-        sapiConnector.setKeystoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey()));
-        sapiConnector.setTruststoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey()));
-        sapiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime());
-        apiConnector = sapiConnector;
-      } else  {
-        apiConnector = new SelectChannelConnector();
-        apiConnector.setPort(configs.getClientApiPort());
-        apiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime());
-      }
+      SelectChannelConnector apiConnector = createSelectChannelConnectorForClient();
 
-      apiConnector.setRequestHeaderSize(configs.getHttpRequestHeaderSize());
-      apiConnector.setResponseHeaderSize(configs.getHttpResponseHeaderSize());
+      acceptors = configs.getClientApiAcceptors() != null ? configs
+        .getClientApiAcceptors() : apiConnector.getAcceptors();
+      apiConnector.setAcceptors(acceptors);
 
-      // Client Jetty thread pool
-      configureJettyThreadPool(server, apiConnector.getAcceptors(), CLIENT_THREAD_POOL_NAME,
configs.getClientThreadPoolSize());
+      // Client Jetty thread pool - widen the thread pool if needed !
+      configureJettyThreadPool(server, acceptors, CLIENT_THREAD_POOL_NAME,
+        configs.getClientThreadPoolSize());
       server.addConnector(apiConnector);
 
       server.setStopAtShutdown(true);
@@ -662,6 +590,93 @@ public class AmbariServer {
   }
 
   /**
+   * Create org.eclipse.jetty.server.nio.SelectChannelConnector
+   * implementation for SSL or non-SSL based on configuration.
+   *
+   * @param port connector port
+   * @param needClientAuth one-way / two-way SSL
+   * @return org.eclipse.jetty.server.nio.SelectChannelConnector
+   */
+  @SuppressWarnings("deprecation")
+  private SelectChannelConnector createSelectChannelConnectorForAgent(int port, boolean needClientAuth)
{
+    Map<String, String> configsMap = configs.getConfigsMap();
+    SelectChannelConnector agentConnector;
+
+    if (configs.getAgentSSLAuthentication()) {
+      String keystore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator
+        + configsMap.get(Configuration.KSTR_NAME.getKey());
+
+      String truststore = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey()) + File.separator
+        + configsMap.get(Configuration.TSTR_NAME.getKey());
+
+      String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS.getKey());
+
+      // Secured connector - default constructor sets trustAll = true for certs
+      SslContextFactory contextFactory = new SslContextFactory();
+      disableInsecureProtocols(contextFactory);
+
+      SslSelectChannelConnector agentSslConnector = new SslSelectChannelConnector(contextFactory);
+      agentSslConnector.setKeystore(keystore);
+      agentSslConnector.setTruststore(truststore);
+      agentSslConnector.setPassword(srvrCrtPass);
+      agentSslConnector.setKeyPassword(srvrCrtPass);
+      agentSslConnector.setTrustPassword(srvrCrtPass);
+      agentSslConnector.setKeystoreType(configsMap.get(Configuration.KSTR_TYPE.getKey()));
+      agentSslConnector.setTruststoreType(configsMap.get(Configuration.TSTR_TYPE.getKey()));
+      agentSslConnector.setNeedClientAuth(needClientAuth);
+      agentSslConnector.setRequestHeaderSize(configs.getHttpRequestHeaderSize());
+      agentSslConnector.setResponseHeaderSize(configs.getHttpResponseHeaderSize());
+      agentConnector = agentSslConnector;
+    } else {
+      agentConnector = new SelectChannelConnector();
+      agentConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime());
+    }
+
+    agentConnector.setPort(port);
+
+    return agentConnector;
+  }
+
+  @SuppressWarnings("deprecation")
+  private SelectChannelConnector createSelectChannelConnectorForClient() {
+    Map<String, String> configsMap = configs.getConfigsMap();
+    SelectChannelConnector apiConnector;
+
+    if (configs.getApiSSLAuthentication()) {
+      String httpsKeystore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey())
+
+        File.separator + configsMap.get(Configuration.CLIENT_API_SSL_KSTR_NAME.getKey());
+      String httpsTruststore = configsMap.get(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey())
+
+        File.separator + configsMap.get(Configuration.CLIENT_API_SSL_TSTR_NAME.getKey());
+      LOG.info("API SSL Authentication is turned on. Keystore - " + httpsKeystore);
+
+      String httpsCrtPass = configsMap.get(Configuration.CLIENT_API_SSL_CRT_PASS.getKey());
+
+      SslContextFactory contextFactoryApi = new SslContextFactory();
+      disableInsecureProtocols(contextFactoryApi);
+      SslSelectChannelConnector sapiConnector = new SslSelectChannelConnector(contextFactoryApi);
+      sapiConnector.setPort(configs.getClientSSLApiPort());
+      sapiConnector.setKeystore(httpsKeystore);
+      sapiConnector.setTruststore(httpsTruststore);
+      sapiConnector.setPassword(httpsCrtPass);
+      sapiConnector.setKeyPassword(httpsCrtPass);
+      sapiConnector.setTrustPassword(httpsCrtPass);
+      sapiConnector.setKeystoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey()));
+      sapiConnector.setTruststoreType(configsMap.get(Configuration.CLIENT_API_SSL_KSTR_TYPE.getKey()));
+      sapiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime());
+      apiConnector = sapiConnector;
+    } else  {
+      apiConnector = new SelectChannelConnector();
+      apiConnector.setPort(configs.getClientApiPort());
+      apiConnector.setMaxIdleTime(configs.getConnectionMaxIdleTime());
+    }
+
+    apiConnector.setRequestHeaderSize(configs.getHttpRequestHeaderSize());
+    apiConnector.setResponseHeaderSize(configs.getHttpResponseHeaderSize());
+
+    return apiConnector;
+  }
+
+  /**
    * this method executes database consistency check if skip option was not added
    */
   protected void runDatabaseConsistencyCheck() throws Exception {
@@ -770,7 +785,7 @@ public class AmbariServer {
   private void disableInsecureProtocols(SslContextFactory factory) {
     // by default all protocols should be available
     factory.setExcludeProtocols();
-    factory.setIncludeProtocols(new String[] { "SSLv2Hello","TLSv1"});
+    factory.setIncludeProtocols(new String[] { "SSLv2Hello", "TLSv1" });
 
     if (!configs.getSrvrDisabledCiphers().isEmpty()) {
       String[] masks = configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER);

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java
index a1b5a6e..cb25f0b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/ConnectionInfo.java
@@ -42,7 +42,7 @@ public class ConnectionInfo {
     @Inject
     public static void init(Configuration instance){
         conf = instance;
-        response.put(Configuration.SRVR_TWO_WAY_SSL.getKey(),String.valueOf(conf.getTwoWaySsl()));
+        response.put(Configuration.SRVR_TWO_WAY_SSL.getKey(),String.valueOf(conf.isTwoWaySsl()));
     }
 
     @GET

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d7d3cdc/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
index b0bcc58..d7cb8a3 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
@@ -119,7 +119,7 @@ public class ConfigurationTest {
    */
   @Test
   public void testDefaultTwoWayAuthNotSet() throws Exception {
-    Assert.assertFalse(new Configuration().getTwoWaySsl());
+    Assert.assertFalse(new Configuration().isTwoWaySsl());
   }
 
   /**
@@ -131,7 +131,7 @@ public class ConfigurationTest {
     Properties ambariProperties = new Properties();
     ambariProperties.setProperty("security.server.two_way_ssl", "true");
     Configuration conf = new Configuration(ambariProperties);
-    Assert.assertTrue(conf.getTwoWaySsl());
+    Assert.assertTrue(conf.isTwoWaySsl());
   }
 
   /**
@@ -143,7 +143,7 @@ public class ConfigurationTest {
     Properties ambariProperties = new Properties();
     ambariProperties.setProperty("security.server.two_way_ssl", "false");
     Configuration conf = new Configuration(ambariProperties);
-    Assert.assertFalse(conf.getTwoWaySsl());
+    Assert.assertFalse(conf.isTwoWaySsl());
   }
 
   @Test


Mime
View raw message