mirror of https://github.com/grpc/grpc-java.git
benchmarks: Modernize TLS configuration
NIO does not mean to use Jetty ALPN; the only reason to use Jetty ALPN is to test OkHttp. We don't need to disable ciphers to test Java 7 (except for OkHttp, which we don't care about on Java 7 and it wasn't plumbed already) and we _really_ don't want people to copy the code to do so. useTransportSecurity()/usePlaintext() are preferred over the transport-specific NegotiationType.
This commit is contained in:
Eric Anderson
parent
1e0875dff7
commit
7b111d2d00
|
|
@ -72,7 +72,6 @@ task openloop_client(type: CreateStartScripts) {
|
|||
task qps_server(type: CreateStartScripts) {
|
||||
mainClassName = "io.grpc.benchmarks.qps.AsyncServer"
|
||||
applicationName = "qps_server"
|
||||
defaultJvmOpts = ["-javaagent:" + configurations.alpnagent.asPath] + vmArgs
|
||||
outputDir = new File(project.buildDir, 'tmp')
|
||||
classpath = jar.outputs.files + project.configurations.runtime
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,10 +27,8 @@ import io.grpc.benchmarks.proto.Messages;
|
|||
import io.grpc.benchmarks.proto.Messages.Payload;
|
||||
import io.grpc.benchmarks.proto.Messages.SimpleRequest;
|
||||
import io.grpc.benchmarks.proto.Messages.SimpleResponse;
|
||||
import io.grpc.internal.GrpcUtil;
|
||||
import io.grpc.internal.testing.TestUtils;
|
||||
import io.grpc.netty.GrpcSslContexts;
|
||||
import io.grpc.netty.NegotiationType;
|
||||
import io.grpc.netty.NettyChannelBuilder;
|
||||
import io.grpc.okhttp.OkHttpChannelBuilder;
|
||||
import io.grpc.okhttp.internal.Platform;
|
||||
|
|
@ -40,9 +38,6 @@ import io.netty.channel.epoll.EpollSocketChannel;
|
|||
import io.netty.channel.nio.NioEventLoopGroup;
|
||||
import io.netty.channel.socket.nio.NioSocketChannel;
|
||||
import io.netty.channel.unix.DomainSocketAddress;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslContextBuilder;
|
||||
import io.netty.handler.ssl.SslProvider;
|
||||
import io.netty.util.concurrent.DefaultThreadFactory;
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
|
|
@ -57,7 +52,6 @@ import java.util.concurrent.ForkJoinPool.ForkJoinWorkerThreadFactory;
|
|||
import java.util.concurrent.ForkJoinWorkerThread;
|
||||
import java.util.concurrent.atomic.AtomicInteger;
|
||||
import javax.annotation.Nullable;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import org.HdrHistogram.Histogram;
|
||||
|
||||
/**
|
||||
|
|
@ -117,59 +111,35 @@ public final class Utils {
|
|||
}
|
||||
}
|
||||
|
||||
private static OkHttpChannelBuilder newOkhttpClientChannel(
|
||||
SocketAddress address, boolean tls, boolean testca, @Nullable String authorityOverride) {
|
||||
private static OkHttpChannelBuilder newOkHttpClientChannel(
|
||||
SocketAddress address, boolean tls, boolean testca) {
|
||||
InetSocketAddress addr = (InetSocketAddress) address;
|
||||
OkHttpChannelBuilder builder =
|
||||
OkHttpChannelBuilder.forAddress(addr.getHostName(), addr.getPort());
|
||||
if (tls) {
|
||||
builder.negotiationType(io.grpc.okhttp.NegotiationType.TLS);
|
||||
SSLSocketFactory factory;
|
||||
if (testca) {
|
||||
builder.overrideAuthority(
|
||||
GrpcUtil.authorityFromHostAndPort(authorityOverride, addr.getPort()));
|
||||
try {
|
||||
factory = TestUtils.newSslSocketFactoryForCa(
|
||||
Platform.get().getProvider(),
|
||||
TestUtils.loadCert("ca.pem"));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
} else {
|
||||
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
|
||||
if (!tls) {
|
||||
builder.usePlaintext();
|
||||
} else if (testca) {
|
||||
try {
|
||||
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(
|
||||
Platform.get().getProvider(),
|
||||
TestUtils.loadCert("ca.pem")));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
builder.sslSocketFactory(factory);
|
||||
} else {
|
||||
builder.negotiationType(io.grpc.okhttp.NegotiationType.PLAINTEXT);
|
||||
}
|
||||
return builder;
|
||||
}
|
||||
|
||||
private static NettyChannelBuilder newNettyClientChannel(Transport transport,
|
||||
SocketAddress address, boolean tls, boolean testca, int flowControlWindow,
|
||||
boolean useDefaultCiphers) throws IOException {
|
||||
SocketAddress address, boolean tls, boolean testca, int flowControlWindow)
|
||||
throws IOException {
|
||||
NettyChannelBuilder builder =
|
||||
NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow);
|
||||
if (tls) {
|
||||
builder.negotiationType(NegotiationType.TLS);
|
||||
SslContext sslContext = null;
|
||||
if (testca) {
|
||||
File cert = TestUtils.loadCert("ca.pem");
|
||||
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert);
|
||||
if (transport == Transport.NETTY_NIO) {
|
||||
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
|
||||
} else {
|
||||
// Native transport with OpenSSL
|
||||
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
|
||||
}
|
||||
if (useDefaultCiphers) {
|
||||
sslContextBuilder.ciphers(null);
|
||||
}
|
||||
sslContext = sslContextBuilder.build();
|
||||
}
|
||||
builder.sslContext(sslContext);
|
||||
} else {
|
||||
builder.negotiationType(NegotiationType.PLAINTEXT);
|
||||
if (!tls) {
|
||||
builder.usePlaintext();
|
||||
} else if (testca) {
|
||||
File cert = TestUtils.loadCert("ca.pem");
|
||||
builder.sslContext(GrpcSslContexts.forClient().trustManager(cert).build());
|
||||
}
|
||||
|
||||
DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true /*daemon */);
|
||||
|
|
@ -225,15 +195,14 @@ public final class Utils {
|
|||
* Create a {@link ManagedChannel} for the given parameters.
|
||||
*/
|
||||
public static ManagedChannel newClientChannel(Transport transport, SocketAddress address,
|
||||
boolean tls, boolean testca, @Nullable String authorityOverride, boolean useDefaultCiphers,
|
||||
boolean tls, boolean testca, @Nullable String authorityOverride,
|
||||
int flowControlWindow, boolean directExecutor) {
|
||||
ManagedChannelBuilder<?> builder;
|
||||
if (transport == Transport.OK_HTTP) {
|
||||
builder = newOkhttpClientChannel(address, tls, testca, authorityOverride);
|
||||
builder = newOkHttpClientChannel(address, tls, testca);
|
||||
} else {
|
||||
try {
|
||||
builder = newNettyClientChannel(
|
||||
transport, address, tls, testca, flowControlWindow, useDefaultCiphers);
|
||||
builder = newNettyClientChannel(transport, address, tls, testca, flowControlWindow);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,7 +88,6 @@ class LoadClient {
|
|||
config.hasSecurityParams()
|
||||
? config.getSecurityParams().getServerHostOverride()
|
||||
: null,
|
||||
true,
|
||||
Utils.DEFAULT_FLOW_CONTROL_WINDOW,
|
||||
false);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.STREAMING_R
|
|||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TESTCA;
|
||||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TLS;
|
||||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TRANSPORT;
|
||||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.USE_DEFAULT_CIPHERS;
|
||||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.WARMUP_DURATION;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
|
|
@ -308,7 +307,7 @@ public class AsyncClient {
|
|||
public static void main(String... args) throws Exception {
|
||||
ClientConfiguration.Builder configBuilder = ClientConfiguration.newBuilder(
|
||||
ADDRESS, CHANNELS, OUTSTANDING_RPCS, CLIENT_PAYLOAD, SERVER_PAYLOAD,
|
||||
TLS, TESTCA, USE_DEFAULT_CIPHERS, TRANSPORT, DURATION, WARMUP_DURATION, DIRECTEXECUTOR,
|
||||
TLS, TESTCA, TRANSPORT, DURATION, WARMUP_DURATION, DIRECTEXECUTOR,
|
||||
SAVE_HISTOGRAM, STREAMING_RPCS, FLOW_CONTROL_WINDOW);
|
||||
ClientConfiguration config;
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import io.grpc.benchmarks.Utils;
|
|||
import io.grpc.benchmarks.proto.BenchmarkServiceGrpc;
|
||||
import io.grpc.benchmarks.proto.Messages;
|
||||
import io.grpc.internal.testing.TestUtils;
|
||||
import io.grpc.netty.GrpcSslContexts;
|
||||
import io.grpc.netty.NettyServerBuilder;
|
||||
import io.grpc.stub.ServerCallStreamObserver;
|
||||
import io.grpc.stub.StreamObserver;
|
||||
|
|
@ -33,9 +32,6 @@ import io.netty.channel.EventLoopGroup;
|
|||
import io.netty.channel.ServerChannel;
|
||||
import io.netty.channel.nio.NioEventLoopGroup;
|
||||
import io.netty.channel.socket.nio.NioServerSocketChannel;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslContextBuilder;
|
||||
import io.netty.handler.ssl.SslProvider;
|
||||
import io.netty.util.concurrent.DefaultThreadFactory;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
|
|
@ -94,26 +90,6 @@ public class AsyncServer {
|
|||
|
||||
@SuppressWarnings("LiteralClassName") // Epoll is not available on windows
|
||||
static Server newServer(ServerConfiguration config) throws IOException {
|
||||
SslContext sslContext = null;
|
||||
if (config.tls) {
|
||||
System.out.println("Using fake CA for TLS certificate.\n"
|
||||
+ "Run the Java client with --tls --testca");
|
||||
|
||||
File cert = TestUtils.loadCert("server1.pem");
|
||||
File key = TestUtils.loadCert("server1.key");
|
||||
SslContextBuilder sslContextBuilder = GrpcSslContexts.forServer(cert, key);
|
||||
if (config.transport == ServerConfiguration.Transport.NETTY_NIO) {
|
||||
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
|
||||
} else {
|
||||
// Native transport with OpenSSL
|
||||
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
|
||||
}
|
||||
if (config.useDefaultCiphers) {
|
||||
sslContextBuilder.ciphers(null);
|
||||
}
|
||||
sslContext = sslContextBuilder.build();
|
||||
}
|
||||
|
||||
final EventLoopGroup boss;
|
||||
final EventLoopGroup worker;
|
||||
final Class<? extends ServerChannel> channelType;
|
||||
|
|
@ -183,8 +159,15 @@ public class AsyncServer {
|
|||
.workerEventLoopGroup(worker)
|
||||
.channelType(channelType)
|
||||
.addService(new BenchmarkServiceImpl())
|
||||
.sslContext(sslContext)
|
||||
.flowControlWindow(config.flowControlWindow);
|
||||
if (config.tls) {
|
||||
System.out.println("Using fake CA for TLS certificate.\n"
|
||||
+ "Run the Java client with --tls --testca");
|
||||
|
||||
File cert = TestUtils.loadCert("server1.pem");
|
||||
File key = TestUtils.loadCert("server1.key");
|
||||
builder.useTransportSecurity(cert, key);
|
||||
}
|
||||
if (config.directExecutor) {
|
||||
builder.directExecutor();
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ public class ClientConfiguration implements Configuration {
|
|||
|
||||
public ManagedChannel newChannel() throws IOException {
|
||||
return Utils.newClientChannel(transport, address, tls, testca, authorityOverride,
|
||||
useDefaultCiphers, flowControlWindow, directExecutor);
|
||||
flowControlWindow, directExecutor);
|
||||
}
|
||||
|
||||
public Messages.SimpleRequest newRequest() {
|
||||
|
|
@ -176,13 +176,6 @@ public class ClientConfiguration implements Configuration {
|
|||
config.testca = parseBoolean(value);
|
||||
}
|
||||
},
|
||||
USE_DEFAULT_CIPHERS("", "Use the default JDK ciphers for TLS (Used to support Java 7).",
|
||||
"" + DEFAULT.useDefaultCiphers) {
|
||||
@Override
|
||||
protected void setClientValue(ClientConfiguration config, String value) {
|
||||
config.useDefaultCiphers = parseBoolean(value);
|
||||
}
|
||||
},
|
||||
TRANSPORT("STR", Transport.getDescriptionString(), DEFAULT.transport.name().toLowerCase()) {
|
||||
@Override
|
||||
protected void setClientValue(ClientConfiguration config, String value) {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TARGET_QPS;
|
|||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TESTCA;
|
||||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TLS;
|
||||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.TRANSPORT;
|
||||
import static io.grpc.benchmarks.qps.ClientConfiguration.ClientParam.USE_DEFAULT_CIPHERS;
|
||||
|
||||
import io.grpc.Channel;
|
||||
import io.grpc.ManagedChannel;
|
||||
|
|
@ -66,7 +65,7 @@ public class OpenLoopClient {
|
|||
public static void main(String... args) throws Exception {
|
||||
ClientConfiguration.Builder configBuilder = ClientConfiguration.newBuilder(
|
||||
ADDRESS, TARGET_QPS, CLIENT_PAYLOAD, SERVER_PAYLOAD, TLS,
|
||||
TESTCA, USE_DEFAULT_CIPHERS, TRANSPORT, DURATION, SAVE_HISTOGRAM, FLOW_CONTROL_WINDOW);
|
||||
TESTCA, TRANSPORT, DURATION, SAVE_HISTOGRAM, FLOW_CONTROL_WINDOW);
|
||||
ClientConfiguration config;
|
||||
try {
|
||||
config = configBuilder.build(args);
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ class ServerConfiguration implements Configuration {
|
|||
|
||||
Transport transport = Transport.NETTY_NIO;
|
||||
boolean tls;
|
||||
boolean useDefaultCiphers;
|
||||
boolean directExecutor;
|
||||
SocketAddress address;
|
||||
int flowControlWindow = NettyChannelBuilder.DEFAULT_FLOW_CONTROL_WINDOW;
|
||||
|
|
@ -159,13 +158,6 @@ class ServerConfiguration implements Configuration {
|
|||
config.tls = parseBoolean(value);
|
||||
}
|
||||
},
|
||||
USE_DEFAULT_CIPHERS("", "Use the default JDK ciphers for TLS (Used to support Java 7).",
|
||||
"false") {
|
||||
@Override
|
||||
protected void setServerValue(ServerConfiguration config, String value) {
|
||||
config.useDefaultCiphers = parseBoolean(value);
|
||||
}
|
||||
},
|
||||
TRANSPORT("STR", Transport.getDescriptionString(), DEFAULT.transport.name().toLowerCase()) {
|
||||
@Override
|
||||
protected void setServerValue(ServerConfiguration config, String value) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue