org.apache.ratis.grpc.GrpcTlsConfig Java Examples

public static XceiverServerRatis newXceiverServerRatis(
    DatanodeDetails datanodeDetails, ConfigurationSource ozoneConf,
    ContainerDispatcher dispatcher, ContainerController containerController,
    CertificateClient caClient, StateContext context) throws IOException {
  int localPort = ozoneConf.getInt(
      OzoneConfigKeys.DFS_CONTAINER_RATIS_IPC_PORT,
      OzoneConfigKeys.DFS_CONTAINER_RATIS_IPC_PORT_DEFAULT);

  // Get an available port on current node and
  // use that as the container port
  if (ozoneConf.getBoolean(OzoneConfigKeys
          .DFS_CONTAINER_RATIS_IPC_RANDOM_PORT,
      OzoneConfigKeys.DFS_CONTAINER_RATIS_IPC_RANDOM_PORT_DEFAULT)) {
    localPort = 0;
  }
  GrpcTlsConfig tlsConfig = createTlsServerConfigForDN(
        new SecurityConfig(ozoneConf), caClient);

  return new XceiverServerRatis(datanodeDetails, localPort, dispatcher,
      containerController, context, tlsConfig, ozoneConf);
}
 

/**
 * Removes pipeline from SCM. Sends ratis command to destroy pipeline on all
 * the datanodes.
 *
 * @param pipeline        - Pipeline to be destroyed
 * @param ozoneConf       - Ozone configuration
 * @param grpcTlsConfig
 * @throws IOException
 */
public static void destroyPipeline(Pipeline pipeline,
    ConfigurationSource ozoneConf,
    GrpcTlsConfig grpcTlsConfig) {
  final RaftGroup group = RatisHelper.newRaftGroup(pipeline);
  if (LOG.isDebugEnabled()) {
    LOG.debug("destroying pipeline:{} with {}", pipeline.getId(), group);
  }
  for (DatanodeDetails dn : pipeline.getNodes()) {
    try {
      destroyPipeline(dn, pipeline.getId(), ozoneConf, grpcTlsConfig);
    } catch (IOException e) {
      LOG.warn("Pipeline destroy failed for pipeline={} dn={} exception={}",
          pipeline.getId(), dn, e.getMessage());
    }
  }
}
 

/**
 * Sends ratis command to destroy pipeline on the given datanode.
 *
 * @param dn         - Datanode on which pipeline needs to be destroyed
 * @param pipelineID - ID of pipeline to be destroyed
 * @param ozoneConf  - Ozone configuration
 * @param grpcTlsConfig - grpc tls configuration
 * @throws IOException
 */
static void destroyPipeline(DatanodeDetails dn, PipelineID pipelineID,
    ConfigurationSource ozoneConf, GrpcTlsConfig grpcTlsConfig)
    throws IOException {
  final String rpcType = ozoneConf
      .get(ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_KEY,
          ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_DEFAULT);
  final RetryPolicy retryPolicy = RatisHelper.createRetryPolicy(ozoneConf);
  final RaftPeer p = RatisHelper.toRaftPeer(dn);
  try(RaftClient client = RatisHelper
      .newRaftClient(SupportedRpcType.valueOfIgnoreCase(rpcType), p,
          retryPolicy, grpcTlsConfig, ozoneConf)) {
    client.groupRemove(RaftGroupId.valueOf(pipelineID.getId()),
        true, p.getId());
  }
}
 

GrpcClientStreamer(RaftProperties prop, RaftGroup group,
    RaftPeerId leaderId, ClientId clientId, GrpcTlsConfig tlsConfig) {
  this.clientId = clientId;
  maxPendingNum = GrpcConfigKeys.OutputStream.outstandingAppendsMax(prop);
  maxMessageSize = GrpcConfigKeys.messageSizeMax(prop, LOG::debug);
  dataQueue = new ConcurrentLinkedDeque<>();
  ackQueue = new ConcurrentLinkedDeque<>();
  exceptionAndRetry = new ExceptionAndRetry(prop);

  this.groupId = group.getGroupId();
  this.peers = group.getPeers().stream().collect(
      Collectors.toMap(RaftPeer::getId, Function.identity()));
  proxyMap = new PeerProxyMap<>(clientId.toString(),
      raftPeer -> new GrpcClientProtocolProxy(clientId, raftPeer,
          ResponseHandler::new, prop, tlsConfig));
  proxyMap.addPeers(group.getPeers());
  refreshLeaderProxy(leaderId, null);

  senderThread = new Sender();
  senderThread.setName(this.toString() + "-sender");
  senderThread.start();
}
 

GrpcClientStreamer(RaftProperties prop, RaftGroup group,
    RaftPeerId leaderId, ClientId clientId, GrpcTlsConfig tlsConfig) {
  this.clientId = clientId;
  maxPendingNum = GrpcConfigKeys.OutputStream.outstandingAppendsMax(prop);
  maxMessageSize = GrpcConfigKeys.messageSizeMax(prop, LOG::debug);
  dataQueue = new ConcurrentLinkedDeque<>();
  ackQueue = new ConcurrentLinkedDeque<>();
  exceptionAndRetry = new ExceptionAndRetry(prop);

  this.groupId = group.getGroupId();
  this.peers = group.getPeers().stream().collect(
      Collectors.toMap(RaftPeer::getId, Function.identity()));
  proxyMap = new PeerProxyMap<>(clientId.toString(),
      raftPeer -> new GrpcClientProtocolProxy(clientId, raftPeer,
          ResponseHandler::new, prop, tlsConfig));
  proxyMap.addPeers(group.getPeers());
  refreshLeaderProxy(leaderId, null);

  senderThread = new Sender();
  senderThread.setName(this.toString() + "-sender");
  senderThread.start();
}
 

public GrpcServerProtocolClient(RaftPeer target, int flowControlWindow,
    TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) {
  NettyChannelBuilder channelBuilder =
      NettyChannelBuilder.forTarget(target.getAddress());

  if (tlsConfig!= null) {
    SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
    if (tlsConfig.getTrustStore() != null) {
      sslContextBuilder.trustManager(tlsConfig.getTrustStore());
    }
    if (tlsConfig.getMtlsEnabled()) {
      sslContextBuilder.keyManager(tlsConfig.getCertChain(),
          tlsConfig.getPrivateKey());
    }
    try {
      channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build());
    } catch (Exception ex) {
      throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex);
    }
  } else {
    channelBuilder.negotiationType(NegotiationType.PLAINTEXT);
  }
  channel = channelBuilder.flowControlWindow(flowControlWindow).build();
  blockingStub = RaftServerProtocolServiceGrpc.newBlockingStub(channel);
  asyncStub = RaftServerProtocolServiceGrpc.newStub(channel);
  this.requestTimeoutDuration = requestTimeoutDuration;
}
 

private XceiverServerRatis(DatanodeDetails dd, int port,
    ContainerDispatcher dispatcher, ContainerController containerController,
    StateContext context, GrpcTlsConfig tlsConfig, ConfigurationSource conf)
    throws IOException {
  this.conf = conf;
  Objects.requireNonNull(dd, "id == null");
  datanodeDetails = dd;
  this.port = port;
  RaftProperties serverProperties = newRaftProperties();
  this.context = context;
  this.dispatcher = dispatcher;
  this.containerController = containerController;
  this.raftPeerId = RatisHelper.toRaftPeerId(dd);
  chunkExecutors = createChunkExecutors(conf);

  RaftServer.Builder builder =
      RaftServer.newBuilder().setServerId(raftPeerId)
          .setProperties(serverProperties)
          .setStateMachineRegistry(this::getStateMachine);
  if (tlsConfig != null) {
    builder.setParameters(GrpcFactory.newRaftParameters(tlsConfig));
  }
  this.server = builder.build();
  this.requestTimeout = conf.getTimeDuration(
      HddsConfigKeys.HDDS_DATANODE_RATIS_SERVER_REQUEST_TIMEOUT,
      HddsConfigKeys.HDDS_DATANODE_RATIS_SERVER_REQUEST_TIMEOUT_DEFAULT,
      TimeUnit.MILLISECONDS);
}
 

private GrpcService(RaftServer raftServer, Supplier<RaftPeerId> idSupplier, int port,
    SizeInBytes grpcMessageSizeMax, SizeInBytes appenderBufferSize,
    SizeInBytes flowControlWindow,TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) {
  super(idSupplier, id -> new PeerProxyMap<>(id.toString(),
      p -> new GrpcServerProtocolClient(p, flowControlWindow.getSizeInt(),
          requestTimeoutDuration, tlsConfig)));
  if (appenderBufferSize.getSize() > grpcMessageSizeMax.getSize()) {
    throw new IllegalArgumentException("Illegal configuration: "
        + RaftServerConfigKeys.Log.Appender.BUFFER_BYTE_LIMIT_KEY + " = " + appenderBufferSize
        + " > " + GrpcConfigKeys.MESSAGE_SIZE_MAX_KEY + " = " + grpcMessageSizeMax);
  }

  NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port)
      .maxInboundMessageSize(grpcMessageSizeMax.getSizeInt())
      .flowControlWindow(flowControlWindow.getSizeInt())
      .addService(new GrpcServerProtocolService(idSupplier, raftServer))
      .addService(new GrpcClientProtocolService(idSupplier, raftServer))
      .addService(new GrpcAdminProtocolService(raftServer));

  if (tlsConfig != null) {
    SslContextBuilder sslContextBuilder =
        SslContextBuilder.forServer(tlsConfig.getCertChain(),
            tlsConfig.getPrivateKey());
    if (tlsConfig.getMtlsEnabled()) {
      sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
      sslContextBuilder.trustManager(tlsConfig.getCertChain());
    }
    sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, OPENSSL);
    try {
      nettyServerBuilder.sslContext(sslContextBuilder.build());
    } catch (Exception ex) {
      throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex);
    }
  }
  server = nettyServerBuilder.build();
  addressSupplier = JavaUtils.memoize(() -> new InetSocketAddress(port != 0? port: server.getPort()));
}
 

private GrpcService(RaftServer server, GrpcTlsConfig tlsConfig) {
  this(server, server::getId,
      GrpcConfigKeys.Server.port(server.getProperties()),
      GrpcConfigKeys.messageSizeMax(server.getProperties(), LOG::info),
      RaftServerConfigKeys.Log.Appender.bufferByteLimit(server.getProperties()),
      GrpcConfigKeys.flowControlWindow(server.getProperties(), LOG::info),
      RaftServerConfigKeys.Rpc.requestTimeout(server.getProperties()),
      tlsConfig);
}
 

public GrpcOutputStream(RaftProperties prop, ClientId clientId,
    RaftGroup group, RaftPeerId leaderId, GrpcTlsConfig tlsConfig) {
  final int bufferSize = GrpcConfigKeys.OutputStream.bufferSize(prop).getSizeInt();
  buf = new byte[bufferSize];
  count = 0;
  this.clientId = clientId;
  streamer = new GrpcClientStreamer(prop, group, leaderId, clientId, tlsConfig);
}
 

public GrpcClientRpc(ClientId clientId, RaftProperties properties, GrpcTlsConfig tlsConfig) {
  super(new PeerProxyMap<>(clientId.toString(),
      p -> new GrpcClientProtocolClient(clientId, p, properties, tlsConfig)));
  this.clientId = clientId;
  this.maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug).getSizeInt();
  this.tlsConfig = tlsConfig;
}
 

public GrpcClientProtocolClient(ClientId id, RaftPeer target,
                                RaftProperties properties,
                                GrpcTlsConfig tlsConf) {
  this.name = JavaUtils.memoize(() -> id + "->" + target.getId());
  this.target = target;
  final SizeInBytes flowControlWindow = GrpcConfigKeys.flowControlWindow(properties, LOG::debug);
  final SizeInBytes maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug);
  NettyChannelBuilder channelBuilder =
      NettyChannelBuilder.forTarget(target.getAddress());

  if (tlsConf!= null) {
    SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
    if (tlsConf.getTrustStore() != null) {
      sslContextBuilder.trustManager(tlsConf.getTrustStore());
    }
    if (tlsConf.getMtlsEnabled()) {
      sslContextBuilder.keyManager(tlsConf.getCertChain(),
          tlsConf.getPrivateKey());
    }
    try {
      channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build());
    } catch (Exception ex) {
      throw new RuntimeException(ex);
    }
  } else {
    channelBuilder.negotiationType(NegotiationType.PLAINTEXT);
  }
  channel = channelBuilder.flowControlWindow(flowControlWindow.getSizeInt())
      .maxInboundMessageSize(maxMessageSize.getSizeInt())
      .build();
  blockingStub = RaftClientProtocolServiceGrpc.newBlockingStub(channel);
  asyncStub = RaftClientProtocolServiceGrpc.newStub(channel);
  adminBlockingStub = AdminProtocolServiceGrpc.newBlockingStub(channel);
  this.requestTimeoutDuration = RaftClientConfigKeys.Rpc.requestTimeout(properties);
}
 

public GrpcServerProtocolClient(RaftPeer target, int flowControlWindow,
    TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) {
  raftPeerId = target.getId();
  NettyChannelBuilder channelBuilder =
      NettyChannelBuilder.forTarget(target.getAddress());

  if (tlsConfig!= null) {
    SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
    if (tlsConfig.isFileBasedConfig()) {
      sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile());
    } else {
      sslContextBuilder.trustManager(tlsConfig.getTrustStore());
    }
    if (tlsConfig.getMtlsEnabled()) {
      if (tlsConfig.isFileBasedConfig()) {
        sslContextBuilder.keyManager(tlsConfig.getCertChainFile(),
            tlsConfig.getPrivateKeyFile());
      } else {
        sslContextBuilder.keyManager(tlsConfig.getPrivateKey(),
            tlsConfig.getCertChain());
      }
    }
    try {
      channelBuilder.useTransportSecurity().sslContext(sslContextBuilder.build());
    } catch (Exception ex) {
      throw new IllegalArgumentException("Failed to build SslContext, peerId=" + raftPeerId
          + ", tlsConfig=" + tlsConfig, ex);
    }
  } else {
    channelBuilder.negotiationType(NegotiationType.PLAINTEXT);
  }
  channel = channelBuilder.flowControlWindow(flowControlWindow).build();
  blockingStub = RaftServerProtocolServiceGrpc.newBlockingStub(channel);
  asyncStub = RaftServerProtocolServiceGrpc.newStub(channel);
  this.requestTimeoutDuration = requestTimeoutDuration;
}
 

private GrpcService(RaftServer server, GrpcTlsConfig tlsConfig) {
  this(server, server::getId,
      GrpcConfigKeys.Server.port(server.getProperties()),
      GrpcConfigKeys.messageSizeMax(server.getProperties(), LOG::info),
      RaftServerConfigKeys.Log.Appender.bufferByteLimit(server.getProperties()),
      GrpcConfigKeys.flowControlWindow(server.getProperties(), LOG::info),
      RaftServerConfigKeys.Rpc.requestTimeout(server.getProperties()),
      tlsConfig);
}
 

public static RaftClient newRaftClient(RpcType rpcType, RaftPeer leader,
    RetryPolicy retryPolicy, GrpcTlsConfig tlsConfig,
    ConfigurationSource configuration) {
  return newRaftClient(rpcType, leader.getId(),
      newRaftGroup(Collections.singletonList(leader)), retryPolicy,
      tlsConfig, configuration);
}
 

static GrpcTlsConfig createTlsServerConfigForDN(SecurityConfig conf,
    CertificateClient caClient) {
  if (conf.isSecurityEnabled() && conf.isGrpcTlsEnabled()) {
    return new GrpcTlsConfig(
        caClient.getPrivateKey(), caClient.getCertificate(),
        null, false);
  }
  return null;
}
 

static GrpcTlsConfig createTlsClientConfigForSCM(SecurityConfig conf,
    CertificateServer certificateServer) throws IOException {
  if (conf.isSecurityEnabled() && conf.isGrpcTlsEnabled()) {
    try {
      X509Certificate caCert =
          CertificateCodec.getX509Certificate(
              certificateServer.getCACertificate());
      return new GrpcTlsConfig(null, null,
          caCert, false);
    } catch (CertificateException ex) {
      throw new SCMSecurityException("Fail to find SCM CA certificate.", ex);
    }
  }
  return null;
}
 

public static XceiverClientRatis newXceiverClientRatis(
    org.apache.hadoop.hdds.scm.pipeline.Pipeline pipeline,
    ConfigurationSource ozoneConf, X509Certificate caCert) {
  final String rpcType = ozoneConf
      .get(ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_KEY,
          ScmConfigKeys.DFS_CONTAINER_RATIS_RPC_TYPE_DEFAULT);
  final RetryPolicy retryPolicy = RatisHelper.createRetryPolicy(ozoneConf);
  final GrpcTlsConfig tlsConfig = RatisHelper.createTlsClientConfig(new
      SecurityConfig(ozoneConf), caCert);
  return new XceiverClientRatis(pipeline,
      SupportedRpcType.valueOfIgnoreCase(rpcType),
      retryPolicy, tlsConfig, ozoneConf);
}
 

/**
 * Constructs a client.
 */
private XceiverClientRatis(Pipeline pipeline, RpcType rpcType,
    RetryPolicy retryPolicy, GrpcTlsConfig tlsConfig,
    ConfigurationSource configuration) {
  super();
  this.pipeline = pipeline;
  this.rpcType = rpcType;
  this.retryPolicy = retryPolicy;
  commitInfoMap = new ConcurrentHashMap<>();
  this.tlsConfig = tlsConfig;
  metrics = XceiverClientManager.getXceiverClientMetrics();
  this.ozoneConfiguration = configuration;
}
 

public static RaftClient newRaftClient(RpcType rpcType, Pipeline pipeline,
    RetryPolicy retryPolicy, GrpcTlsConfig tlsConfig,
    ConfigurationSource ozoneConfiguration) throws IOException {
  return newRaftClient(rpcType,
      toRaftPeerId(pipeline.getLeaderNode()),
      newRaftGroup(RaftGroupId.valueOf(pipeline.getId().getId()),
          pipeline.getNodes()), retryPolicy, tlsConfig, ozoneConfiguration);
}
 

public GrpcOutputStream(RaftProperties prop, ClientId clientId,
    RaftGroup group, RaftPeerId leaderId, GrpcTlsConfig tlsConfig) {
  final int bufferSize = GrpcConfigKeys.OutputStream.bufferSize(prop).getSizeInt();
  buf = new byte[bufferSize];
  count = 0;
  this.clientId = clientId;
  streamer = new GrpcClientStreamer(prop, group, leaderId, clientId, tlsConfig);
}
 

@SuppressWarnings("checkstyle:ParameterNumber")
private static RaftClient newRaftClient(RpcType rpcType, RaftPeerId leader,
    RaftGroup group, RetryPolicy retryPolicy,
    GrpcTlsConfig tlsConfig, ConfigurationSource ozoneConfiguration) {
  if (LOG.isTraceEnabled()) {
    LOG.trace("newRaftClient: {}, leader={}, group={}",
        rpcType, leader, group);
  }
  final RaftProperties properties = new RaftProperties();

  RaftConfigKeys.Rpc.setType(properties, rpcType);

  // Set the ratis client headers which are matching with regex.
  createRaftClientProperties(ozoneConfiguration, properties);

  RaftClient.Builder builder =  RaftClient.newBuilder()
      .setRaftGroup(group)
      .setLeaderId(leader)
      .setProperties(properties)
      .setRetryPolicy(retryPolicy);

  // TODO: GRPC TLS only for now, netty/hadoop RPC TLS support later.
  if (tlsConfig != null && rpcType == SupportedRpcType.GRPC) {
    builder.setParameters(GrpcFactory.newRaftParameters(tlsConfig));
  }
  return builder.build();
}
 

public GrpcClientRpc(ClientId clientId, RaftProperties properties, GrpcTlsConfig tlsConfig) {
  super(new PeerProxyMap<>(clientId.toString(),
      p -> new GrpcClientProtocolClient(clientId, p, properties, tlsConfig)));
  this.clientId = clientId;
  this.maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug).getSizeInt();
  this.tlsConfig = tlsConfig;
}
 

GrpcClientProtocolClient(ClientId id, RaftPeer target, RaftProperties properties, GrpcTlsConfig tlsConf) {
  this.name = JavaUtils.memoize(() -> id + "->" + target.getId());
  this.target = target;
  final SizeInBytes flowControlWindow = GrpcConfigKeys.flowControlWindow(properties, LOG::debug);
  final SizeInBytes maxMessageSize = GrpcConfigKeys.messageSizeMax(properties, LOG::debug);
  NettyChannelBuilder channelBuilder =
      NettyChannelBuilder.forTarget(target.getAddress());

  if (tlsConf!= null) {
    SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
    if (tlsConf.isFileBasedConfig()) {
      sslContextBuilder.trustManager(tlsConf.getTrustStoreFile());
    } else {
      sslContextBuilder.trustManager(tlsConf.getTrustStore());
    }
    if (tlsConf.getMtlsEnabled()) {
      if (tlsConf.isFileBasedConfig()) {
        sslContextBuilder.keyManager(tlsConf.getCertChainFile(),
            tlsConf.getPrivateKeyFile());
      } else {
        sslContextBuilder.keyManager(tlsConf.getPrivateKey(),
            tlsConf.getCertChain());
      }
    }
    try {
      channelBuilder.useTransportSecurity().sslContext(
          sslContextBuilder.build());
    } catch (Exception ex) {
      throw new RuntimeException(ex);
    }
  } else {
    channelBuilder.negotiationType(NegotiationType.PLAINTEXT);
  }
  channel = channelBuilder.flowControlWindow(flowControlWindow.getSizeInt())
      .maxInboundMessageSize(maxMessageSize.getSizeInt())
      .build();
  blockingStub = RaftClientProtocolServiceGrpc.newBlockingStub(channel);
  asyncStub = RaftClientProtocolServiceGrpc.newStub(channel);
  adminBlockingStub = AdminProtocolServiceGrpc.newBlockingStub(channel);
  this.requestTimeoutDuration = RaftClientConfigKeys.Rpc.requestTimeout(properties);
  this.watchRequestTimeoutDuration =
      RaftClientConfigKeys.Rpc.watchRequestTimeout(properties);
}
 

@SuppressWarnings("checkstyle:ParameterNumber") // private constructor
private GrpcService(RaftServer raftServer, Supplier<RaftPeerId> idSupplier, int port,
    SizeInBytes grpcMessageSizeMax, SizeInBytes appenderBufferSize,
    SizeInBytes flowControlWindow,TimeDuration requestTimeoutDuration, GrpcTlsConfig tlsConfig) {
  super(idSupplier, id -> new PeerProxyMap<>(id.toString(),
      p -> new GrpcServerProtocolClient(p, flowControlWindow.getSizeInt(),
          requestTimeoutDuration, tlsConfig)));
  if (appenderBufferSize.getSize() > grpcMessageSizeMax.getSize()) {
    throw new IllegalArgumentException("Illegal configuration: "
        + RaftServerConfigKeys.Log.Appender.BUFFER_BYTE_LIMIT_KEY + " = " + appenderBufferSize
        + " > " + GrpcConfigKeys.MESSAGE_SIZE_MAX_KEY + " = " + grpcMessageSizeMax);
  }

  this.clientProtocolService = new GrpcClientProtocolService(idSupplier, raftServer);

  NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port)
      .withChildOption(ChannelOption.SO_REUSEADDR, true)
      .maxInboundMessageSize(grpcMessageSizeMax.getSizeInt())
      .flowControlWindow(flowControlWindow.getSizeInt())
      .addService(new GrpcServerProtocolService(idSupplier, raftServer))
      .addService(clientProtocolService)
      .addService(new GrpcAdminProtocolService(raftServer));

  if (tlsConfig != null) {
    SslContextBuilder sslContextBuilder =
        tlsConfig.isFileBasedConfig()?
            SslContextBuilder.forServer(tlsConfig.getCertChainFile(),
                tlsConfig.getPrivateKeyFile()):
            SslContextBuilder.forServer(tlsConfig.getPrivateKey(),
                tlsConfig.getCertChain());
    if (tlsConfig.getMtlsEnabled()) {
      sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
      if (tlsConfig.isFileBasedConfig()) {
        sslContextBuilder.trustManager(tlsConfig.getTrustStoreFile());
      } else {
          sslContextBuilder.trustManager(tlsConfig.getTrustStore());
      }
    }
    sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, OPENSSL);
    try {
      nettyServerBuilder.sslContext(sslContextBuilder.build());
    } catch (Exception ex) {
      throw new IllegalArgumentException("Failed to build SslContext, tlsConfig=" + tlsConfig, ex);
    }
  }
  server = nettyServerBuilder.build();
  addressSupplier = JavaUtils.memoize(() -> new InetSocketAddress(port != 0? port: server.getPort()));
}
 

public GrpcClientProtocolProxy(ClientId clientId, RaftPeer target,
    Function<RaftPeer, CloseableStreamObserver> responseHandlerCreation,
    RaftProperties properties, GrpcTlsConfig tlsConfig) {
  proxy = new GrpcClientProtocolClient(clientId, target, properties, tlsConfig);
  this.responseHandlerCreation = responseHandlerCreation;
}
 

public Builder setTlsConfig(GrpcTlsConfig tlsConfig) {
  this.tlsConfig = tlsConfig;
  return this;
}
 

public GrpcTlsConfig getTlsConfig() {
  return tlsConfig;
}
 

public GrpcTlsConfig getTlsConfig() {
  return tlsConfig;
}
 

public Builder setTlsConfig(GrpcTlsConfig tlsConfig) {
  this.tlsConfig = tlsConfig;
  return this;
}