Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
apache
SkyWalking
提交
e739ca22
S
SkyWalking
项目概览
apache
/
SkyWalking
上一次同步 1 年多
通知
302
Star
21345
Fork
6091
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
SkyWalking
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
e739ca22
编写于
12月 24, 2020
作者:
N
Neal Huang
提交者:
GitHub
12月 24, 2020
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Support building gRPC TLS channel but CA file is not required (#6060)
上级
88999300
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
22 addition
and
5 deletion
+22
-5
CHANGES.md
CHANGES.md
+1
-0
apm-sniffer/apm-agent-core/src/main/java/org/apache/skywalking/apm/agent/core/conf/Config.java
...ava/org/apache/skywalking/apm/agent/core/conf/Config.java
+5
-0
apm-sniffer/apm-agent-core/src/main/java/org/apache/skywalking/apm/agent/core/remote/TLSChannelBuilder.java
...e/skywalking/apm/agent/core/remote/TLSChannelBuilder.java
+6
-2
apm-sniffer/config/agent.config
apm-sniffer/config/agent.config
+4
-0
docs/en/setup/service-agent/java-agent/README.md
docs/en/setup/service-agent/java-agent/README.md
+1
-0
docs/en/setup/service-agent/java-agent/TLS.md
docs/en/setup/service-agent/java-agent/TLS.md
+5
-3
未找到文件。
CHANGES.md
浏览文件 @
e739ca22
...
...
@@ -21,6 +21,7 @@ Release Notes.
*
Fix thrift plugin collects wrong args when the method without parameter.
*
Fix DataCarrier's
`org.apache.skywalking.apm.commons.datacarrier.buffer.Buffer`
implementation isn't activated in
`IF_POSSIBLE`
mode.
*
Fix ArrayBlockingQueueBuffer's useless
`IF_POSSIBLE`
mode list
*
Support building gRPC TLS channel but CA file is not required.
#### OAP-Backend
*
Make meter receiver support MAL.
...
...
apm-sniffer/apm-agent-core/src/main/java/org/apache/skywalking/apm/agent/core/conf/Config.java
浏览文件 @
e739ca22
...
...
@@ -124,6 +124,11 @@ public class Config {
* Keep tracing even the backend is not available.
*/
public
static
boolean
KEEP_TRACING
=
false
;
/**
* Force open TLS for gRPC channel if true.
*/
public
static
boolean
FORCE_TLS
=
false
;
}
public
static
class
OsInfo
{
...
...
apm-sniffer/apm-agent-core/src/main/java/org/apache/skywalking/apm/agent/core/remote/TLSChannelBuilder.java
浏览文件 @
e739ca22
...
...
@@ -26,6 +26,7 @@ import java.io.File;
import
javax.net.ssl.SSLException
;
import
org.apache.skywalking.apm.agent.core.boot.AgentPackageNotFoundException
;
import
org.apache.skywalking.apm.agent.core.boot.AgentPackagePath
;
import
org.apache.skywalking.apm.agent.core.conf.Config
;
import
org.apache.skywalking.apm.agent.core.conf.Constants
;
/**
...
...
@@ -38,9 +39,12 @@ public class TLSChannelBuilder implements ChannelBuilder<NettyChannelBuilder> {
public
NettyChannelBuilder
build
(
NettyChannelBuilder
managedChannelBuilder
)
throws
AgentPackageNotFoundException
,
SSLException
{
File
caFile
=
new
File
(
AgentPackagePath
.
getPath
(),
CA_FILE_NAME
);
if
(
caFile
.
exists
()
&&
caFile
.
isFile
())
{
boolean
isCAFileExist
=
caFile
.
exists
()
&&
caFile
.
isFile
();
if
(
Config
.
Agent
.
FORCE_TLS
||
isCAFileExist
)
{
SslContextBuilder
builder
=
GrpcSslContexts
.
forClient
();
builder
.
trustManager
(
caFile
);
if
(
isCAFileExist
)
{
builder
.
trustManager
(
caFile
);
}
managedChannelBuilder
=
managedChannelBuilder
.
negotiationType
(
NegotiationType
.
TLS
)
.
sslContext
(
builder
.
build
());
}
...
...
apm-sniffer/config/agent.config
浏览文件 @
e739ca22
...
...
@@ -51,6 +51,10 @@ agent.service_name=${SW_AGENT_NAME:Your_ApplicationName}
# Notice, in the current practice, we don't recommend the length over 190.
# agent.operation_name_threshold=${SW_AGENT_OPERATION_NAME_THRESHOLD:150}
# The agent use gRPC plain text in default.
# If true, SkyWalking agent uses TLS even no CA file detected.
# agent.force_tls=${SW_AGENT_FORCE_TLS:false}
# If true, skywalking agent will enable profile when user create a new profile task. Otherwise disable profile.
# profile.active=${SW_AGENT_PROFILE_ACTIVE:true}
...
...
docs/en/setup/service-agent/java-agent/README.md
浏览文件 @
e739ca22
...
...
@@ -86,6 +86,7 @@ property key | Description | Default |
`agent.force_reconnection_period `
|Force reconnection period of grpc, based on grpc_channel_check_interval.|
`1`
|
`agent.operation_name_threshold `
|The operationName max length, setting this value > 190 is not recommended.|
`150`
|
`agent.keep_tracing`
|Keep tracing even the backend is not available if this value is
`true`
.|
`false`
|
`agent.force_tls`
|Force open TLS for gRPC channel if this value is
`true`
.|
`false`
|
`osinfo.ipv4_list_size`
| Limit the length of the ipv4 list size. |
`10`
|
`collector.grpc_channel_check_interval`
|grpc channel status check interval.|
`30`
|
`collector.heartbeat_period`
|agent heartbeat report period. Unit, second.|
`30`
|
...
...
docs/en/setup/service-agent/java-agent/TLS.md
浏览文件 @
e739ca22
...
...
@@ -19,6 +19,8 @@ Only support **no mutual auth**.
### Agent config
-
Place
`ca.crt`
into
`/ca`
folder in agent package. Notice,
`/ca`
is not created in distribution, please create it by yourself.
Agent open TLS automatically after the
`/ca/ca.crt`
file detected.
o make sure can't access other ports out of region (VPC), such as firewall, proxy.
\ No newline at end of file
-
Agent open TLS automatically after the
`/ca/ca.crt`
file detected.
-
TLS with no CA mode could be activated by this setting.
```
agent.force_tls=${SW_AGENT_FORCE_TLS:false}
```
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录