diff --git a/docs/en/setup/backend/backend-cluster.md b/docs/en/setup/backend/backend-cluster.md index 92fad98c56ee784b1372cdad0679781e81e2ce27..92b5f91baeb14fa9b0ce5128acf2bd5a86df2e02 100644 --- a/docs/en/setup/backend/backend-cluster.md +++ b/docs/en/setup/backend/backend-cluster.md @@ -107,6 +107,15 @@ cluster: # other configurations ``` +Nacos support authenticate by username or accessKey, empty means no need auth. extra config is bellow: +```yaml +nacos: + username: + password: + accessKey: + secretKey: +``` + Same as Zookeeper coordinator, in some cases, oap default gRPC host and port in core are not suitable for internal communication among the oap nodes. The following setting are provided to set the host and port manually, based on your own LAN env. diff --git a/docs/en/setup/backend/configuration-vocabulary.md b/docs/en/setup/backend/configuration-vocabulary.md index 95b304565ebf110f8f5b06ae0a2793e9d88c19da..e0787aad909478dc1bdd6c4d40308d0f50ac7003 100644 --- a/docs/en/setup/backend/configuration-vocabulary.md +++ b/docs/en/setup/backend/configuration-vocabulary.md @@ -66,6 +66,10 @@ core|default|role|Option values, `Mixed/Receiver/Aggregator`. **Receiver** mode | - | - | namespace| Namespace used by SkyWalking node coordination.| SW_CLUSTER_NACOS_NAMESPACE|public| | - | - | internalComHost| The hostname registered in the Nacos for the internal communication of OAP cluster.| - | -| | - | - | internalComPort| The port registered in the Nacos for the internal communication of OAP cluster.| - | -1| +| - | - | username | Nacos Auth username | SW_CLUSTER_NACOS_USERNAME | - | +| - | - | password | Nacos Auth password | SW_CLUSTER_NACOS_PASSWORD | - | +| - | - | accessKey | Nacos Auth accessKey | SW_CLUSTER_NACOS_ACCESSKEY | - | +| - | - | secretKey | Nacos Auth secretKey | SW_CLUSTER_NACOS_SECRETKEY | - | | storage|elasticsearch| - | ElasticSearch 6 storage implementation | - | - | | - | - | nameSpace | Prefix of indexes created and used by SkyWalking. | SW_NAMESPACE | - | | - | - | clusterNodes | ElasticSearch cluster nodes for client connection.| SW_STORAGE_ES_CLUSTER_NODES |localhost| @@ -236,7 +240,11 @@ core|default|role|Option values, `Mixed/Receiver/Aggregator`. **Receiver** mode | - | nacos | serverAddr | Nacos Server Host | SW_CONFIG_NACOS_SERVER_ADDR | 127.0.0.1| | - | - | port | Nacos Server Port | SW_CONFIG_NACOS_SERVER_PORT | 8848 | | - | - | group | Nacos Configuration namespace | SW_CONFIG_NACOS_SERVER_NAMESPACE | - | -| - | - | period | The period of data sync. Unit is second. | SW_CONFIG_ZK_PERIOD | 60 | +| - | - | period | The period of data sync. Unit is second. | SW_CONFIG_CONFIG_NACOS_PERIOD | 60 | +| - | - | username | Nacos Auth username | SW_CONFIG_NACOS_USERNAME | - | +| - | - | password | Nacos Auth password | SW_CONFIG_NACOS_PASSWORD | - | +| - | - | accessKey | Nacos Auth accessKey | SW_CONFIG_NACOS_ACCESSKEY | - | +| - | - | secretKey | Nacos Auth secretKey | SW_CONFIG_NACOS_SECRETKEY | - | | exporter | grpc | targetHost | The host of target grpc server for receiving export data. | SW_EXPORTER_GRPC_HOST | 127.0.0.1 | | - | - | targetPort | The port of target grpc server for receiving export data. | SW_EXPORTER_GRPC_PORT | 9870 | | health-checker | default | checkIntervalSeconds | The period of check OAP internal health status. Unit is second. | SW_HEALTH_CHECKER_INTERVAL_SECONDS | 5 | diff --git a/oap-server/server-bootstrap/src/main/resources/application.yml b/oap-server/server-bootstrap/src/main/resources/application.yml index cb3163d41c6d0213386a6a22fadba65386216a4e..135e85dbd965c15b48e6de6eafcbea3c4b7b106c 100755 --- a/oap-server/server-bootstrap/src/main/resources/application.yml +++ b/oap-server/server-bootstrap/src/main/resources/application.yml @@ -46,7 +46,12 @@ cluster: hostPort: ${SW_CLUSTER_NACOS_HOST_PORT:localhost:8848} # Nacos Configuration namespace namespace: ${SW_CLUSTER_NACOS_NAMESPACE:"public"} - + # Nacos auth username + username: ${SW_CLUSTER_NACOS_USERNAME:""} + password: ${SW_CLUSTER_NACOS_PASSWORD:""} + # Nacos auth accessKey + accessKey: ${SW_CLUSTER_NACOS_ACCESSKEY:""} + secretKey: ${SW_CLUSTER_NACOS_SECRETKEY:""} core: selector: ${SW_CORE:default} default: @@ -357,6 +362,12 @@ configuration: namespace: ${SW_CONFIG_NACOS_SERVER_NAMESPACE:} # Unit seconds, sync period. Default fetch every 60 seconds. period: ${SW_CONFIG_NACOS_PERIOD:60} + # Nacos auth username + username: ${SW_CONFIG_NACOS_USERNAME:""} + password: ${SW_CONFIG_NACOS_PASSWORD:""} + # Nacos auth accessKey + accessKey: ${SW_CONFIG_NACOS_ACCESSKEY:""} + secretKey: ${SW_CONFIG_NACOS_SECRETKEY:""} exporter: selector: ${SW_EXPORTER:-} diff --git a/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosConfig.java b/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosConfig.java index 917b3947bbb0387f70125ddede5eecba8d1dfc0b..a6c683af660f8bb39970498627f6ac2cb36c2509 100644 --- a/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosConfig.java +++ b/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosConfig.java @@ -20,22 +20,20 @@ package org.apache.skywalking.oap.server.cluster.plugin.nacos; import lombok.Getter; import lombok.Setter; +import lombok.ToString; import org.apache.skywalking.oap.server.library.module.ModuleConfig; +@Getter +@Setter +@ToString public class ClusterModuleNacosConfig extends ModuleConfig { - @Setter - @Getter private String serviceName; - @Setter - @Getter private String hostPort; - @Setter - @Getter private String namespace = "public"; - @Setter - @Getter private String internalComHost; - @Setter - @Getter private int internalComPort = -1; + private String username; + private String password; + private String accessKey; + private String secretKey; } diff --git a/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosProvider.java b/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosProvider.java index c73bea1f9ccb0a53997016af792706fae91fc3cc..46ad220faea67610282e882edd67830f932a4e8f 100644 --- a/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosProvider.java +++ b/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ClusterModuleNacosProvider.java @@ -22,6 +22,8 @@ import com.alibaba.nacos.api.PropertyKeyConst; import com.alibaba.nacos.api.naming.NamingFactory; import com.alibaba.nacos.api.naming.NamingService; import java.util.Properties; + +import org.apache.skywalking.apm.util.StringUtil; import org.apache.skywalking.oap.server.core.CoreModule; import org.apache.skywalking.oap.server.core.cluster.ClusterModule; import org.apache.skywalking.oap.server.core.cluster.ClusterNodesQuery; @@ -63,6 +65,16 @@ public class ClusterModuleNacosProvider extends ModuleProvider { Properties properties = new Properties(); properties.put(PropertyKeyConst.SERVER_ADDR, config.getHostPort()); properties.put(PropertyKeyConst.NAMESPACE, config.getNamespace()); + if (StringUtil.isNotEmpty(config.getUsername()) && StringUtil.isNotEmpty(config.getAccessKey())) { + throw new ModuleStartException("Nacos Auth method should choose either username or accessKey, not both"); + } + if (StringUtil.isNotEmpty(config.getUsername())) { + properties.put(PropertyKeyConst.USERNAME, config.getUsername()); + properties.put(PropertyKeyConst.PASSWORD, config.getPassword()); + } else if (StringUtil.isNotEmpty(config.getAccessKey())) { + properties.put(PropertyKeyConst.ACCESS_KEY, config.getAccessKey()); + properties.put(PropertyKeyConst.SECRET_KEY, config.getSecretKey()); + } namingService = NamingFactory.createNamingService(properties); } catch (Exception e) { throw new ModuleStartException(e.getMessage(), e); diff --git a/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ITClusterModuleNacosProviderFunctionalTest.java b/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ITClusterModuleNacosProviderFunctionalTest.java index 44cfef766bb1c925ff518baa37a52efafe17bc8f..a72ee194c12e369954184ea8a5842f9321e975b3 100644 --- a/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ITClusterModuleNacosProviderFunctionalTest.java +++ b/oap-server/server-cluster-plugin/cluster-nacos-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/nacos/ITClusterModuleNacosProviderFunctionalTest.java @@ -40,9 +40,13 @@ import static org.junit.Assert.assertTrue; public class ITClusterModuleNacosProviderFunctionalTest { private String nacosAddress; + private String username; + private String password; @Before public void before() { + username = "nacos"; + password = "nacos"; nacosAddress = System.getProperty("nacos.address"); assertFalse(StringUtil.isEmpty(nacosAddress)); } @@ -164,6 +168,8 @@ public class ITClusterModuleNacosProviderFunctionalTest { config.setHostPort(nacosAddress); config.setServiceName(servicName); + config.setUsername(username); + config.setPassword(password); provider.prepare(); provider.start(); @@ -179,6 +185,8 @@ public class ITClusterModuleNacosProviderFunctionalTest { config.setHostPort(nacosAddress); config.setServiceName(serviceName); + config.setUsername(username); + config.setPassword(password); if (!StringUtil.isEmpty(internalComHost)) { config.setInternalComHost(internalComHost); diff --git a/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigWatcherRegister.java b/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigWatcherRegister.java index 0101cdf5181f49e7a96356d7e2cc246080847404..e9761d04b1fbdb023c55257dd42b29927ed35575 100644 --- a/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigWatcherRegister.java +++ b/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigWatcherRegister.java @@ -30,6 +30,8 @@ import java.util.Properties; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.Executor; + +import org.apache.skywalking.apm.util.StringUtil; import org.apache.skywalking.oap.server.configuration.api.ConfigTable; import org.apache.skywalking.oap.server.configuration.api.ConfigWatcherRegister; import org.slf4j.Logger; @@ -56,6 +58,13 @@ public class NacosConfigWatcherRegister extends ConfigWatcherRegister { final Properties properties = new Properties(); properties.put(PropertyKeyConst.SERVER_ADDR, serverAddr + ":" + port); properties.put(PropertyKeyConst.NAMESPACE, settings.getNamespace()); + if (StringUtil.isNotEmpty(settings.getUsername())) { + properties.put(PropertyKeyConst.USERNAME, settings.getUsername()); + properties.put(PropertyKeyConst.PASSWORD, settings.getPassword()); + } else if (StringUtil.isNotEmpty(settings.getAccessKey())) { + properties.put(PropertyKeyConst.ACCESS_KEY, settings.getAccessKey()); + properties.put(PropertyKeyConst.SECRET_KEY, settings.getSecretKey()); + } this.configService = NacosFactory.createConfigService(properties); } diff --git a/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigurationProvider.java b/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigurationProvider.java index ce04db2452097da686c4dde01df8032125bfba03..ad126832bf03e31638947f119f3d2f4c2e307209 100644 --- a/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigurationProvider.java +++ b/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosConfigurationProvider.java @@ -20,6 +20,7 @@ package org.apache.skywalking.oap.server.configuration.nacos; import com.alibaba.nacos.api.exception.NacosException; import com.google.common.base.Strings; +import org.apache.skywalking.apm.util.StringUtil; import org.apache.skywalking.oap.server.configuration.api.AbstractConfigurationProvider; import org.apache.skywalking.oap.server.configuration.api.ConfigWatcherRegister; import org.apache.skywalking.oap.server.library.module.ModuleConfig; @@ -61,7 +62,9 @@ public class NacosConfigurationProvider extends AbstractConfigurationProvider { if (Strings.isNullOrEmpty(settings.getGroup())) { throw new ModuleStartException("Nacos group cannot be null or empty."); } - + if (StringUtil.isNotEmpty(settings.getUsername()) && StringUtil.isNotEmpty(settings.getAccessKey())) { + throw new ModuleStartException("Nacos Auth method should choose either username or accessKey, not both"); + } try { return new NacosConfigWatcherRegister(settings); } catch (NacosException e) { diff --git a/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosServerSettings.java b/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosServerSettings.java index 6af55172fe2e3a793b92f51ae2a96b9be68e44f6..cd76635f6d5168122f9a030eddcedf83279f1d0a 100644 --- a/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosServerSettings.java +++ b/oap-server/server-configuration/configuration-nacos/src/main/java/org/apache/skywalking/oap/server/configuration/nacos/NacosServerSettings.java @@ -32,4 +32,8 @@ public class NacosServerSettings extends ModuleConfig { private int port = 8848; private String group; private int period = 60; + private String username; + private String password; + private String accessKey; + private String secretKey; } diff --git a/oap-server/server-configuration/configuration-nacos/src/test/resources/application.yml b/oap-server/server-configuration/configuration-nacos/src/test/resources/application.yml index f5bd261acf8c070adc27e599a61e8056adcf8ca7..375be7a63853e45fb2531dc00023193a69523c1b 100755 --- a/oap-server/server-configuration/configuration-nacos/src/test/resources/application.yml +++ b/oap-server/server-configuration/configuration-nacos/src/test/resources/application.yml @@ -33,3 +33,9 @@ configuration: period: 1 # the name of current cluster, set the name if you want to upstream system known. clusterName: "default" + # Nacos auth username + username: 'nacos' + password: 'nacos' + # Nacos auth accessKey + accessKey: '' + secretKey: ''