14807: Load API host/token from cluster config if present.

[arvados.git] / lib / dispatchcloud / dispatcher.go

// Copyright (C) The Arvados Authors. All rights reserved.
//
// SPDX-License-Identifier: AGPL-3.0

package dispatchcloud

import (
        "context"
        "crypto/md5"
        "encoding/json"
        "fmt"
        "net/http"
        "strings"
        "sync"
        "time"

        "git.curoverse.com/arvados.git/lib/cloud"
        "git.curoverse.com/arvados.git/lib/dispatchcloud/container"
        "git.curoverse.com/arvados.git/lib/dispatchcloud/scheduler"
        "git.curoverse.com/arvados.git/lib/dispatchcloud/ssh_executor"
        "git.curoverse.com/arvados.git/lib/dispatchcloud/worker"
        "git.curoverse.com/arvados.git/sdk/go/arvados"
        "git.curoverse.com/arvados.git/sdk/go/auth"
        "git.curoverse.com/arvados.git/sdk/go/ctxlog"
        "git.curoverse.com/arvados.git/sdk/go/httpserver"
        "github.com/julienschmidt/httprouter"
        "github.com/prometheus/client_golang/prometheus"
        "github.com/prometheus/client_golang/prometheus/promhttp"
        "github.com/sirupsen/logrus"
        "golang.org/x/crypto/ssh"
)

const (
        defaultPollInterval     = time.Second
        defaultStaleLockTimeout = time.Minute
)

type pool interface {
        scheduler.WorkerPool
        Instances() []worker.InstanceView
        SetIdleBehavior(cloud.InstanceID, worker.IdleBehavior) error
        KillInstance(id cloud.InstanceID, reason string) error
        Stop()
}

type dispatcher struct {
        Cluster       *arvados.Cluster
        Context       context.Context
        AuthToken     string
        InstanceSetID cloud.InstanceSetID

        logger      logrus.FieldLogger
        reg         *prometheus.Registry
        instanceSet cloud.InstanceSet
        pool        pool
        queue       scheduler.ContainerQueue
        httpHandler http.Handler
        sshKey      ssh.Signer

        setupOnce sync.Once
        stop      chan struct{}
        stopped   chan struct{}
}

// Start starts the dispatcher. Start can be called multiple times
// with no ill effect.
func (disp *dispatcher) Start() {
        disp.setupOnce.Do(disp.setup)
}

// ServeHTTP implements service.Handler.
func (disp *dispatcher) ServeHTTP(w http.ResponseWriter, r *http.Request) {
        disp.Start()
        disp.httpHandler.ServeHTTP(w, r)
}

// CheckHealth implements service.Handler.
func (disp *dispatcher) CheckHealth() error {
        disp.Start()
        return nil
}

// Stop dispatching containers and release resources. Typically used
// in tests.
func (disp *dispatcher) Close() {
        disp.Start()
        select {
        case disp.stop <- struct{}{}:
        default:
        }
        <-disp.stopped
}

// Make a worker.Executor for the given instance.
func (disp *dispatcher) newExecutor(inst cloud.Instance) worker.Executor {
        exr := ssh_executor.New(inst)
        exr.SetTargetPort(disp.Cluster.CloudVMs.SSHPort)
        exr.SetSigners(disp.sshKey)
        return exr
}

func (disp *dispatcher) typeChooser(ctr *arvados.Container) (arvados.InstanceType, error) {
        return ChooseInstanceType(disp.Cluster, ctr)
}

func (disp *dispatcher) setup() {
        disp.initialize()
        go disp.run()
}

func (disp *dispatcher) initialize() {
        disp.logger = ctxlog.FromContext(disp.Context)

        arvClient, err := arvados.NewClientFromConfig(disp.Cluster)
        if err != nil {
                disp.logger.WithError(err).Warn("error initializing client from cluster config, falling back to ARVADOS_API_HOST(_INSECURE) environment variables")
                arvClient = arvados.NewClientFromEnv()
        }
        arvClient.AuthToken = disp.AuthToken

        if disp.InstanceSetID == "" {
                if strings.HasPrefix(arvClient.AuthToken, "v2/") {
                        disp.InstanceSetID = cloud.InstanceSetID(strings.Split(arvClient.AuthToken, "/")[1])
                } else {
                        // Use some other string unique to this token
                        // that doesn't reveal the token itself.
                        disp.InstanceSetID = cloud.InstanceSetID(fmt.Sprintf("%x", md5.Sum([]byte(arvClient.AuthToken))))
                }
        }
        disp.stop = make(chan struct{}, 1)
        disp.stopped = make(chan struct{})

        if key, err := ssh.ParsePrivateKey([]byte(disp.Cluster.Dispatch.PrivateKey)); err != nil {
                disp.logger.Fatalf("error parsing configured Dispatch.PrivateKey: %s", err)
        } else {
                disp.sshKey = key
        }

        instanceSet, err := newInstanceSet(disp.Cluster, disp.InstanceSetID, disp.logger)
        if err != nil {
                disp.logger.Fatalf("error initializing driver: %s", err)
        }
        disp.instanceSet = instanceSet
        disp.reg = prometheus.NewRegistry()
        disp.pool = worker.NewPool(disp.logger, arvClient, disp.reg, disp.instanceSet, disp.newExecutor, disp.sshKey.PublicKey(), disp.Cluster)
        disp.queue = container.NewQueue(disp.logger, disp.reg, disp.typeChooser, arvClient)

        if disp.Cluster.ManagementToken == "" {
                disp.httpHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
                        http.Error(w, "Management API authentication is not configured", http.StatusForbidden)
                })
        } else {
                mux := httprouter.New()
                mux.HandlerFunc("GET", "/arvados/v1/dispatch/containers", disp.apiContainers)
                mux.HandlerFunc("GET", "/arvados/v1/dispatch/instances", disp.apiInstances)
                mux.HandlerFunc("POST", "/arvados/v1/dispatch/instances/hold", disp.apiInstanceHold)
                mux.HandlerFunc("POST", "/arvados/v1/dispatch/instances/drain", disp.apiInstanceDrain)
                mux.HandlerFunc("POST", "/arvados/v1/dispatch/instances/run", disp.apiInstanceRun)
                mux.HandlerFunc("POST", "/arvados/v1/dispatch/instances/kill", disp.apiInstanceKill)
                metricsH := promhttp.HandlerFor(disp.reg, promhttp.HandlerOpts{
                        ErrorLog: disp.logger,
                })
                mux.Handler("GET", "/metrics", metricsH)
                mux.Handler("GET", "/metrics.json", metricsH)
                disp.httpHandler = auth.RequireLiteralToken(disp.Cluster.ManagementToken, mux)
        }
}

func (disp *dispatcher) run() {
        defer close(disp.stopped)
        defer disp.instanceSet.Stop()
        defer disp.pool.Stop()

        staleLockTimeout := time.Duration(disp.Cluster.Dispatch.StaleLockTimeout)
        if staleLockTimeout == 0 {
                staleLockTimeout = defaultStaleLockTimeout
        }
        pollInterval := time.Duration(disp.Cluster.Dispatch.PollInterval)
        if pollInterval <= 0 {
                pollInterval = defaultPollInterval
        }
        sched := scheduler.New(disp.Context, disp.queue, disp.pool, staleLockTimeout, pollInterval)
        sched.Start()
        defer sched.Stop()

        <-disp.stop
}

// Management API: all active and queued containers.
func (disp *dispatcher) apiContainers(w http.ResponseWriter, r *http.Request) {
        var resp struct {
                Items []container.QueueEnt `json:"items"`
        }
        qEntries, _ := disp.queue.Entries()
        for _, ent := range qEntries {
                resp.Items = append(resp.Items, ent)
        }
        json.NewEncoder(w).Encode(resp)
}

// Management API: all active instances (cloud VMs).
func (disp *dispatcher) apiInstances(w http.ResponseWriter, r *http.Request) {
        var resp struct {
                Items []worker.InstanceView `json:"items"`
        }
        resp.Items = disp.pool.Instances()
        json.NewEncoder(w).Encode(resp)
}

// Management API: set idle behavior to "hold" for specified instance.
func (disp *dispatcher) apiInstanceHold(w http.ResponseWriter, r *http.Request) {
        disp.apiInstanceIdleBehavior(w, r, worker.IdleBehaviorHold)
}

// Management API: set idle behavior to "drain" for specified instance.
func (disp *dispatcher) apiInstanceDrain(w http.ResponseWriter, r *http.Request) {
        disp.apiInstanceIdleBehavior(w, r, worker.IdleBehaviorDrain)
}

// Management API: set idle behavior to "run" for specified instance.
func (disp *dispatcher) apiInstanceRun(w http.ResponseWriter, r *http.Request) {
        disp.apiInstanceIdleBehavior(w, r, worker.IdleBehaviorRun)
}

// Management API: shutdown/destroy specified instance now.
func (disp *dispatcher) apiInstanceKill(w http.ResponseWriter, r *http.Request) {
        id := cloud.InstanceID(r.FormValue("instance_id"))
        if id == "" {
                httpserver.Error(w, "instance_id parameter not provided", http.StatusBadRequest)
                return
        }
        err := disp.pool.KillInstance(id, "via management API: "+r.FormValue("reason"))
        if err != nil {
                httpserver.Error(w, err.Error(), http.StatusNotFound)
                return
        }
}

func (disp *dispatcher) apiInstanceIdleBehavior(w http.ResponseWriter, r *http.Request, want worker.IdleBehavior) {
        id := cloud.InstanceID(r.FormValue("instance_id"))
        if id == "" {
                httpserver.Error(w, "instance_id parameter not provided", http.StatusBadRequest)
                return
        }
        err := disp.pool.SetIdleBehavior(id, want)
        if err != nil {
                httpserver.Error(w, err.Error(), http.StatusNotFound)
                return
        }
}