1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
15 "git.arvados.org/arvados.git/sdk/go/arvados"
16 "github.com/ghodss/yaml"
19 type deprRequestLimits struct {
20 MaxItemsPerResponse *int
21 MultiClusterRequestConcurrency *int
24 type deprCluster struct {
25 RequestLimits deprRequestLimits
26 NodeProfiles map[string]nodeProfile
28 GoogleClientID *string
29 GoogleClientSecret *string
30 GoogleAlternateEmailAddresses *bool
32 ProviderAppSecret *string
36 type deprecatedConfig struct {
37 Clusters map[string]deprCluster
40 type nodeProfile struct {
41 Controller systemServiceInstance `json:"arvados-controller"`
42 Health systemServiceInstance `json:"arvados-health"`
43 Keepbalance systemServiceInstance `json:"keep-balance"`
44 Keepproxy systemServiceInstance `json:"keepproxy"`
45 Keepstore systemServiceInstance `json:"keepstore"`
46 Keepweb systemServiceInstance `json:"keep-web"`
47 DispatchCloud systemServiceInstance `json:"arvados-dispatch-cloud"`
48 RailsAPI systemServiceInstance `json:"arvados-api-server"`
49 Websocket systemServiceInstance `json:"arvados-ws"`
50 Workbench1 systemServiceInstance `json:"arvados-workbench"`
53 type systemServiceInstance struct {
59 func (ldr *Loader) applyDeprecatedConfig(cfg *arvados.Config) error {
60 var dc deprecatedConfig
61 err := yaml.Unmarshal(ldr.configdata, &dc)
65 hostname, err := os.Hostname()
69 for id, dcluster := range dc.Clusters {
70 cluster, ok := cfg.Clusters[id]
72 return fmt.Errorf("can't load legacy config %q that is not present in current config", id)
74 for name, np := range dcluster.NodeProfiles {
75 if name == "*" || name == os.Getenv("ARVADOS_NODE_PROFILE") || name == hostname {
77 } else if ldr.Logger != nil {
78 ldr.Logger.Warnf("overriding Clusters.%s.Services using Clusters.%s.NodeProfiles.%s (guessing %q is a hostname)", id, id, name, name)
80 applyDeprecatedNodeProfile(name, np.RailsAPI, &cluster.Services.RailsAPI)
81 applyDeprecatedNodeProfile(name, np.Controller, &cluster.Services.Controller)
82 applyDeprecatedNodeProfile(name, np.DispatchCloud, &cluster.Services.DispatchCloud)
84 if dst, n := &cluster.API.MaxItemsPerResponse, dcluster.RequestLimits.MaxItemsPerResponse; n != nil && *n != *dst {
87 if dst, n := &cluster.API.MaxRequestAmplification, dcluster.RequestLimits.MultiClusterRequestConcurrency; n != nil && *n != *dst {
91 // Google* moved to Google.*
92 if dst, n := &cluster.Login.Google.ClientID, dcluster.Login.GoogleClientID; n != nil && *n != *dst {
95 // In old config, non-empty ClientID meant enable
96 cluster.Login.Google.Enable = true
99 if dst, n := &cluster.Login.Google.ClientSecret, dcluster.Login.GoogleClientSecret; n != nil && *n != *dst {
102 if dst, n := &cluster.Login.Google.AlternateEmailAddresses, dcluster.Login.GoogleAlternateEmailAddresses; n != nil && *n != *dst {
106 cfg.Clusters[id] = cluster
111 func (ldr *Loader) applyDeprecatedVolumeDriverParameters(cfg *arvados.Config) error {
112 for clusterID, cluster := range cfg.Clusters {
113 for volID, vol := range cluster.Volumes {
114 if vol.Driver == "S3" {
116 AccessKey string `json:",omitempty"`
117 SecretKey string `json:",omitempty"`
119 SecretAccessKey string
121 err := json.Unmarshal(vol.DriverParameters, ¶ms)
123 return fmt.Errorf("error loading %s.Volumes.%s.DriverParameters: %w", clusterID, volID, err)
125 if params.AccessKey != "" || params.SecretKey != "" {
126 if params.AccessKeyID != "" || params.SecretAccessKey != "" {
127 return fmt.Errorf("cannot use old keys (AccessKey/SecretKey) and new keys (AccessKeyID/SecretAccessKey) at the same time in %s.Volumes.%s.DriverParameters -- you must remove the old config keys", clusterID, volID)
130 var allparams map[string]interface{}
131 err = json.Unmarshal(vol.DriverParameters, &allparams)
133 return fmt.Errorf("error loading %s.Volumes.%s.DriverParameters: %w", clusterID, volID, err)
135 for k := range allparams {
136 if lk := strings.ToLower(k); lk == "accesskey" || lk == "secretkey" {
140 ldr.Logger.Warnf("using your old config keys %s.Volumes.%s.DriverParameters.AccessKey/SecretKey -- but you should rename them to AccessKeyID/SecretAccessKey", clusterID, volID)
141 allparams["AccessKeyID"] = params.AccessKey
142 allparams["SecretAccessKey"] = params.SecretKey
143 vol.DriverParameters, err = json.Marshal(allparams)
147 cluster.Volumes[volID] = vol
155 func applyDeprecatedNodeProfile(hostname string, ssi systemServiceInstance, svc *arvados.Service) {
160 if svc.InternalURLs == nil {
161 svc.InternalURLs = map[arvados.URL]arvados.ServiceInstance{}
167 if strings.HasPrefix(host, ":") {
168 host = hostname + host
170 svc.InternalURLs[arvados.URL{Scheme: scheme, Host: host, Path: "/"}] = arvados.ServiceInstance{}
173 func (ldr *Loader) loadOldConfigHelper(component, path string, target interface{}) error {
177 buf, err := ioutil.ReadFile(path)
182 ldr.Logger.Warnf("you should remove the legacy %v config file (%s) after migrating all config keys to the cluster configuration file (%s)", component, path, ldr.Path)
184 err = yaml.Unmarshal(buf, target)
186 return fmt.Errorf("%s: %s", path, err)
191 type oldCrunchDispatchSlurmConfig struct {
192 Client *arvados.Client
194 SbatchArguments *[]string
195 PollPeriod *arvados.Duration
196 PrioritySpread *int64
198 // crunch-run command to invoke. The container UUID will be
199 // appended. If nil, []string{"crunch-run"} will be used.
201 // Example: []string{"crunch-run", "--cgroup-parent-subsystem=memory"}
202 CrunchRunCommand *[]string
204 // Extra RAM to reserve (in Bytes) for SLURM job, in addition
205 // to the amount specified in the container's RuntimeConstraints
206 ReserveExtraRAM *int64
208 // Minimum time between two attempts to run the same container
209 MinRetryPeriod *arvados.Duration
211 // Batch size for container queries
215 const defaultCrunchDispatchSlurmConfigPath = "/etc/arvados/crunch-dispatch-slurm/crunch-dispatch-slurm.yml"
217 func loadOldClientConfig(cluster *arvados.Cluster, client *arvados.Client) {
221 if client.APIHost != "" {
222 cluster.Services.Controller.ExternalURL.Host = client.APIHost
223 cluster.Services.Controller.ExternalURL.Path = "/"
225 if client.Scheme != "" {
226 cluster.Services.Controller.ExternalURL.Scheme = client.Scheme
228 cluster.Services.Controller.ExternalURL.Scheme = "https"
230 if client.AuthToken != "" {
231 cluster.SystemRootToken = client.AuthToken
233 cluster.TLS.Insecure = client.Insecure
235 for i, u := range client.KeepServiceURIs {
241 cluster.Containers.SLURM.SbatchEnvironmentVariables = map[string]string{"ARVADOS_KEEP_SERVICES": ks}
244 // update config using values from an crunch-dispatch-slurm config file.
245 func (ldr *Loader) loadOldCrunchDispatchSlurmConfig(cfg *arvados.Config) error {
246 if ldr.CrunchDispatchSlurmPath == "" {
249 var oc oldCrunchDispatchSlurmConfig
250 err := ldr.loadOldConfigHelper("crunch-dispatch-slurm", ldr.CrunchDispatchSlurmPath, &oc)
251 if os.IsNotExist(err) && (ldr.CrunchDispatchSlurmPath == defaultCrunchDispatchSlurmConfigPath) {
253 } else if err != nil {
257 cluster, err := cfg.GetCluster("")
262 loadOldClientConfig(cluster, oc.Client)
264 if oc.SbatchArguments != nil {
265 cluster.Containers.SLURM.SbatchArgumentsList = *oc.SbatchArguments
267 if oc.PollPeriod != nil {
268 cluster.Containers.CloudVMs.PollInterval = *oc.PollPeriod
270 if oc.PrioritySpread != nil {
271 cluster.Containers.SLURM.PrioritySpread = *oc.PrioritySpread
273 if oc.CrunchRunCommand != nil {
274 if len(*oc.CrunchRunCommand) >= 1 {
275 cluster.Containers.CrunchRunCommand = (*oc.CrunchRunCommand)[0]
277 if len(*oc.CrunchRunCommand) >= 2 {
278 cluster.Containers.CrunchRunArgumentsList = (*oc.CrunchRunCommand)[1:]
281 if oc.ReserveExtraRAM != nil {
282 cluster.Containers.ReserveExtraRAM = arvados.ByteSize(*oc.ReserveExtraRAM)
284 if oc.MinRetryPeriod != nil {
285 cluster.Containers.MinRetryPeriod = *oc.MinRetryPeriod
287 if oc.BatchSize != nil {
288 cluster.API.MaxItemsPerResponse = int(*oc.BatchSize)
291 cfg.Clusters[cluster.ClusterID] = *cluster
295 type oldWsConfig struct {
296 Client *arvados.Client
297 Postgres *arvados.PostgreSQLConnection
303 PingTimeout *arvados.Duration
304 ClientEventQueue *int
305 ServerEventQueue *int
307 ManagementToken *string
310 const defaultWebsocketConfigPath = "/etc/arvados/ws/ws.yml"
312 // update config using values from an crunch-dispatch-slurm config file.
313 func (ldr *Loader) loadOldWebsocketConfig(cfg *arvados.Config) error {
314 if ldr.WebsocketPath == "" {
318 err := ldr.loadOldConfigHelper("arvados-ws", ldr.WebsocketPath, &oc)
319 if os.IsNotExist(err) && ldr.WebsocketPath == defaultWebsocketConfigPath {
321 } else if err != nil {
325 cluster, err := cfg.GetCluster("")
330 loadOldClientConfig(cluster, oc.Client)
332 if oc.Postgres != nil {
333 cluster.PostgreSQL.Connection = *oc.Postgres
335 if oc.PostgresPool != nil {
336 cluster.PostgreSQL.ConnectionPool = *oc.PostgresPool
338 if oc.Listen != nil {
339 cluster.Services.Websocket.InternalURLs[arvados.URL{Host: *oc.Listen, Path: "/"}] = arvados.ServiceInstance{}
341 if oc.LogLevel != nil {
342 cluster.SystemLogs.LogLevel = *oc.LogLevel
344 if oc.LogFormat != nil {
345 cluster.SystemLogs.Format = *oc.LogFormat
347 if oc.PingTimeout != nil {
348 cluster.API.SendTimeout = *oc.PingTimeout
350 if oc.ClientEventQueue != nil {
351 cluster.API.WebsocketClientEventQueue = *oc.ClientEventQueue
353 if oc.ServerEventQueue != nil {
354 cluster.API.WebsocketServerEventQueue = *oc.ServerEventQueue
356 if oc.ManagementToken != nil {
357 cluster.ManagementToken = *oc.ManagementToken
360 cfg.Clusters[cluster.ClusterID] = *cluster
364 type oldKeepProxyConfig struct {
365 Client *arvados.Client
370 Timeout *arvados.Duration
373 ManagementToken *string
376 const defaultKeepproxyConfigPath = "/etc/arvados/keepproxy/keepproxy.yml"
378 func (ldr *Loader) loadOldKeepproxyConfig(cfg *arvados.Config) error {
379 if ldr.KeepproxyPath == "" {
382 var oc oldKeepProxyConfig
383 err := ldr.loadOldConfigHelper("keepproxy", ldr.KeepproxyPath, &oc)
384 if os.IsNotExist(err) && ldr.KeepproxyPath == defaultKeepproxyConfigPath {
386 } else if err != nil {
390 cluster, err := cfg.GetCluster("")
395 loadOldClientConfig(cluster, oc.Client)
397 if oc.Listen != nil {
398 cluster.Services.Keepproxy.InternalURLs[arvados.URL{Host: *oc.Listen, Path: "/"}] = arvados.ServiceInstance{}
400 if oc.DefaultReplicas != nil {
401 cluster.Collections.DefaultReplication = *oc.DefaultReplicas
403 if oc.Timeout != nil {
404 cluster.API.KeepServiceRequestTimeout = *oc.Timeout
407 if *oc.Debug && cluster.SystemLogs.LogLevel != "debug" {
408 cluster.SystemLogs.LogLevel = "debug"
409 } else if !*oc.Debug && cluster.SystemLogs.LogLevel != "info" {
410 cluster.SystemLogs.LogLevel = "info"
413 if oc.ManagementToken != nil {
414 cluster.ManagementToken = *oc.ManagementToken
417 // The following legacy options are no longer supported. If they are set to
418 // true or PIDFile has a value, error out and notify the user
419 unsupportedEntry := func(cfgEntry string) error {
420 return fmt.Errorf("the keepproxy %s configuration option is no longer supported, please remove it from your configuration file", cfgEntry)
422 if oc.DisableGet != nil && *oc.DisableGet {
423 return unsupportedEntry("DisableGet")
425 if oc.DisablePut != nil && *oc.DisablePut {
426 return unsupportedEntry("DisablePut")
428 if oc.PIDFile != nil && *oc.PIDFile != "" {
429 return unsupportedEntry("PIDFile")
432 cfg.Clusters[cluster.ClusterID] = *cluster
436 const defaultKeepWebConfigPath = "/etc/arvados/keep-web/keep-web.yml"
438 type oldKeepWebConfig struct {
439 Client *arvados.Client
443 AnonymousTokens *[]string
444 AttachmentOnlyHost *string
445 TrustAllContent *bool
448 TTL *arvados.Duration
449 UUIDTTL *arvados.Duration
450 MaxCollectionEntries *int
451 MaxCollectionBytes *int64
455 // Hack to support old command line flag, which is a bool
456 // meaning "get actual token from environment".
457 deprecatedAllowAnonymous *bool
459 // Authorization token to be included in all health check requests.
460 ManagementToken *string
463 func (ldr *Loader) loadOldKeepWebConfig(cfg *arvados.Config) error {
464 if ldr.KeepWebPath == "" {
467 var oc oldKeepWebConfig
468 err := ldr.loadOldConfigHelper("keep-web", ldr.KeepWebPath, &oc)
469 if os.IsNotExist(err) && ldr.KeepWebPath == defaultKeepWebConfigPath {
471 } else if err != nil {
475 cluster, err := cfg.GetCluster("")
480 loadOldClientConfig(cluster, oc.Client)
482 if oc.Listen != nil {
483 cluster.Services.WebDAV.InternalURLs[arvados.URL{Host: *oc.Listen, Path: "/"}] = arvados.ServiceInstance{}
484 cluster.Services.WebDAVDownload.InternalURLs[arvados.URL{Host: *oc.Listen, Path: "/"}] = arvados.ServiceInstance{}
486 if oc.AttachmentOnlyHost != nil {
487 cluster.Services.WebDAVDownload.ExternalURL = arvados.URL{Host: *oc.AttachmentOnlyHost, Path: "/"}
489 if oc.ManagementToken != nil {
490 cluster.ManagementToken = *oc.ManagementToken
492 if oc.TrustAllContent != nil {
493 cluster.Collections.TrustAllContent = *oc.TrustAllContent
495 if oc.Cache.TTL != nil {
496 cluster.Collections.WebDAVCache.TTL = *oc.Cache.TTL
498 if oc.Cache.UUIDTTL != nil {
499 cluster.Collections.WebDAVCache.UUIDTTL = *oc.Cache.UUIDTTL
501 if oc.Cache.MaxCollectionEntries != nil {
502 cluster.Collections.WebDAVCache.MaxCollectionEntries = *oc.Cache.MaxCollectionEntries
504 if oc.Cache.MaxCollectionBytes != nil {
505 cluster.Collections.WebDAVCache.MaxCollectionBytes = *oc.Cache.MaxCollectionBytes
507 if oc.Cache.MaxUUIDEntries != nil {
508 cluster.Collections.WebDAVCache.MaxUUIDEntries = *oc.Cache.MaxUUIDEntries
510 if oc.AnonymousTokens != nil {
511 if len(*oc.AnonymousTokens) > 0 {
512 cluster.Users.AnonymousUserToken = (*oc.AnonymousTokens)[0]
513 if len(*oc.AnonymousTokens) > 1 {
514 ldr.Logger.Warn("More than 1 anonymous tokens configured, using only the first and discarding the rest.")
519 cfg.Clusters[cluster.ClusterID] = *cluster
523 const defaultGitHttpdConfigPath = "/etc/arvados/git-httpd/git-httpd.yml"
525 type oldGitHttpdConfig struct {
526 Client *arvados.Client
531 ManagementToken *string
534 func (ldr *Loader) loadOldGitHttpdConfig(cfg *arvados.Config) error {
535 if ldr.GitHttpdPath == "" {
538 var oc oldGitHttpdConfig
539 err := ldr.loadOldConfigHelper("arv-git-httpd", ldr.GitHttpdPath, &oc)
540 if os.IsNotExist(err) && ldr.GitHttpdPath == defaultGitHttpdConfigPath {
542 } else if err != nil {
546 cluster, err := cfg.GetCluster("")
551 loadOldClientConfig(cluster, oc.Client)
553 if oc.Listen != nil {
554 cluster.Services.GitHTTP.InternalURLs[arvados.URL{Host: *oc.Listen}] = arvados.ServiceInstance{}
556 if oc.ManagementToken != nil {
557 cluster.ManagementToken = *oc.ManagementToken
559 if oc.GitCommand != nil {
560 cluster.Git.GitCommand = *oc.GitCommand
562 if oc.GitoliteHome != nil {
563 cluster.Git.GitoliteHome = *oc.GitoliteHome
565 if oc.RepoRoot != nil {
566 cluster.Git.Repositories = *oc.RepoRoot
569 cfg.Clusters[cluster.ClusterID] = *cluster
573 const defaultKeepBalanceConfigPath = "/etc/arvados/keep-balance/keep-balance.yml"
575 type oldKeepBalanceConfig struct {
576 Client *arvados.Client
578 KeepServiceTypes *[]string
579 KeepServiceList *arvados.KeepServiceList
580 RunPeriod *arvados.Duration
581 CollectionBatchSize *int
582 CollectionBuffers *int
583 RequestTimeout *arvados.Duration
584 LostBlocksFile *string
585 ManagementToken *string
588 func (ldr *Loader) loadOldKeepBalanceConfig(cfg *arvados.Config) error {
589 if ldr.KeepBalancePath == "" {
592 var oc oldKeepBalanceConfig
593 err := ldr.loadOldConfigHelper("keep-balance", ldr.KeepBalancePath, &oc)
594 if os.IsNotExist(err) && ldr.KeepBalancePath == defaultKeepBalanceConfigPath {
596 } else if err != nil {
600 cluster, err := cfg.GetCluster("")
605 loadOldClientConfig(cluster, oc.Client)
607 if oc.Listen != nil {
608 cluster.Services.Keepbalance.InternalURLs[arvados.URL{Host: *oc.Listen}] = arvados.ServiceInstance{}
610 if oc.ManagementToken != nil {
611 cluster.ManagementToken = *oc.ManagementToken
613 if oc.RunPeriod != nil {
614 cluster.Collections.BalancePeriod = *oc.RunPeriod
616 if oc.LostBlocksFile != nil {
617 cluster.Collections.BlobMissingReport = *oc.LostBlocksFile
619 if oc.CollectionBatchSize != nil {
620 cluster.Collections.BalanceCollectionBatch = *oc.CollectionBatchSize
622 if oc.CollectionBuffers != nil {
623 cluster.Collections.BalanceCollectionBuffers = *oc.CollectionBuffers
625 if oc.RequestTimeout != nil {
626 cluster.API.KeepServiceRequestTimeout = *oc.RequestTimeout
629 msg := "The %s configuration option is no longer supported. Please remove it from your configuration file. See the keep-balance upgrade notes at https://doc.arvados.org/admin/upgrading.html for more details."
631 // If the keep service type provided is "disk" silently ignore it, since
632 // this is what ends up being done anyway.
633 if oc.KeepServiceTypes != nil {
634 numTypes := len(*oc.KeepServiceTypes)
635 if numTypes != 0 && !(numTypes == 1 && (*oc.KeepServiceTypes)[0] == "disk") {
636 return fmt.Errorf(msg, "KeepServiceTypes")
640 if oc.KeepServiceList != nil {
641 return fmt.Errorf(msg, "KeepServiceList")
644 cfg.Clusters[cluster.ClusterID] = *cluster
648 func (ldr *Loader) loadOldEnvironmentVariables(cfg *arvados.Config) error {
649 if os.Getenv("ARVADOS_API_TOKEN") == "" && os.Getenv("ARVADOS_API_HOST") == "" {
652 cluster, err := cfg.GetCluster("")
656 if tok := os.Getenv("ARVADOS_API_TOKEN"); tok != "" && cluster.SystemRootToken == "" {
657 ldr.Logger.Warn("SystemRootToken missing from cluster config, falling back to ARVADOS_API_TOKEN environment variable")
658 cluster.SystemRootToken = tok
660 if apihost := os.Getenv("ARVADOS_API_HOST"); apihost != "" && cluster.Services.Controller.ExternalURL.Host == "" {
661 ldr.Logger.Warn("Services.Controller.ExternalURL missing from cluster config, falling back to ARVADOS_API_HOST(_INSECURE) environment variables")
662 u, err := url.Parse("https://" + apihost)
664 return fmt.Errorf("cannot parse ARVADOS_API_HOST: %s", err)
666 cluster.Services.Controller.ExternalURL = arvados.URL(*u)
667 if i := os.Getenv("ARVADOS_API_HOST_INSECURE"); i != "" && i != "0" {
668 cluster.TLS.Insecure = true
671 cfg.Clusters[cluster.ClusterID] = *cluster
projects / arvados.git / blob