7 "git.curoverse.com/arvados.git/sdk/go/arvadosclient"
8 "git.curoverse.com/arvados.git/sdk/go/httpserver"
9 "git.curoverse.com/arvados.git/sdk/go/keepclient"
21 // ======================
22 // Configuration settings
24 // TODO(twp): make all of these configurable via command line flags
25 // and/or configuration file settings.
27 // Default TCP address on which to listen for requests.
28 // Initialized by the --listen flag.
29 const DefaultAddr = ":25107"
31 // A Keep "block" is 64MB.
32 const BlockSize = 64 * 1024 * 1024
34 // A Keep volume must have at least MinFreeKilobytes available
35 // in order to permit writes.
36 const MinFreeKilobytes = BlockSize / 1024
38 // ProcMounts /proc/mounts
39 var ProcMounts = "/proc/mounts"
41 // enforcePermissions controls whether permission signatures
42 // should be enforced (affecting GET and DELETE requests).
43 // Initialized by the -enforce-permissions flag.
44 var enforcePermissions bool
46 // blobSignatureTTL is the time duration for which new permission
47 // signatures (returned by PUT requests) will be valid.
48 // Initialized by the -permission-ttl flag.
49 var blobSignatureTTL time.Duration
51 // dataManagerToken represents the API token used by the
52 // Data Manager, and is required on certain privileged operations.
53 // Initialized by the -data-manager-token-file flag.
54 var dataManagerToken string
56 // neverDelete can be used to prevent the DELETE handler from
57 // actually deleting anything.
58 var neverDelete = true
60 // trashLifetime is the time duration after a block is trashed
61 // during which it can be recovered using an /untrash request
62 // Use 10s or 10m or 10h to set as 10 seconds or minutes or hours respectively.
63 var trashLifetime time.Duration
65 // trashCheckInterval is the time duration at which the emptyTrash goroutine
66 // will check and delete expired trashed blocks. Default is one day.
67 // Use 10s or 10m or 10h to set as 10 seconds or minutes or hours respectively.
68 var trashCheckInterval time.Duration
75 type KeepError struct {
81 BadRequestError = &KeepError{400, "Bad Request"}
82 UnauthorizedError = &KeepError{401, "Unauthorized"}
83 CollisionError = &KeepError{500, "Collision"}
84 RequestHashError = &KeepError{422, "Hash mismatch in request"}
85 PermissionError = &KeepError{403, "Forbidden"}
86 DiskHashError = &KeepError{500, "Hash mismatch in stored data"}
87 ExpiredError = &KeepError{401, "Expired permission signature"}
88 NotFoundError = &KeepError{404, "Not Found"}
89 GenericError = &KeepError{500, "Fail"}
90 FullError = &KeepError{503, "Full"}
91 SizeRequiredError = &KeepError{411, "Missing Content-Length"}
92 TooLongError = &KeepError{413, "Block is too large"}
93 MethodDisabledError = &KeepError{405, "Method disabled"}
94 ErrNotImplemented = &KeepError{500, "Unsupported configuration"}
95 ErrClientDisconnect = &KeepError{503, "Client disconnected"}
98 func (e *KeepError) Error() string {
102 // ========================
103 // Internal data structures
105 // These global variables are used by multiple parts of the
106 // program. They are good candidates for moving into their own
109 // The Keep VolumeManager maintains a list of available volumes.
110 // Initialized by the --volumes flag (or by FindKeepVolumes).
111 var KeepVM VolumeManager
113 // The pull list manager and trash queue are threadsafe queues which
114 // support atomic update operations. The PullHandler and TrashHandler
115 // store results from Data Manager /pull and /trash requests here.
117 // See the Keep and Data Manager design documents for more details:
118 // https://arvados.org/projects/arvados/wiki/Keep_Design_Doc
119 // https://arvados.org/projects/arvados/wiki/Data_Manager_Design_Doc
122 var trashq *WorkQueue
124 type volumeSet []Volume
132 func (vs *volumeSet) String() string {
136 return fmt.Sprintf("%+v", (*vs)[:])
139 // TODO(twp): continue moving as much code as possible out of main
140 // so it can be effectively tested. Esp. handling and postprocessing
141 // of command line flags (identifying Keep volumes and initializing
142 // permission arguments).
145 log.Println("keepstore starting, pid", os.Getpid())
146 defer log.Println("keepstore exiting, pid", os.Getpid())
149 dataManagerTokenFile string
151 blobSigningKeyFile string
157 &dataManagerTokenFile,
158 "data-manager-token-file",
160 "File with the API token used by the Data Manager. All DELETE "+
161 "requests or GET /index requests must carry this token.")
164 "enforce-permissions",
166 "Enforce permission signatures on requests.")
171 "Listening address, in the form \"host:port\". e.g., 10.0.1.24:8000. Omit the host part to listen on all interfaces.")
176 "Maximum concurrent requests. When this limit is reached, new requests will receive 503 responses. Note: this limit does not include idle connections from clients using HTTP keepalive, so it does not strictly limit the number of concurrent connections. (default 2 * max-buffers)")
181 "If true, nothing will be deleted. "+
182 "Warning: the relevant features in keepstore and data manager have not been extensively tested. "+
183 "You should leave this option alone unless you can afford to lose data.")
186 "permission-key-file",
188 "Synonym for -blob-signing-key-file.")
191 "blob-signing-key-file",
193 "File containing the secret key for generating and verifying "+
194 "blob permission signatures.")
199 "Synonym for -blob-signature-ttl.")
202 "blob-signature-ttl",
204 "Lifetime of blob permission signatures in seconds. Modifying the ttl will invalidate all existing signatures. "+
205 "See services/api/config/application.default.yml.")
210 "Serialize read and write operations on the following volumes.")
215 "Do not write, delete, or touch anything on the following volumes.")
220 "Path to write pid file during startup. This file is kept open and locked with LOCK_EX until keepstore exits, so `fuser -k pidfile` is one way to shut down. Exit immediately if there is an error opening, locking, or writing the pid file.")
225 fmt.Sprintf("Maximum RAM to use for data buffers, given in multiples of block size (%d MiB). When this limit is reached, HTTP requests requiring buffers (like GET and PUT) will wait for buffer space to be released.", BlockSize>>20))
230 "Time duration after a block is trashed during which it can be recovered using an /untrash request")
233 "trash-check-interval",
235 "Time duration at which the emptyTrash goroutine will check and delete expired trashed blocks. Default is one day.")
240 log.Fatal("-max-buffers must be greater than zero.")
242 bufs = newBufferPool(maxBuffers, BlockSize)
245 f, err := os.OpenFile(pidfile, os.O_RDWR|os.O_CREATE, 0777)
247 log.Fatalf("open pidfile (%s): %s", pidfile, err)
249 err = syscall.Flock(int(f.Fd()), syscall.LOCK_EX|syscall.LOCK_NB)
251 log.Fatalf("flock pidfile (%s): %s", pidfile, err)
255 log.Fatalf("truncate pidfile (%s): %s", pidfile, err)
257 _, err = fmt.Fprint(f, os.Getpid())
259 log.Fatalf("write pidfile (%s): %s", pidfile, err)
263 log.Fatalf("sync pidfile (%s): %s", pidfile, err)
266 defer os.Remove(pidfile)
269 if len(volumes) == 0 {
270 if (&unixVolumeAdder{&volumes}).Discover() == 0 {
271 log.Fatal("No volumes found.")
275 for _, v := range volumes {
276 log.Printf("Using volume %v (writable=%v)", v, v.Writable())
279 // Initialize data manager token and permission key.
280 // If these tokens are specified but cannot be read,
281 // raise a fatal error.
282 if dataManagerTokenFile != "" {
283 if buf, err := ioutil.ReadFile(dataManagerTokenFile); err == nil {
284 dataManagerToken = strings.TrimSpace(string(buf))
286 log.Fatalf("reading data manager token: %s\n", err)
290 if neverDelete != true {
291 log.Print("never-delete is not set. Warning: the relevant features in keepstore and data manager have not " +
292 "been extensively tested. You should leave this option alone unless you can afford to lose data.")
295 if blobSigningKeyFile != "" {
296 if buf, err := ioutil.ReadFile(blobSigningKeyFile); err == nil {
297 PermissionSecret = bytes.TrimSpace(buf)
299 log.Fatalf("reading permission key: %s\n", err)
303 blobSignatureTTL = time.Duration(permissionTTLSec) * time.Second
305 if PermissionSecret == nil {
306 if enforcePermissions {
307 log.Fatal("-enforce-permissions requires a permission key")
309 log.Println("Running without a PermissionSecret. Block locators " +
310 "returned by this server will not be signed, and will be rejected " +
311 "by a server that enforces permissions.")
312 log.Println("To fix this, use the -blob-signing-key-file flag " +
313 "to specify the file containing the permission key.")
317 if maxRequests <= 0 {
318 maxRequests = maxBuffers * 2
319 log.Printf("-max-requests <1 or not specified; defaulting to maxBuffers * 2 == %d", maxRequests)
322 // Start a round-robin VolumeManager with the volumes we have found.
323 KeepVM = MakeRRVolumeManager(volumes)
325 // Middleware stack: logger, maxRequests limiter, method handlers
326 http.Handle("/", &LoggingRESTRouter{
327 httpserver.NewRequestLimiter(maxRequests,
331 // Set up a TCP listener.
332 listener, err := net.Listen("tcp", listen)
337 // Initialize Pull queue and worker
338 keepClient := &keepclient.KeepClient{
339 Arvados: &arvadosclient.ArvadosClient{},
341 Client: &http.Client{},
344 // Initialize the pullq and worker
345 pullq = NewWorkQueue()
346 go RunPullWorker(pullq, keepClient)
348 // Initialize the trashq and worker
349 trashq = NewWorkQueue()
350 go RunTrashWorker(trashq)
352 // Start emptyTrash goroutine
353 doneEmptyingTrash := make(chan bool)
354 go emptyTrash(doneEmptyingTrash, trashCheckInterval)
356 // Shut down the server gracefully (by closing the listener)
357 // if SIGTERM is received.
358 term := make(chan os.Signal, 1)
359 go func(sig <-chan os.Signal) {
361 log.Println("caught signal:", s)
362 doneEmptyingTrash <- true
365 signal.Notify(term, syscall.SIGTERM)
366 signal.Notify(term, syscall.SIGINT)
368 log.Println("listening at", listen)
369 srv := &http.Server{Addr: listen}
373 // At every trashCheckInterval tick, invoke EmptyTrash on all volumes.
374 func emptyTrash(doneEmptyingTrash chan bool, trashCheckInterval time.Duration) {
375 ticker := time.NewTicker(trashCheckInterval)
380 for _, v := range volumes {
385 case <-doneEmptyingTrash: