X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a6ab70e907a47e8e28aae2dd3eb357aa72c8b673..bef56b9a22efac9ce73006623080e84a0b57f243:/lib/controller/handler.go diff --git a/lib/controller/handler.go b/lib/controller/handler.go index 7f4376e6fc..25799aae9e 100644 --- a/lib/controller/handler.go +++ b/lib/controller/handler.go @@ -5,12 +5,11 @@ package controller import ( - "context" - "io" + "database/sql" + "errors" "net" "net/http" "net/url" - "regexp" "strings" "sync" "time" @@ -18,28 +17,49 @@ import ( "git.curoverse.com/arvados.git/sdk/go/arvados" "git.curoverse.com/arvados.git/sdk/go/health" "git.curoverse.com/arvados.git/sdk/go/httpserver" + _ "github.com/lib/pq" ) type Handler struct { Cluster *arvados.Cluster NodeProfile *arvados.NodeProfile - setupOnce sync.Once - handlerStack http.Handler - proxyClient *arvados.Client + setupOnce sync.Once + handlerStack http.Handler + proxy *proxy + secureClient *http.Client + insecureClient *http.Client + pgdb *sql.DB + pgdbMtx sync.Mutex } func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) { h.setupOnce.Do(h.setup) + if req.Method != "GET" && req.Method != "HEAD" { + // http.ServeMux returns 301 with a cleaned path if + // the incoming request has a double slash. Some + // clients (including the Go standard library) change + // the request method to GET when following a 301 + // redirect if the original method was not HEAD + // (RFC7231 6.4.2 specifically allows this in the case + // of POST). Thus "POST //foo" gets misdirected to + // "GET /foo". To avoid this, eliminate double slashes + // before passing the request to ServeMux. + for strings.Contains(req.URL.Path, "//") { + req.URL.Path = strings.Replace(req.URL.Path, "//", "/", -1) + } + } h.handlerStack.ServeHTTP(w, req) } func (h *Handler) CheckHealth() error { h.setupOnce.Do(h.setup) - _, err := findRailsAPI(h.Cluster, h.NodeProfile) + _, _, err := findRailsAPI(h.Cluster, h.NodeProfile) return err } +func neverRedirect(*http.Request, []*http.Request) error { return http.ErrUseLastResponse } + func (h *Handler) setup() { mux := http.NewServeMux() mux.Handle("/_health/", &health.Handler{ @@ -51,58 +71,58 @@ func (h *Handler) setup() { hs = prepend(hs, h.proxyRemoteCluster) mux.Handle("/", hs) h.handlerStack = mux -} -// headers that shouldn't be forwarded when proxying. See -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers -var dropHeaders = map[string]bool{ - "Connection": true, - "Keep-Alive": true, - "Proxy-Authenticate": true, - "Proxy-Authorization": true, - "TE": true, - "Trailer": true, - "Transfer-Encoding": true, - "Upgrade": true, -} + sc := *arvados.DefaultSecureClient + sc.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout) + sc.CheckRedirect = neverRedirect + h.secureClient = &sc -type middlewareFunc func(http.ResponseWriter, *http.Request, http.Handler) + ic := *arvados.InsecureHTTPClient + ic.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout) + ic.CheckRedirect = neverRedirect + h.insecureClient = &ic -func prepend(next http.Handler, middleware middlewareFunc) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - middleware(w, req, next) - }) + h.proxy = &proxy{ + Name: "arvados-controller", + RequestTimeout: time.Duration(h.Cluster.HTTPRequestTimeout), + } } -var wfRe = regexp.MustCompile(`^/arvados/v1/workflows/([0-9a-z]{5})-[^/]+$`) +var errDBConnection = errors.New("database connection error") -func (h *Handler) proxyRemoteCluster(w http.ResponseWriter, req *http.Request, next http.Handler) { - m := wfRe.FindStringSubmatch(req.URL.Path) - if len(m) < 2 || m[1] == h.Cluster.ClusterID { - next.ServeHTTP(w, req) - return +func (h *Handler) db(req *http.Request) (*sql.DB, error) { + h.pgdbMtx.Lock() + defer h.pgdbMtx.Unlock() + if h.pgdb != nil { + return h.pgdb, nil } - remote, ok := h.Cluster.RemoteClusters[m[1]] - if !ok { - httpserver.Error(w, "no proxy available for cluster "+m[1], http.StatusNotFound) - return + + db, err := sql.Open("postgres", h.Cluster.PostgreSQL.Connection.String()) + if err != nil { + httpserver.Logger(req).WithError(err).Error("postgresql connect failed") + return nil, errDBConnection } - scheme := remote.Scheme - if scheme == "" { - scheme = "https" + if p := h.Cluster.PostgreSQL.ConnectionPool; p > 0 { + db.SetMaxOpenConns(p) } - urlOut := &url.URL{ - Scheme: scheme, - Host: remote.Host, - Path: req.URL.Path, - RawPath: req.URL.RawPath, - RawQuery: req.URL.RawQuery, + if err := db.Ping(); err != nil { + httpserver.Logger(req).WithError(err).Error("postgresql connect succeeded but ping failed") + return nil, errDBConnection } - h.proxy(w, req, urlOut) + h.pgdb = db + return db, nil +} + +type middlewareFunc func(http.ResponseWriter, *http.Request, http.Handler) + +func prepend(next http.Handler, middleware middlewareFunc) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + middleware(w, req, next) + }) } func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next http.Handler) { - urlOut, err := findRailsAPI(h.Cluster, h.NodeProfile) + urlOut, insecure, err := findRailsAPI(h.Cluster, h.NodeProfile) if err != nil { httpserver.Error(w, err.Error(), http.StatusInternalServerError) return @@ -114,58 +134,16 @@ func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next h RawPath: req.URL.RawPath, RawQuery: req.URL.RawQuery, } - h.proxy(w, req, urlOut) -} - -func (h *Handler) proxy(w http.ResponseWriter, reqIn *http.Request, urlOut *url.URL) { - // Copy headers from incoming request, then add/replace proxy - // headers like Via and X-Forwarded-For. - hdrOut := http.Header{} - for k, v := range reqIn.Header { - if !dropHeaders[k] { - hdrOut[k] = v - } - } - xff := reqIn.RemoteAddr - if xffIn := reqIn.Header.Get("X-Forwarded-For"); xffIn != "" { - xff = xffIn + "," + xff - } - hdrOut.Set("X-Forwarded-For", xff) - hdrOut.Add("Via", reqIn.Proto+" arvados-controller") - - ctx := reqIn.Context() - if timeout := h.Cluster.HTTPRequestTimeout; timeout > 0 { - var cancel context.CancelFunc - ctx, cancel = context.WithDeadline(ctx, time.Now().Add(time.Duration(timeout))) - defer cancel() - } - - reqOut := (&http.Request{ - Method: reqIn.Method, - URL: urlOut, - Header: hdrOut, - Body: reqIn.Body, - }).WithContext(ctx) - resp, err := arvados.InsecureHTTPClient.Do(reqOut) - if err != nil { - httpserver.Error(w, err.Error(), http.StatusInternalServerError) - return - } - for k, v := range resp.Header { - for _, v := range v { - w.Header().Add(k, v) - } - } - w.WriteHeader(resp.StatusCode) - n, err := io.Copy(w, resp.Body) - if err != nil { - httpserver.Logger(reqIn).WithError(err).WithField("bytesCopied", n).Error("error copying response body") + client := h.secureClient + if insecure { + client = h.insecureClient } + h.proxy.Do(w, req, urlOut, client) } // For now, findRailsAPI always uses the rails API running on this // node. -func findRailsAPI(cluster *arvados.Cluster, np *arvados.NodeProfile) (*url.URL, error) { +func findRailsAPI(cluster *arvados.Cluster, np *arvados.NodeProfile) (*url.URL, bool, error) { hostport := np.RailsAPI.Listen if len(hostport) > 1 && hostport[0] == ':' && strings.TrimRight(hostport[1:], "0123456789") == "" { // ":12345" => connect to indicated port on localhost @@ -173,11 +151,12 @@ func findRailsAPI(cluster *arvados.Cluster, np *arvados.NodeProfile) (*url.URL, } else if _, _, err := net.SplitHostPort(hostport); err == nil { // "[::1]:12345" => connect to indicated address & port } else { - return nil, err + return nil, false, err } proto := "http" if np.RailsAPI.TLS { proto = "https" } - return url.Parse(proto + "://" + hostport) + url, err := url.Parse(proto + "://" + hostport) + return url, np.RailsAPI.Insecure, err }