X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/acf545571425b2a2d8a26cb703f75926b6b2a987..dece16822124a86dd2f57b7d3b25ca1aa7d75600:/lib/controller/handler.go diff --git a/lib/controller/handler.go b/lib/controller/handler.go index c50f98273c..d524195e44 100644 --- a/lib/controller/handler.go +++ b/lib/controller/handler.go @@ -5,15 +5,21 @@ package controller import ( + "bytes" + "context" "database/sql" "errors" - "net" + "fmt" + "io" "net/http" "net/url" "strings" "sync" "time" + "git.curoverse.com/arvados.git/lib/config" + "git.curoverse.com/arvados.git/lib/controller/railsproxy" + "git.curoverse.com/arvados.git/lib/controller/router" "git.curoverse.com/arvados.git/sdk/go/arvados" "git.curoverse.com/arvados.git/sdk/go/health" "git.curoverse.com/arvados.git/sdk/go/httpserver" @@ -21,8 +27,7 @@ import ( ) type Handler struct { - Cluster *arvados.Cluster - NodeProfile *arvados.NodeProfile + Cluster *arvados.Cluster setupOnce sync.Once handlerStack http.Handler @@ -35,38 +40,78 @@ type Handler struct { func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) { h.setupOnce.Do(h.setup) + if req.Method != "GET" && req.Method != "HEAD" { + // http.ServeMux returns 301 with a cleaned path if + // the incoming request has a double slash. Some + // clients (including the Go standard library) change + // the request method to GET when following a 301 + // redirect if the original method was not HEAD + // (RFC7231 6.4.2 specifically allows this in the case + // of POST). Thus "POST //foo" gets misdirected to + // "GET /foo". To avoid this, eliminate double slashes + // before passing the request to ServeMux. + for strings.Contains(req.URL.Path, "//") { + req.URL.Path = strings.Replace(req.URL.Path, "//", "/", -1) + } + } + if h.Cluster.API.RequestTimeout > 0 { + ctx, cancel := context.WithDeadline(req.Context(), time.Now().Add(time.Duration(h.Cluster.API.RequestTimeout))) + req = req.WithContext(ctx) + defer cancel() + } + h.handlerStack.ServeHTTP(w, req) } func (h *Handler) CheckHealth() error { h.setupOnce.Do(h.setup) - _, _, err := findRailsAPI(h.Cluster, h.NodeProfile) + _, _, err := railsproxy.FindRailsAPI(h.Cluster) return err } +func neverRedirect(*http.Request, []*http.Request) error { return http.ErrUseLastResponse } + func (h *Handler) setup() { mux := http.NewServeMux() mux.Handle("/_health/", &health.Handler{ Token: h.Cluster.ManagementToken, Prefix: "/_health/", + Routes: health.Routes{"ping": func() error { _, err := h.db(&http.Request{}); return err }}, }) + + mux.Handle("/arvados/v1/config", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + var buf bytes.Buffer + err := config.ExportJSON(&buf, h.Cluster) + if err != nil { + httpserver.Error(w, err.Error(), http.StatusInternalServerError) + return + } + w.Header().Set("Content-Type", "application/json") + io.Copy(w, &buf) + })) + + if h.Cluster.EnableBetaController14287 { + rtr := router.New(h.Cluster) + mux.Handle("/arvados/v1/collections", rtr) + mux.Handle("/arvados/v1/collections/", rtr) + } + hs := http.NotFoundHandler() hs = prepend(hs, h.proxyRailsAPI) - hs = prepend(hs, h.proxyRemoteCluster) + hs = h.setupProxyRemoteCluster(hs) mux.Handle("/", hs) h.handlerStack = mux sc := *arvados.DefaultSecureClient - sc.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout) + sc.CheckRedirect = neverRedirect h.secureClient = &sc ic := *arvados.InsecureHTTPClient - ic.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout) + ic.CheckRedirect = neverRedirect h.insecureClient = &ic h.proxy = &proxy{ - Name: "arvados-controller", - RequestTimeout: time.Duration(h.Cluster.HTTPRequestTimeout), + Name: "arvados-controller", } } @@ -103,11 +148,10 @@ func prepend(next http.Handler, middleware middlewareFunc) http.Handler { }) } -func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next http.Handler) { - urlOut, insecure, err := findRailsAPI(h.Cluster, h.NodeProfile) +func (h *Handler) localClusterRequest(req *http.Request) (*http.Response, error) { + urlOut, insecure, err := railsproxy.FindRailsAPI(h.Cluster) if err != nil { - httpserver.Error(w, err.Error(), http.StatusInternalServerError) - return + return nil, err } urlOut = &url.URL{ Scheme: urlOut.Scheme, @@ -120,25 +164,30 @@ func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next h if insecure { client = h.insecureClient } - h.proxy.Do(w, req, urlOut, client) + return h.proxy.Do(req, urlOut, client) +} + +func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next http.Handler) { + resp, err := h.localClusterRequest(req) + n, err := h.proxy.ForwardResponse(w, resp, err) + if err != nil { + httpserver.Logger(req).WithError(err).WithField("bytesCopied", n).Error("error copying response body") + } } -// For now, findRailsAPI always uses the rails API running on this -// node. -func findRailsAPI(cluster *arvados.Cluster, np *arvados.NodeProfile) (*url.URL, bool, error) { - hostport := np.RailsAPI.Listen - if len(hostport) > 1 && hostport[0] == ':' && strings.TrimRight(hostport[1:], "0123456789") == "" { - // ":12345" => connect to indicated port on localhost - hostport = "localhost" + hostport - } else if _, _, err := net.SplitHostPort(hostport); err == nil { - // "[::1]:12345" => connect to indicated address & port - } else { - return nil, false, err +// Use a localhost entry from Services.RailsAPI.InternalURLs if one is +// present, otherwise choose an arbitrary entry. +func findRailsAPI(cluster *arvados.Cluster) (*url.URL, bool, error) { + var best *url.URL + for target := range cluster.Services.RailsAPI.InternalURLs { + target := url.URL(target) + best = &target + if strings.HasPrefix(target.Host, "localhost:") || strings.HasPrefix(target.Host, "127.0.0.1:") || strings.HasPrefix(target.Host, "[::1]:") { + break + } } - proto := "http" - if np.RailsAPI.TLS { - proto = "https" + if best == nil { + return nil, false, fmt.Errorf("Services.RailsAPI.InternalURLs is empty") } - url, err := url.Parse(proto + "://" + hostport) - return url, np.RailsAPI.Insecure, err + return best, cluster.TLS.Insecure, nil }