X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cb48eb95d516b1d4a1ffe18be34703005531117a..f935965259f9c0476a9c5ffa79e5c27ce9da4800:/services/keepstore/keepstore.go diff --git a/services/keepstore/keepstore.go b/services/keepstore/keepstore.go index 2528f6d6a6..69ff5659c1 100644 --- a/services/keepstore/keepstore.go +++ b/services/keepstore/keepstore.go @@ -1,30 +1,23 @@ package main import ( - "bytes" "flag" "fmt" - "git.curoverse.com/arvados.git/sdk/go/keepclient" - "io/ioutil" "log" "net" "net/http" "os" "os/signal" - "strings" "syscall" "time" -) - -// ====================== -// Configuration settings -// -// TODO(twp): make all of these configurable via command line flags -// and/or configuration file settings. -// Default TCP address on which to listen for requests. -// Initialized by the --listen flag. -const DefaultAddr = ":25107" + "git.curoverse.com/arvados.git/sdk/go/arvadosclient" + "git.curoverse.com/arvados.git/sdk/go/config" + "git.curoverse.com/arvados.git/sdk/go/httpserver" + "git.curoverse.com/arvados.git/sdk/go/keepclient" + "github.com/coreos/go-systemd/daemon" + "github.com/ghodss/yaml" +) // A Keep "block" is 64MB. const BlockSize = 64 * 1024 * 1024 @@ -33,33 +26,9 @@ const BlockSize = 64 * 1024 * 1024 // in order to permit writes. const MinFreeKilobytes = BlockSize / 1024 -// Until #6221 is resolved, never_delete must be true. -// However, allow it to be false in testing with TestDataManagerToken -const TestDataManagerToken = "4axaw8zxe0qm22wa6urpp5nskcne8z88cvbupv653y1njyi05h" - // ProcMounts /proc/mounts var ProcMounts = "/proc/mounts" -// enforcePermissions controls whether permission signatures -// should be enforced (affecting GET and DELETE requests). -// Initialized by the -enforce-permissions flag. -var enforcePermissions bool - -// blobSignatureTTL is the time duration for which new permission -// signatures (returned by PUT requests) will be valid. -// Initialized by the -permission-ttl flag. -var blobSignatureTTL time.Duration - -// dataManagerToken represents the API token used by the -// Data Manager, and is required on certain privileged operations. -// Initialized by the -data-manager-token-file flag. -var dataManagerToken string - -// neverDelete can be used to prevent the DELETE handler from -// actually deleting anything. -var neverDelete = true - -var maxBuffers = 128 var bufs *bufferPool // KeepError types. @@ -83,6 +52,8 @@ var ( SizeRequiredError = &KeepError{411, "Missing Content-Length"} TooLongError = &KeepError{413, "Block is too large"} MethodDisabledError = &KeepError{405, "Method disabled"} + ErrNotImplemented = &KeepError{500, "Unsupported configuration"} + ErrClientDisconnect = &KeepError{503, "Client disconnected"} ) func (e *KeepError) Error() string { @@ -111,115 +82,55 @@ var KeepVM VolumeManager var pullq *WorkQueue var trashq *WorkQueue -type volumeSet []Volume - -var ( - flagSerializeIO bool - flagReadonly bool - volumes volumeSet -) - -func (vs *volumeSet) String() string { - return fmt.Sprintf("%+v", (*vs)[:]) -} - // TODO(twp): continue moving as much code as possible out of main // so it can be effectively tested. Esp. handling and postprocessing // of command line flags (identifying Keep volumes and initializing // permission arguments). func main() { - log.Println("keepstore starting, pid", os.Getpid()) - defer log.Println("keepstore exiting, pid", os.Getpid()) + deprecated.beforeFlagParse(theConfig) - var ( - dataManagerTokenFile string - listen string - blobSigningKeyFile string - permissionTTLSec int - pidfile string - ) - flag.StringVar( - &dataManagerTokenFile, - "data-manager-token-file", - "", - "File with the API token used by the Data Manager. All DELETE "+ - "requests or GET /index requests must carry this token.") - flag.BoolVar( - &enforcePermissions, - "enforce-permissions", - false, - "Enforce permission signatures on requests.") - flag.StringVar( - &listen, - "listen", - DefaultAddr, - "Listening address, in the form \"host:port\". e.g., 10.0.1.24:8000. Omit the host part to listen on all interfaces.") - flag.BoolVar( - &neverDelete, - "never-delete", - true, - "If set, nothing will be deleted. HTTP 405 will be returned "+ - "for valid DELETE requests.") - flag.StringVar( - &blobSigningKeyFile, - "permission-key-file", - "", - "Synonym for -blob-signing-key-file.") - flag.StringVar( - &blobSigningKeyFile, - "blob-signing-key-file", - "", - "File containing the secret key for generating and verifying "+ - "blob permission signatures.") - flag.IntVar( - &permissionTTLSec, - "permission-ttl", - 0, - "Synonym for -blob-signature-ttl.") - flag.IntVar( - &permissionTTLSec, - "blob-signature-ttl", - int(time.Duration(2*7*24*time.Hour).Seconds()), - "Lifetime of blob permission signatures. "+ - "See services/api/config/application.default.yml.") - flag.BoolVar( - &flagSerializeIO, - "serialize", - false, - "Serialize read and write operations on the following volumes.") - flag.BoolVar( - &flagReadonly, - "readonly", - false, - "Do not write, delete, or touch anything on the following volumes.") - flag.StringVar( - &pidfile, - "pid", - "", - "Path to write pid file during startup. This file is kept open and locked with LOCK_EX until keepstore exits, so `fuser -k pidfile` is one way to shut down. Exit immediately if there is an error opening, locking, or writing the pid file.") - flag.IntVar( - &maxBuffers, - "max-buffers", - maxBuffers, - fmt.Sprintf("Maximum RAM to use for data buffers, given in multiples of block size (%d MiB). When this limit is reached, HTTP requests requiring buffers (like GET and PUT) will wait for buffer space to be released.", BlockSize>>20)) + dumpConfig := flag.Bool("dump-config", false, "write current configuration to stdout and exit (useful for migrating from command line flags to config file)") + defaultConfigPath := "/etc/arvados/keepstore/keepstore.yml" + var configPath string + flag.StringVar( + &configPath, + "config", + defaultConfigPath, + "YAML or JSON configuration file `path`") + flag.Usage = usage flag.Parse() - if maxBuffers < 0 { - log.Fatal("-max-buffers must be greater than zero.") + deprecated.afterFlagParse(theConfig) + + err := config.LoadFile(theConfig, configPath) + if err != nil && (!os.IsNotExist(err) || configPath != defaultConfigPath) { + log.Fatal(err) } - bufs = newBufferPool(maxBuffers, BlockSize) - if pidfile != "" { + if *dumpConfig { + y, err := yaml.Marshal(theConfig) + if err != nil { + log.Fatal(err) + } + os.Stdout.Write(y) + os.Exit(0) + } + + err = theConfig.Start() + + if pidfile := theConfig.PIDFile; pidfile != "" { f, err := os.OpenFile(pidfile, os.O_RDWR|os.O_CREATE, 0777) if err != nil { log.Fatalf("open pidfile (%s): %s", pidfile, err) } + defer f.Close() err = syscall.Flock(int(f.Fd()), syscall.LOCK_EX|syscall.LOCK_NB) if err != nil { log.Fatalf("flock pidfile (%s): %s", pidfile, err) } + defer os.Remove(pidfile) err = f.Truncate(0) if err != nil { log.Fatalf("truncate pidfile (%s): %s", pidfile, err) @@ -232,77 +143,30 @@ func main() { if err != nil { log.Fatalf("sync pidfile (%s): %s", pidfile, err) } - defer f.Close() - defer os.Remove(pidfile) } - if len(volumes) == 0 { - if (&unixVolumeAdder{&volumes}).Discover() == 0 { - log.Fatal("No volumes found.") - } - } - - for _, v := range volumes { - log.Printf("Using volume %v (writable=%v)", v, v.Writable()) - } - - // Initialize data manager token and permission key. - // If these tokens are specified but cannot be read, - // raise a fatal error. - if dataManagerTokenFile != "" { - if buf, err := ioutil.ReadFile(dataManagerTokenFile); err == nil { - dataManagerToken = strings.TrimSpace(string(buf)) - } else { - log.Fatalf("reading data manager token: %s\n", err) - } - } - - if neverDelete != true && dataManagerToken != TestDataManagerToken { - log.Fatal("never_delete must be true, see #6221") - } - - if blobSigningKeyFile != "" { - if buf, err := ioutil.ReadFile(blobSigningKeyFile); err == nil { - PermissionSecret = bytes.TrimSpace(buf) - } else { - log.Fatalf("reading permission key: %s\n", err) - } - } - - blobSignatureTTL = time.Duration(permissionTTLSec) * time.Second - - if PermissionSecret == nil { - if enforcePermissions { - log.Fatal("-enforce-permissions requires a permission key") - } else { - log.Println("Running without a PermissionSecret. Block locators " + - "returned by this server will not be signed, and will be rejected " + - "by a server that enforces permissions.") - log.Println("To fix this, use the -blob-signing-key-file flag " + - "to specify the file containing the permission key.") - } - } + log.Println("keepstore starting, pid", os.Getpid()) + defer log.Println("keepstore exiting, pid", os.Getpid()) // Start a round-robin VolumeManager with the volumes we have found. - KeepVM = MakeRRVolumeManager(volumes) + KeepVM = MakeRRVolumeManager(theConfig.Volumes) - // Tell the built-in HTTP server to direct all requests to the REST router. - loggingRouter := MakeLoggingRESTRouter() - http.HandleFunc("/", func(resp http.ResponseWriter, req *http.Request) { - loggingRouter.ServeHTTP(resp, req) + // Middleware stack: logger, MaxRequests limiter, method handlers + http.Handle("/", &LoggingRESTRouter{ + httpserver.NewRequestLimiter(theConfig.MaxRequests, + MakeRESTRouter()), }) // Set up a TCP listener. - listener, err := net.Listen("tcp", listen) + listener, err := net.Listen("tcp", theConfig.Listen) if err != nil { log.Fatal(err) } // Initialize Pull queue and worker keepClient := &keepclient.KeepClient{ - Arvados: nil, + Arvados: &arvadosclient.ArvadosClient{}, Want_replicas: 1, - Using_proxy: true, Client: &http.Client{}, } @@ -314,18 +178,45 @@ func main() { trashq = NewWorkQueue() go RunTrashWorker(trashq) + // Start emptyTrash goroutine + doneEmptyingTrash := make(chan bool) + go emptyTrash(doneEmptyingTrash, theConfig.TrashCheckInterval.Duration()) + // Shut down the server gracefully (by closing the listener) // if SIGTERM is received. term := make(chan os.Signal, 1) go func(sig <-chan os.Signal) { s := <-sig log.Println("caught signal:", s) + doneEmptyingTrash <- true listener.Close() }(term) signal.Notify(term, syscall.SIGTERM) signal.Notify(term, syscall.SIGINT) - log.Println("listening at", listen) - srv := &http.Server{Addr: listen} + if _, err := daemon.SdNotify("READY=1"); err != nil { + log.Printf("Error notifying init daemon: %v", err) + } + log.Println("listening at", listener.Addr) + srv := &http.Server{} srv.Serve(listener) } + +// Periodically (once per interval) invoke EmptyTrash on all volumes. +func emptyTrash(done <-chan bool, interval time.Duration) { + ticker := time.NewTicker(interval) + + for { + select { + case <-ticker.C: + for _, v := range theConfig.Volumes { + if v.Writable() { + v.EmptyTrash() + } + } + case <-done: + ticker.Stop() + return + } + } +}