X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/de1aef9bd3cd982604b1f9f1ad8433d0b28112ee..73a127e5492bc2711530b2f5a7c30a5021232d40:/services/keepproxy/keepproxy.go diff --git a/services/keepproxy/keepproxy.go b/services/keepproxy/keepproxy.go index 8c1646745f..7b5cd2befb 100644 --- a/services/keepproxy/keepproxy.go +++ b/services/keepproxy/keepproxy.go @@ -14,7 +14,6 @@ import ( "net/http" "os" "os/signal" - "reflect" "regexp" "sync" "syscall" @@ -22,8 +21,8 @@ import ( ) // Default TCP address on which to listen for requests. -// Initialized by the -listen flag. -const DEFAULT_ADDR = ":25107" +// Override with -listen. +const DefaultAddr = ":25107" var listener net.Listener @@ -42,7 +41,7 @@ func main() { flagset.StringVar( &listen, "listen", - DEFAULT_ADDR, + DefaultAddr, "Interface on which to listen for requests, in the format "+ "ipaddr:port. e.g. -listen=10.0.1.24:8000. Use -listen=:port "+ "to listen on all network interfaces.") @@ -84,6 +83,9 @@ func main() { log.Fatalf("Error setting up arvados client %s", err.Error()) } + if os.Getenv("ARVADOS_DEBUG") != "" { + keepclient.DebugPrintf = log.Printf + } kc, err := keepclient.MakeKeepClient(&arv) if err != nil { log.Fatalf("Error setting up keep client %s", err.Error()) @@ -100,15 +102,14 @@ func main() { } kc.Want_replicas = default_replicas - kc.Client.Timeout = time.Duration(timeout) * time.Second + go kc.RefreshServices(5*time.Minute, 3*time.Second) listener, err = net.Listen("tcp", listen) if err != nil { log.Fatalf("Could not listen on %v", listen) } - - go RefreshServicesList(kc, 5*time.Minute, 3*time.Second) + log.Printf("Arvados Keep proxy started listening on %v", listener.Addr()) // Shut down the server gracefully (by closing the listener) // if SIGTERM is received. @@ -121,9 +122,7 @@ func main() { signal.Notify(term, syscall.SIGTERM) signal.Notify(term, syscall.SIGINT) - log.Printf("Arvados Keep proxy started listening on %v", listener.Addr()) - - // Start listening for requests. + // Start serving requests. http.Serve(listener, MakeRESTRouter(!no_get, !no_put, kc)) log.Println("shutting down") @@ -135,42 +134,6 @@ type ApiTokenCache struct { expireTime int64 } -// Refresh the keep service list on SIGHUP; when the given interval -// has elapsed since the last refresh; and (if the last refresh -// failed) the given errInterval has elapsed. -func RefreshServicesList(kc *keepclient.KeepClient, interval, errInterval time.Duration) { - var previousRoots = []map[string]string{} - - timer := time.NewTimer(interval) - gotHUP := make(chan os.Signal, 1) - signal.Notify(gotHUP, syscall.SIGHUP) - - for { - select { - case <-gotHUP: - case <-timer.C: - } - timer.Reset(interval) - - if err := kc.DiscoverKeepServers(); err != nil { - log.Println("Error retrieving services list: %v (retrying in %v)", err, errInterval) - timer.Reset(errInterval) - continue - } - newRoots := []map[string]string{kc.LocalRoots(), kc.GatewayRoots()} - - if !reflect.DeepEqual(previousRoots, newRoots) { - log.Printf("Updated services list: locals %v gateways %v", newRoots[0], newRoots[1]) - previousRoots = newRoots - } - - if len(newRoots[0]) == 0 { - log.Printf("WARNING: No local services (retrying in %v)", errInterval) - timer.Reset(errInterval) - } - } -} - // Cache the token and set an expire time. If we already have an expire time // on the token, it is not updated. func (this *ApiTokenCache) RememberToken(token string) { @@ -203,17 +166,13 @@ func (this *ApiTokenCache) RecallToken(token string) bool { } func GetRemoteAddress(req *http.Request) string { - if realip := req.Header.Get("X-Real-IP"); realip != "" { - if forwarded := req.Header.Get("X-Forwarded-For"); forwarded != realip { - return fmt.Sprintf("%s (X-Forwarded-For %s)", realip, forwarded) - } else { - return realip - } + if xff := req.Header.Get("X-Forwarded-For"); xff != "" { + return xff + "," + req.RemoteAddr } return req.RemoteAddr } -func CheckAuthorizationHeader(kc keepclient.KeepClient, cache *ApiTokenCache, req *http.Request) (pass bool, tok string) { +func CheckAuthorizationHeader(kc *keepclient.KeepClient, cache *ApiTokenCache, req *http.Request) (pass bool, tok string) { var auth string if auth = req.Header.Get("Authorization"); auth == "" { return false, "" @@ -343,7 +302,7 @@ func (this GetBlockHandler) ServeHTTP(resp http.ResponseWriter, req *http.Reques var pass bool var tok string - if pass, tok = CheckAuthorizationHeader(kc, this.ApiTokenCache, req); !pass { + if pass, tok = CheckAuthorizationHeader(&kc, this.ApiTokenCache, req); !pass { status, err = http.StatusForbidden, BadAuthorizationHeader return } @@ -374,7 +333,7 @@ func (this GetBlockHandler) ServeHTTP(resp http.ResponseWriter, req *http.Reques log.Println("Warning:", GetRemoteAddress(req), req.Method, proxiedURI, "Content-Length not provided") } - switch err { + switch respErr := err.(type) { case nil: status = http.StatusOK resp.Header().Set("Content-Length", fmt.Sprint(expectLength)) @@ -387,10 +346,16 @@ func (this GetBlockHandler) ServeHTTP(resp http.ResponseWriter, req *http.Reques err = ContentLengthMismatch } } - case keepclient.BlockNotFound: - status = http.StatusNotFound + case keepclient.Error: + if respErr == keepclient.BlockNotFound { + status = http.StatusNotFound + } else if respErr.Temporary() { + status = http.StatusBadGateway + } else { + status = 422 + } default: - status = http.StatusBadGateway + status = http.StatusInternalServerError } } @@ -444,7 +409,7 @@ func (this PutBlockHandler) ServeHTTP(resp http.ResponseWriter, req *http.Reques var pass bool var tok string - if pass, tok = CheckAuthorizationHeader(kc, this.ApiTokenCache, req); !pass { + if pass, tok = CheckAuthorizationHeader(&kc, this.ApiTokenCache, req); !pass { err = BadAuthorizationHeader status = http.StatusForbidden return @@ -527,7 +492,7 @@ func (handler IndexHandler) ServeHTTP(resp http.ResponseWriter, req *http.Reques kc := *handler.KeepClient - ok, token := CheckAuthorizationHeader(kc, handler.ApiTokenCache, req) + ok, token := CheckAuthorizationHeader(&kc, handler.ApiTokenCache, req) if !ok { status, err = http.StatusForbidden, BadAuthorizationHeader return