var Command cmd.Handler = service.Command(arvados.ServiceNameDispatchCloud, newHandler)
func newHandler(ctx context.Context, cluster *arvados.Cluster, _ *arvados.NodeProfile) service.Handler {
- d := &dispatcher{Cluster: cluster, Context: ctx}
+ d := &dispatcher{
+ Cluster: cluster,
+ Context: ctx,
+ AuthToken: service.Token(ctx),
+ }
go d.Start()
return d
}
type dispatcher struct {
Cluster *arvados.Cluster
Context context.Context
+ AuthToken string
InstanceSetID cloud.InstanceSetID
logger logrus.FieldLogger
}
func (disp *dispatcher) initialize() {
- arvClient := arvados.NewClientFromEnv()
+ disp.logger = ctxlog.FromContext(disp.Context)
+
+ arvClient, err := arvados.NewClientFromConfig(disp.Cluster)
+ if err != nil {
+ disp.logger.WithError(err).Warn("error initializing client from cluster config, falling back to ARVADOS_API_HOST(_INSECURE) environment variables")
+ arvClient = arvados.NewClientFromEnv()
+ }
+ arvClient.AuthToken = disp.AuthToken
+
if disp.InstanceSetID == "" {
if strings.HasPrefix(arvClient.AuthToken, "v2/") {
disp.InstanceSetID = cloud.InstanceSetID(strings.Split(arvClient.AuthToken, "/")[1])
}
disp.stop = make(chan struct{}, 1)
disp.stopped = make(chan struct{})
- disp.logger = ctxlog.FromContext(disp.Context)
if key, err := ssh.ParsePrivateKey([]byte(disp.Cluster.Dispatch.PrivateKey)); err != nil {
disp.logger.Fatalf("error parsing configured Dispatch.PrivateKey: %s", err)
"git.curoverse.com/arvados.git/lib/dispatchcloud/test"
"git.curoverse.com/arvados.git/sdk/go/arvados"
+ "git.curoverse.com/arvados.git/sdk/go/arvadostest"
"git.curoverse.com/arvados.git/sdk/go/ctxlog"
"golang.org/x/crypto/ssh"
check "gopkg.in/check.v1"
DispatchCloud: arvados.SystemServiceInstance{Listen: ":"},
},
},
+ Services: arvados.Services{
+ DispatchCloud: arvados.Service{InternalURLs: map[arvados.URL]arvados.ServiceInstance{
+ arvados.URL{Scheme: "https", Host: os.Getenv("ARVADOS_API_HOST")}: {},
+ }},
+ },
}
s.disp = &dispatcher{
- Cluster: s.cluster,
- Context: s.ctx,
+ Cluster: s.cluster,
+ Context: s.ctx,
+ AuthToken: arvadostest.AdminToken,
}
// Test cases can modify s.cluster before calling
// initialize(), and then modify private state before calling
}
for _, name := range []string{"ARVADOS_API_HOST", "ARVADOS_API_TOKEN"} {
if stdinKV[name] == "" {
- fmt.Fprintf(stderr, "%s env var missing from stdin %q\n", name, stdin)
+ fmt.Fprintf(stderr, "%s env var missing from stdin %q\n", name, stdinData)
return 1
}
}
"PID": os.Getpid(),
})
ctx := ctxlog.Context(context.Background(), log)
+
+ // Currently all components use SystemRootToken if configured,
+ // otherwise ARVADOS_API_TOKEN. In future, per-process tokens
+ // will be generated/obtained here.
+ token := cluster.SystemRootToken
+ if token == "" {
+ log.Warn("SystemRootToken missing from cluster config, falling back to ARVADOS_API_TOKEN environment variable")
+ token = os.Getenv("ARVADOS_API_TOKEN")
+ }
+ ctx = tokenContext(ctx, token)
+
profileName := *nodeProfile
if profileName == "" {
profileName = os.Getenv("ARVADOS_NODE_PROFILE")
--- /dev/null
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package service
+
+import (
+ "context"
+)
+
+type contextKey string
+
+var contextKeyServiceToken contextKey = "serviceToken"
+
+// Token returns the privileged system token suitable for the given
+// service context.
+//
+// It only works on contexts that were generated by Command() and
+// passed to a Handler. For other contexts it returns the empty
+// string.
+func Token(ctx context.Context) string {
+ t, _ := ctx.Value(contextKeyServiceToken).(string)
+ return t
+}
+
+// tokenContext returns a child context with the given token attached
+// so it can be retrieved by Token().
+func tokenContext(ctx context.Context, t string) context.Context {
+ return context.WithValue(ctx, contextKeyServiceToken, t)
+}
var DefaultSecureClient = &http.Client{
Timeout: 5 * time.Minute}
+// NewClientFromConfig creates a new Client that uses the endpoints in
+// the given cluster.
+//
+// AuthToken is left empty for the caller to populate.
+func NewClientFromConfig(cluster *Cluster) (*Client, error) {
+ ctrlURL := cluster.Services.Controller.ExternalURL
+ if ctrlURL.Host == "" {
+ return nil, fmt.Errorf("no host in config Services.Controller.ExternalURL: %s", ctrlURL)
+ }
+ return &Client{
+ APIHost: fmt.Sprintf("%s", ctrlURL),
+ Insecure: cluster.TLS.Insecure,
+ }, nil
+}
+
// NewClientFromEnv creates a new Client that uses the default HTTP
// client with the API endpoint and credentials given by the
// ARVADOS_API_* environment variables.
"encoding/json"
"errors"
"fmt"
+ "net/url"
"os"
"git.curoverse.com/arvados.git/sdk/go/config"
type Cluster struct {
ClusterID string `json:"-"`
ManagementToken string
+ SystemRootToken string
+ Services Services
NodeProfiles map[string]NodeProfile
InstanceTypes InstanceTypeMap
CloudVMs CloudVMs
PostgreSQL PostgreSQL
RequestLimits RequestLimits
Logging Logging
+ TLS TLS
}
+type Services struct {
+ Controller Service
+ DispatchCloud Service
+ Health Service
+ Keepbalance Service
+ Keepproxy Service
+ Keepstore Service
+ Keepweb Service
+ Nodemanager Service
+ RailsAPI Service
+ Websocket Service
+ Workbench Service
+}
+
+type Service struct {
+ InternalURLs map[URL]ServiceInstance
+ ExternalURL URL
+}
+
+// URL is a url.URL that is also usable as a JSON key/value.
+type URL url.URL
+
+// UnmarshalText implements encoding.TextUnmarshaler so URL can be
+// used as a JSON key/value.
+func (su *URL) UnmarshalText(text []byte) error {
+ u, err := url.Parse(string(text))
+ if err == nil {
+ *su = URL(*u)
+ }
+ return err
+}
+
+type ServiceInstance struct{}
+
type Logging struct {
Level string
Format string
TLS bool
Insecure bool
}
+
+type TLS struct {
+ Certificate string
+ Key string
+ Insecure bool
+}
projects / arvados.git / commitdiff