2014-03-31 02:28:04 +08:00
|
|
|
package weed_server
|
|
|
|
|
|
|
|
import (
|
2019-06-24 06:29:49 +08:00
|
|
|
"context"
|
|
|
|
"fmt"
|
2018-08-13 16:22:32 +08:00
|
|
|
"net/http"
|
2018-12-06 15:24:25 +08:00
|
|
|
"os"
|
2023-12-21 08:21:11 +08:00
|
|
|
"strings"
|
2020-03-30 16:19:33 +08:00
|
|
|
"sync"
|
2024-03-17 02:38:27 +08:00
|
|
|
"sync/atomic"
|
2019-06-24 06:29:49 +08:00
|
|
|
"time"
|
2018-08-13 16:22:32 +08:00
|
|
|
|
2022-07-29 15:17:28 +08:00
|
|
|
"github.com/seaweedfs/seaweedfs/weed/stats"
|
2020-10-21 08:41:39 +08:00
|
|
|
|
2020-01-01 03:52:54 +08:00
|
|
|
"google.golang.org/grpc"
|
|
|
|
|
2022-07-29 15:17:28 +08:00
|
|
|
"github.com/seaweedfs/seaweedfs/weed/util/grace"
|
|
|
|
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/operation"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/pb"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/master_pb"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/util"
|
|
|
|
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/filer"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/arangodb"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/cassandra"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/elastic/v7"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/etcd"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/hbase"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/leveldb"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/leveldb2"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/leveldb3"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/mongodb"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/mysql"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/mysql2"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/postgres"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/postgres2"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/redis"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/redis2"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/redis3"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/sqlite"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/filer/ydb"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/glog"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/notification"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/notification/aws_sqs"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/notification/gocdk_pub_sub"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/notification/google_pub_sub"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/notification/kafka"
|
|
|
|
_ "github.com/seaweedfs/seaweedfs/weed/notification/log"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/security"
|
2014-03-31 02:28:04 +08:00
|
|
|
)
|
|
|
|
|
2018-07-07 17:18:47 +08:00
|
|
|
type FilerOption struct {
|
2023-08-24 22:08:56 +08:00
|
|
|
Masters *pb.ServerDiscovery
|
2022-05-02 12:59:16 +08:00
|
|
|
FilerGroup string
|
2021-03-30 17:10:50 +08:00
|
|
|
Collection string
|
|
|
|
DefaultReplication string
|
|
|
|
DisableDirListing bool
|
|
|
|
MaxMB int
|
|
|
|
DirListingLimit int
|
|
|
|
DataCenter string
|
|
|
|
Rack string
|
2021-12-22 21:57:26 +08:00
|
|
|
DataNode string
|
2021-03-30 17:10:50 +08:00
|
|
|
DefaultLevelDbDir string
|
|
|
|
DisableHttp bool
|
2021-09-13 13:47:52 +08:00
|
|
|
Host pb.ServerAddress
|
2021-03-30 17:10:50 +08:00
|
|
|
recursiveDelete bool
|
|
|
|
Cipher bool
|
2021-04-01 17:21:40 +08:00
|
|
|
SaveToFilerLimit int64
|
2021-03-30 17:10:50 +08:00
|
|
|
ConcurrentUploadLimit int64
|
2022-06-15 00:30:49 +08:00
|
|
|
ShowUIDirectoryDelete bool
|
2022-08-05 16:16:42 +08:00
|
|
|
DownloadMaxBytesPs int64
|
2023-02-26 01:48:59 +08:00
|
|
|
DiskType string
|
2023-12-21 08:21:11 +08:00
|
|
|
AllowedOrigins []string
|
2024-02-28 00:38:55 +08:00
|
|
|
ExposeDirectoryData bool
|
2018-07-07 17:18:47 +08:00
|
|
|
}
|
|
|
|
|
2014-03-31 02:28:04 +08:00
|
|
|
type FilerServer struct {
|
2024-03-17 02:38:27 +08:00
|
|
|
inFlightDataSize int64
|
|
|
|
listenersWaits int64
|
|
|
|
|
|
|
|
// notifying clients
|
|
|
|
listenersLock sync.Mutex
|
|
|
|
listenersCond *sync.Cond
|
|
|
|
|
2022-08-11 13:27:13 +08:00
|
|
|
inFlightDataLimitCond *sync.Cond
|
|
|
|
|
2021-12-05 16:42:25 +08:00
|
|
|
filer_pb.UnimplementedSeaweedFilerServer
|
2019-02-19 04:11:52 +08:00
|
|
|
option *FilerOption
|
|
|
|
secret security.SigningKey
|
2020-09-01 15:21:19 +08:00
|
|
|
filer *filer.Filer
|
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client
- one JWT for reading and one for writing, analogous to how the JWT
between Master and Volume Server works
- I did not implement IP `whiteList` parameter on the filer
Additionally, because http_util.DownloadFile now sets the JWT,
the `download` command should now work when `jwt.signing.read` is
configured. By looking at the code, I think this case did not work
before.
## Docs to be adjusted after a release
Page `Amazon-S3-API`:
```
# Authentication with Filer
You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as
explained in [Security-Configuration](Security-Configuration) -
controlled by the `grpc.*` configuration in `security.toml`.
Starting with version XX, it is also possible to authenticate the HTTP
operations between the S3-API-Proxy and the Filer (especially
uploading new files). This is configured by setting
`filer_jwt.signing.key` and `filer_jwt.signing.read.key` in
`security.toml`.
With both configurations (gRPC and JWT), it is possible to have Filer
and S3 communicate in fully authenticated fashion; so Filer will reject
any unauthenticated communication.
```
Page `Security Overview`:
```
The following items are not covered, yet:
- master server http REST services
Starting with version XX, the Filer HTTP REST services can be secured
with a JWT, by setting `filer_jwt.signing.key` and
`filer_jwt.signing.read.key` in `security.toml`.
...
Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer.
Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).**
...
# Securing Filer HTTP with JWT
To enable JWT-based access control for the Filer,
1. generate `security.toml` file by `weed scaffold -config=security`
2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string
3. copy the same `security.toml` file to the filers and all S3 proxies.
If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`.
If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`.
The S3 API Gateway reads the above JWT keys and sends authenticated
HTTP requests to the filer.
```
Page `Security Configuration`:
```
(update scaffold file)
...
[filer_jwt.signing]
key = "blahblahblahblah"
[filer_jwt.signing.read]
key = "blahblahblahblah"
```
Resolves: #158
2021-12-30 02:47:53 +08:00
|
|
|
filerGuard *security.Guard
|
2024-04-08 22:27:00 +08:00
|
|
|
volumeGuard *security.Guard
|
2019-02-19 04:11:52 +08:00
|
|
|
grpcDialOption grpc.DialOption
|
2020-03-30 16:19:33 +08:00
|
|
|
|
2020-09-17 21:43:54 +08:00
|
|
|
// metrics read from the master
|
|
|
|
metricsAddress string
|
|
|
|
metricsIntervalSec int
|
|
|
|
|
2021-12-30 16:23:57 +08:00
|
|
|
// track known metadata listeners
|
|
|
|
knownListenersLock sync.Mutex
|
2022-07-24 01:50:28 +08:00
|
|
|
knownListeners map[int32]int32
|
2014-03-31 02:28:04 +08:00
|
|
|
}
|
|
|
|
|
2018-07-07 17:18:47 +08:00
|
|
|
func NewFilerServer(defaultMux, readonlyMux *http.ServeMux, option *FilerOption) (fs *FilerServer, err error) {
|
2018-10-08 01:54:05 +08:00
|
|
|
|
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client
- one JWT for reading and one for writing, analogous to how the JWT
between Master and Volume Server works
- I did not implement IP `whiteList` parameter on the filer
Additionally, because http_util.DownloadFile now sets the JWT,
the `download` command should now work when `jwt.signing.read` is
configured. By looking at the code, I think this case did not work
before.
## Docs to be adjusted after a release
Page `Amazon-S3-API`:
```
# Authentication with Filer
You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as
explained in [Security-Configuration](Security-Configuration) -
controlled by the `grpc.*` configuration in `security.toml`.
Starting with version XX, it is also possible to authenticate the HTTP
operations between the S3-API-Proxy and the Filer (especially
uploading new files). This is configured by setting
`filer_jwt.signing.key` and `filer_jwt.signing.read.key` in
`security.toml`.
With both configurations (gRPC and JWT), it is possible to have Filer
and S3 communicate in fully authenticated fashion; so Filer will reject
any unauthenticated communication.
```
Page `Security Overview`:
```
The following items are not covered, yet:
- master server http REST services
Starting with version XX, the Filer HTTP REST services can be secured
with a JWT, by setting `filer_jwt.signing.key` and
`filer_jwt.signing.read.key` in `security.toml`.
...
Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer.
Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).**
...
# Securing Filer HTTP with JWT
To enable JWT-based access control for the Filer,
1. generate `security.toml` file by `weed scaffold -config=security`
2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string
3. copy the same `security.toml` file to the filers and all S3 proxies.
If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`.
If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`.
The S3 API Gateway reads the above JWT keys and sends authenticated
HTTP requests to the filer.
```
Page `Security Configuration`:
```
(update scaffold file)
...
[filer_jwt.signing]
key = "blahblahblahblah"
[filer_jwt.signing.read]
key = "blahblahblahblah"
```
Resolves: #158
2021-12-30 02:47:53 +08:00
|
|
|
v := util.GetViper()
|
|
|
|
signingKey := v.GetString("jwt.filer_signing.key")
|
|
|
|
v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
|
|
|
|
expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
|
|
|
|
|
|
|
|
readSigningKey := v.GetString("jwt.filer_signing.read.key")
|
|
|
|
v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
|
|
|
|
readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
|
|
|
|
|
2024-04-08 22:27:00 +08:00
|
|
|
volumeSigningKey := v.GetString("jwt.signing.key")
|
|
|
|
v.SetDefault("jwt.signing.expires_after_seconds", 10)
|
|
|
|
volumeExpiresAfterSec := v.GetInt("jwt.signing.expires_after_seconds")
|
|
|
|
|
|
|
|
volumeReadSigningKey := v.GetString("jwt.signing.read.key")
|
|
|
|
v.SetDefault("jwt.signing.read.expires_after_seconds", 60)
|
|
|
|
volumeReadExpiresAfterSec := v.GetInt("jwt.signing.read.expires_after_seconds")
|
|
|
|
|
2023-12-21 08:21:11 +08:00
|
|
|
v.SetDefault("cors.allowed_origins.values", "*")
|
|
|
|
|
2024-01-09 03:35:20 +08:00
|
|
|
allowedOrigins := v.GetString("cors.allowed_origins.values")
|
|
|
|
domains := strings.Split(allowedOrigins, ",")
|
|
|
|
option.AllowedOrigins = domains
|
2023-12-21 08:21:11 +08:00
|
|
|
|
2024-02-28 00:38:55 +08:00
|
|
|
v.SetDefault("filer.expose_directory_metadata.enabled", true)
|
|
|
|
returnDirMetadata := v.GetBool("filer.expose_directory_metadata.enabled")
|
|
|
|
option.ExposeDirectoryData = returnDirMetadata
|
|
|
|
|
2014-03-31 02:28:04 +08:00
|
|
|
fs = &FilerServer{
|
2021-03-30 17:10:50 +08:00
|
|
|
option: option,
|
|
|
|
grpcDialOption: security.LoadClientTLS(util.GetViper(), "grpc.filer"),
|
2022-07-24 01:50:28 +08:00
|
|
|
knownListeners: make(map[int32]int32),
|
2021-03-30 17:10:50 +08:00
|
|
|
inFlightDataLimitCond: sync.NewCond(new(sync.Mutex)),
|
2014-03-31 02:28:04 +08:00
|
|
|
}
|
2020-04-05 15:51:16 +08:00
|
|
|
fs.listenersCond = sync.NewCond(&fs.listenersLock)
|
2018-06-01 15:39:39 +08:00
|
|
|
|
2023-08-24 22:08:56 +08:00
|
|
|
option.Masters.RefreshBySrvIfAvailable()
|
|
|
|
if len(option.Masters.GetInstances()) == 0 {
|
2018-06-01 15:39:39 +08:00
|
|
|
glog.Fatal("master list is required!")
|
|
|
|
}
|
2023-10-13 05:29:55 +08:00
|
|
|
v.SetDefault("filer.options.max_file_name_length", 255)
|
|
|
|
maxFilenameLength := v.GetUint32("filer.options.max_file_name_length")
|
|
|
|
fs.filer = filer.NewFiler(*option.Masters, fs.grpcDialOption, option.Host, option.FilerGroup, option.Collection, option.DefaultReplication, option.DataCenter, maxFilenameLength, func() {
|
2024-03-17 02:38:27 +08:00
|
|
|
if atomic.LoadInt64(&fs.listenersWaits) > 0 {
|
|
|
|
fs.listenersCond.Broadcast()
|
|
|
|
}
|
2020-07-06 14:05:02 +08:00
|
|
|
})
|
2020-03-06 16:49:47 +08:00
|
|
|
fs.filer.Cipher = option.Cipher
|
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client
- one JWT for reading and one for writing, analogous to how the JWT
between Master and Volume Server works
- I did not implement IP `whiteList` parameter on the filer
Additionally, because http_util.DownloadFile now sets the JWT,
the `download` command should now work when `jwt.signing.read` is
configured. By looking at the code, I think this case did not work
before.
## Docs to be adjusted after a release
Page `Amazon-S3-API`:
```
# Authentication with Filer
You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as
explained in [Security-Configuration](Security-Configuration) -
controlled by the `grpc.*` configuration in `security.toml`.
Starting with version XX, it is also possible to authenticate the HTTP
operations between the S3-API-Proxy and the Filer (especially
uploading new files). This is configured by setting
`filer_jwt.signing.key` and `filer_jwt.signing.read.key` in
`security.toml`.
With both configurations (gRPC and JWT), it is possible to have Filer
and S3 communicate in fully authenticated fashion; so Filer will reject
any unauthenticated communication.
```
Page `Security Overview`:
```
The following items are not covered, yet:
- master server http REST services
Starting with version XX, the Filer HTTP REST services can be secured
with a JWT, by setting `filer_jwt.signing.key` and
`filer_jwt.signing.read.key` in `security.toml`.
...
Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer.
Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).**
...
# Securing Filer HTTP with JWT
To enable JWT-based access control for the Filer,
1. generate `security.toml` file by `weed scaffold -config=security`
2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string
3. copy the same `security.toml` file to the filers and all S3 proxies.
If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`.
If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`.
The S3 API Gateway reads the above JWT keys and sends authenticated
HTTP requests to the filer.
```
Page `Security Configuration`:
```
(update scaffold file)
...
[filer_jwt.signing]
key = "blahblahblahblah"
[filer_jwt.signing.read]
key = "blahblahblahblah"
```
Resolves: #158
2021-12-30 02:47:53 +08:00
|
|
|
// we do not support IP whitelist right now
|
|
|
|
fs.filerGuard = security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec)
|
2024-04-08 22:27:00 +08:00
|
|
|
fs.volumeGuard = security.NewGuard([]string{}, volumeSigningKey, volumeExpiresAfterSec, volumeReadSigningKey, volumeReadExpiresAfterSec)
|
2018-06-01 15:39:39 +08:00
|
|
|
|
2020-10-01 00:15:55 +08:00
|
|
|
fs.checkWithMaster()
|
2020-04-03 15:40:54 +08:00
|
|
|
|
2021-09-13 13:47:52 +08:00
|
|
|
go stats.LoopPushingMetric("filer", string(fs.option.Host), fs.metricsAddress, fs.metricsIntervalSec)
|
2024-06-15 02:40:34 +08:00
|
|
|
go fs.filer.KeepMasterClientConnected(context.Background())
|
2018-05-26 18:49:46 +08:00
|
|
|
|
2019-06-05 16:30:24 +08:00
|
|
|
if !util.LoadConfiguration("filer", false) {
|
2022-03-06 21:27:25 +08:00
|
|
|
v.SetDefault("leveldb2.enabled", true)
|
|
|
|
v.SetDefault("leveldb2.dir", option.DefaultLevelDbDir)
|
2018-12-06 15:24:25 +08:00
|
|
|
_, err := os.Stat(option.DefaultLevelDbDir)
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
os.MkdirAll(option.DefaultLevelDbDir, 0755)
|
|
|
|
}
|
2020-07-08 14:06:48 +08:00
|
|
|
glog.V(0).Infof("default to create filer store dir in %s", option.DefaultLevelDbDir)
|
2020-12-23 09:33:37 +08:00
|
|
|
} else {
|
|
|
|
glog.Warningf("skipping default store dir in %s", option.DefaultLevelDbDir)
|
2018-12-06 15:24:25 +08:00
|
|
|
}
|
2019-06-05 16:30:24 +08:00
|
|
|
util.LoadConfiguration("notification", false)
|
2018-05-14 14:56:16 +08:00
|
|
|
|
2020-01-01 03:52:54 +08:00
|
|
|
fs.option.recursiveDelete = v.GetBool("filer.options.recursive_delete")
|
2020-04-07 16:58:48 +08:00
|
|
|
v.SetDefault("filer.options.buckets_folder", "/buckets")
|
2020-04-07 16:30:53 +08:00
|
|
|
fs.filer.DirBucketsPath = v.GetString("filer.options.buckets_folder")
|
2024-04-14 22:42:40 +08:00
|
|
|
// TODO deprecated, will be removed after 2020-12-31
|
2022-07-29 15:17:28 +08:00
|
|
|
// replaced by https://github.com/seaweedfs/seaweedfs/wiki/Path-Specific-Configuration
|
2021-05-22 15:24:23 +08:00
|
|
|
// fs.filer.FsyncBuckets = v.GetStringSlice("filer.options.buckets_fsync")
|
2022-05-31 12:27:48 +08:00
|
|
|
isFresh := fs.filer.LoadConfiguration(v)
|
2018-08-20 06:17:55 +08:00
|
|
|
|
2020-01-30 01:09:55 +08:00
|
|
|
notification.LoadConfiguration(v, "notification.")
|
2018-08-13 16:20:49 +08:00
|
|
|
|
2018-10-08 01:54:05 +08:00
|
|
|
handleStaticResources(defaultMux)
|
2019-03-22 07:00:46 +08:00
|
|
|
if !option.DisableHttp {
|
2023-10-08 22:03:18 +08:00
|
|
|
defaultMux.HandleFunc("/healthz", fs.filerHealthzHandler)
|
2019-03-22 07:00:46 +08:00
|
|
|
defaultMux.HandleFunc("/", fs.filerHandler)
|
|
|
|
}
|
2017-05-28 11:14:22 +08:00
|
|
|
if defaultMux != readonlyMux {
|
2020-11-28 05:42:14 +08:00
|
|
|
handleStaticResources(readonlyMux)
|
2024-01-17 23:46:37 +08:00
|
|
|
readonlyMux.HandleFunc("/healthz", fs.filerHealthzHandler)
|
2017-05-28 11:14:22 +08:00
|
|
|
readonlyMux.HandleFunc("/", fs.readonlyFilerHandler)
|
|
|
|
}
|
2014-03-31 02:28:04 +08:00
|
|
|
|
2024-06-15 02:40:34 +08:00
|
|
|
existingNodes := fs.filer.ListExistingPeerUpdates(context.Background())
|
2022-05-31 12:27:48 +08:00
|
|
|
startFromTime := time.Now().Add(-filer.LogFlushInterval)
|
|
|
|
if isFresh {
|
|
|
|
glog.V(0).Infof("%s bootstrap from peers %+v", option.Host, existingNodes)
|
2024-06-29 05:57:20 +08:00
|
|
|
if err := fs.filer.MaybeBootstrapFromOnePeer(option.Host, existingNodes, startFromTime); err != nil {
|
2023-12-08 00:13:42 +08:00
|
|
|
glog.Fatalf("%s bootstrap from %+v: %v", option.Host, existingNodes, err)
|
2022-05-31 12:27:48 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
fs.filer.AggregateFromPeers(option.Host, existingNodes, startFromTime)
|
2020-07-08 14:06:48 +08:00
|
|
|
|
2020-11-16 06:06:03 +08:00
|
|
|
fs.filer.LoadFilerConf()
|
|
|
|
|
2021-07-29 13:43:12 +08:00
|
|
|
fs.filer.LoadRemoteStorageConfAndMapping()
|
|
|
|
|
2020-04-28 14:10:23 +08:00
|
|
|
grace.OnInterrupt(func() {
|
2020-03-15 11:30:26 +08:00
|
|
|
fs.filer.Shutdown()
|
|
|
|
})
|
|
|
|
|
2023-06-26 05:30:58 +08:00
|
|
|
fs.filer.Dlm.LockRing.SetTakeSnapshotCallback(fs.OnDlmChangeSnapshot)
|
2023-06-25 15:58:21 +08:00
|
|
|
|
2023-09-19 09:47:34 +08:00
|
|
|
return fs, nil
|
2019-06-24 06:29:49 +08:00
|
|
|
}
|
|
|
|
|
2020-10-01 00:15:55 +08:00
|
|
|
func (fs *FilerServer) checkWithMaster() {
|
2020-04-03 15:47:33 +08:00
|
|
|
|
2019-06-24 06:29:49 +08:00
|
|
|
isConnected := false
|
|
|
|
for !isConnected {
|
2023-08-24 22:08:56 +08:00
|
|
|
fs.option.Masters.RefreshBySrvIfAvailable()
|
|
|
|
for _, master := range fs.option.Masters.GetInstances() {
|
2021-12-26 16:15:03 +08:00
|
|
|
readErr := operation.WithMasterServerClient(false, master, fs.grpcDialOption, func(masterClient master_pb.SeaweedClient) error {
|
2020-10-01 00:15:55 +08:00
|
|
|
resp, err := masterClient.GetMasterConfiguration(context.Background(), &master_pb.GetMasterConfigurationRequest{})
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("get master %s configuration: %v", master, err)
|
|
|
|
}
|
|
|
|
fs.metricsAddress, fs.metricsIntervalSec = resp.MetricsAddress, int(resp.MetricsIntervalSeconds)
|
|
|
|
return nil
|
|
|
|
})
|
2020-04-03 15:47:48 +08:00
|
|
|
if readErr == nil {
|
|
|
|
isConnected = true
|
|
|
|
} else {
|
|
|
|
time.Sleep(7 * time.Second)
|
|
|
|
}
|
2019-06-24 06:29:49 +08:00
|
|
|
}
|
|
|
|
}
|
2020-09-19 15:03:00 +08:00
|
|
|
|
2014-03-31 02:28:04 +08:00
|
|
|
}
|