Chris Lu
9b94177380
Merge pull request #2543 from skurfuerst/seaweedfs-158
...
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client
2022-01-01 22:34:13 -08:00
Sebastian Kurfuerst
c35660175d
BUGFIX: ensure Authorization header is only added once
2021-12-31 22:06:18 +01:00
Sebastian Kurfuerst
10404c4275
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client
...
- one JWT for reading and one for writing, analogous to how the JWT
between Master and Volume Server works
- I did not implement IP `whiteList` parameter on the filer
Additionally, because http_util.DownloadFile now sets the JWT,
the `download` command should now work when `jwt.signing.read` is
configured. By looking at the code, I think this case did not work
before.
## Docs to be adjusted after a release
Page `Amazon-S3-API`:
```
# Authentication with Filer
You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as
explained in [Security-Configuration](Security-Configuration) -
controlled by the `grpc.*` configuration in `security.toml`.
Starting with version XX, it is also possible to authenticate the HTTP
operations between the S3-API-Proxy and the Filer (especially
uploading new files). This is configured by setting
`filer_jwt.signing.key` and `filer_jwt.signing.read.key` in
`security.toml`.
With both configurations (gRPC and JWT), it is possible to have Filer
and S3 communicate in fully authenticated fashion; so Filer will reject
any unauthenticated communication.
```
Page `Security Overview`:
```
The following items are not covered, yet:
- master server http REST services
Starting with version XX, the Filer HTTP REST services can be secured
with a JWT, by setting `filer_jwt.signing.key` and
`filer_jwt.signing.read.key` in `security.toml`.
...
Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer.
Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).**
...
# Securing Filer HTTP with JWT
To enable JWT-based access control for the Filer,
1. generate `security.toml` file by `weed scaffold -config=security`
2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string
3. copy the same `security.toml` file to the filers and all S3 proxies.
If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`.
If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`.
The S3 API Gateway reads the above JWT keys and sends authenticated
HTTP requests to the filer.
```
Page `Security Configuration`:
```
(update scaffold file)
...
[filer_jwt.signing]
key = "blahblahblahblah"
[filer_jwt.signing.read]
key = "blahblahblahblah"
```
Resolves : #158
2021-12-30 14:45:27 +01:00
chrislu
fb434318e3
dynamically adjust connection timeout
...
better fix for https://github.com/chrislusf/seaweedfs/issues/2541
2021-12-29 22:44:39 -08:00
chrislu
5788bf2270
s3: increase timeout limit
...
https://github.com/chrislusf/seaweedfs/issues/2541
2021-12-29 22:21:02 -08:00
chrislu
c935b9669e
2.83
2021-12-25 01:01:34 -08:00
chrislu
c3b73ec23b
2.82
2021-12-12 23:25:24 -08:00
chrislu
5ea9715721
2.81
...
also sync java client version to SeaweedFS version
2021-12-05 18:05:24 -08:00
Tanmoy Majumdar
ea09fb477a
return ' shouldRetry=true' so that filer can retry the failed chunk
2021-12-03 11:54:20 +06:00
Chris Lu
7227cfddf5
2.80
2021-11-29 00:57:08 -08:00
Chris Lu
3a19eea97c
allocate memory by slabs
2021-11-27 12:13:00 -08:00
Chris Lu
f3c789d662
2.79
2021-11-21 18:40:24 -08:00
Chris Lu
100c654ec3
2.78
2021-11-14 23:29:59 -08:00
Chris Lu
5cf332357b
2.77
2021-11-07 13:52:45 -08:00
Chris Lu
fc9e246592
2.76
2021-10-31 18:08:28 -07:00
Chris Lu
c9d3fb4a30
2.75
2021-10-24 18:15:59 -07:00
Chris Lu
182f43ae5f
2.74
2021-10-18 14:23:54 -07:00
Chris Lu
cd4fa7561b
2.73
2021-10-18 10:47:48 -07:00
Chris Lu
97c963bac9
2.72
2021-10-17 17:40:27 -07:00
Chris Lu
3833dac3f7
continue to read from memory if there is no flush
2021-10-17 13:53:04 -07:00
Chris Lu
8965a53c4d
add warning error
2021-10-16 15:57:30 -07:00
Chris Lu
5fd4b05c5e
Merge pull request #2381 from Juneezee/deprecate-ioutil
...
refactor: move from io/ioutil to io and os package
2021-10-13 22:38:58 -07:00
Chris Lu
46a09c6074
adjust test
2021-10-13 22:38:47 -07:00
Eng Zer Jun
a23bcbb7ec
refactor: move from io/ioutil to io and os package
...
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil . This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2021-10-14 12:27:58 +08:00
Chris Lu
4cbd390fbe
test: add fail message
2021-10-13 20:42:20 -07:00
Chris Lu
3d586be552
2.71
2021-10-10 22:40:44 -07:00
Chris Lu
e4830bd93d
go fmt
2021-10-07 21:13:31 -07:00
Chris Lu
f3d8232e14
reduce one redis lookup on hot path
2021-10-06 22:01:19 -07:00
Chris Lu
371fead8a5
redis3 using redis native sorted set
2021-10-06 18:18:24 -07:00
Chris Lu
893f0587b1
redis3 adds distributed locking
2021-10-06 00:03:54 -07:00
Chris Lu
4ed2994555
use tsMemory to determine whether read from disk or memory
...
remove lastFlushTime
2021-10-04 16:02:56 -07:00
Chris Lu
513fed323a
SkipListElementReference can be an empty object
2021-10-04 02:30:44 -07:00
Chris Lu
280ab7f95c
add test
2021-10-04 02:30:24 -07:00
Chris Lu
366f522a2d
add redis3
2021-10-04 01:01:31 -07:00
Chris Lu
ba7fbac07f
rename
2021-10-03 19:23:34 -07:00
Chris Lu
e6196cdc50
add name list
2021-10-03 17:54:25 -07:00
Chris Lu
a481c4a45e
return previous element if visited
2021-10-03 13:50:52 -07:00
Chris Lu
22d8684e88
refactor out listStore
2021-10-03 02:19:21 -07:00
Chris Lu
d343b0db57
update value
2021-10-03 01:15:14 -07:00
Chris Lu
4f50f8c2ca
insert key and value
2021-10-03 01:07:35 -07:00
Chris Lu
69b84bb771
TestFindGreaterOrEqual
2021-10-02 14:15:49 -07:00
Chris Lu
57e2fd3f9b
remove bptree
2021-10-02 14:03:54 -07:00
Chris Lu
4c1741fdbb
working skiplist
2021-10-02 14:02:56 -07:00
Chris Lu
b6694279d7
Merge branch 'master' into bptree
2021-10-01 16:55:44 -07:00
Chris Lu
1e3fdf366f
go fmt
2021-10-01 12:10:24 -07:00
Chris Lu
cee4d20bc1
2.70
2021-09-26 17:37:46 -07:00
Chris Lu
603ea2db73
avoid looping forever if there are no more metadata updates
2021-09-26 11:55:27 -07:00
Chris Lu
9887610b54
log tsNs should be processing time
2021-09-26 11:54:13 -07:00
Chris Lu
2baed2e1e9
avoid possible metadata subscription data loss
...
Previous implementation append filer logs into one file. So one file is not always sorted, which can lead to miss reading some entries, especially when different filers have different write throughput.
2021-09-25 01:18:44 -07:00
Chris Lu
b3d88180ca
Merge branch 'master' into bptree
2021-09-19 23:56:59 -07:00
Chris Lu
fa7c65bd4b
2.69
2021-09-19 21:44:06 -07:00
Chris Lu
e066e2642c
add NodeStore
2021-09-18 15:32:17 -07:00
Chris Lu
8f2e4be074
wip
2021-09-18 14:04:30 -07:00
Chris Lu
b751debd31
split node based on the last inserted key
2021-09-18 01:29:47 -07:00
Chris Lu
2226c3c8b6
Merge branch 'master' into bptree
2021-09-17 10:35:21 -07:00
Chris Lu
2789d10342
go fmt
2021-09-14 10:37:06 -07:00
Chris Lu
20ac710ceb
2.68
2021-09-13 02:16:09 -07:00
Chris Lu
574485ec69
better IP v6 support
2021-09-07 19:29:42 -07:00
Chris Lu
0128239c0f
handle ipv6 addresses
2021-09-07 16:43:54 -07:00
Chris Lu
9fdf02bcda
remove detecting ipv6
...
Got this error on my local:
transport: Error while dialing dial tcp [fe80::1]:19333: connect: no route to host
related to https://github.com/chrislusf/seaweedfs/pull/2310
2021-09-07 02:31:34 -07:00
Chris Lu
8c6d706328
2.67
2021-09-07 00:08:03 -07:00
Chris Lu
6022db6d6a
2.66
2021-09-05 16:21:14 -07:00
Chris Lu
2348e8d8da
Merge pull request #2310 from nivekuil/ipv6
...
Detect ipv6 addresses
2021-09-05 10:56:44 -07:00
nivekuil
0fe9d2997b
Detect ipv6 addresses
2021-09-05 06:21:40 -07:00
Chris Lu
c5ee03d6af
format
2021-09-04 13:57:55 -07:00
Chris Lu
8ec357b3d3
go mod
2021-09-03 23:25:33 -07:00
Chris Lu
03a31587ce
go fmt
2021-09-03 20:42:28 -07:00
Chris Lu
bca4a9de78
simplify
2021-09-02 23:09:24 -07:00
Chris Lu
958125bd02
conforming to http user agent common practice
2021-09-02 22:55:35 -07:00
Chris Lu
11a496404b
reset wait time
2021-09-02 19:55:01 -07:00
Chris Lu
7ce97b59d8
go fmt
2021-09-01 02:45:42 -07:00
Chris Lu
bec3f63298
2.65
2021-08-28 05:27:33 -07:00
Chris Lu
ff7dc3b44c
2.64
2021-08-23 00:39:15 -07:00
Chris Lu
df1d6133a8
bptree does not work well for auto-increasing keys
2021-08-22 18:19:26 -07:00
Chris Lu
51c8f2518f
change key type to ItemKey
2021-08-21 15:54:42 -07:00
Chris Lu
b3e49d2758
change value type to ItemValue
2021-08-21 15:52:17 -07:00
Chris Lu
38c8470d1d
add back non_dedup
2021-08-21 15:13:13 -07:00
Chris Lu
849f185a20
add memory kv store
2021-08-21 15:00:44 -07:00
Chris Lu
5f6cc9a814
make proto node
2021-08-21 13:36:52 -07:00
Chris Lu
172da83449
bpnode use get prev and next
2021-08-20 18:50:16 -07:00
Chris Lu
01661ec6a7
move to getter setter file
2021-08-20 18:37:34 -07:00
Chris Lu
0c360eb6b2
add getter and setter for root of tree and map
2021-08-20 18:34:50 -07:00
Chris Lu
88d68cad87
remove dedup
2021-08-20 04:14:52 -07:00
qieqieplus
7720533f84
reduce gzip allocation
2021-08-20 18:38:18 +08:00
Chris Lu
2d237da74a
remove size since each put/get will have to update the root node
2021-08-20 01:19:11 -07:00
Chris Lu
ec72547c8d
started by copying from https://sourcegraph.com/github.com/timtadh/data-structures@master/-/tree/tree/bptree
2021-08-20 01:12:52 -07:00
Chris Lu
1f35d32be0
2.63
2021-08-15 23:14:59 -07:00
Chris Lu
bb94930196
add some delays if error
2021-08-15 20:06:47 -07:00
Chris Lu
c3ffd457ef
fix compilation error
2021-08-15 12:40:22 -07:00
Chris Lu
fda2fc47b1
add RetryForever
2021-08-15 12:37:35 -07:00
Chris Lu
9462f5129a
shell: add "remote.meta.sync"
2021-08-15 01:53:46 -07:00
Chris Lu
5a0f92423e
use grpc and jwt
2021-08-12 21:40:33 -07:00
Chris Lu
8cfd487608
2.62
2021-08-08 23:33:12 -07:00
Chris Lu
56ee1d5ef1
2.61
2021-08-01 15:50:19 -07:00
Chris Lu
5dede5d38d
2.60
2021-07-25 22:09:09 -07:00
Chris Lu
7359193e97
go fmt
2021-07-21 14:38:12 -07:00
Chris Lu
a45bbc0b75
2.59
2021-07-15 15:52:22 -07:00
Chris Lu
297b41266b
2.58
2021-07-12 01:33:47 -07:00
bingoohuang
ed57a55eae
show RemoteVolumes/EcVolumes only if it is not empty
2021-07-06 15:20:18 +08:00
Chris Lu
f5fa0b08fd
2.57
2021-07-03 15:10:57 -07:00
Chris Lu
2420c60fc4
log reading adds delay between retries
2021-07-01 14:01:25 -07:00
Chris Lu
b624090398
go fmt
2021-07-01 01:21:14 -07:00
Chris Lu
a2979aa051
2.56
2021-06-27 23:33:45 -07:00
Chris Lu
c764596f96
filer: slow metadata topic read may lose some change events
...
fix https://github.com/chrislusf/seaweedfs/issues/2117
2021-06-27 05:54:16 -07:00
Chris Lu
cc7714fdbe
logging changes to debug
2021-06-27 05:54:16 -07:00
Chris Lu
05af54ad10
2.55
...
trigger migrated travis build
2021-06-23 00:41:04 -07:00
Chris Lu
b3eb4fecc7
2.54
2021-06-19 03:48:15 -07:00
Chris Lu
7a81caa31e
2.53
2021-06-13 17:12:34 -07:00
Chris Lu
7225cb4ac5
add block and mutex profiling
2021-06-13 16:15:54 -07:00
Chris Lu
76f24af79a
2.52
2021-06-07 12:13:23 -07:00
Chris Lu
c8dea3dd89
2.51
2021-06-06 21:54:00 -07:00
Chris Lu
556cc3a4ca
mount: avoid exception if disk cache is not initialized
...
related to https://github.com/chrislusf/seaweedfs/issues/2102
2021-05-31 16:42:55 -07:00
Chris Lu
4233ad3f07
2.50
2021-05-30 20:40:30 -07:00
Chris Lu
dce1f02c9e
filer.backup: backup to local directory optionally is incremental
...
fixed one issue with https://github.com/chrislusf/seaweedfs/issues/2084
2021-05-25 17:19:20 -07:00
Chris Lu
42fb03a66e
2.49
2021-05-23 00:51:47 -07:00
Chris Lu
45a762223a
2.48
2021-05-14 10:26:42 -07:00
Chris Lu
0f7b43af99
2.47
2021-05-11 10:12:15 -07:00
Chris Lu
4596e64710
2.46
2021-05-10 21:58:37 -07:00
Chris Lu
fe2edd4b50
2.45
2021-05-10 13:53:03 -07:00
Chris Lu
aa6949ef25
2.44
2021-05-09 23:28:48 -07:00
Chris Lu
3942e3b2ef
a better fix
2021-05-09 01:42:19 -07:00
Chris Lu
957e1a1bc1
fuse: important: if filer -filer.path is not root, directory listing will fail
2021-05-09 00:32:21 -07:00
Chris Lu
c48ef78670
2.43
2021-05-01 00:39:04 -07:00
Chris Lu
3a86d4dbfd
mount: fix directory invalidation
...
fix https://github.com/chrislusf/seaweedfs/issues/2038
2021-04-30 22:51:06 -07:00
Chris Lu
84312e6799
2.42
2021-04-30 03:14:07 -07:00
Chris Lu
fa0d973113
Merge pull request #2037 from utsl42/reader_at
...
make reader_at handle random reads more efficiently for FUSE
2021-04-28 17:31:46 -07:00
Nathan Hawkins
042de9359c
make reader_at handle random reads more efficiently for FUSE
2021-04-28 19:13:37 -04:00
Chris Lu
a26a37dfa3
fix compilation
...
fix related to #2032
2021-04-28 13:36:53 -07:00
Chris Lu
9dca75aea8
Merge pull request #2032 from tobiasmuehl/patch-2
...
Detect rar archives by mime type
2021-04-28 10:31:19 -07:00
Tobias Mühl
a8864e2abd
Detect rar archives by mime type
...
RAR archives might not have .rar extension, see [Wikipedia](https://en.wikipedia.org/wiki/RAR_(file_format) )
2021-04-28 15:54:19 +07:00
Tobias Mühl
12a7e87007
Do not compress brotli archives
2021-04-28 15:51:49 +07:00
bingoohuang
cf552417a7
minFreeSpace refactored
2021-04-27 10:37:24 +08:00
bingoohuang
31f1cdeac2
minFreeSpace argument allows size like 10GiB
2021-04-26 18:48:34 +08:00
Chris Lu
86185262bb
2.41
2021-04-24 16:54:36 -07:00
Chris Lu
e983f91b03
2.40
2021-04-18 13:58:01 -07:00
Chris Lu
6bc09b18c4
truncate is a bit faster to reuse the storage
2021-04-14 20:26:56 -07:00
Chris Lu
742ab1ec81
2.39
2021-04-11 19:47:11 -07:00
Chris Lu
f62c153274
go fmt
2021-04-10 23:48:18 -07:00
Chris Lu
af313dff58
add gateway for easier POST and DELETE blobs
2021-04-10 23:47:47 -07:00
Chris Lu
a37eca78cd
2.38
2021-04-05 19:41:54 -07:00
Chris Lu
6eee200c13
2.37
2021-04-04 18:45:48 -07:00
Chris Lu
fbb82a5c9c
skip limiting if limit is zero
2021-04-04 18:38:33 -07:00
Chris Lu
bdf2ddddfd
revert to same implementation as before
...
This reverts commit 7e8edc3c4a
.
2021-04-02 02:21:38 -07:00
Chris Lu
7e8edc3c4a
refactoring
2021-04-02 01:10:24 -07:00
Chris Lu
6b7aa9633f
2.36
2021-03-28 19:09:06 -07:00
Chris Lu
4abb511db3
make a local copy of the in memory cached data
2021-03-22 22:33:07 -07:00
Chris Lu
1dd5bc134c
2.35
2021-03-22 00:05:09 -07:00
Chris Lu
9672f9e1b2
2.34
2021-03-16 03:01:15 -07:00
Chris Lu
91a3ac9731
2.33
2021-03-16 00:36:06 -07:00
Chris Lu
4b1ed227d1
revert fasthttp changes
...
related to https://github.com/chrislusf/seaweedfs/issues/1907
2021-03-16 00:33:14 -07:00