Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

changed reload to outdated

This commit is contained in:
Frank Celler 2016-06-03 10:38:47 +02:00
parent 5c0dd05308
commit ee98b59e2f
6 changed files with 208 additions and 279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
arangod/Cluster/HeartbeatThread.cpp
View File

@ -64,7 +64,6 @@ HeartbeatThread::HeartbeatThread(TRI_server_t* server,
_statusLock(),
_agency(),
_condition(),
_refetchUsers(true),
_myId(ServerState::instance()->getId()),
_interval(interval),
_maxFailsBeforeWarning(maxFailsBeforeWarning),
@ -115,7 +114,8 @@ void HeartbeatThread::runDBServer() {
// mop: the heartbeat thread itself is now ready
setReady();
// mop: however we need to wait for the rest server here to come up
// otherwise we would already create collections and the coordinator would think
// otherwise we would already create collections and the coordinator would
// think
// ohhh the dbserver is online...pump some documents into it
// which fails when it is still in maintenance mode
while (arangodb::rest::HttpHandlerFactory::isMaintenance()) {
@ -125,11 +125,11 @@ void HeartbeatThread::runDBServer() {
// convert timeout to seconds
double const interval = (double)_interval / 1000.0 / 1000.0;
std::function<bool(VPackSlice const& result)> updatePlan = [&](
VPackSlice const& result) {
std::function<bool(VPackSlice const& result)> updatePlan =
[&](VPackSlice const& result) {
if (!result.isNumber()) {
LOG_TOPIC(ERR, Logger::HEARTBEAT)
<< "Plan Version is not a number! " << result.toJson();
LOG_TOPIC(ERR, Logger::HEARTBEAT) << "Plan Version is not a number! "
<< result.toJson();
return false;
}
uint64_t version = result.getNumber<uint64_t>();
@ -189,8 +189,7 @@ void HeartbeatThread::runDBServer() {
LOG_TOPIC(TRACE, Logger::HEARTBEAT)
<< "Looking at Sync/Commands/" + _myId;
AgencyCommResult result =
_agency.getValues("Sync/Commands/" + _myId);
AgencyCommResult result = _agency.getValues("Sync/Commands/" + _myId);
if (result.successful()) {
handleStateChange(result);
@ -206,9 +205,8 @@ void HeartbeatThread::runDBServer() {
LOG_TOPIC(ERR, Logger::HEARTBEAT)
<< "Could not read Current/Version from agency.";
} else {
VPackSlice s
= res.slice()[0].get(std::vector<std::string>(
{_agency.prefix(), std::string("Current"),
VPackSlice s = res.slice()[0].get(
std::vector<std::string>({_agency.prefix(), std::string("Current"),
std::string("Version")}));
if (!s.isInteger()) {
LOG_TOPIC(ERR, Logger::HEARTBEAT)
@ -320,8 +318,8 @@ void HeartbeatThread::runCoordinator() {
break;
}
AgencyReadTransaction trx(std::vector<std::string>({
_agency.prefixPath() + "Plan/Version",
AgencyReadTransaction trx(std::vector<std::string>(
{_agency.prefixPath() + "Plan/Version",
_agency.prefixPath() + "Current/Version",
_agency.prefixPath() + "Sync/Commands/" + _myId,
_agency.prefixPath() + "Sync/UserVersion"}));
@ -336,9 +334,8 @@ void HeartbeatThread::runCoordinator() {
handleStateChange(result);
VPackSlice versionSlice
= result.slice()[0].get(std::vector<std::string>(
{_agency.prefix(), "Plan", "Version"}));
VPackSlice versionSlice = result.slice()[0].get(
std::vector<std::string>({_agency.prefix(), "Plan", "Version"}));
if (versionSlice.isInteger()) {
// there is a plan version
@ -346,8 +343,7 @@ void HeartbeatThread::runCoordinator() {
uint64_t planVersion = 0;
try {
planVersion = versionSlice.getUInt();
}
catch (...) {
} catch (...) {
}
if (planVersion > lastPlanVersionNoticed) {
@ -363,58 +359,30 @@ void HeartbeatThread::runCoordinator() {
}
}
VPackSlice slice =
result.slice()[0].get(std::vector<std::string>(
{_agency.prefix(), "Sync", "UserVersion"}));
VPackSlice slice = result.slice()[0].get(
std::vector<std::string>({_agency.prefix(), "Sync", "UserVersion"}));
if (slice.isInteger()) {
// there is a UserVersion
uint64_t userVersion = 0;
try {
userVersion = slice.getUInt();
} catch (...) {
}
catch (...) {
}
if (userVersion > 0 && userVersion != oldUserVersion) {
// reload user cache for all databases
std::vector<DatabaseID> dbs =
ClusterInfo::instance()->databases(true);
std::vector<DatabaseID>::iterator i;
bool allOK = true;
for (i = dbs.begin(); i != dbs.end(); ++i) {
TRI_vocbase_t* vocbase =
TRI_UseCoordinatorDatabaseServer(_server, i->c_str());
if (vocbase != nullptr && TRI_EqualString(vocbase->_name, TRI_VOC_SYSTEM_DATABASE)) {
LOG_TOPIC(DEBUG, Logger::HEARTBEAT)
<< "Reloading users for database " << vocbase->_name
<< ".";
if (!fetchUsers()) {
// something is wrong... probably the database server
// with the _users collection is not yet available
allOK = false;
// we will not set oldUserVersion such that we will try this
// very same exercise again in the next heartbeat
}
TRI_ReleaseVocBase(vocbase);
}
}
if (allOK) {
oldUserVersion = userVersion;
}
RestServerFeature::AUTH_INFO.outdate();
}
}
versionSlice = result.slice()[0].get(std::vector<std::string>(
{_agency.prefix(), "Current", "Version"}));
versionSlice = result.slice()[0].get(
std::vector<std::string>({_agency.prefix(), "Current", "Version"}));
if (versionSlice.isInteger()) {
uint64_t currentVersion = 0;
try {
currentVersion = versionSlice.getUInt();
}
catch (...) {
} catch (...) {
}
if (currentVersion > lastCurrentVersionNoticed) {
LOG_TOPIC(TRACE, Logger::HEARTBEAT)
@ -440,7 +408,6 @@ void HeartbeatThread::runCoordinator() {
remain = 0.0;
}
}
}
LOG_TOPIC(TRACE, Logger::HEARTBEAT) << "stopped heartbeat thread";
@ -496,7 +463,6 @@ void HeartbeatThread::removeDispatchedJob(DBServerAgencySyncResult result) {
static std::string const prefixPlanChangeCoordinator = "Plan/Databases";
bool HeartbeatThread::handlePlanChangeCoordinator(uint64_t currentPlanVersion) {
bool fetchingUsersFailed = false;
LOG_TOPIC(TRACE, Logger::HEARTBEAT) << "found a plan update";
AgencyCommResult result;
@ -509,11 +475,9 @@ bool HeartbeatThread::handlePlanChangeCoordinator(uint64_t currentPlanVersion) {
}
if (result.successful()) {
std::vector<TRI_voc_tick_t> ids;
velocypack::Slice databases =
result.slice()[0].get(std::vector<std::string>(
{AgencyComm::prefix(), "Plan", "Databases"}));
velocypack::Slice databases = result.slice()[0].get(
std::vector<std::string>({AgencyComm::prefix(), "Plan", "Databases"}));
if (!databases.isObject()) {
return false;
@ -522,8 +486,7 @@ bool HeartbeatThread::handlePlanChangeCoordinator(uint64_t currentPlanVersion) {
// loop over all database names we got and create a local database
// instance if not yet present:
for (auto const& options : VPackObjectIterator (databases)) {
for (auto const& options : VPackObjectIterator(databases)) {
if (!options.value.isObject()) {
continue;
}
@ -571,25 +534,7 @@ bool HeartbeatThread::handlePlanChangeCoordinator(uint64_t currentPlanVersion) {
// create a local database object...
TRI_CreateCoordinatorDatabaseServer(_server, id, name.c_str(),
&defaults, &vocbase);
if (vocbase != nullptr && TRI_EqualString(vocbase->_name, TRI_VOC_SYSTEM_DATABASE)) {
HasRunOnce = 1;
// insert initial user(s) for database
if (!fetchUsers()) {
TRI_ReleaseVocBase(vocbase);
return false; // We give up, we will try again in the
// next heartbeat
}
}
} else if (TRI_EqualString(vocbase->_name, TRI_VOC_SYSTEM_DATABASE)) {
if (_refetchUsers) {
// must re-fetch users for an existing database
if (!fetchUsers()) {
fetchingUsersFailed = true;
}
}
} else {
TRI_ReleaseVocBase(vocbase);
}
}
@ -701,9 +646,8 @@ bool HeartbeatThread::syncDBServerStatusQuo() {
////////////////////////////////////////////////////////////////////////////////
bool HeartbeatThread::handleStateChange(AgencyCommResult& result) {
VPackSlice const slice = result.slice()[0].get(
std::vector<std::string>({ AgencyComm::prefix(), "Sync",
"Commands", _myId }));
VPackSlice const slice = result.slice()[0].get(std::vector<std::string>(
{AgencyComm::prefix(), "Sync", "Commands", _myId}));
if (slice.isString()) {
std::string command = slice.copyString();
ServerState::StateEnum newState = ServerState::stringToState(command);
@ -724,7 +668,7 @@ bool HeartbeatThread::handleStateChange(AgencyCommResult& result) {
bool HeartbeatThread::sendState() {
const AgencyCommResult result = _agency.sendServerState(0.0);
// 8.0 * static_cast<double>(_interval) / 1000.0 / 1000.0);
// 8.0 * static_cast<double>(_interval) / 1000.0 / 1000.0);
if (result.successful()) {
_numFails = 0;
@ -735,37 +679,10 @@ bool HeartbeatThread::sendState() {
std::string const endpoints = AgencyComm::getEndpointsString();
LOG_TOPIC(WARN, Logger::HEARTBEAT)
<< "heartbeat could not be sent to agency endpoints ("
<< endpoints << "): http code: " << result.httpCode()
<< ", body: " << result.body();
<< "heartbeat could not be sent to agency endpoints (" << endpoints
<< "): http code: " << result.httpCode() << ", body: " << result.body();
_numFails = 0;
}
return false;
}
////////////////////////////////////////////////////////////////////////////////
/// @brief fetch users for a database (run on coordinator only)
////////////////////////////////////////////////////////////////////////////////
bool HeartbeatThread::fetchUsers() {
VPackBuilder builder;
builder.openArray();
LOG_TOPIC(TRACE, Logger::HEARTBEAT)
<< "fetching users for database";
bool result = RestServerFeature::AUTH_INFO.reload();
if (result) {
LOG_TOPIC(TRACE, Logger::HEARTBEAT)
<< "fetching users successful";
_refetchUsers = false;
} else {
LOG_TOPIC(TRACE, Logger::HEARTBEAT)
<< "fetching users failed";
_refetchUsers = true;
}
return result;
}

12
arangod/Cluster/HeartbeatThread.h
View File

@ -136,12 +136,6 @@ class HeartbeatThread : public Thread {
bool sendState();
//////////////////////////////////////////////////////////////////////////////
/// @brief fetch users for a database (run on coordinator only)
//////////////////////////////////////////////////////////////////////////////
bool fetchUsers();
//////////////////////////////////////////////////////////////////////////////
/// @brief bring the db server in sync with the desired state
//////////////////////////////////////////////////////////////////////////////
@ -179,12 +173,6 @@ class HeartbeatThread : public Thread {
arangodb::basics::ConditionVariable _condition;
//////////////////////////////////////////////////////////////////////////////
/// @brief users will be re-fetched the next time the heartbeat thread runs
//////////////////////////////////////////////////////////////////////////////
bool _refetchUsers;
//////////////////////////////////////////////////////////////////////////////
/// @brief this server's id
//////////////////////////////////////////////////////////////////////////////

2
arangod/RestServer/RestServerFeature.cpp
View File

@ -298,7 +298,7 @@ void RestServerFeature::start() {
// populate the authentication cache. otherwise no one can access the new
// database
RestServerFeature::AUTH_INFO.reload();
RestServerFeature::AUTH_INFO.outdate();
}
void RestServerFeature::stop() {

6
arangod/V8Server/v8-vocbase.cpp
View File

@ -945,13 +945,9 @@ static void JS_ReloadAuth(v8::FunctionCallbackInfo<v8::Value> const& args) {
TRI_V8_THROW_EXCEPTION_USAGE("RELOAD_AUTH()");
}
bool result = RestServerFeature::AUTH_INFO.reload();
RestServerFeature::AUTH_INFO.outdate();
if (result) {
TRI_V8_RETURN_TRUE();
}
TRI_V8_RETURN_FALSE();
TRI_V8_TRY_CATCH_END
}

61
arangod/VocBase/AuthInfo.cpp
View File

@ -117,8 +117,7 @@ static AuthEntry CreateAuthEntry(VPackSlice const& slice) {
} else {
databases.emplace(key, AuthLevel::RW);
}
}
else if (TRI_CaseEqualString(value, "ro", 2)) {
} else if (TRI_CaseEqualString(value, "ro", 2)) {
if (key == "*") {
allDatabases = AuthLevel::RO;
} else {
@ -130,8 +129,8 @@ static AuthEntry CreateAuthEntry(VPackSlice const& slice) {
// build authentication entry
return AuthEntry(userSlice.copyString(), methodSlice.copyString(),
saltSlice.copyString(), hashSlice.copyString(),
databases, allDatabases, active, mustChange);
saltSlice.copyString(), hashSlice.copyString(), databases,
allDatabases, active, mustChange);
}
AuthLevel AuthEntry::canUseDatabase(std::string const& dbname) const {
@ -217,7 +216,7 @@ bool AuthInfo::populate(VPackSlice const& slice) {
return true;
}
bool AuthInfo::reload() {
void AuthInfo::reload() {
insertInitial();
TRI_vocbase_t* vocbase = DatabaseFeature::DATABASE->vocbase();
@ -225,7 +224,7 @@ bool AuthInfo::reload() {
if (vocbase == nullptr) {
LOG(DEBUG) << "system database is unknown, cannot load authentication "
<< "and authorization information";
return false;
return;
}
LOG(DEBUG) << "starting to load authentication and authorization information";
@ -236,7 +235,8 @@ bool AuthInfo::reload() {
int res = trx.begin();
if (res != TRI_ERROR_NO_ERROR) {
return false;
LOG(ERR) << "cannot start transaction to load authentication";
return;
}
OperationResult users =
@ -246,14 +246,14 @@ bool AuthInfo::reload() {
if (users.failed()) {
LOG(ERR) << "cannot read users from _users collection";
return false;
return;
}
auto usersSlice = users.slice();
if (!usersSlice.isArray()) {
LOG(ERR) << "cannot read users from _users collection";
return false;
return;
}
if (usersSlice.length() == 0) {
@ -262,11 +262,15 @@ bool AuthInfo::reload() {
populate(usersSlice);
}
return true;
_outdated = false;
}
AuthResult AuthInfo::checkPassword(std::string const& username,
std::string const& password) {
if (_outdated) {
reload();
}
AuthResult result;
// look up username
@ -340,7 +344,12 @@ AuthResult AuthInfo::checkPassword(std::string const& username,
return result;
}
AuthLevel AuthInfo::canUseDatabase(std::string const& username, std::string const& dbname) {
AuthLevel AuthInfo::canUseDatabase(std::string const& username,
std::string const& dbname) {
if (_outdated) {
reload();
}
auto const& it = _authInfo.find(username);
if (it == _authInfo.end()) {
@ -352,7 +361,12 @@ AuthLevel AuthInfo::canUseDatabase(std::string const& username, std::string cons
return entry.canUseDatabase(dbname);
}
AuthResult AuthInfo::checkAuthentication(AuthType authType, std::string const& secret) {
AuthResult AuthInfo::checkAuthentication(AuthType authType,
std::string const& secret) {
if (_outdated) {
reload();
}
switch (authType) {
case AuthType::BASIC:
return checkAuthenticationBasic(secret);
@ -429,7 +443,8 @@ AuthResult AuthInfo::checkAuthenticationJWT(std::string const& secret) {
return result;
}
std::shared_ptr<VPackBuilder> AuthInfo::parseJson(std::string const& str, std::string const& hint) {
std::shared_ptr<VPackBuilder> AuthInfo::parseJson(std::string const& str,
std::string const& hint) {
std::shared_ptr<VPackBuilder> result;
VPackParser parser;
try {
@ -447,7 +462,8 @@ std::shared_ptr<VPackBuilder> AuthInfo::parseJson(std::string const& str, std::s
}
bool AuthInfo::validateJwtHeader(std::string const& header) {
std::shared_ptr<VPackBuilder> headerBuilder = parseJson(StringUtils::decodeBase64(header), "jwt header");
std::shared_ptr<VPackBuilder> headerBuilder =
parseJson(StringUtils::decodeBase64(header), "jwt header");
if (headerBuilder.get() == nullptr) {
return false;
}
@ -481,7 +497,8 @@ bool AuthInfo::validateJwtHeader(std::string const& header) {
}
bool AuthInfo::validateJwtBody(std::string const& body, std::string* username) {
std::shared_ptr<VPackBuilder> bodyBuilder = parseJson(StringUtils::decodeBase64(body), "jwt body");
std::shared_ptr<VPackBuilder> bodyBuilder =
parseJson(StringUtils::decodeBase64(body), "jwt body");
if (bodyBuilder.get() == nullptr) {
return false;
}
@ -515,8 +532,10 @@ bool AuthInfo::validateJwtBody(std::string const& body, std::string* username) {
return false;
}
std::chrono::system_clock::time_point expires(std::chrono::seconds(expSlice.getNumber<uint64_t>()));
std::chrono::system_clock::time_point now = std::chrono::system_clock::now();
std::chrono::system_clock::time_point expires(
std::chrono::seconds(expSlice.getNumber<uint64_t>()));
std::chrono::system_clock::time_point now =
std::chrono::system_clock::now();
if (now >= expires) {
return false;
@ -525,9 +544,13 @@ bool AuthInfo::validateJwtBody(std::string const& body, std::string* username) {
return true;
}
bool AuthInfo::validateJwtHMAC256Signature(std::string const& message, std::string const& signature) {
bool AuthInfo::validateJwtHMAC256Signature(std::string const& message,
std::string const& signature) {
std::string decodedSignature = StringUtils::decodeBase64U(signature);
std::string const& jwtSecret = RestServerFeature::getJwtSecret();
return verifyHMAC(jwtSecret.c_str(), jwtSecret.length(), message.c_str(), message.length(), decodedSignature.c_str(), decodedSignature.length(), SslInterface::Algorithm::ALGORITHM_SHA256);
return verifyHMAC(jwtSecret.c_str(), jwtSecret.length(), message.c_str(),
message.length(), decodedSignature.c_str(),
decodedSignature.length(),
SslInterface::Algorithm::ALGORITHM_SHA256);
}

7
arangod/VocBase/AuthInfo.h
View File

@ -96,7 +96,10 @@ class AuthInfo {
};
public:
bool reload();
AuthInfo() : _outdated(true) {}
public:
void outdate() { _outdated = true; }
AuthResult checkPassword(std::string const& username,
std::string const& password);
@ -108,6 +111,7 @@ class AuthInfo {
std::string const& dbname);
private:
void reload();
void clear();
void insertInitial();
bool populate(velocypack::Slice const& slice);
@ -121,6 +125,7 @@ class AuthInfo {
private:
basics::ReadWriteLock _authInfoLock;
std::atomic<bool> _outdated;
std::unordered_map<std::string, arangodb::AuthEntry> _authInfo;
std::unordered_map<std::string, arangodb::AuthResult> _authBasicCache;