Skip to content

Commit d52e4ad

Browse files
author
caoxianfei1
committed
Feat: Support distribute auth key to service
1 parent 3b6b0a1 commit d52e4ad

File tree

17 files changed

+440
-24
lines changed

17 files changed

+440
-24
lines changed

cli/command/deploy.go

+40-3
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ const (
4444
SYNC_CONFIG = playbook.SYNC_CONFIG
4545
START_ETCD = playbook.START_ETCD
4646
START_MDS = playbook.START_MDS
47+
DIST_AUTH_KEY = playbook.DIST_AUTH_KEY
4748
CREATE_PHYSICAL_POOL = playbook.CREATE_PHYSICAL_POOL
4849
START_CHUNKSERVER = playbook.START_CHUNKSERVER
4950
CREATE_LOGICAL_POOL = playbook.CREATE_LOGICAL_POOL
@@ -66,6 +67,7 @@ var (
6667
SYNC_CONFIG,
6768
START_ETCD,
6869
START_MDS,
70+
DIST_AUTH_KEY,
6971
CREATE_PHYSICAL_POOL,
7072
START_CHUNKSERVER,
7173
CREATE_LOGICAL_POOL,
@@ -93,12 +95,14 @@ var (
9395
CREATE_PHYSICAL_POOL: ROLE_MDS,
9496
CREATE_LOGICAL_POOL: ROLE_MDS,
9597
BALANCE_LEADER: ROLE_MDS,
98+
DIST_AUTH_KEY: ROLE_MDS,
9699
}
97100

98101
DEPLOY_LIMIT_SERVICE = map[int]int{
99102
CREATE_PHYSICAL_POOL: 1,
100103
CREATE_LOGICAL_POOL: 1,
101104
BALANCE_LEADER: 1,
105+
DIST_AUTH_KEY: 1,
102106
}
103107

104108
CAN_SKIP_ROLES = []string{
@@ -160,13 +164,15 @@ func skipServiceRole(deployConfigs []*topology.DeployConfig, options deployOptio
160164
return dcs
161165
}
162166

163-
func skipDeploySteps(deploySteps []int, options deployOptions) []int {
167+
func skipDeploySteps(dcs []*topology.DeployConfig, deploySteps []int, options deployOptions) []int {
164168
steps := []int{}
165169
skipped := utils.Slice2Map(options.skip)
166170
for _, step := range deploySteps {
167-
if step == START_SNAPSHOTCLONE && skipped[ROLE_SNAPSHOTCLONE] {
171+
if (step == START_SNAPSHOTCLONE && skipped[ROLE_SNAPSHOTCLONE]) ||
172+
(step == DIST_AUTH_KEY && !dcs[0].GetAuthEnable()) {
168173
continue
169174
}
175+
170176
steps = append(steps, step)
171177
}
172178
return steps
@@ -211,10 +217,38 @@ func genDeployPlaybook(curveadm *cli.CurveAdm,
211217
if kind == topology.KIND_CURVEBS {
212218
steps = CURVEBS_DEPLOY_STEPS
213219
}
214-
steps = skipDeploySteps(steps, options)
220+
steps = skipDeploySteps(dcs, steps, options)
215221
poolset := options.poolset
216222
diskType := options.poolsetDiskType
217223

224+
// record all auth key info
225+
var authServerKey string
226+
stepDistAuthKeyOptions := make(map[string]comm.RoleAuthInfo)
227+
if kind == topology.KIND_CURVEBS && dcs[0].GetAuthEnable() {
228+
for _, dc := range dcs {
229+
role := dc.GetRole()
230+
if role == ROLE_ETCD {
231+
continue
232+
}
233+
if _, ok := stepDistAuthKeyOptions[role]; ok {
234+
continue
235+
}
236+
237+
stepDistAuthKeyOptions[role] = comm.RoleAuthInfo{
238+
AuthEnable: dc.GetAuthEnable(),
239+
AuthClientEnable: dc.GetAuthClientEnable(),
240+
AuthServerKey: dc.GetAuthServerKey(),
241+
AuthKeyCurrent: dc.GetAuthKeyCurrent(),
242+
AuthClientKey: dc.GetAuthClientKey(),
243+
AuthClientId: dc.GetAuthClientId(),
244+
}
245+
246+
if role == topology.ROLE_MDS {
247+
authServerKey = dc.GetAuthServerKey()
248+
}
249+
}
250+
}
251+
218252
pb := playbook.NewPlaybook(curveadm)
219253
for _, step := range steps {
220254
// configs
@@ -237,6 +271,9 @@ func genDeployPlaybook(curveadm *cli.CurveAdm,
237271
options[comm.POOLSET_DISK_TYPE] = diskType
238272
} else if step == CREATE_LOGICAL_POOL {
239273
options[comm.KEY_CREATE_POOL_TYPE] = comm.POOL_TYPE_LOGICAL
274+
} else if step == DIST_AUTH_KEY {
275+
options[comm.AUTH_SERVER_KEY] = authServerKey
276+
options[comm.ROLES_AUTH_INFO] = stepDistAuthKeyOptions
240277
}
241278

242279
pb.AddStep(&playbook.PlaybookStep{

internal/common/common.go

+11
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@ const (
4747
POOL_TYPE_PHYSICAL = "physicalpool"
4848
POOLSET = "poolset"
4949
POOLSET_DISK_TYPE = "poolset-disktype"
50+
AUTH_SERVER_KEY = "auth-server-key"
51+
ROLES_AUTH_INFO = "roles-auth-info"
5052

5153
// disk
5254
DISK_DEFAULT_NULL_SIZE = "-"
@@ -148,3 +150,12 @@ const (
148150
POLICY_NEVER_RESTART = "no"
149151
POLICY_UNLESS_STOPPED = "unless-stopped"
150152
)
153+
154+
type RoleAuthInfo struct {
155+
AuthEnable bool
156+
AuthClientEnable bool
157+
AuthServerKey string // mds
158+
AuthKeyCurrent string // mds, chunkserver, snapshotclone
159+
AuthClientKey string // mds, chunkserver, snapshotclone
160+
AuthClientId string
161+
}

internal/configure/client.go

+7
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ const (
5252
KEY_CLIENT_S3_ADDRESS = "s3.endpoint"
5353
KEY_CLIENT_S3_BUCKET_NAME = "s3.bucket_name"
5454

55+
KEY_AUTH_CLIENT_ENABLE = "auth.client.enable"
56+
KEY_AUTH_CLIENT_KEY = "auth.client.key"
57+
KEY_AUTH_CLIENT_ID = "auth.client.id"
58+
5559
DEFAULT_CORE_LOCATE_DIR = "/core"
5660
)
5761

@@ -183,6 +187,9 @@ func (cc *ClientConfig) GetS3AccessKey() string { return cc.getStri
183187
func (cc *ClientConfig) GetS3SecretKey() string { return cc.getString(KEY_CLIENT_S3_SECRET_KEY) }
184188
func (cc *ClientConfig) GetS3Address() string { return cc.getString(KEY_CLIENT_S3_ADDRESS) }
185189
func (cc *ClientConfig) GetS3BucketName() string { return cc.getString(KEY_CLIENT_S3_BUCKET_NAME) }
190+
func (cc *ClientConfig) GetAuthClientEnable() bool { return cc.getBool(KEY_AUTH_CLIENT_ENABLE) }
191+
func (cc *ClientConfig) GetAuthClientKey() string { return cc.getString(KEY_AUTH_CLIENT_KEY) }
192+
func (cc *ClientConfig) GetAuthClientId() string { return cc.getString(KEY_AUTH_CLIENT_ID) }
186193
func (cc *ClientConfig) GetContainerPid() string { return cc.getString(KEY_CONTAINER_PID) }
187194
func (cc *ClientConfig) GetEnvironments() string { return cc.getString(KEY_ENVIRONMENT) }
188195
func (cc *ClientConfig) GetCoreLocateDir() string { return DEFAULT_CORE_LOCATE_DIR }

internal/configure/topology/dc.go

+28
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ const (
4444
ROLE_CHUNKSERVER = "chunkserver"
4545
ROLE_SNAPSHOTCLONE = "snapshotclone"
4646
ROLE_METASERVER = "metaserver"
47+
ROLE_TOOLS = "tools"
4748
)
4849

4950
type (
@@ -123,6 +124,33 @@ func NewDeployConfig(ctx *Context, kind, role, host, name string, replicas int,
123124
}
124125
delete(config, CONFIG_VARIABLE.key)
125126

127+
// auth.enable is optional and default is false
128+
if config[CONFIG_ENABLE_AUTH.key] == nil {
129+
config[CONFIG_ENABLE_AUTH.key] = CONFIG_ENABLE_AUTH.defaultValue
130+
}
131+
132+
// and user only configure auth.key.current is ok.
133+
authEnable := config[CONFIG_ENABLE_AUTH.key].(bool)
134+
if authEnable && role != ROLE_ETCD {
135+
// autn.client.enable is equal to auth.enable
136+
if config[CONFIG_ENABLE_CLIENT_AUTH.key] == nil {
137+
config[CONFIG_ENABLE_CLIENT_AUTH.key] = config[CONFIG_ENABLE_AUTH.key]
138+
}
139+
// auth.client.key is equal to auth.key.current
140+
if config[CONFIG_AUTH_CLIENT_KEY.key] == nil {
141+
config[CONFIG_AUTH_CLIENT_KEY.key] = config[CONFIG_AUTH_KEY_CURRENT.key]
142+
}
143+
// auth.key.last
144+
if config[CONFIG_AUTH_KEY_LAST.key] != nil &&
145+
config[CONFIG_AUTH_CLIENT_LASTKEY.key] == nil {
146+
config[CONFIG_AUTH_CLIENT_LASTKEY.key] = config[CONFIG_AUTH_KEY_LAST.key]
147+
}
148+
// auth.client.id
149+
if config[CONFIG_AUTH_CLIENT_ID.key] == nil {
150+
config[CONFIG_AUTH_CLIENT_ID.key] = fmt.Sprintf("%s_%s", role, ROLE_TOOLS)
151+
}
152+
}
153+
126154
// We should convert all value to string for rendering variable,
127155
// after that we will convert the value to specified type according to
128156
// the its require type

internal/configure/topology/dc_get.go

+10
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,16 @@ func (dc *DeployConfig) GetS3Address() string { return dc.getString(CONFI
145145
func (dc *DeployConfig) GetS3BucketName() string { return dc.getString(CONFIG_S3_BUCKET_NAME) }
146146
func (dc *DeployConfig) GetEnableRDMA() bool { return dc.getBool(CONFIG_ENABLE_RDMA) }
147147
func (dc *DeployConfig) GetEnableRenameAt2() bool { return dc.getBool(CONFIG_ENABLE_RENAMEAT2) }
148+
func (dc *DeployConfig) GetAuthEnable() bool { return dc.getBool(CONFIG_ENABLE_AUTH) }
149+
func (dc *DeployConfig) GetAuthClientEnable() bool { return dc.getBool(CONFIG_ENABLE_CLIENT_AUTH) }
150+
func (dc *DeployConfig) GetAuthClientKey() string { return dc.getString(CONFIG_AUTH_CLIENT_KEY) }
151+
func (dc *DeployConfig) GetAuthKeyCurrent() string { return dc.getString(CONFIG_AUTH_KEY_CURRENT) }
152+
func (dc *DeployConfig) GetAuthServerKey() string { return dc.getString(CONFIG_AUTH_SERVER_KEY) }
153+
func (dc *DeployConfig) GetAuthKeyLast() string { return dc.getString(CONFIG_AUTH_KEY_LAST) }
154+
func (dc *DeployConfig) GetAuthClientId() string { return dc.getString(CONFIG_AUTH_CLIENT_ID) }
155+
func (dc *DeployConfig) GetAuthClientLastkey() string {
156+
return dc.getString(CONFIG_AUTH_CLIENT_LASTKEY)
157+
}
148158
func (dc *DeployConfig) GetEnableChunkfilePool() bool {
149159
return dc.getBool(CONFIG_ENABLE_CHUNKFILE_POOL)
150160
}

internal/configure/topology/dc_item.go

+62-1
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,10 @@
2424

2525
package topology
2626

27-
import "path"
27+
import (
28+
"fmt"
29+
"path"
30+
)
2831

2932
const (
3033
REQUIRE_ANY = iota
@@ -272,6 +275,64 @@ var (
272275
true,
273276
)
274277

278+
CONFIG_ENABLE_AUTH = itemset.insert(
279+
"auth.enable",
280+
REQUIRE_BOOL,
281+
false,
282+
false,
283+
)
284+
285+
CONFIG_ENABLE_CLIENT_AUTH = itemset.insert(
286+
"auth.client.enable",
287+
REQUIRE_BOOL,
288+
false,
289+
false,
290+
)
291+
292+
CONFIG_AUTH_KEY_CURRENT = itemset.insert(
293+
"auth.key.current",
294+
REQUIRE_STRING,
295+
false,
296+
nil,
297+
)
298+
299+
CONFIG_AUTH_SERVER_KEY = itemset.insert(
300+
"auth.server.key",
301+
REQUIRE_STRING,
302+
false,
303+
nil,
304+
)
305+
306+
CONFIG_AUTH_CLIENT_KEY = itemset.insert(
307+
"auth.client.key",
308+
REQUIRE_STRING,
309+
false,
310+
nil,
311+
)
312+
313+
CONFIG_AUTH_KEY_LAST = itemset.insert(
314+
"auth.key.last",
315+
REQUIRE_STRING,
316+
false,
317+
nil,
318+
)
319+
320+
CONFIG_AUTH_CLIENT_LASTKEY = itemset.insert(
321+
"auth.client.lastkey",
322+
REQUIRE_STRING,
323+
false,
324+
nil,
325+
)
326+
327+
CONFIG_AUTH_CLIENT_ID = itemset.insert(
328+
"auth.client.id",
329+
REQUIRE_STRING,
330+
false,
331+
func(dc *DeployConfig) interface{} {
332+
return fmt.Sprintf("%s_%s", dc.GetRole(), "tool")
333+
},
334+
)
335+
275336
CONFIG_ENABLE_CHUNKFILE_POOL = itemset.insert(
276337
"chunkfilepool.enable_get_chunk_from_pool",
277338
REQUIRE_BOOL,

internal/errno/errno.go

+18-10
Original file line numberDiff line numberDiff line change
@@ -413,21 +413,23 @@ var (
413413
ERR_DECODE_CLUSTER_POOL_JSON_FAILED = EC(410016, "decode cluster pool json to string failed")
414414
ERR_WAIT_MDS_ELECTION_SUCCESS_TIMEOUT = EC(410017, "wait mds election success timeout")
415415
ERR_WAIT_ALL_CHUNKSERVERS_ONLINE_TIMEOUT = EC(410018, "wait all chunkservers online timeout")
416-
ERR_CREATE_LOGICAL_POOL_FAILED = EC(410019, "create logical pool failed")
416+
ERR_CREATE_LOGICAL_POOL_FAILED = EC(410019, "create physical/logical pool failed")
417417
ERR_INVALID_DEVICE_USAGE = EC(410020, "invalid device usage")
418418
ERR_ENCRYPT_FILE_FAILED = EC(410021, "encrypt file failed")
419419
ERR_CLIENT_ID_NOT_FOUND = EC(410022, "client id not found")
420420

421421
// 420: common (curvebs client)
422-
ERR_VOLUME_ALREADY_MAPPED = EC(420000, "volume already mapped")
423-
ERR_VOLUME_CONTAINER_LOSED = EC(420001, "volume container is losed")
424-
ERR_VOLUME_CONTAINER_ABNORMAL = EC(420002, "volume container is abnormal")
425-
ERR_CREATE_VOLUME_FAILED = EC(420003, "create volume failed")
426-
ERR_MAP_VOLUME_FAILED = EC(420004, "map volume to NBD device failed")
427-
ERR_ENCODE_VOLUME_INFO_TO_JSON_FAILED = EC(420005, "encode volume info to json failed")
428-
ERR_UNMAP_VOLUME_FAILED = EC(420006, "unmap volume failed")
429-
ERR_OLD_TARGET_DAEMON_IS_ABNORMAL = EC(420007, "old target daemon is abnormal")
430-
ERR_TARGET_DAEMON_IS_ABNORMAL = EC(420008, "target daemon is abnormal")
422+
ERR_VOLUME_ALREADY_MAPPED = EC(420000, "volume already mapped")
423+
ERR_VOLUME_CONTAINER_LOSED = EC(420001, "volume container is losed")
424+
ERR_VOLUME_CONTAINER_ABNORMAL = EC(420002, "volume container is abnormal")
425+
ERR_CREATE_VOLUME_FAILED = EC(420003, "create volume failed")
426+
ERR_MAP_VOLUME_FAILED = EC(420004, "map volume to NBD device failed")
427+
ERR_ENCODE_VOLUME_INFO_TO_JSON_FAILED = EC(420005, "encode volume info to json failed")
428+
ERR_UNMAP_VOLUME_FAILED = EC(420006, "unmap volume failed")
429+
ERR_OLD_TARGET_DAEMON_IS_ABNORMAL = EC(420007, "old target daemon is abnormal")
430+
ERR_TARGET_DAEMON_IS_ABNORMAL = EC(420008, "target daemon is abnormal")
431+
ERR_CREATE_VOLUME_FAILED_AUTH_FAILED = EC(420009, "create volume failed with errCode: kAuthFailed")
432+
ERR_CREATE_VOLUME_FAILED_AUTH_KEY_NOT_EXIST = EC(420010, "create volume failed because auth key not exist")
431433

432434
// 430: common (curvefs client)
433435
ERR_FS_PATH_ALREADY_MOUNTED = EC(430000, "path already mounted")
@@ -464,6 +466,11 @@ var (
464466
ERR_CHUNKSERVER_REQUIRES_3_HOSTS = EC(503007, "chunkserver requires at least 3 hosts to distrubute zones")
465467
ERR_SNAPSHOTCLONE_REQUIRES_3_HOSTS = EC(503008, "snapshotclone requires at least 3 hosts for deploy")
466468
ERR_METASERVER_REQUIRES_3_HOSTS = EC(503009, "metaserver requires at least 3 hosts to distrubute zones")
469+
// 504: checker (topology/auth)
470+
ERR_AUTH_SERVER_KEY_REQUIRE_SET = EC(504000, "auth.server.key requires to be set")
471+
ERR_AUTH_CURRENT_KEY_REQUIRE_SET = EC(504001, "auth.key.current requires to be set")
472+
ERR_AUTH_SERVER_KEY_REQUIRE_16_CHARACTER = EC(504002, "auth.server.key requires 16 characters")
473+
ERR_AUTH_CURRENT_KEY_REQUIRE_16_CHARACTER = EC(504003, "auth.key.current requires 16 characters")
467474

468475
// 510: checker (ssh)
469476
ERR_SSH_CONNECT_FAILED = EC(510000, "SSH connect failed")
@@ -545,6 +552,7 @@ var (
545552
ERR_SECURE_COPY_FILE_TO_REMOTE_FAILED = EC(620026, "secure copy file to remote failed (scp)")
546553
ERR_RUN_SCRIPT_FAILED = EC(620998, "run script failed (bash script.sh)")
547554
ERR_RUN_A_BASH_COMMAND_FAILED = EC(620999, "run a bash command failed (bash -c)")
555+
ERR_DIST_SERVICE_KEY_FAILED = EC(621000, "distribute service auth key failed")
548556

549557
// 630: execute task (docker command)
550558
ERR_GET_DOCKER_INFO_FAILED = EC(630000, "get docker info failed (docker info)")

internal/playbook/factory.go

+3
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,7 @@ const (
9090
CREATE_VOLUME
9191
MAP_IMAGE
9292
UNMAP_IMAGE
93+
DIST_AUTH_KEY
9394

9495
// monitor
9596
PULL_MONITOR_IMAGE
@@ -232,6 +233,8 @@ func (p *Playbook) createTasks(step *PlaybookStep) (*tasks.Tasks, error) {
232233
case CREATE_PHYSICAL_POOL,
233234
CREATE_LOGICAL_POOL:
234235
t, err = comm.NewCreateTopologyTask(curveadm, config.GetDC(i))
236+
case DIST_AUTH_KEY:
237+
t, err = comm.NewDiskAuthKeyTask(curveadm, config.GetDC(i))
235238
case UPDATE_TOPOLOGY:
236239
t, err = comm.NewUpdateTopologyTask(curveadm, nil)
237240
case INIT_SERVIE_STATUS:

internal/task/scripts/create_volume.go

+5-1
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,14 @@ g_volume=$2
3434
g_size=$3
3535
g_poolset=$4
3636
37-
output=$(curve_ops_tool create -userName=$g_user -fileName=$g_volume -fileLength=$g_size -poolset=$g_poolset)
37+
output=$(curve_ops_tool create -userName=$g_user -fileName=$g_volume -fileLength=$g_size -poolset=$g_poolset 2>dev/null)
3838
if [ $? -ne 0 ]; then
3939
if [ "$output" = "CreateFile fail with errCode: 101" ]; then
4040
echo "EXIST"
41+
elif echo ${output} | grep -q "kAuthFailed"; then
42+
echo "AuthFailed"
43+
elif echo ${output} | grep -q "auth info fail"; then
44+
echo "AUTH_KEY_NOT_EXIST"
4145
else
4246
echo "FAILED"
4347
fi

0 commit comments

Comments
 (0)