Skip to content

Commit

Permalink
tls cert (re)loader: (valid, invalid, expired) state; more alerts
Browse files Browse the repository at this point in the history 
* part seven, prev. commit: 1fe3c80
* with refactoring

Signed-off-by: Alex Aizman <[email protected]>
  • Loading branch information
@alex-aizman
alex-aizman committed Aug 30, 2024
1 parent 1fe3c80 commit 55db4cb
Show file tree
Hide file tree
Showing 12 changed files with 125 additions and 75 deletions.
5 changes: 2 additions & 3 deletions ais/htcommon.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ import (
"github.com/NVIDIA/aistore/3rdparty/golang/mux"
"github.com/NVIDIA/aistore/api/apc"
"github.com/NVIDIA/aistore/cmn"
"github.com/NVIDIA/aistore/cmn/certloader"
"github.com/NVIDIA/aistore/cmn/cos"
"github.com/NVIDIA/aistore/cmn/debug"
"github.com/NVIDIA/aistore/cmn/nlog"
aistls "github.com/NVIDIA/aistore/cmn/tls"
"github.com/NVIDIA/aistore/core/meta"
"github.com/NVIDIA/aistore/ext/etl"
"github.com/NVIDIA/aistore/memsys"
Expand Down Expand Up @@ -597,8 +597,7 @@ func newTLS(conf *cmn.HTTPConf) (tlsConf *tls.Config, err error) {
tlsConf.ClientCAs = pool
}
if conf.Certificate != "" && conf.CertKey != "" {
tlsConf.GetCertificate, err = aistls.GetCert()
debug.AssertNoErr(err)
tlsConf.GetCertificate, err = certloader.GetCert()
}
return tlsConf, err
}
Expand Down
12 changes: 6 additions & 6 deletions ais/htrun.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@ import (
"github.com/NVIDIA/aistore/cmn"
"github.com/NVIDIA/aistore/cmn/archive"
"github.com/NVIDIA/aistore/cmn/atomic"
"github.com/NVIDIA/aistore/cmn/certloader"
"github.com/NVIDIA/aistore/cmn/cos"
"github.com/NVIDIA/aistore/cmn/debug"
"github.com/NVIDIA/aistore/cmn/jsp"
"github.com/NVIDIA/aistore/cmn/k8s"
"github.com/NVIDIA/aistore/cmn/mono"
"github.com/NVIDIA/aistore/cmn/nlog"
aistls "github.com/NVIDIA/aistore/cmn/tls"
"github.com/NVIDIA/aistore/core"
"github.com/NVIDIA/aistore/core/meta"
"github.com/NVIDIA/aistore/memsys"
Expand Down Expand Up @@ -104,7 +104,7 @@ func (h *htrun) ByteMM() *memsys.MMSA { return h.smm }
// NOTE: currently, only 'resume' (see also: kaSuspendMsg)
func (h *htrun) smapUpdatedCB(_, _ *smapX, nfl, ofl cos.BitFlags) {
if ofl.IsAnySet(meta.SnodeMaintDecomm) && !nfl.IsAnySet(meta.SnodeMaintDecomm) {
h.statsT.ClrFlag(stats.NodeAlerts, cos.MaintenanceMode)
h.statsT.ClrFlag(cos.NodeAlerts, cos.MaintenanceMode)
h.keepalive.ctrl(kaResumeMsg)
}
}
Expand Down Expand Up @@ -194,14 +194,14 @@ func (h *htrun) ClusterStarted() bool { return h.startup.cluster.Load() > 0 } //

func (h *htrun) markClusterStarted() {
h.startup.cluster.Store(mono.NanoTime())
h.statsT.SetFlag(stats.NodeAlerts, cos.ClusterStarted)
h.statsT.SetFlag(cos.NodeAlerts, cos.ClusterStarted)
}

func (h *htrun) NodeStarted() bool { return h.startup.node.Load() > 0 }

func (h *htrun) markNodeStarted() {
h.startup.node.Store(mono.NanoTime())
h.statsT.SetFlag(stats.NodeAlerts, cos.NodeStarted)
h.statsT.SetFlag(cos.NodeAlerts, cos.NodeStarted)
}

func (h *htrun) regNetHandlers(networkHandlers []networkHandler) {
Expand Down Expand Up @@ -261,7 +261,7 @@ func (h *htrun) regNetHandlers(networkHandlers []networkHandler) {
func (h *htrun) init(config *cmn.Config) {
// before newTLS() below & before intra-cluster clients
if config.Net.HTTP.UseHTTPS {
if err := aistls.Init(config.Net.HTTP.Certificate, config.Net.HTTP.CertKey, h.statsT); err != nil {
if err := certloader.Init(config.Net.HTTP.Certificate, config.Net.HTTP.CertKey, h.statsT); err != nil {
cos.ExitLog(err)
}
}
Expand Down Expand Up @@ -1144,7 +1144,7 @@ func (h *htrun) statsAndStatus() (ds *stats.NodeStatus) {
Snode: h.si,
},
Cluster: cos.NodeStateInfo{
Flags: cos.NodeStateFlags(h.statsT.Get(stats.NodeAlerts)),
Flags: cos.NodeStateFlags(h.statsT.Get(cos.NodeAlerts)),
},
SmapVersion: smap.Version,
MemCPUInfo: apc.GetMemCPU(),
Expand Down
2 changes: 1 addition & 1 deletion ais/target.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -507,7 +507,7 @@ func (t *target) checkRestarted(config *cmn.Config) (fatalErr, writeErr error) {
fatalErr = fmt.Errorf("%s: %q is in use (duplicate or overlapping run?)", t, red.inUse)
return
}
t.statsT.SetFlag(stats.NodeAlerts, cos.Restarted)
t.statsT.SetFlag(cos.NodeAlerts, cos.Restarted)
fs.PersistMarker(fname.NodeRestartedPrev)
}
fatalErr, writeErr = fs.PersistMarker(fname.NodeRestartedMarker)
Expand Down
5 changes: 2 additions & 3 deletions ais/tgtcp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ import (
"github.com/NVIDIA/aistore/nl"
"github.com/NVIDIA/aistore/reb"
"github.com/NVIDIA/aistore/res"
"github.com/NVIDIA/aistore/stats"
"github.com/NVIDIA/aistore/xact"
"github.com/NVIDIA/aistore/xact/xreg"
jsoniter "github.com/json-iterator/go"
Expand Down Expand Up @@ -188,13 +187,13 @@ func (t *target) daeputMsg(w http.ResponseWriter, r *http.Request) {
if !t.ensureIntraControl(w, r, true /* from primary */) {
return
}
t.statsT.SetFlag(stats.NodeAlerts, cos.MaintenanceMode)
t.statsT.SetFlag(cos.NodeAlerts, cos.MaintenanceMode)
t.termKaliveX(msg.Action, true)
case apc.ActShutdownCluster, apc.ActShutdownNode:
if !t.ensureIntraControl(w, r, true /* from primary */) {
return
}
t.statsT.SetFlag(stats.NodeAlerts, cos.MaintenanceMode)
t.statsT.SetFlag(cos.NodeAlerts, cos.MaintenanceMode)
t.termKaliveX(msg.Action, false)
t.shutdown(msg.Action)
case apc.ActRmNodeUnsafe:
Expand Down
2 changes: 1 addition & 1 deletion ais/tgtfshc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,6 @@ func (t *target) FSHC(err error, mi *fs.Mountpath, fqn string) {
func (t *target) DisableMpath(mi *fs.Mountpath) (err error) {
_, err = t.fsprg.disableMpath(mi.Path, true /*dont-resilver*/)

t.statsT.SetFlag(stats.NodeAlerts, cos.DiskFault)
t.statsT.SetFlag(cos.NodeAlerts, cos.DiskFault)
return err
}
5 changes: 2 additions & 3 deletions ais/tgtspace.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"github.com/NVIDIA/aistore/ios"
"github.com/NVIDIA/aistore/nl"
"github.com/NVIDIA/aistore/space"
"github.com/NVIDIA/aistore/stats"
"github.com/NVIDIA/aistore/xact"
"github.com/NVIDIA/aistore/xact/xreg"
)
Expand Down Expand Up @@ -65,9 +64,9 @@ func (t *target) OOS(csRefreshed *fs.CapStatus, config *cmn.Config, tcdf *fs.Tcd
}

if cs.IsOOS() {
t.statsT.SetFlag(stats.NodeAlerts, cos.OOS)
t.statsT.SetFlag(cos.NodeAlerts, cos.OOS)
} else {
t.statsT.SetFlag(stats.NodeAlerts, cos.LowCapacity)
t.statsT.SetFlag(cos.NodeAlerts, cos.LowCapacity)
}
nlog.Warningln(t.String(), "running store cleanup:", cs.String())
// run serially, cleanup first and LRU second, iff out-of-space persists
Expand Down
6 changes: 3 additions & 3 deletions ais/x509.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,22 @@ import (

"github.com/NVIDIA/aistore/api/apc"
"github.com/NVIDIA/aistore/cmn"
"github.com/NVIDIA/aistore/cmn/certloader"
"github.com/NVIDIA/aistore/cmn/nlog"
aistls "github.com/NVIDIA/aistore/cmn/tls"
"github.com/NVIDIA/aistore/core"
"github.com/NVIDIA/aistore/core/meta"
)

func (h *htrun) daeLoadX509(w http.ResponseWriter, r *http.Request) {
if err := aistls.Load(); err != nil {
if err := certloader.Load(); err != nil {
h.writeErr(w, r, err)
}
}

func (p *proxy) cluLoadX509(w http.ResponseWriter, r *http.Request) {
// 1. self
var err error
if err = aistls.Load(); err != nil {
if err = certloader.Load(); err != nil {
p.writeErr(w, r, err)
return
}
Expand Down
Loading

0 comments on commit 55db4cb

Please sign in to comment.