]>
Commit | Line | Data |
---|---|---|
f67539c2 TL |
1 | import os |
2 | ||
3 | if 'UNITTEST' in os.environ: | |
4 | import tests | |
5 | ||
1e59de90 | 6 | import bcrypt |
f67539c2 | 7 | import cephfs |
494da23a | 8 | import contextlib |
9f95a23c | 9 | import datetime |
f67539c2 | 10 | import errno |
494da23a | 11 | import socket |
f6b5b4d7 | 12 | import time |
f67539c2 TL |
13 | import logging |
14 | import sys | |
15 | from threading import Lock, Condition, Event | |
39ae355f | 16 | from typing import no_type_check, NewType |
522d829b | 17 | import urllib |
f6b5b4d7 | 18 | from functools import wraps |
f67539c2 TL |
19 | if sys.version_info >= (3, 3): |
20 | from threading import Timer | |
21 | else: | |
22 | from threading import _Timer as Timer | |
23 | ||
24 | from typing import Tuple, Any, Callable, Optional, Dict, TYPE_CHECKING, TypeVar, List, Iterable, Generator, Generic, Iterator | |
522d829b TL |
25 | |
26 | from ceph.deployment.utils import wrap_ipv6 | |
27 | ||
f67539c2 | 28 | T = TypeVar('T') |
11fdf7f2 | 29 | |
f67539c2 TL |
30 | if TYPE_CHECKING: |
31 | from mgr_module import MgrModule | |
32 | ||
39ae355f TL |
33 | ConfEntity = NewType('ConfEntity', str) |
34 | ||
f67539c2 | 35 | Module_T = TypeVar('Module_T', bound="MgrModule") |
9f95a23c | 36 | |
11fdf7f2 TL |
37 | ( |
38 | BLACK, | |
39 | RED, | |
40 | GREEN, | |
41 | YELLOW, | |
42 | BLUE, | |
43 | MAGENTA, | |
44 | CYAN, | |
45 | GRAY | |
46 | ) = range(8) | |
47 | ||
48 | RESET_SEQ = "\033[0m" | |
49 | COLOR_SEQ = "\033[1;%dm" | |
50 | COLOR_DARK_SEQ = "\033[0;%dm" | |
51 | BOLD_SEQ = "\033[1m" | |
52 | UNDERLINE_SEQ = "\033[4m" | |
53 | ||
eafe8130 TL |
54 | logger = logging.getLogger(__name__) |
55 | ||
11fdf7f2 | 56 | |
1e59de90 TL |
57 | class PortAlreadyInUse(Exception): |
58 | pass | |
59 | ||
60 | ||
f67539c2 TL |
61 | class CephfsConnectionException(Exception): |
62 | def __init__(self, error_code: int, error_message: str): | |
63 | self.errno = error_code | |
64 | self.error_str = error_message | |
65 | ||
66 | def to_tuple(self) -> Tuple[int, str, str]: | |
67 | return self.errno, "", self.error_str | |
68 | ||
69 | def __str__(self) -> str: | |
70 | return "{0} ({1})".format(self.errno, self.error_str) | |
71 | ||
72 | class RTimer(Timer): | |
73 | """ | |
74 | recurring timer variant of Timer | |
75 | """ | |
76 | @no_type_check | |
77 | def run(self): | |
78 | try: | |
79 | while not self.finished.is_set(): | |
80 | self.finished.wait(self.interval) | |
81 | self.function(*self.args, **self.kwargs) | |
82 | self.finished.set() | |
83 | except Exception as e: | |
84 | logger.error("task exception: %s", e) | |
85 | raise | |
86 | ||
87 | @contextlib.contextmanager | |
88 | def lock_timeout_log(lock: Lock, timeout: int = 5) -> Iterator[None]: | |
89 | start = time.time() | |
90 | WARN_AFTER = 30 | |
91 | warned = False | |
92 | while True: | |
93 | logger.debug("locking {} with {} timeout".format(lock, timeout)) | |
94 | if lock.acquire(timeout=timeout): | |
95 | logger.debug("locked {}".format(lock)) | |
96 | yield | |
97 | lock.release() | |
98 | break | |
99 | now = time.time() | |
100 | if not warned and now - start > WARN_AFTER: | |
101 | logger.info("possible deadlock acquiring {}".format(lock)) | |
102 | warned = True | |
103 | ||
104 | ||
105 | class CephfsConnectionPool(object): | |
106 | class Connection(object): | |
107 | def __init__(self, mgr: Module_T, fs_name: str): | |
108 | self.fs: Optional["cephfs.LibCephFS"] = None | |
109 | self.mgr = mgr | |
110 | self.fs_name = fs_name | |
111 | self.ops_in_progress = 0 | |
112 | self.last_used = time.time() | |
113 | self.fs_id = self.get_fs_id() | |
114 | ||
115 | def get_fs_id(self) -> int: | |
116 | fs_map = self.mgr.get('fs_map') | |
117 | for fs in fs_map['filesystems']: | |
118 | if fs['mdsmap']['fs_name'] == self.fs_name: | |
119 | return fs['id'] | |
120 | raise CephfsConnectionException( | |
121 | -errno.ENOENT, "FS '{0}' not found".format(self.fs_name)) | |
122 | ||
123 | def get_fs_handle(self) -> "cephfs.LibCephFS": | |
124 | self.last_used = time.time() | |
125 | self.ops_in_progress += 1 | |
126 | return self.fs | |
127 | ||
128 | def put_fs_handle(self, notify: Callable) -> None: | |
129 | assert self.ops_in_progress > 0 | |
130 | self.ops_in_progress -= 1 | |
131 | if self.ops_in_progress == 0: | |
132 | notify() | |
133 | ||
134 | def del_fs_handle(self, waiter: Optional[Callable]) -> None: | |
135 | if waiter: | |
136 | while self.ops_in_progress != 0: | |
137 | waiter() | |
138 | if self.is_connection_valid(): | |
139 | self.disconnect() | |
140 | else: | |
141 | self.abort() | |
142 | ||
143 | def is_connection_valid(self) -> bool: | |
144 | fs_id = None | |
145 | try: | |
146 | fs_id = self.get_fs_id() | |
147 | except: | |
148 | # the filesystem does not exist now -- connection is not valid. | |
149 | pass | |
150 | logger.debug("self.fs_id={0}, fs_id={1}".format(self.fs_id, fs_id)) | |
151 | return self.fs_id == fs_id | |
152 | ||
153 | def is_connection_idle(self, timeout: float) -> bool: | |
154 | return (self.ops_in_progress == 0 and ((time.time() - self.last_used) >= timeout)) | |
155 | ||
156 | def connect(self) -> None: | |
157 | assert self.ops_in_progress == 0 | |
158 | logger.debug("Connecting to cephfs '{0}'".format(self.fs_name)) | |
159 | self.fs = cephfs.LibCephFS(rados_inst=self.mgr.rados) | |
160 | logger.debug("Setting user ID and group ID of CephFS mount as root...") | |
161 | self.fs.conf_set("client_mount_uid", "0") | |
162 | self.fs.conf_set("client_mount_gid", "0") | |
b3b6e05e | 163 | self.fs.conf_set("client_check_pool_perm", "false") |
2a845540 | 164 | self.fs.conf_set("client_quota", "false") |
f67539c2 TL |
165 | logger.debug("CephFS initializing...") |
166 | self.fs.init() | |
167 | logger.debug("CephFS mounting...") | |
168 | self.fs.mount(filesystem_name=self.fs_name.encode('utf-8')) | |
169 | logger.debug("Connection to cephfs '{0}' complete".format(self.fs_name)) | |
170 | self.mgr._ceph_register_client(self.fs.get_addrs()) | |
171 | ||
172 | def disconnect(self) -> None: | |
173 | try: | |
174 | assert self.fs | |
175 | assert self.ops_in_progress == 0 | |
176 | logger.info("disconnecting from cephfs '{0}'".format(self.fs_name)) | |
177 | addrs = self.fs.get_addrs() | |
178 | self.fs.shutdown() | |
179 | self.mgr._ceph_unregister_client(addrs) | |
180 | self.fs = None | |
181 | except Exception as e: | |
182 | logger.debug("disconnect: ({0})".format(e)) | |
183 | raise | |
184 | ||
185 | def abort(self) -> None: | |
186 | assert self.fs | |
187 | assert self.ops_in_progress == 0 | |
188 | logger.info("aborting connection from cephfs '{0}'".format(self.fs_name)) | |
189 | self.fs.abort_conn() | |
190 | logger.info("abort done from cephfs '{0}'".format(self.fs_name)) | |
191 | self.fs = None | |
192 | ||
193 | # TODO: make this configurable | |
194 | TIMER_TASK_RUN_INTERVAL = 30.0 # seconds | |
195 | CONNECTION_IDLE_INTERVAL = 60.0 # seconds | |
522d829b | 196 | MAX_CONCURRENT_CONNECTIONS = 5 # max number of concurrent connections per volume |
f67539c2 TL |
197 | |
198 | def __init__(self, mgr: Module_T): | |
199 | self.mgr = mgr | |
522d829b | 200 | self.connections: Dict[str, List[CephfsConnectionPool.Connection]] = {} |
f67539c2 TL |
201 | self.lock = Lock() |
202 | self.cond = Condition(self.lock) | |
203 | self.timer_task = RTimer(CephfsConnectionPool.TIMER_TASK_RUN_INTERVAL, | |
204 | self.cleanup_connections) | |
205 | self.timer_task.start() | |
206 | ||
207 | def cleanup_connections(self) -> None: | |
208 | with self.lock: | |
209 | logger.info("scanning for idle connections..") | |
522d829b TL |
210 | idle_conns = [] |
211 | for fs_name, connections in self.connections.items(): | |
212 | logger.debug(f'fs_name ({fs_name}) connections ({connections})') | |
213 | for connection in connections: | |
214 | if connection.is_connection_idle(CephfsConnectionPool.CONNECTION_IDLE_INTERVAL): | |
215 | idle_conns.append((fs_name, connection)) | |
216 | logger.info(f'cleaning up connections: {idle_conns}') | |
217 | for idle_conn in idle_conns: | |
218 | self._del_connection(idle_conn[0], idle_conn[1]) | |
f67539c2 TL |
219 | |
220 | def get_fs_handle(self, fs_name: str) -> "cephfs.LibCephFS": | |
221 | with self.lock: | |
f67539c2 | 222 | try: |
522d829b TL |
223 | min_shared = 0 |
224 | shared_connection = None | |
225 | connections = self.connections.setdefault(fs_name, []) | |
226 | logger.debug(f'[get] volume: ({fs_name}) connection: ({connections})') | |
227 | if connections: | |
228 | min_shared = connections[0].ops_in_progress | |
229 | shared_connection = connections[0] | |
230 | for connection in list(connections): | |
231 | logger.debug(f'[get] connection: {connection} usage: {connection.ops_in_progress}') | |
232 | if connection.ops_in_progress == 0: | |
233 | if connection.is_connection_valid(): | |
234 | logger.debug(f'[get] connection ({connection}) can be reused') | |
235 | return connection.get_fs_handle() | |
236 | else: | |
237 | # filesystem id changed beneath us (or the filesystem does not exist). | |
238 | # this is possible if the filesystem got removed (and recreated with | |
239 | # same name) via "ceph fs rm/new" mon command. | |
240 | logger.warning(f'[get] filesystem id changed for volume ({fs_name}), disconnecting ({connection})') | |
241 | # note -- this will mutate @connections too | |
242 | self._del_connection(fs_name, connection) | |
f67539c2 | 243 | else: |
522d829b TL |
244 | if connection.ops_in_progress < min_shared: |
245 | min_shared = connection.ops_in_progress | |
246 | shared_connection = connection | |
247 | # when we end up here, there are no "free" connections. so either spin up a new | |
248 | # one or share it. | |
249 | if len(connections) < CephfsConnectionPool.MAX_CONCURRENT_CONNECTIONS: | |
250 | logger.debug('[get] spawning new connection since no connection is unused and we still have room for more') | |
251 | connection = CephfsConnectionPool.Connection(self.mgr, fs_name) | |
252 | connection.connect() | |
253 | self.connections[fs_name].append(connection) | |
254 | return connection.get_fs_handle() | |
255 | else: | |
256 | assert shared_connection is not None | |
257 | logger.debug(f'[get] using shared connection ({shared_connection})') | |
258 | return shared_connection.get_fs_handle() | |
f67539c2 TL |
259 | except cephfs.Error as e: |
260 | # try to provide a better error string if possible | |
261 | if e.args[0] == errno.ENOENT: | |
262 | raise CephfsConnectionException( | |
263 | -errno.ENOENT, "FS '{0}' not found".format(fs_name)) | |
264 | raise CephfsConnectionException(-e.args[0], e.args[1]) | |
f67539c2 | 265 | |
522d829b | 266 | def put_fs_handle(self, fs_name: str, fs_handle: cephfs.LibCephFS) -> None: |
f67539c2 | 267 | with self.lock: |
522d829b TL |
268 | connections = self.connections.get(fs_name, []) |
269 | for connection in connections: | |
270 | if connection.fs == fs_handle: | |
271 | logger.debug(f'[put] connection: {connection} usage: {connection.ops_in_progress}') | |
272 | connection.put_fs_handle(notify=lambda: self.cond.notifyAll()) | |
f67539c2 | 273 | |
522d829b TL |
274 | def _del_connection(self, fs_name: str, connection: Connection, wait: bool = False) -> None: |
275 | self.connections[fs_name].remove(connection) | |
276 | connection.del_fs_handle(waiter=None if not wait else lambda: self.cond.wait()) | |
f67539c2 | 277 | |
522d829b TL |
278 | def _del_connections(self, fs_name: str, wait: bool = False) -> None: |
279 | for connection in list(self.connections.get(fs_name, [])): | |
280 | self._del_connection(fs_name, connection, wait) | |
281 | ||
282 | def del_connections(self, fs_name: str, wait: bool = False) -> None: | |
f67539c2 | 283 | with self.lock: |
522d829b | 284 | self._del_connections(fs_name, wait) |
f67539c2 | 285 | |
522d829b | 286 | def del_all_connections(self) -> None: |
f67539c2 TL |
287 | with self.lock: |
288 | for fs_name in list(self.connections.keys()): | |
289 | logger.info("waiting for pending ops for '{}'".format(fs_name)) | |
522d829b | 290 | self._del_connections(fs_name, wait=True) |
f67539c2 TL |
291 | logger.info("pending ops completed for '{}'".format(fs_name)) |
292 | # no new connections should have been initialized since its | |
293 | # guarded on shutdown. | |
294 | assert len(self.connections) == 0 | |
295 | ||
296 | ||
297 | class CephfsClient(Generic[Module_T]): | |
298 | def __init__(self, mgr: Module_T): | |
299 | self.mgr = mgr | |
f67539c2 TL |
300 | self.connection_pool = CephfsConnectionPool(self.mgr) |
301 | ||
f67539c2 TL |
302 | def shutdown(self) -> None: |
303 | logger.info("shutting down") | |
f67539c2 | 304 | # second, delete all libcephfs handles from connection pool |
522d829b | 305 | self.connection_pool.del_all_connections() |
f67539c2 TL |
306 | |
307 | def get_fs(self, fs_name: str) -> Optional["cephfs.LibCephFS"]: | |
308 | fs_map = self.mgr.get('fs_map') | |
309 | for fs in fs_map['filesystems']: | |
310 | if fs['mdsmap']['fs_name'] == fs_name: | |
311 | return fs | |
312 | return None | |
313 | ||
314 | def get_mds_names(self, fs_name: str) -> List[str]: | |
315 | fs = self.get_fs(fs_name) | |
316 | if fs is None: | |
317 | return [] | |
318 | return [mds['name'] for mds in fs['mdsmap']['info'].values()] | |
319 | ||
320 | def get_metadata_pool(self, fs_name: str) -> Optional[str]: | |
321 | fs = self.get_fs(fs_name) | |
322 | if fs: | |
323 | return fs['mdsmap']['metadata_pool'] | |
324 | return None | |
325 | ||
1d09f67e TL |
326 | def get_all_filesystems(self) -> List[str]: |
327 | fs_list: List[str] = [] | |
328 | fs_map = self.mgr.get('fs_map') | |
329 | if fs_map['filesystems']: | |
330 | for fs in fs_map['filesystems']: | |
331 | fs_list.append(fs['mdsmap']['fs_name']) | |
332 | return fs_list | |
333 | ||
334 | ||
f67539c2 TL |
335 | |
336 | @contextlib.contextmanager | |
337 | def open_filesystem(fsc: CephfsClient, fs_name: str) -> Generator["cephfs.LibCephFS", None, None]: | |
338 | """ | |
339 | Open a volume with shared access. | |
340 | This API is to be used as a context manager. | |
341 | ||
342 | :param fsc: cephfs client instance | |
343 | :param fs_name: fs name | |
344 | :return: yields a fs handle (ceph filesystem handle) | |
345 | """ | |
f67539c2 TL |
346 | fs_handle = fsc.connection_pool.get_fs_handle(fs_name) |
347 | try: | |
348 | yield fs_handle | |
349 | finally: | |
522d829b | 350 | fsc.connection_pool.put_fs_handle(fs_name, fs_handle) |
f67539c2 TL |
351 | |
352 | ||
353 | def colorize(msg: str, color: int, dark: bool = False) -> str: | |
11fdf7f2 TL |
354 | """ |
355 | Decorate `msg` with escape sequences to give the requested color | |
356 | """ | |
357 | return (COLOR_DARK_SEQ if dark else COLOR_SEQ) % (30 + color) \ | |
358 | + msg + RESET_SEQ | |
359 | ||
360 | ||
f67539c2 | 361 | def bold(msg: str) -> str: |
11fdf7f2 TL |
362 | """ |
363 | Decorate `msg` with escape sequences to make it appear bold | |
364 | """ | |
365 | return BOLD_SEQ + msg + RESET_SEQ | |
366 | ||
367 | ||
f67539c2 | 368 | def format_units(n: int, width: int, colored: bool, decimal: bool) -> str: |
11fdf7f2 TL |
369 | """ |
370 | Format a number without units, so as to fit into `width` characters, substituting | |
371 | an appropriate unit suffix. | |
372 | ||
373 | Use decimal for dimensionless things, use base 2 (decimal=False) for byte sizes/rates. | |
374 | """ | |
375 | ||
376 | factor = 1000 if decimal else 1024 | |
377 | units = [' ', 'k', 'M', 'G', 'T', 'P', 'E'] | |
378 | unit = 0 | |
379 | while len("%s" % (int(n) // (factor**unit))) > width - 1: | |
380 | unit += 1 | |
381 | ||
382 | if unit > 0: | |
383 | truncated_float = ("%f" % (n / (float(factor) ** unit)))[0:width - 1] | |
384 | if truncated_float[-1] == '.': | |
385 | truncated_float = " " + truncated_float[0:-1] | |
386 | else: | |
387 | truncated_float = "%{wid}d".format(wid=width - 1) % n | |
388 | formatted = "%s%s" % (truncated_float, units[unit]) | |
389 | ||
390 | if colored: | |
391 | if n == 0: | |
392 | color = BLACK, False | |
393 | else: | |
394 | color = YELLOW, False | |
395 | return bold(colorize(formatted[0:-1], color[0], color[1])) \ | |
f67539c2 | 396 | + bold(colorize(formatted[-1], YELLOW, False)) |
11fdf7f2 TL |
397 | else: |
398 | return formatted | |
399 | ||
400 | ||
f67539c2 | 401 | def format_dimless(n: int, width: int, colored: bool = False) -> str: |
11fdf7f2 TL |
402 | return format_units(n, width, colored, decimal=True) |
403 | ||
404 | ||
f67539c2 | 405 | def format_bytes(n: int, width: int, colored: bool = False) -> str: |
11fdf7f2 | 406 | return format_units(n, width, colored, decimal=False) |
81eedcae TL |
407 | |
408 | ||
1e59de90 TL |
409 | def test_port_allocation(addr: str, port: int) -> None: |
410 | """Checks if the port is available | |
411 | :raises PortAlreadyInUse: in case port is already in use | |
412 | :raises Exception: any generic error other than port already in use | |
413 | If no exception is raised, the port can be assumed available | |
414 | """ | |
415 | try: | |
416 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
417 | sock.bind((addr, port)) | |
418 | sock.close() | |
419 | except socket.error as e: | |
420 | if e.errno == errno.EADDRINUSE: | |
421 | raise PortAlreadyInUse | |
422 | else: | |
423 | raise e | |
424 | ||
425 | ||
f67539c2 | 426 | def merge_dicts(*args: Dict[T, Any]) -> Dict[T, Any]: |
81eedcae | 427 | """ |
9f95a23c TL |
428 | >>> merge_dicts({1:2}, {3:4}) |
429 | {1: 2, 3: 4} | |
430 | ||
431 | You can also overwrite keys: | |
432 | >>> merge_dicts({1:2}, {1:4}) | |
433 | {1: 4} | |
434 | ||
81eedcae TL |
435 | :rtype: dict[str, Any] |
436 | """ | |
437 | ret = {} | |
438 | for arg in args: | |
439 | ret.update(arg) | |
440 | return ret | |
494da23a TL |
441 | |
442 | ||
443 | def get_default_addr(): | |
9f95a23c | 444 | # type: () -> str |
f67539c2 | 445 | def is_ipv6_enabled() -> bool: |
494da23a TL |
446 | try: |
447 | sock = socket.socket(socket.AF_INET6) | |
448 | with contextlib.closing(sock): | |
449 | sock.bind(("::1", 0)) | |
450 | return True | |
f67539c2 TL |
451 | except (AttributeError, socket.error): |
452 | return False | |
494da23a TL |
453 | |
454 | try: | |
9f95a23c | 455 | return get_default_addr.result # type: ignore |
494da23a TL |
456 | except AttributeError: |
457 | result = '::' if is_ipv6_enabled() else '0.0.0.0' | |
9f95a23c | 458 | get_default_addr.result = result # type: ignore |
494da23a TL |
459 | return result |
460 | ||
eafe8130 | 461 | |
522d829b TL |
462 | def build_url(host: str, scheme: Optional[str] = None, port: Optional[int] = None, path: str = '') -> str: |
463 | """ | |
464 | Build a valid URL. IPv6 addresses specified in host will be enclosed in brackets | |
465 | automatically. | |
466 | ||
467 | >>> build_url('example.com', 'https', 443) | |
468 | 'https://example.com:443' | |
469 | ||
470 | >>> build_url(host='example.com', port=443) | |
471 | '//example.com:443' | |
472 | ||
473 | >>> build_url('fce:9af7:a667:7286:4917:b8d3:34df:8373', port=80, scheme='http') | |
474 | 'http://[fce:9af7:a667:7286:4917:b8d3:34df:8373]:80' | |
475 | ||
476 | >>> build_url('example.com', 'https', 443, path='/metrics') | |
477 | 'https://example.com:443/metrics' | |
478 | ||
479 | ||
480 | :param scheme: The scheme, e.g. http, https or ftp. | |
481 | :type scheme: str | |
482 | :param host: Consisting of either a registered name (including but not limited to | |
483 | a hostname) or an IP address. | |
484 | :type host: str | |
485 | :type port: int | |
486 | :rtype: str | |
487 | """ | |
488 | netloc = wrap_ipv6(host) | |
489 | if port: | |
490 | netloc += ':{}'.format(port) | |
491 | pr = urllib.parse.ParseResult( | |
492 | scheme=scheme if scheme else '', | |
493 | netloc=netloc, | |
494 | path=path, | |
495 | params='', | |
496 | query='', | |
497 | fragment='') | |
498 | return pr.geturl() | |
499 | ||
500 | ||
eafe8130 TL |
501 | class ServerConfigException(Exception): |
502 | pass | |
503 | ||
9f95a23c | 504 | |
f67539c2 TL |
505 | def create_self_signed_cert(organisation: str = 'Ceph', |
506 | common_name: str = 'mgr', | |
507 | dname: Optional[Dict[str, str]] = None) -> Tuple[str, str]: | |
9f95a23c | 508 | """Returns self-signed PEM certificates valid for 10 years. |
1e59de90 | 509 | |
f67539c2 TL |
510 | The optional dname parameter provides complete control of the cert/key |
511 | creation by supporting all valid RDNs via a dictionary. However, if dname | |
512 | is not provided the default O and CN settings will be applied. | |
513 | ||
514 | :param organisation: String representing the Organisation(O) RDN (default='Ceph') | |
515 | :param common_name: String representing the Common Name(CN) RDN (default='mgr') | |
516 | :param dname: Optional dictionary containing RDNs to use for crt/key generation | |
517 | ||
518 | :return: ssl crt and key in utf-8 format | |
519 | ||
520 | :raises ValueError: if the dname parameter received contains invalid RDNs | |
521 | ||
9f95a23c TL |
522 | """ |
523 | ||
524 | from OpenSSL import crypto | |
525 | from uuid import uuid4 | |
526 | ||
f67539c2 TL |
527 | # RDN = Relative Distinguished Name |
528 | valid_RDN_list = ['C', 'ST', 'L', 'O', 'OU', 'CN', 'emailAddress'] | |
529 | ||
9f95a23c TL |
530 | # create a key pair |
531 | pkey = crypto.PKey() | |
532 | pkey.generate_key(crypto.TYPE_RSA, 2048) | |
533 | ||
f67539c2 TL |
534 | # Create a "subject" object |
535 | req = crypto.X509Req() | |
536 | subj = req.get_subject() | |
537 | ||
538 | if dname: | |
539 | # dname received, so check it contains valid RDNs | |
540 | if not all(field in valid_RDN_list for field in dname): | |
541 | raise ValueError("Invalid DNAME received. Valid DNAME fields are {}".format(', '.join(valid_RDN_list))) | |
542 | else: | |
543 | dname = {"O": organisation, "CN": common_name} | |
544 | ||
545 | # populate the subject with the dname settings | |
546 | for k, v in dname.items(): | |
547 | setattr(subj, k, v) | |
548 | ||
9f95a23c TL |
549 | # create a self-signed cert |
550 | cert = crypto.X509() | |
f67539c2 | 551 | cert.set_subject(req.get_subject()) |
9f95a23c TL |
552 | cert.set_serial_number(int(uuid4())) |
553 | cert.gmtime_adj_notBefore(0) | |
554 | cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) # 10 years | |
555 | cert.set_issuer(cert.get_subject()) | |
556 | cert.set_pubkey(pkey) | |
557 | cert.sign(pkey, 'sha512') | |
558 | ||
559 | cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) | |
560 | pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey) | |
561 | ||
562 | return cert.decode('utf-8'), pkey.decode('utf-8') | |
563 | ||
564 | ||
565 | def verify_cacrt_content(crt): | |
566 | # type: (str) -> None | |
567 | from OpenSSL import crypto | |
568 | try: | |
1e59de90 TL |
569 | crt_buffer = crt.encode("ascii") if isinstance(crt, str) else crt |
570 | x509 = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) | |
9f95a23c | 571 | if x509.has_expired(): |
1e59de90 TL |
572 | org, cn = get_cert_issuer_info(crt) |
573 | no_after = x509.get_notAfter() | |
574 | end_date = None | |
575 | if no_after is not None: | |
576 | end_date = datetime.datetime.strptime(no_after.decode('ascii'), '%Y%m%d%H%M%SZ') | |
577 | msg = f'Certificate issued by "{org}/{cn}" expired on {end_date}' | |
578 | logger.warning(msg) | |
579 | raise ServerConfigException(msg) | |
9f95a23c | 580 | except (ValueError, crypto.Error) as e: |
1e59de90 | 581 | raise ServerConfigException(f'Invalid certificate: {e}') |
9f95a23c TL |
582 | |
583 | ||
eafe8130 | 584 | def verify_cacrt(cert_fname): |
9f95a23c | 585 | # type: (str) -> None |
eafe8130 TL |
586 | """Basic validation of a ca cert""" |
587 | ||
588 | if not cert_fname: | |
589 | raise ServerConfigException("CA cert not configured") | |
590 | if not os.path.isfile(cert_fname): | |
591 | raise ServerConfigException("Certificate {} does not exist".format(cert_fname)) | |
592 | ||
eafe8130 TL |
593 | try: |
594 | with open(cert_fname) as f: | |
9f95a23c TL |
595 | verify_cacrt_content(f.read()) |
596 | except ValueError as e: | |
eafe8130 TL |
597 | raise ServerConfigException( |
598 | 'Invalid certificate {}: {}'.format(cert_fname, str(e))) | |
599 | ||
1e59de90 TL |
600 | def get_cert_issuer_info(crt: str) -> Tuple[Optional[str],Optional[str]]: |
601 | """Basic validation of a ca cert""" | |
602 | ||
603 | from OpenSSL import crypto, SSL | |
604 | try: | |
605 | crt_buffer = crt.encode("ascii") if isinstance(crt, str) else crt | |
606 | (org_name, cn) = (None, None) | |
607 | cert = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) | |
608 | components = cert.get_issuer().get_components() | |
609 | for c in components: | |
610 | if c[0].decode() == 'O': # org comp | |
611 | org_name = c[1].decode() | |
612 | elif c[0].decode() == 'CN': # common name comp | |
613 | cn = c[1].decode() | |
614 | return (org_name, cn) | |
615 | except (ValueError, crypto.Error) as e: | |
616 | raise ServerConfigException(f'Invalid certificate key: {e}') | |
eafe8130 | 617 | |
9f95a23c TL |
618 | def verify_tls(crt, key): |
619 | # type: (str, str) -> None | |
620 | verify_cacrt_content(crt) | |
621 | ||
622 | from OpenSSL import crypto, SSL | |
623 | try: | |
624 | _key = crypto.load_privatekey(crypto.FILETYPE_PEM, key) | |
625 | _key.check() | |
626 | except (ValueError, crypto.Error) as e: | |
627 | raise ServerConfigException( | |
628 | 'Invalid private key: {}'.format(str(e))) | |
629 | try: | |
1e59de90 TL |
630 | crt_buffer = crt.encode("ascii") if isinstance(crt, str) else crt |
631 | _crt = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) | |
9f95a23c TL |
632 | except ValueError as e: |
633 | raise ServerConfigException( | |
634 | 'Invalid certificate key: {}'.format(str(e)) | |
635 | ) | |
636 | ||
637 | try: | |
638 | context = SSL.Context(SSL.TLSv1_METHOD) | |
639 | context.use_certificate(_crt) | |
640 | context.use_privatekey(_key) | |
641 | context.check_privatekey() | |
642 | except crypto.Error as e: | |
1e59de90 TL |
643 | logger.warning('Private key and certificate do not match up: {}'.format(str(e))) |
644 | except SSL.Error as e: | |
645 | raise ServerConfigException(f'Invalid cert/key pair: {e}') | |
646 | ||
9f95a23c TL |
647 | |
648 | ||
eafe8130 | 649 | def verify_tls_files(cert_fname, pkey_fname): |
9f95a23c | 650 | # type: (str, str) -> None |
eafe8130 TL |
651 | """Basic checks for TLS certificate and key files |
652 | ||
653 | Do some validations to the private key and certificate: | |
654 | - Check the type and format | |
655 | - Check the certificate expiration date | |
656 | - Check the consistency of the private key | |
657 | - Check that the private key and certificate match up | |
658 | ||
659 | :param cert_fname: Name of the certificate file | |
660 | :param pkey_fname: name of the certificate public key file | |
661 | ||
662 | :raises ServerConfigException: An error with a message | |
663 | ||
664 | """ | |
665 | ||
666 | if not cert_fname or not pkey_fname: | |
667 | raise ServerConfigException('no certificate configured') | |
668 | ||
669 | verify_cacrt(cert_fname) | |
670 | ||
671 | if not os.path.isfile(pkey_fname): | |
672 | raise ServerConfigException('private key %s does not exist' % pkey_fname) | |
673 | ||
674 | from OpenSSL import crypto, SSL | |
675 | ||
676 | try: | |
677 | with open(pkey_fname) as f: | |
678 | pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read()) | |
679 | pkey.check() | |
680 | except (ValueError, crypto.Error) as e: | |
681 | raise ServerConfigException( | |
682 | 'Invalid private key {}: {}'.format(pkey_fname, str(e))) | |
683 | try: | |
684 | context = SSL.Context(SSL.TLSv1_METHOD) | |
685 | context.use_certificate_file(cert_fname, crypto.FILETYPE_PEM) | |
686 | context.use_privatekey_file(pkey_fname, crypto.FILETYPE_PEM) | |
687 | context.check_privatekey() | |
688 | except crypto.Error as e: | |
689 | logger.warning( | |
690 | 'Private key {} and certificate {} do not match up: {}'.format( | |
691 | pkey_fname, cert_fname, str(e))) | |
9f95a23c | 692 | |
f67539c2 TL |
693 | |
694 | def get_most_recent_rate(rates: Optional[List[Tuple[float, float]]]) -> float: | |
9f95a23c TL |
695 | """ Get most recent rate from rates |
696 | ||
697 | :param rates: The derivative between all time series data points [time in seconds, value] | |
698 | :type rates: list[tuple[int, float]] | |
699 | ||
700 | :return: The last derivative or 0.0 if none exists | |
701 | :rtype: float | |
702 | ||
703 | >>> get_most_recent_rate(None) | |
704 | 0.0 | |
705 | >>> get_most_recent_rate([]) | |
706 | 0.0 | |
707 | >>> get_most_recent_rate([(1, -2.0)]) | |
708 | -2.0 | |
709 | >>> get_most_recent_rate([(1, 2.0), (2, 1.5), (3, 5.0)]) | |
710 | 5.0 | |
711 | """ | |
712 | if not rates: | |
713 | return 0.0 | |
714 | return rates[-1][1] | |
715 | ||
f67539c2 | 716 | def get_time_series_rates(data: List[Tuple[float, float]]) -> List[Tuple[float, float]]: |
9f95a23c TL |
717 | """ Rates from time series data |
718 | ||
719 | :param data: Time series data [time in seconds, value] | |
720 | :type data: list[tuple[int, float]] | |
721 | ||
722 | :return: The derivative between all time series data points [time in seconds, value] | |
723 | :rtype: list[tuple[int, float]] | |
724 | ||
725 | >>> logger.debug = lambda s,x,y: print(s % (x,y)) | |
726 | >>> get_time_series_rates([]) | |
727 | [] | |
728 | >>> get_time_series_rates([[0, 1], [1, 3]]) | |
729 | [(1, 2.0)] | |
730 | >>> get_time_series_rates([[0, 2], [0, 3], [0, 1], [1, 2], [1, 3]]) | |
731 | Duplicate timestamp in time series data: [0, 2], [0, 3] | |
732 | Duplicate timestamp in time series data: [0, 3], [0, 1] | |
733 | Duplicate timestamp in time series data: [1, 2], [1, 3] | |
734 | [(1, 2.0)] | |
735 | >>> get_time_series_rates([[1, 1], [2, 3], [4, 11], [5, 16], [6, 22]]) | |
736 | [(2, 2.0), (4, 4.0), (5, 5.0), (6, 6.0)] | |
737 | """ | |
738 | data = _filter_time_series(data) | |
739 | if not data: | |
740 | return [] | |
f67539c2 | 741 | return [(data2[0], _derivative(data1, data2) if data1 is not None else 0.0) for data1, data2 in |
9f95a23c TL |
742 | _pairwise(data)] |
743 | ||
39ae355f TL |
744 | def name_to_config_section(name: str) -> ConfEntity: |
745 | """ | |
746 | Map from daemon names to ceph entity names (as seen in config) | |
747 | """ | |
748 | daemon_type = name.split('.', 1)[0] | |
749 | if daemon_type in ['rgw', 'rbd-mirror', 'nfs', 'crash', 'iscsi']: | |
750 | return ConfEntity('client.' + name) | |
751 | elif daemon_type in ['mon', 'osd', 'mds', 'mgr', 'client']: | |
752 | return ConfEntity(name) | |
753 | else: | |
754 | return ConfEntity('mon') | |
755 | ||
f67539c2 TL |
756 | |
757 | def _filter_time_series(data: List[Tuple[float, float]]) -> List[Tuple[float, float]]: | |
9f95a23c TL |
758 | """ Filters time series data |
759 | ||
760 | Filters out samples with the same timestamp in given time series data. | |
761 | It also enforces the list to contain at least two samples. | |
762 | ||
763 | All filtered values will be shown in the debug log. If values were filtered it's a bug in the | |
764 | time series data collector, please report it. | |
765 | ||
766 | :param data: Time series data [time in seconds, value] | |
767 | :type data: list[tuple[int, float]] | |
768 | ||
769 | :return: Filtered time series data [time in seconds, value] | |
770 | :rtype: list[tuple[int, float]] | |
771 | ||
772 | >>> logger.debug = lambda s,x,y: print(s % (x,y)) | |
773 | >>> _filter_time_series([]) | |
774 | [] | |
775 | >>> _filter_time_series([[1, 42]]) | |
776 | [] | |
777 | >>> _filter_time_series([[10, 2], [10, 3]]) | |
778 | Duplicate timestamp in time series data: [10, 2], [10, 3] | |
779 | [] | |
780 | >>> _filter_time_series([[0, 1], [1, 2]]) | |
781 | [[0, 1], [1, 2]] | |
782 | >>> _filter_time_series([[0, 2], [0, 3], [0, 1], [1, 2], [1, 3]]) | |
783 | Duplicate timestamp in time series data: [0, 2], [0, 3] | |
784 | Duplicate timestamp in time series data: [0, 3], [0, 1] | |
785 | Duplicate timestamp in time series data: [1, 2], [1, 3] | |
786 | [[0, 1], [1, 3]] | |
787 | >>> _filter_time_series([[1, 1], [2, 3], [4, 11], [5, 16], [6, 22]]) | |
788 | [[1, 1], [2, 3], [4, 11], [5, 16], [6, 22]] | |
789 | """ | |
790 | filtered = [] | |
791 | for i in range(len(data) - 1): | |
792 | if data[i][0] == data[i + 1][0]: # Same timestamp | |
793 | logger.debug("Duplicate timestamp in time series data: %s, %s", data[i], data[i + 1]) | |
794 | continue | |
795 | filtered.append(data[i]) | |
796 | if not filtered: | |
797 | return [] | |
798 | filtered.append(data[-1]) | |
799 | return filtered | |
800 | ||
f67539c2 TL |
801 | |
802 | def _derivative(p1: Tuple[float, float], p2: Tuple[float, float]) -> float: | |
9f95a23c TL |
803 | """ Derivative between two time series data points |
804 | ||
805 | :param p1: Time series data [time in seconds, value] | |
806 | :type p1: tuple[int, float] | |
807 | :param p2: Time series data [time in seconds, value] | |
808 | :type p2: tuple[int, float] | |
809 | ||
810 | :return: Derivative between both points | |
811 | :rtype: float | |
812 | ||
813 | >>> _derivative([0, 0], [2, 1]) | |
814 | 0.5 | |
815 | >>> _derivative([0, 1], [2, 0]) | |
816 | -0.5 | |
817 | >>> _derivative([0, 0], [3, 1]) | |
818 | 0.3333333333333333 | |
819 | """ | |
820 | return (p2[1] - p1[1]) / float(p2[0] - p1[0]) | |
821 | ||
f67539c2 TL |
822 | |
823 | def _pairwise(iterable: Iterable[T]) -> Generator[Tuple[Optional[T], T], None, None]: | |
9f95a23c TL |
824 | it = iter(iterable) |
825 | a = next(it, None) | |
826 | ||
827 | for b in it: | |
828 | yield (a, b) | |
829 | a = b | |
830 | ||
f67539c2 TL |
831 | |
832 | def to_pretty_timedelta(n: datetime.timedelta) -> str: | |
9f95a23c | 833 | if n < datetime.timedelta(seconds=120): |
1e59de90 | 834 | return str(int(n.total_seconds())) + 's' |
9f95a23c | 835 | if n < datetime.timedelta(minutes=120): |
1e59de90 | 836 | return str(int(n.total_seconds()) // 60) + 'm' |
9f95a23c | 837 | if n < datetime.timedelta(hours=48): |
1e59de90 | 838 | return str(int(n.total_seconds()) // 3600) + 'h' |
9f95a23c | 839 | if n < datetime.timedelta(days=14): |
1e59de90 | 840 | return str(int(n.total_seconds()) // (3600*24)) + 'd' |
9f95a23c | 841 | if n < datetime.timedelta(days=7*12): |
1e59de90 | 842 | return str(int(n.total_seconds()) // (3600*24*7)) + 'w' |
9f95a23c | 843 | if n < datetime.timedelta(days=365*2): |
1e59de90 TL |
844 | return str(int(n.total_seconds()) // (3600*24*30)) + 'M' |
845 | return str(int(n.total_seconds()) // (3600*24*365)) + 'y' | |
f6b5b4d7 TL |
846 | |
847 | ||
f67539c2 | 848 | def profile_method(skip_attribute: bool = False) -> Callable[[Callable[..., T]], Callable[..., T]]: |
f6b5b4d7 TL |
849 | """ |
850 | Decorator for methods of the Module class. Logs the name of the given | |
851 | function f with the time it takes to execute it. | |
852 | """ | |
f67539c2 | 853 | def outer(f: Callable[..., T]) -> Callable[..., T]: |
f6b5b4d7 | 854 | @wraps(f) |
f67539c2 | 855 | def wrapper(*args: Any, **kwargs: Any) -> T: |
f6b5b4d7 TL |
856 | self = args[0] |
857 | t = time.time() | |
858 | self.log.debug('Starting method {}.'.format(f.__name__)) | |
859 | result = f(*args, **kwargs) | |
860 | duration = time.time() - t | |
861 | if not skip_attribute: | |
862 | wrapper._execution_duration = duration # type: ignore | |
863 | self.log.debug('Method {} ran {:.3f} seconds.'.format(f.__name__, duration)) | |
864 | return result | |
865 | return wrapper | |
866 | return outer | |
1e59de90 TL |
867 | |
868 | ||
869 | def password_hash(password: Optional[str], salt_password: Optional[str] = None) -> Optional[str]: | |
870 | if not password: | |
871 | return None | |
872 | if not salt_password: | |
873 | salt = bcrypt.gensalt() | |
874 | else: | |
875 | salt = salt_password.encode('utf8') | |
876 | return bcrypt.hashpw(password.encode('utf8'), salt).decode('utf8') |