[ceph.git] / ceph / src / pybind / mgr / dashboard / module.py

# -*- coding: utf-8 -*-
"""
ceph dashboard mgr plugin (based on CherryPy)
"""
from __future__ import absolute_import

import collections
import errno
import os
import socket
import tempfile
import threading
import time
from uuid import uuid4
from OpenSSL import crypto
from mgr_module import MgrModule, MgrStandbyModule, Option, CLIWriteCommand
from mgr_util import get_default_addr, ServerConfigException, verify_tls_files

try:
    import cherrypy
    from cherrypy._cptools import HandlerWrapperTool
except ImportError:
    # To be picked up and reported by .can_run()
    cherrypy = None

from .services.sso import load_sso_db

if cherrypy is not None:
    from .cherrypy_backports import patch_cherrypy
    patch_cherrypy(cherrypy.__version__)

if 'COVERAGE_ENABLED' in os.environ:
    import coverage
    __cov = coverage.Coverage(config_file="{}/.coveragerc".format(os.path.dirname(__file__)),
                              data_suffix=True)

    cherrypy.engine.subscribe('start', __cov.start)
    cherrypy.engine.subscribe('after_request', __cov.save)
    cherrypy.engine.subscribe('stop', __cov.stop)

# pylint: disable=wrong-import-position
from . import logger, mgr
from .controllers import generate_routes, json_error_page
from .grafana import push_local_dashboards
from .tools import NotificationQueue, RequestLoggingTool, TaskManager, \
                   prepare_url_prefix, str_to_bool
from .services.auth import AuthManager, AuthManagerTool, JwtManager
from .services.sso import SSO_COMMANDS, \
                          handle_sso_command
from .services.exception import dashboard_exception_handler
from .settings import options_command_list, options_schema_list, \
                      handle_option_command

from .plugins import PLUGIN_MANAGER
from .plugins import feature_toggles, debug  # noqa # pylint: disable=unused-import


PLUGIN_MANAGER.hook.init()


# cherrypy likes to sys.exit on error.  don't let it take us down too!
# pylint: disable=W0613
def os_exit_noop(*args):
    pass


# pylint: disable=W0212
os._exit = os_exit_noop


class CherryPyConfig(object):
    """
    Class for common server configuration done by both active and
    standby module, especially setting up SSL.
    """

    def __init__(self):
        self._stopping = threading.Event()
        self._url_prefix = ""

        self.cert_tmp = None
        self.pkey_tmp = None

    def shutdown(self):
        self._stopping.set()

    @property
    def url_prefix(self):
        return self._url_prefix

    @staticmethod
    def update_cherrypy_config(config):
        PLUGIN_MANAGER.hook.configure_cherrypy(config=config)
        cherrypy.config.update(config)

    # pylint: disable=too-many-branches
    def _configure(self):
        """
        Configure CherryPy and initialize self.url_prefix

        :returns our URI
        """
        server_addr = self.get_localized_module_option(
            'server_addr', get_default_addr())
        ssl = self.get_localized_module_option('ssl', True)
        if not ssl:
            server_port = self.get_localized_module_option('server_port', 8080)
        else:
            server_port = self.get_localized_module_option('ssl_server_port', 8443)

        if server_addr is None:
            raise ServerConfigException(
                'no server_addr configured; '
                'try "ceph config set mgr mgr/{}/{}/server_addr <ip>"'
                .format(self.module_name, self.get_mgr_id()))
        self.log.info('server: ssl=%s host=%s port=%d', 'yes' if ssl else 'no',
                      server_addr, server_port)

        # Initialize custom handlers.
        cherrypy.tools.authenticate = AuthManagerTool()
        cherrypy.tools.plugin_hooks_filter_request = cherrypy.Tool(
            'before_handler',
            lambda: PLUGIN_MANAGER.hook.filter_request_before_handler(request=cherrypy.request),
            priority=1)
        cherrypy.tools.request_logging = RequestLoggingTool()
        cherrypy.tools.dashboard_exception_handler = HandlerWrapperTool(dashboard_exception_handler,
                                                                        priority=31)

        # Apply the 'global' CherryPy configuration.
        config = {
            'engine.autoreload.on': False,
            'server.socket_host': server_addr,
            'server.socket_port': int(server_port),
            'error_page.default': json_error_page,
            'tools.request_logging.on': True,
            'tools.gzip.on': True,
            'tools.gzip.mime_types': [
                # text/html and text/plain are the default types to compress
                'text/html', 'text/plain',
                # We also want JSON and JavaScript to be compressed
                'application/json',
                'application/javascript',
            ],
            'tools.json_in.on': True,
            'tools.json_in.force': False,
            'tools.plugin_hooks_filter_request.on': True,
        }

        if ssl:
            # SSL initialization
            cert = self.get_store("crt")
            if cert is not None:
                self.cert_tmp = tempfile.NamedTemporaryFile()
                self.cert_tmp.write(cert.encode('utf-8'))
                self.cert_tmp.flush()  # cert_tmp must not be gc'ed
                cert_fname = self.cert_tmp.name
            else:
                cert_fname = self.get_localized_module_option('crt_file')

            pkey = self.get_store("key")
            if pkey is not None:
                self.pkey_tmp = tempfile.NamedTemporaryFile()
                self.pkey_tmp.write(pkey.encode('utf-8'))
                self.pkey_tmp.flush()  # pkey_tmp must not be gc'ed
                pkey_fname = self.pkey_tmp.name
            else:
                pkey_fname = self.get_localized_module_option('key_file')

            verify_tls_files(cert_fname, pkey_fname)

            config['server.ssl_module'] = 'builtin'
            config['server.ssl_certificate'] = cert_fname
            config['server.ssl_private_key'] = pkey_fname

        self.update_cherrypy_config(config)

        self._url_prefix = prepare_url_prefix(self.get_module_option('url_prefix',
                                                                     default=''))

        uri = "{0}://{1}:{2}{3}/".format(
            'https' if ssl else 'http',
            socket.getfqdn() if server_addr in ['::', '0.0.0.0'] else server_addr,
            server_port,
            self.url_prefix
        )

        return uri

    def await_configuration(self):
        """
        Block until configuration is ready (i.e. all needed keys are set)
        or self._stopping is set.

        :returns URI of configured webserver
        """
        while not self._stopping.is_set():
            try:
                uri = self._configure()
            except ServerConfigException as e:
                self.log.info("Config not ready to serve, waiting: {0}".format(
                    e
                ))
                # Poll until a non-errored config is present
                self._stopping.wait(5)
            else:
                self.log.info("Configured CherryPy, starting engine...")
                return uri


class Module(MgrModule, CherryPyConfig):
    """
    dashboard module entrypoint
    """

    COMMANDS = [
        {
            'cmd': 'dashboard set-jwt-token-ttl '
                   'name=seconds,type=CephInt',
            'desc': 'Set the JWT token TTL in seconds',
            'perm': 'w'
        },
        {
            'cmd': 'dashboard get-jwt-token-ttl',
            'desc': 'Get the JWT token TTL in seconds',
            'perm': 'r'
        },
        {
            "cmd": "dashboard create-self-signed-cert",
            "desc": "Create self signed certificate",
            "perm": "w"
        },
        {
            "cmd": "dashboard grafana dashboards update",
            "desc": "Push dashboards to Grafana",
            "perm": "w",
        },
    ]
    COMMANDS.extend(options_command_list())
    COMMANDS.extend(SSO_COMMANDS)
    PLUGIN_MANAGER.hook.register_commands()

    MODULE_OPTIONS = [
        Option(name='server_addr', type='str', default=get_default_addr()),
        Option(name='server_port', type='int', default=8080),
        Option(name='ssl_server_port', type='int', default=8443),
        Option(name='jwt_token_ttl', type='int', default=28800),
        Option(name='password', type='str', default=''),
        Option(name='url_prefix', type='str', default=''),
        Option(name='username', type='str', default=''),
        Option(name='key_file', type='str', default=''),
        Option(name='crt_file', type='str', default=''),
        Option(name='ssl', type='bool', default=True),
        Option(name='standby_behaviour', type='str', default='redirect',
               enum_allowed=['redirect', 'error']),
        Option(name='standby_error_status_code', type='int', default=500,
               min=400, max=599)
    ]
    MODULE_OPTIONS.extend(options_schema_list())
    for options in PLUGIN_MANAGER.hook.get_options() or []:
        MODULE_OPTIONS.extend(options)

    __pool_stats = collections.defaultdict(lambda: collections.defaultdict(
        lambda: collections.deque(maxlen=10)))

    def __init__(self, *args, **kwargs):
        super(Module, self).__init__(*args, **kwargs)
        CherryPyConfig.__init__(self)

        mgr.init(self)

        self._stopping = threading.Event()
        self.shutdown_event = threading.Event()

        self.ACCESS_CTRL_DB = None
        self.SSO_DB = None

    @classmethod
    def can_run(cls):
        if cherrypy is None:
            return False, "Missing dependency: cherrypy"

        if not os.path.exists(cls.get_frontend_path()):
            return False, "Frontend assets not found: incomplete build?"

        return True, ""

    @classmethod
    def get_frontend_path(cls):
        current_dir = os.path.dirname(os.path.abspath(__file__))
        return os.path.join(current_dir, 'frontend/dist')

    def serve(self):
        AuthManager.initialize()
        load_sso_db()

        uri = self.await_configuration()
        if uri is None:
            # We were shut down while waiting
            return

        # Publish the URI that others may use to access the service we're
        # about to start serving
        self.set_uri(uri)

        mapper, parent_urls = generate_routes(self.url_prefix)

        config = {}
        for purl in parent_urls:
            config[purl] = {
                'request.dispatch': mapper
            }

        cherrypy.tree.mount(None, config=config)

        PLUGIN_MANAGER.hook.setup()

        cherrypy.engine.start()
        NotificationQueue.start_queue()
        TaskManager.init()
        logger.info('Engine started.')
        update_dashboards = str_to_bool(
            self.get_module_option('GRAFANA_UPDATE_DASHBOARDS', 'False'))
        if update_dashboards:
            logger.info('Starting Grafana dashboard task')
            TaskManager.run(
                'grafana/dashboards/update',
                {},
                push_local_dashboards,
                kwargs=dict(tries=10, sleep=60),
            )
        # wait for the shutdown event
        self.shutdown_event.wait()
        self.shutdown_event.clear()
        NotificationQueue.stop()
        cherrypy.engine.stop()
        logger.info('Engine stopped')

    def shutdown(self):
        super(Module, self).shutdown()
        CherryPyConfig.shutdown(self)
        logger.info('Stopping engine...')
        self.shutdown_event.set()

    @CLIWriteCommand("dashboard set-ssl-certificate",
                     "name=mgr_id,type=CephString,req=false")
    def set_ssl_certificate(self, mgr_id=None, inbuf=None):
        if inbuf is None:
            return -errno.EINVAL, '',\
                   'Please specify the certificate file with "-i" option'
        if mgr_id is not None:
            self.set_store('{}/crt'.format(mgr_id), inbuf)
        else:
            self.set_store('crt', inbuf)
        return 0, 'SSL certificate updated', ''

    @CLIWriteCommand("dashboard set-ssl-certificate-key",
                     "name=mgr_id,type=CephString,req=false")
    def set_ssl_certificate_key(self, mgr_id=None, inbuf=None):
        if inbuf is None:
            return -errno.EINVAL, '',\
                   'Please specify the certificate key file with "-i" option'
        if mgr_id is not None:
            self.set_store('{}/key'.format(mgr_id), inbuf)
        else:
            self.set_store('key', inbuf)
        return 0, 'SSL certificate key updated', ''

    def handle_command(self, inbuf, cmd):
        # pylint: disable=too-many-return-statements
        res = handle_option_command(cmd)
        if res[0] != -errno.ENOSYS:
            return res
        res = handle_sso_command(cmd)
        if res[0] != -errno.ENOSYS:
            return res
        if cmd['prefix'] == 'dashboard set-jwt-token-ttl':
            self.set_module_option('jwt_token_ttl', str(cmd['seconds']))
            return 0, 'JWT token TTL updated', ''
        if cmd['prefix'] == 'dashboard get-jwt-token-ttl':
            ttl = self.get_module_option('jwt_token_ttl', JwtManager.JWT_TOKEN_TTL)
            return 0, str(ttl), ''
        if cmd['prefix'] == 'dashboard create-self-signed-cert':
            self.create_self_signed_cert()
            return 0, 'Self-signed certificate created', ''
        if cmd['prefix'] == 'dashboard grafana dashboards update':
            push_local_dashboards()
            return 0, 'Grafana dashboards updated', ''

        return (-errno.EINVAL, '', 'Command not found \'{0}\''
                .format(cmd['prefix']))

    def create_self_signed_cert(self):
        # create a key pair
        pkey = crypto.PKey()
        pkey.generate_key(crypto.TYPE_RSA, 2048)

        # create a self-signed cert
        cert = crypto.X509()
        cert.get_subject().O = "IT"
        cert.get_subject().CN = "ceph-dashboard"
        cert.set_serial_number(int(uuid4()))
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(10*365*24*60*60)
        cert.set_issuer(cert.get_subject())
        cert.set_pubkey(pkey)
        cert.sign(pkey, 'sha512')

        cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
        self.set_store('crt', cert.decode('utf-8'))

        pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
        self.set_store('key', pkey.decode('utf-8'))

    def notify(self, notify_type, notify_id):
        NotificationQueue.new_notification(notify_type, notify_id)

    def get_updated_pool_stats(self):
        df = self.get('df')
        pool_stats = {p['id']: p['stats'] for p in df['pools']}
        now = time.time()
        for pool_id, stats in pool_stats.items():
            for stat_name, stat_val in stats.items():
                self.__pool_stats[pool_id][stat_name].append((now, stat_val))

        return self.__pool_stats


class StandbyModule(MgrStandbyModule, CherryPyConfig):
    def __init__(self, *args, **kwargs):
        super(StandbyModule, self).__init__(*args, **kwargs)
        CherryPyConfig.__init__(self)
        self.shutdown_event = threading.Event()

        # We can set the global mgr instance to ourselves even though
        # we're just a standby, because it's enough for logging.
        mgr.init(self)

    def serve(self):
        uri = self.await_configuration()
        if uri is None:
            # We were shut down while waiting
            return

        module = self

        class Root(object):
            @cherrypy.expose
            def default(self, *args, **kwargs):
                if module.get_module_option('standby_behaviour', 'redirect') == 'redirect':
                    active_uri = module.get_active_uri()
                    if active_uri:
                        module.log.info("Redirecting to active '%s'", active_uri)
                        raise cherrypy.HTTPRedirect(active_uri)
                    else:
                        template = """
                    <html>
                        <!-- Note: this is only displayed when the standby
                             does not know an active URI to redirect to, otherwise
                             a simple redirect is returned instead -->
                        <head>
                            <title>Ceph</title>
                            <meta http-equiv="refresh" content="{delay}">
                        </head>
                        <body>
                            No active ceph-mgr instance is currently running
                            the dashboard. A failover may be in progress.
                            Retrying in {delay} seconds...
                        </body>
                    </html>
                        """
                        return template.format(delay=5)
                else:
                    status = module.get_module_option('standby_error_status_code', 500)
                    raise cherrypy.HTTPError(status, message="Keep on looking")

        cherrypy.tree.mount(Root(), "{}/".format(self.url_prefix), {})
        self.log.info("Starting engine...")
        cherrypy.engine.start()
        self.log.info("Engine started...")
        # Wait for shutdown event
        self.shutdown_event.wait()
        self.shutdown_event.clear()
        cherrypy.engine.stop()
        self.log.info("Engine stopped.")

    def shutdown(self):
        CherryPyConfig.shutdown(self)

        self.log.info("Stopping engine...")
        self.shutdown_event.set()
        self.log.info("Stopped engine...")
Commit	Line	Data
11fdf7f2	1	# -- coding: utf-8 --
31f18b77	2	"""
11fdf7f2	3	ceph dashboard mgr plugin (based on CherryPy)
31f18b77	4	"""
11fdf7f2	5	from __future__ import absolute_import
31f18b77	6
31f18b77	7	import collections
11fdf7f2	8	import errno
31f18b77	9	import os
3efd9988	10	import socket
11fdf7f2 TL	11	import tempfile
	12	import threading
	13	import time
	14	from uuid import uuid4
eafe8130	15	from OpenSSL import crypto
494da23a	16	from mgr_module import MgrModule, MgrStandbyModule, Option, CLIWriteCommand
eafe8130	17	from mgr_util import get_default_addr, ServerConfigException, verify_tls_files
11fdf7f2 TL	18
	19	try:
	20	import cherrypy
	21	from cherrypy._cptools import HandlerWrapperTool
	22	except ImportError:
	23	# To be picked up and reported by .can_run()
	24	cherrypy = None
	25
	26	from .services.sso import load_sso_db
	27
11fdf7f2	28	if cherrypy is not None:
92f5a8d4 TL	29	from .cherrypy_backports import patch_cherrypy
92f5a8d4 TL	30	patch_cherrypy(cherrypy.__version__)
a8e16298	31
11fdf7f2 TL	32	if 'COVERAGE_ENABLED' in os.environ:
	33	import coverage
	34	__cov = coverage.Coverage(config_file="{}/.coveragerc".format(os.path.dirname(__file__)),
	35	data_suffix=True)
31f18b77	36
11fdf7f2 TL	37	cherrypy.engine.subscribe('start', __cov.start)
	38	cherrypy.engine.subscribe('after_request', __cov.save)
	39	cherrypy.engine.subscribe('stop', __cov.stop)
31f18b77	40
11fdf7f2 TL	41	# pylint: disable=wrong-import-position
	42	from . import logger, mgr
	43	from .controllers import generate_routes, json_error_page
81eedcae	44	from .grafana import push_local_dashboards
11fdf7f2	45	from .tools import NotificationQueue, RequestLoggingTool, TaskManager, \
81eedcae	46	prepare_url_prefix, str_to_bool
11fdf7f2 TL	47	from .services.auth import AuthManager, AuthManagerTool, JwtManager
	48	from .services.sso import SSO_COMMANDS, \
	49	handle_sso_command
	50	from .services.exception import dashboard_exception_handler
	51	from .settings import options_command_list, options_schema_list, \
	52	handle_option_command
31f18b77	53
11fdf7f2	54	from .plugins import PLUGIN_MANAGER
92f5a8d4 TL	55	from .plugins import feature_toggles, debug # noqa # pylint: disable=unused-import
	56
	57
	58	PLUGIN_MANAGER.hook.init()
3efd9988 FG	59
3efd9988 FG	60
11fdf7f2 TL	61	# cherrypy likes to sys.exit on error. don't let it take us down too!
	62	# pylint: disable=W0613
	63	def os_exit_noop(*args):
	64	pass
3efd9988	65
b32b8144	66
11fdf7f2 TL	67	# pylint: disable=W0212
11fdf7f2 TL	68	os._exit = os_exit_noop
b32b8144	69
3efd9988	70
11fdf7f2 TL	71	class CherryPyConfig(object):
	72	"""
	73	Class for common server configuration done by both active and
	74	standby module, especially setting up SSL.
	75	"""
81eedcae	76
11fdf7f2 TL	77	def __init__(self):
	78	self._stopping = threading.Event()
	79	self._url_prefix = ""
3efd9988	80
11fdf7f2 TL	81	self.cert_tmp = None
11fdf7f2 TL	82	self.pkey_tmp = None
3efd9988 FG	83
3efd9988 FG	84	def shutdown(self):
11fdf7f2	85	self._stopping.set()
3efd9988	86
31f18b77	87	@property
11fdf7f2 TL	88	def url_prefix(self):
11fdf7f2 TL	89	return self._url_prefix
31f18b77	90
92f5a8d4 TL	91	@staticmethod
	92	def update_cherrypy_config(config):
	93	PLUGIN_MANAGER.hook.configure_cherrypy(config=config)
	94	cherrypy.config.update(config)
	95
81eedcae	96	# pylint: disable=too-many-branches
11fdf7f2	97	def _configure(self):
31f18b77	98	"""
11fdf7f2 TL	99	Configure CherryPy and initialize self.url_prefix
	100
	101	:returns our URI
31f18b77	102	"""
494da23a TL	103	server_addr = self.get_localized_module_option(
494da23a TL	104	'server_addr', get_default_addr())
11fdf7f2 TL	105	ssl = self.get_localized_module_option('ssl', True)
	106	if not ssl:
	107	server_port = self.get_localized_module_option('server_port', 8080)
31f18b77	108	else:
11fdf7f2	109	server_port = self.get_localized_module_option('ssl_server_port', 8443)
31f18b77	110
11fdf7f2 TL	111	if server_addr is None:
	112	raise ServerConfigException(
	113	'no server_addr configured; '
	114	'try "ceph config set mgr mgr/{}/{}/server_addr <ip>"'
	115	.format(self.module_name, self.get_mgr_id()))
	116	self.log.info('server: ssl=%s host=%s port=%d', 'yes' if ssl else 'no',
	117	server_addr, server_port)
	118
	119	# Initialize custom handlers.
	120	cherrypy.tools.authenticate = AuthManagerTool()
92f5a8d4	121	cherrypy.tools.plugin_hooks_filter_request = cherrypy.Tool(
11fdf7f2 TL	122	'before_handler',
11fdf7f2 TL	123	lambda: PLUGIN_MANAGER.hook.filter_request_before_handler(request=cherrypy.request),
92f5a8d4	124	priority=1)
11fdf7f2 TL	125	cherrypy.tools.request_logging = RequestLoggingTool()
	126	cherrypy.tools.dashboard_exception_handler = HandlerWrapperTool(dashboard_exception_handler,
	127	priority=31)
	128
	129	# Apply the 'global' CherryPy configuration.
	130	config = {
	131	'engine.autoreload.on': False,
	132	'server.socket_host': server_addr,
	133	'server.socket_port': int(server_port),
	134	'error_page.default': json_error_page,
	135	'tools.request_logging.on': True,
	136	'tools.gzip.on': True,
	137	'tools.gzip.mime_types': [
	138	# text/html and text/plain are the default types to compress
	139	'text/html', 'text/plain',
	140	# We also want JSON and JavaScript to be compressed
	141	'application/json',
	142	'application/javascript',
	143	],
	144	'tools.json_in.on': True,
	145	'tools.json_in.force': False,
92f5a8d4	146	'tools.plugin_hooks_filter_request.on': True,
31f18b77 FG	147	}
31f18b77 FG	148
11fdf7f2 TL	149	if ssl:
	150	# SSL initialization
	151	cert = self.get_store("crt")
	152	if cert is not None:
	153	self.cert_tmp = tempfile.NamedTemporaryFile()
	154	self.cert_tmp.write(cert.encode('utf-8'))
	155	self.cert_tmp.flush() # cert_tmp must not be gc'ed
	156	cert_fname = self.cert_tmp.name
b32b8144	157	else:
11fdf7f2 TL	158	cert_fname = self.get_localized_module_option('crt_file')
	159
	160	pkey = self.get_store("key")
	161	if pkey is not None:
	162	self.pkey_tmp = tempfile.NamedTemporaryFile()
	163	self.pkey_tmp.write(pkey.encode('utf-8'))
	164	self.pkey_tmp.flush() # pkey_tmp must not be gc'ed
	165	pkey_fname = self.pkey_tmp.name
	166	else:
	167	pkey_fname = self.get_localized_module_option('key_file')
c07f9fc5	168
eafe8130	169	verify_tls_files(cert_fname, pkey_fname)
81eedcae	170
11fdf7f2 TL	171	config['server.ssl_module'] = 'builtin'
	172	config['server.ssl_certificate'] = cert_fname
	173	config['server.ssl_private_key'] = pkey_fname
31f18b77	174
92f5a8d4	175	self.update_cherrypy_config(config)
31f18b77	176
11fdf7f2 TL	177	self._url_prefix = prepare_url_prefix(self.get_module_option('url_prefix',
11fdf7f2 TL	178	default=''))
31f18b77	179
11fdf7f2 TL	180	uri = "{0}://{1}:{2}{3}/".format(
11fdf7f2 TL	181	'https' if ssl else 'http',
eafe8130	182	socket.getfqdn() if server_addr in ['::', '0.0.0.0'] else server_addr,
11fdf7f2 TL	183	server_port,
	184	self.url_prefix
	185	)
1adf2230	186
11fdf7f2	187	return uri
1adf2230	188
11fdf7f2 TL	189	def await_configuration(self):
	190	"""
	191	Block until configuration is ready (i.e. all needed keys are set)
	192	or self._stopping is set.
31f18b77	193
11fdf7f2 TL	194	:returns URI of configured webserver
	195	"""
	196	while not self._stopping.is_set():
	197	try:
	198	uri = self._configure()
	199	except ServerConfigException as e:
	200	self.log.info("Config not ready to serve, waiting: {0}".format(
	201	e
	202	))
	203	# Poll until a non-errored config is present
	204	self._stopping.wait(5)
	205	else:
	206	self.log.info("Configured CherryPy, starting engine...")
	207	return uri
31f18b77	208
31f18b77	209
11fdf7f2 TL	210	class Module(MgrModule, CherryPyConfig):
	211	"""
	212	dashboard module entrypoint
	213	"""
31f18b77	214
11fdf7f2 TL	215	COMMANDS = [
	216	{
	217	'cmd': 'dashboard set-jwt-token-ttl '
	218	'name=seconds,type=CephInt',
	219	'desc': 'Set the JWT token TTL in seconds',
	220	'perm': 'w'
	221	},
	222	{
	223	'cmd': 'dashboard get-jwt-token-ttl',
	224	'desc': 'Get the JWT token TTL in seconds',
	225	'perm': 'r'
	226	},
	227	{
	228	"cmd": "dashboard create-self-signed-cert",
	229	"desc": "Create self signed certificate",
	230	"perm": "w"
	231	},
81eedcae TL	232	{
	233	"cmd": "dashboard grafana dashboards update",
	234	"desc": "Push dashboards to Grafana",
	235	"perm": "w",
	236	},
11fdf7f2 TL	237	]
	238	COMMANDS.extend(options_command_list())
	239	COMMANDS.extend(SSO_COMMANDS)
	240	PLUGIN_MANAGER.hook.register_commands()
	241
	242	MODULE_OPTIONS = [
494da23a	243	Option(name='server_addr', type='str', default=get_default_addr()),
11fdf7f2 TL	244	Option(name='server_port', type='int', default=8080),
	245	Option(name='ssl_server_port', type='int', default=8443),
	246	Option(name='jwt_token_ttl', type='int', default=28800),
	247	Option(name='password', type='str', default=''),
	248	Option(name='url_prefix', type='str', default=''),
	249	Option(name='username', type='str', default=''),
	250	Option(name='key_file', type='str', default=''),
	251	Option(name='crt_file', type='str', default=''),
eafe8130 TL	252	Option(name='ssl', type='bool', default=True),
	253	Option(name='standby_behaviour', type='str', default='redirect',
	254	enum_allowed=['redirect', 'error']),
	255	Option(name='standby_error_status_code', type='int', default=500,
	256	min=400, max=599)
11fdf7f2 TL	257	]
	258	MODULE_OPTIONS.extend(options_schema_list())
	259	for options in PLUGIN_MANAGER.hook.get_options() or []:
	260	MODULE_OPTIONS.extend(options)
	261
	262	__pool_stats = collections.defaultdict(lambda: collections.defaultdict(
	263	lambda: collections.deque(maxlen=10)))
31f18b77	264
11fdf7f2 TL	265	def __init__(self, args, *kwargs):
	266	super(Module, self).__init__(args, *kwargs)
	267	CherryPyConfig.__init__(self)
31f18b77	268
11fdf7f2	269	mgr.init(self)
31f18b77	270
11fdf7f2 TL	271	self._stopping = threading.Event()
11fdf7f2 TL	272	self.shutdown_event = threading.Event()
31f18b77	273
11fdf7f2 TL	274	self.ACCESS_CTRL_DB = None
11fdf7f2 TL	275	self.SSO_DB = None
31f18b77	276
11fdf7f2 TL	277	@classmethod
	278	def can_run(cls):
	279	if cherrypy is None:
	280	return False, "Missing dependency: cherrypy"
31f18b77	281
11fdf7f2 TL	282	if not os.path.exists(cls.get_frontend_path()):
11fdf7f2 TL	283	return False, "Frontend assets not found: incomplete build?"
31f18b77	284
11fdf7f2	285	return True, ""
31f18b77	286
11fdf7f2 TL	287	@classmethod
	288	def get_frontend_path(cls):
	289	current_dir = os.path.dirname(os.path.abspath(__file__))
	290	return os.path.join(current_dir, 'frontend/dist')
c07f9fc5	291
11fdf7f2 TL	292	def serve(self):
	293	AuthManager.initialize()
	294	load_sso_db()
31f18b77	295
11fdf7f2 TL	296	uri = self.await_configuration()
	297	if uri is None:
	298	# We were shut down while waiting
	299	return
3efd9988 FG	300
	301	# Publish the URI that others may use to access the service we're
	302	# about to start serving
11fdf7f2	303	self.set_uri(uri)
c07f9fc5	304
11fdf7f2	305	mapper, parent_urls = generate_routes(self.url_prefix)
c07f9fc5	306
eafe8130	307	config = {}
11fdf7f2 TL	308	for purl in parent_urls:
	309	config[purl] = {
	310	'request.dispatch': mapper
	311	}
92f5a8d4	312
11fdf7f2	313	cherrypy.tree.mount(None, config=config)
c07f9fc5	314
11fdf7f2	315	PLUGIN_MANAGER.hook.setup()
c07f9fc5	316
11fdf7f2 TL	317	cherrypy.engine.start()
	318	NotificationQueue.start_queue()
	319	TaskManager.init()
	320	logger.info('Engine started.')
81eedcae TL	321	update_dashboards = str_to_bool(
	322	self.get_module_option('GRAFANA_UPDATE_DASHBOARDS', 'False'))
	323	if update_dashboards:
	324	logger.info('Starting Grafana dashboard task')
	325	TaskManager.run(
	326	'grafana/dashboards/update',
	327	{},
	328	push_local_dashboards,
	329	kwargs=dict(tries=10, sleep=60),
	330	)
11fdf7f2 TL	331	# wait for the shutdown event
	332	self.shutdown_event.wait()
	333	self.shutdown_event.clear()
	334	NotificationQueue.stop()
	335	cherrypy.engine.stop()
	336	logger.info('Engine stopped')
c07f9fc5	337
11fdf7f2 TL	338	def shutdown(self):
	339	super(Module, self).shutdown()
	340	CherryPyConfig.shutdown(self)
	341	logger.info('Stopping engine...')
	342	self.shutdown_event.set()
	343
494da23a TL	344	@CLIWriteCommand("dashboard set-ssl-certificate",
	345	"name=mgr_id,type=CephString,req=false")
	346	def set_ssl_certificate(self, mgr_id=None, inbuf=None):
	347	if inbuf is None:
	348	return -errno.EINVAL, '',\
	349	'Please specify the certificate file with "-i" option'
	350	if mgr_id is not None:
	351	self.set_store('{}/crt'.format(mgr_id), inbuf)
	352	else:
	353	self.set_store('crt', inbuf)
	354	return 0, 'SSL certificate updated', ''
	355
	356	@CLIWriteCommand("dashboard set-ssl-certificate-key",
	357	"name=mgr_id,type=CephString,req=false")
	358	def set_ssl_certificate_key(self, mgr_id=None, inbuf=None):
	359	if inbuf is None:
	360	return -errno.EINVAL, '',\
	361	'Please specify the certificate key file with "-i" option'
	362	if mgr_id is not None:
	363	self.set_store('{}/key'.format(mgr_id), inbuf)
	364	else:
	365	self.set_store('key', inbuf)
	366	return 0, 'SSL certificate key updated', ''
	367
11fdf7f2 TL	368	def handle_command(self, inbuf, cmd):
	369	# pylint: disable=too-many-return-statements
	370	res = handle_option_command(cmd)
	371	if res[0] != -errno.ENOSYS:
	372	return res
	373	res = handle_sso_command(cmd)
	374	if res[0] != -errno.ENOSYS:
	375	return res
	376	if cmd['prefix'] == 'dashboard set-jwt-token-ttl':
	377	self.set_module_option('jwt_token_ttl', str(cmd['seconds']))
	378	return 0, 'JWT token TTL updated', ''
	379	if cmd['prefix'] == 'dashboard get-jwt-token-ttl':
	380	ttl = self.get_module_option('jwt_token_ttl', JwtManager.JWT_TOKEN_TTL)
	381	return 0, str(ttl), ''
	382	if cmd['prefix'] == 'dashboard create-self-signed-cert':
	383	self.create_self_signed_cert()
	384	return 0, 'Self-signed certificate created', ''
81eedcae TL	385	if cmd['prefix'] == 'dashboard grafana dashboards update':
	386	push_local_dashboards()
	387	return 0, 'Grafana dashboards updated', ''
11fdf7f2 TL	388
	389	return (-errno.EINVAL, '', 'Command not found \'{0}\''
	390	.format(cmd['prefix']))
	391
	392	def create_self_signed_cert(self):
	393	# create a key pair
	394	pkey = crypto.PKey()
	395	pkey.generate_key(crypto.TYPE_RSA, 2048)
	396
	397	# create a self-signed cert
	398	cert = crypto.X509()
	399	cert.get_subject().O = "IT"
	400	cert.get_subject().CN = "ceph-dashboard"
	401	cert.set_serial_number(int(uuid4()))
	402	cert.gmtime_adj_notBefore(0)
	403	cert.gmtime_adj_notAfter(10365246060)
	404	cert.set_issuer(cert.get_subject())
	405	cert.set_pubkey(pkey)
	406	cert.sign(pkey, 'sha512')
	407
	408	cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
	409	self.set_store('crt', cert.decode('utf-8'))
	410
	411	pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
	412	self.set_store('key', pkey.decode('utf-8'))
	413
	414	def notify(self, notify_type, notify_id):
	415	NotificationQueue.new_notification(notify_type, notify_id)
	416
	417	def get_updated_pool_stats(self):
	418	df = self.get('df')
	419	pool_stats = {p['id']: p['stats'] for p in df['pools']}
	420	now = time.time()
	421	for pool_id, stats in pool_stats.items():
	422	for stat_name, stat_val in stats.items():
	423	self.__pool_stats[pool_id][stat_name].append((now, stat_val))
c07f9fc5	424
11fdf7f2	425	return self.__pool_stats
c07f9fc5	426
c07f9fc5	427
11fdf7f2 TL	428	class StandbyModule(MgrStandbyModule, CherryPyConfig):
	429	def __init__(self, args, *kwargs):
	430	super(StandbyModule, self).__init__(args, *kwargs)
	431	CherryPyConfig.__init__(self)
	432	self.shutdown_event = threading.Event()
c07f9fc5	433
11fdf7f2 TL	434	# We can set the global mgr instance to ourselves even though
	435	# we're just a standby, because it's enough for logging.
	436	mgr.init(self)
c07f9fc5	437
11fdf7f2 TL	438	def serve(self):
	439	uri = self.await_configuration()
	440	if uri is None:
	441	# We were shut down while waiting
	442	return
c07f9fc5	443
11fdf7f2	444	module = self
c07f9fc5	445
11fdf7f2	446	class Root(object):
c07f9fc5	447	@cherrypy.expose
92f5a8d4	448	def default(self, args, *kwargs):
eafe8130 TL	449	if module.get_module_option('standby_behaviour', 'redirect') == 'redirect':
	450	active_uri = module.get_active_uri()
	451	if active_uri:
	452	module.log.info("Redirecting to active '%s'", active_uri)
	453	raise cherrypy.HTTPRedirect(active_uri)
	454	else:
	455	template = """
	456	<html>
	457	<!-- Note: this is only displayed when the standby
	458	does not know an active URI to redirect to, otherwise
	459	a simple redirect is returned instead -->
	460	<head>
	461	<title>Ceph</title>
	462	<meta http-equiv="refresh" content="{delay}">
	463	</head>
	464	<body>
	465	No active ceph-mgr instance is currently running
	466	the dashboard. A failover may be in progress.
	467	Retrying in {delay} seconds...
	468	</body>
	469	</html>
	470	"""
	471	return template.format(delay=5)
11fdf7f2	472	else:
eafe8130 TL	473	status = module.get_module_option('standby_error_status_code', 500)
eafe8130 TL	474	raise cherrypy.HTTPError(status, message="Keep on looking")
11fdf7f2 TL	475
	476	cherrypy.tree.mount(Root(), "{}/".format(self.url_prefix), {})
	477	self.log.info("Starting engine...")
31f18b77	478	cherrypy.engine.start()
11fdf7f2 TL	479	self.log.info("Engine started...")
	480	# Wait for shutdown event
	481	self.shutdown_event.wait()
	482	self.shutdown_event.clear()
	483	cherrypy.engine.stop()
	484	self.log.info("Engine stopped.")
	485
	486	def shutdown(self):
	487	CherryPyConfig.shutdown(self)
	488
	489	self.log.info("Stopping engine...")
	490	self.shutdown_event.set()
	491	self.log.info("Stopped engine...")