]> git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/librgw.cc
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import 14.2.4 nautilus point release
[ceph.git] / ceph / src / rgw / librgw.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
3
4 /*
5 * Ceph - scalable distributed file system
6 *
7 * Copyright (C) 2011 New Dream Network
8 *
9 * This is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License version 2.1, as published by the Free Software
12 * Foundation. See file COPYING.
13 *
14 */
15
16 #include "include/compat.h"
17 #include <sys/types.h>
18 #include <string.h>
19 #include <chrono>
20
21 #include "include/types.h"
22 #include "include/rados/librgw.h"
23 #include "rgw/rgw_acl_s3.h"
24 #include "rgw_acl.h"
25
26 #include "include/str_list.h"
27 #include "include/stringify.h"
28 #include "global/global_init.h"
29 #include "global/signal_handler.h"
30 #include "common/config.h"
31 #include "common/errno.h"
32 #include "common/Timer.h"
33 #include "common/Throttle.h"
34 #include "common/WorkQueue.h"
35 #include "common/ceph_argparse.h"
36 #include "common/ceph_context.h"
37 #include "common/common_init.h"
38 #include "common/dout.h"
39
40 #include "rgw_rados.h"
41 #include "rgw_resolve.h"
42 #include "rgw_op.h"
43 #include "rgw_rest.h"
44 #include "rgw_frontend.h"
45 #include "rgw_request.h"
46 #include "rgw_process.h"
47 #include "rgw_rest_user.h"
48 #include "rgw_rest_s3.h"
49 #include "rgw_os_lib.h"
50 #include "rgw_auth.h"
51 #include "rgw_auth_s3.h"
52 #include "rgw_lib.h"
53 #include "rgw_lib_frontend.h"
54 #include "rgw_http_client.h"
55 #include "rgw_http_client_curl.h"
56 #include "rgw_perf_counters.h"
57
58 #include <errno.h>
59 #include <thread>
60 #include <string>
61 #include <mutex>
62
63
64 #define dout_subsys ceph_subsys_rgw
65
66 bool global_stop = false;
67
68 static void handle_sigterm(int signum)
69 {
70 dout(20) << __func__ << " SIGUSR1 ignored" << dendl;
71 }
72
73 namespace rgw {
74
75 using std::string;
76
77 static std::mutex librgw_mtx;
78
79 RGWLib rgwlib;
80
81 class C_InitTimeout : public Context {
82 public:
83 C_InitTimeout() {}
84 void finish(int r) override {
85 derr << "Initialization timeout, failed to initialize" << dendl;
86 exit(1);
87 }
88 };
89
90 void RGWLibProcess::checkpoint()
91 {
92 m_tp.drain(&req_wq);
93 }
94
95 #define MIN_EXPIRE_S 120
96
97 void RGWLibProcess::run()
98 {
99 /* write completion interval */
100 RGWLibFS::write_completion_interval_s =
101 cct->_conf->rgw_nfs_write_completion_interval_s;
102
103 /* start write timer */
104 RGWLibFS::write_timer.resume();
105
106 /* gc loop */
107 while (! shutdown) {
108 lsubdout(cct, rgw, 5) << "RGWLibProcess GC" << dendl;
109
110 /* dirent invalidate timeout--basically, the upper-bound on
111 * inconsistency with the S3 namespace */
112 auto expire_s = cct->_conf->rgw_nfs_namespace_expire_secs;
113
114 /* delay between gc cycles */
115 auto delay_s = std::max(int64_t(1), std::min(int64_t(MIN_EXPIRE_S), expire_s/2));
116
117 unique_lock uniq(mtx);
118 restart:
119 int cur_gen = gen;
120 for (auto iter = mounted_fs.begin(); iter != mounted_fs.end();
121 ++iter) {
122 RGWLibFS* fs = iter->first->ref();
123 uniq.unlock();
124 fs->gc();
125 fs->update_user();
126 fs->rele();
127 uniq.lock();
128 if (cur_gen != gen)
129 goto restart; /* invalidated */
130 }
131 uniq.unlock();
132 std::this_thread::sleep_for(std::chrono::seconds(delay_s));
133 }
134 }
135
136 void RGWLibProcess::handle_request(RGWRequest* r)
137 {
138 /*
139 * invariant: valid requests are derived from RGWLibRequst
140 */
141 RGWLibRequest* req = static_cast<RGWLibRequest*>(r);
142
143 // XXX move RGWLibIO and timing setup into process_request
144
145 #if 0 /* XXX */
146 utime_t tm = ceph_clock_now();
147 #endif
148
149 RGWLibIO io_ctx;
150
151 int ret = process_request(req, &io_ctx);
152 if (ret < 0) {
153 /* we don't really care about return code */
154 dout(20) << "process_request() returned " << ret << dendl;
155
156 }
157 delete req;
158 } /* handle_request */
159
160 int RGWLibProcess::process_request(RGWLibRequest* req)
161 {
162 // XXX move RGWLibIO and timing setup into process_request
163
164 #if 0 /* XXX */
165 utime_t tm = ceph_clock_now();
166 #endif
167
168 RGWLibIO io_ctx;
169
170 int ret = process_request(req, &io_ctx);
171 if (ret < 0) {
172 /* we don't really care about return code */
173 dout(20) << "process_request() returned " << ret << dendl;
174 }
175 return ret;
176 } /* process_request */
177
178 static inline void abort_req(struct req_state *s, RGWOp *op, int err_no)
179 {
180 if (!s)
181 return;
182
183 /* XXX the dump_errno and dump_bucket_from_state behaviors in
184 * the abort_early (rgw_rest.cc) might be valuable, but aren't
185 * safe to call presently as they return HTTP data */
186
187 perfcounter->inc(l_rgw_failed_req);
188 } /* abort_req */
189
190 int RGWLibProcess::process_request(RGWLibRequest* req, RGWLibIO* io)
191 {
192 int ret = 0;
193 bool should_log = true; // XXX
194
195 dout(1) << "====== " << __func__
196 << " starting new request req=" << hex << req << dec
197 << " ======" << dendl;
198
199 /*
200 * invariant: valid requests are derived from RGWOp--well-formed
201 * requests should have assigned RGWRequest::op in their descendant
202 * constructor--if not, the compiler can find it, at the cost of
203 * a runtime check
204 */
205 RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
206 if (! op) {
207 dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
208 return -EINVAL;
209 }
210
211 io->init(req->cct);
212
213 perfcounter->inc(l_rgw_req);
214
215 RGWEnv& rgw_env = io->get_env();
216
217 /* XXX
218 * until major refactoring of req_state and req_info, we need
219 * to build their RGWEnv boilerplate from the RGWLibRequest,
220 * pre-staging any strings (HTTP_HOST) that provoke a crash when
221 * not found
222 */
223
224 /* XXX for now, use ""; could be a legit hostname, or, in future,
225 * perhaps a tenant (Yehuda) */
226 rgw_env.set("HTTP_HOST", "");
227
228 /* XXX and -then- bloat up req_state with string copies from it */
229 struct req_state rstate(req->cct, &rgw_env, req->get_user(), req->id);
230 struct req_state *s = &rstate;
231
232 // XXX fix this
233 s->cio = io;
234
235 RGWObjectCtx rados_ctx(store, s); // XXX holds std::map
236
237 auto sysobj_ctx = store->svc.sysobj->init_obj_ctx();
238 s->sysobj_ctx = &sysobj_ctx;
239
240 /* XXX and -then- stash req_state pointers everywhere they are needed */
241 ret = req->init(rgw_env, &rados_ctx, io, s);
242 if (ret < 0) {
243 dout(10) << "failed to initialize request" << dendl;
244 abort_req(s, op, ret);
245 goto done;
246 }
247
248 /* req is-a RGWOp, currently initialized separately */
249 ret = req->op_init();
250 if (ret < 0) {
251 dout(10) << "failed to initialize RGWOp" << dendl;
252 abort_req(s, op, ret);
253 goto done;
254 }
255
256 /* now expected by rgw_log_op() */
257 rgw_env.set("REQUEST_METHOD", s->info.method);
258 rgw_env.set("REQUEST_URI", s->info.request_uri);
259 rgw_env.set("QUERY_STRING", "");
260
261 try {
262 /* XXX authorize does less here then in the REST path, e.g.,
263 * the user's info is cached, but still incomplete */
264 ldpp_dout(s, 2) << "authorizing" << dendl;
265 ret = req->authorize(op);
266 if (ret < 0) {
267 dout(10) << "failed to authorize request" << dendl;
268 abort_req(s, op, ret);
269 goto done;
270 }
271
272 /* FIXME: remove this after switching all handlers to the new
273 * authentication infrastructure. */
274 if (! s->auth.identity) {
275 s->auth.identity = rgw::auth::transform_old_authinfo(s);
276 }
277
278 ldpp_dout(s, 2) << "reading op permissions" << dendl;
279 ret = req->read_permissions(op);
280 if (ret < 0) {
281 abort_req(s, op, ret);
282 goto done;
283 }
284
285 ldpp_dout(s, 2) << "init op" << dendl;
286 ret = op->init_processing();
287 if (ret < 0) {
288 abort_req(s, op, ret);
289 goto done;
290 }
291
292 ldpp_dout(s, 2) << "verifying op mask" << dendl;
293 ret = op->verify_op_mask();
294 if (ret < 0) {
295 abort_req(s, op, ret);
296 goto done;
297 }
298
299 ldpp_dout(s, 2) << "verifying op permissions" << dendl;
300 ret = op->verify_permission();
301 if (ret < 0) {
302 if (s->system_request) {
303 dout(2) << "overriding permissions due to system operation" << dendl;
304 } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
305 dout(2) << "overriding permissions due to admin operation" << dendl;
306 } else {
307 abort_req(s, op, ret);
308 goto done;
309 }
310 }
311
312 ldpp_dout(s, 2) << "verifying op params" << dendl;
313 ret = op->verify_params();
314 if (ret < 0) {
315 abort_req(s, op, ret);
316 goto done;
317 }
318
319 ldpp_dout(s, 2) << "executing" << dendl;
320 op->pre_exec();
321 op->execute();
322 op->complete();
323
324 } catch (const ceph::crypto::DigestException& e) {
325 dout(0) << "authentication failed" << e.what() << dendl;
326 abort_req(s, op, -ERR_INVALID_SECRET_KEY);
327 }
328
329 done:
330 try {
331 io->complete_request();
332 } catch (rgw::io::Exception& e) {
333 dout(0) << "ERROR: io->complete_request() returned "
334 << e.what() << dendl;
335 }
336 if (should_log) {
337 rgw_log_op(store, nullptr /* !rest */, s,
338 (op ? op->name() : "unknown"), olog);
339 }
340
341 int http_ret = s->err.http_ret;
342
343 ldpp_dout(s, 2) << "http status=" << http_ret << dendl;
344
345 dout(1) << "====== " << __func__
346 << " req done req=" << hex << req << dec << " http_status="
347 << http_ret
348 << " ======" << dendl;
349
350 return (ret < 0 ? ret : s->err.ret);
351 } /* process_request */
352
353 int RGWLibProcess::start_request(RGWLibContinuedReq* req)
354 {
355
356 dout(1) << "====== " << __func__
357 << " starting new continued request req=" << hex << req << dec
358 << " ======" << dendl;
359
360 /*
361 * invariant: valid requests are derived from RGWOp--well-formed
362 * requests should have assigned RGWRequest::op in their descendant
363 * constructor--if not, the compiler can find it, at the cost of
364 * a runtime check
365 */
366 RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
367 if (! op) {
368 dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
369 return -EINVAL;
370 }
371
372 struct req_state* s = req->get_state();
373
374 /* req is-a RGWOp, currently initialized separately */
375 int ret = req->op_init();
376 if (ret < 0) {
377 dout(10) << "failed to initialize RGWOp" << dendl;
378 abort_req(s, op, ret);
379 goto done;
380 }
381
382 /* XXX authorize does less here then in the REST path, e.g.,
383 * the user's info is cached, but still incomplete */
384 ldpp_dout(s, 2) << "authorizing" << dendl;
385 ret = req->authorize(op);
386 if (ret < 0) {
387 dout(10) << "failed to authorize request" << dendl;
388 abort_req(s, op, ret);
389 goto done;
390 }
391
392 /* FIXME: remove this after switching all handlers to the new authentication
393 * infrastructure. */
394 if (! s->auth.identity) {
395 s->auth.identity = rgw::auth::transform_old_authinfo(s);
396 }
397
398 ldpp_dout(s, 2) << "reading op permissions" << dendl;
399 ret = req->read_permissions(op);
400 if (ret < 0) {
401 abort_req(s, op, ret);
402 goto done;
403 }
404
405 ldpp_dout(s, 2) << "init op" << dendl;
406 ret = op->init_processing();
407 if (ret < 0) {
408 abort_req(s, op, ret);
409 goto done;
410 }
411
412 ldpp_dout(s, 2) << "verifying op mask" << dendl;
413 ret = op->verify_op_mask();
414 if (ret < 0) {
415 abort_req(s, op, ret);
416 goto done;
417 }
418
419 ldpp_dout(s, 2) << "verifying op permissions" << dendl;
420 ret = op->verify_permission();
421 if (ret < 0) {
422 if (s->system_request) {
423 dout(2) << "overriding permissions due to system operation" << dendl;
424 } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
425 dout(2) << "overriding permissions due to admin operation" << dendl;
426 } else {
427 abort_req(s, op, ret);
428 goto done;
429 }
430 }
431
432 ldpp_dout(s, 2) << "verifying op params" << dendl;
433 ret = op->verify_params();
434 if (ret < 0) {
435 abort_req(s, op, ret);
436 goto done;
437 }
438
439 op->pre_exec();
440 req->exec_start();
441
442 done:
443 return (ret < 0 ? ret : s->err.ret);
444 }
445
446 int RGWLibProcess::finish_request(RGWLibContinuedReq* req)
447 {
448 RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
449 if (! op) {
450 dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
451 return -EINVAL;
452 }
453
454 int ret = req->exec_finish();
455 int op_ret = op->get_ret();
456
457 dout(1) << "====== " << __func__
458 << " finishing continued request req=" << hex << req << dec
459 << " op status=" << op_ret
460 << " ======" << dendl;
461
462 return ret;
463 }
464
465 int RGWLibFrontend::init()
466 {
467 pprocess = new RGWLibProcess(g_ceph_context, &env,
468 g_conf()->rgw_thread_pool_size, conf);
469 return 0;
470 }
471
472 int RGWLib::init()
473 {
474 vector<const char*> args;
475 return init(args);
476 }
477
478 int RGWLib::init(vector<const char*>& args)
479 {
480 int r = 0;
481
482 /* alternative default for module */
483 map<string,string> defaults = {
484 { "debug_rgw", "1/5" },
485 { "keyring", "$rgw_data/keyring" },
486 { "log_file", "/var/log/radosgw/$cluster-$name.log" }
487 };
488
489 cct = global_init(&defaults, args,
490 CEPH_ENTITY_TYPE_CLIENT,
491 CODE_ENVIRONMENT_DAEMON,
492 CINIT_FLAG_UNPRIVILEGED_DAEMON_DEFAULTS);
493
494 Mutex mutex("main");
495 SafeTimer init_timer(g_ceph_context, mutex);
496 init_timer.init();
497 mutex.Lock();
498 init_timer.add_event_after(g_conf()->rgw_init_timeout, new C_InitTimeout);
499 mutex.Unlock();
500
501 common_init_finish(g_ceph_context);
502
503 rgw_tools_init(g_ceph_context);
504
505 rgw_init_resolver();
506 rgw::curl::setup_curl(boost::none);
507 rgw_http_client_init(g_ceph_context);
508
509 store = RGWStoreManager::get_storage(g_ceph_context,
510 g_conf()->rgw_enable_gc_threads,
511 g_conf()->rgw_enable_lc_threads,
512 g_conf()->rgw_enable_quota_threads,
513 g_conf()->rgw_run_sync_thread,
514 g_conf().get_val<bool>("rgw_dynamic_resharding"));
515
516 if (!store) {
517 mutex.Lock();
518 init_timer.cancel_all_events();
519 init_timer.shutdown();
520 mutex.Unlock();
521
522 derr << "Couldn't init storage provider (RADOS)" << dendl;
523 return -EIO;
524 }
525
526 r = rgw_perf_start(g_ceph_context);
527
528 rgw_rest_init(g_ceph_context, store, store->svc.zone->get_zonegroup());
529
530 mutex.Lock();
531 init_timer.cancel_all_events();
532 init_timer.shutdown();
533 mutex.Unlock();
534
535 if (r)
536 return -EIO;
537
538 const string& ldap_uri = store->ctx()->_conf->rgw_ldap_uri;
539 const string& ldap_binddn = store->ctx()->_conf->rgw_ldap_binddn;
540 const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
541 const string& ldap_searchfilter = store->ctx()->_conf->rgw_ldap_searchfilter;
542 const string& ldap_dnattr =
543 store->ctx()->_conf->rgw_ldap_dnattr;
544 std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
545
546 ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
547 ldap_searchdn, ldap_searchfilter, ldap_dnattr);
548 ldh->init();
549 ldh->bind();
550
551 rgw_user_init(store);
552 rgw_bucket_init(store->meta_mgr);
553 rgw_log_usage_init(g_ceph_context, store);
554
555 // XXX ex-RGWRESTMgr_lib, mgr->set_logging(true)
556
557 if (!g_conf()->rgw_ops_log_socket_path.empty()) {
558 olog = new OpsLogSocket(g_ceph_context, g_conf()->rgw_ops_log_data_backlog);
559 olog->init(g_conf()->rgw_ops_log_socket_path);
560 }
561
562 int port = 80;
563 RGWProcessEnv env = { store, &rest, olog, port };
564
565 string fe_count{"0"};
566 fec = new RGWFrontendConfig("rgwlib");
567 fe = new RGWLibFrontend(env, fec);
568
569 init_async_signal_handler();
570 register_async_signal_handler(SIGUSR1, handle_sigterm);
571
572 map<string, string> service_map_meta;
573 service_map_meta["pid"] = stringify(getpid());
574 service_map_meta["frontend_type#" + fe_count] = "rgw-nfs";
575 service_map_meta["frontend_config#" + fe_count] = fec->get_config();
576
577 fe->init();
578 if (r < 0) {
579 derr << "ERROR: failed initializing frontend" << dendl;
580 return r;
581 }
582
583 fe->run();
584
585 r = store->register_to_service_map("rgw-nfs", service_map_meta);
586 if (r < 0) {
587 derr << "ERROR: failed to register to service map: " << cpp_strerror(-r) << dendl;
588 /* ignore error */
589 }
590
591 return 0;
592 } /* RGWLib::init() */
593
594 int RGWLib::stop()
595 {
596 derr << "shutting down" << dendl;
597
598 fe->stop();
599
600 fe->join();
601
602 delete fe;
603 delete fec;
604 delete ldh;
605
606 unregister_async_signal_handler(SIGUSR1, handle_sigterm);
607 shutdown_async_signal_handler();
608
609 rgw_log_usage_finalize();
610
611 delete olog;
612
613 RGWStoreManager::close_storage(store);
614
615 rgw_tools_cleanup();
616 rgw_shutdown_resolver();
617 rgw_http_client_cleanup();
618 rgw::curl::cleanup_curl();
619
620 rgw_perf_stop(g_ceph_context);
621
622 dout(1) << "final shutdown" << dendl;
623 cct.reset();
624
625 return 0;
626 } /* RGWLib::stop() */
627
628 int RGWLibIO::set_uid(RGWRados *store, const rgw_user& uid)
629 {
630 int ret = rgw_get_user_info_by_uid(store, uid, user_info, NULL);
631 if (ret < 0) {
632 derr << "ERROR: failed reading user info: uid=" << uid << " ret="
633 << ret << dendl;
634 }
635 return ret;
636 }
637
638 int RGWLibRequest::read_permissions(RGWOp* op) {
639 /* bucket and object ops */
640 int ret =
641 rgw_build_bucket_policies(rgwlib.get_store(), get_state());
642 if (ret < 0) {
643 ldout(get_state()->cct, 10) << "read_permissions (bucket policy) on "
644 << get_state()->bucket << ":"
645 << get_state()->object
646 << " only_bucket=" << only_bucket()
647 << " ret=" << ret << dendl;
648 if (ret == -ENODATA)
649 ret = -EACCES;
650 } else if (! only_bucket()) {
651 /* object ops */
652 ret = rgw_build_object_policies(rgwlib.get_store(), get_state(),
653 op->prefetch_data());
654 if (ret < 0) {
655 ldout(get_state()->cct, 10) << "read_permissions (object policy) on"
656 << get_state()->bucket << ":"
657 << get_state()->object
658 << " ret=" << ret << dendl;
659 if (ret == -ENODATA)
660 ret = -EACCES;
661 }
662 }
663 return ret;
664 } /* RGWLibRequest::read_permissions */
665
666 int RGWHandler_Lib::authorize(const DoutPrefixProvider *dpp)
667 {
668 /* TODO: handle
669 * 1. subusers
670 * 2. anonymous access
671 * 3. system access
672 * 4. ?
673 *
674 * Much or all of this depends on handling the cached authorization
675 * correctly (e.g., dealing with keystone) at mount time.
676 */
677 s->perm_mask = RGW_PERM_FULL_CONTROL;
678
679 // populate the owner info
680 s->owner.set_id(s->user->user_id);
681 s->owner.set_name(s->user->display_name);
682
683 return 0;
684 } /* RGWHandler_Lib::authorize */
685
686 } /* namespace rgw */
687
688 extern "C" {
689
690 int librgw_create(librgw_t* rgw, int argc, char **argv)
691 {
692 using namespace rgw;
693
694 int rc = -EINVAL;
695
696 if (! g_ceph_context) {
697 std::lock_guard<std::mutex> lg(librgw_mtx);
698 if (! g_ceph_context) {
699 vector<const char*> args;
700 std::vector<std::string> spl_args;
701 // last non-0 argument will be split and consumed
702 if (argc > 1) {
703 const std::string spl_arg{argv[(--argc)]};
704 get_str_vec(spl_arg, " \t", spl_args);
705 }
706 argv_to_vec(argc, const_cast<const char**>(argv), args);
707 // append split args, if any
708 for (const auto& elt : spl_args) {
709 args.push_back(elt.c_str());
710 }
711 rc = rgwlib.init(args);
712 }
713 }
714
715 *rgw = g_ceph_context->get();
716
717 return rc;
718 }
719
720 void librgw_shutdown(librgw_t rgw)
721 {
722 using namespace rgw;
723
724 CephContext* cct = static_cast<CephContext*>(rgw);
725 rgwlib.stop();
726 cct->put();
727 }
728
729 } /* extern "C" */
Ceph