Skip to content
This repository has been archived by the owner on Feb 25, 2023. It is now read-only.

SSL Support #759

Closed
wants to merge 9 commits into from
Closed

SSL Support #759

wants to merge 9 commits into from

Conversation

jhesketh
Copy link
Contributor

This won't work due to the large patchset that just merged. I'll rebase this shortly but looking for first feedback.

@github-actions github-actions bot added gravel Related to the Aquarium Backend needs-rebase labels Dec 14, 2021
@github-actions
Copy link

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

@tserong tserong mentioned this pull request Dec 22, 2021
Closed
@jhesketh
https: Initial reorg of uvicorn
c40893b 
Take control of uvicorn directly from our own (possibly daemon) class.
This allows us to restart the uvicorn service as needed to enable us
to change to https etc.

Note: This change breaks unit tests to be fixed in later commit.

Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
@jhesketh
https: refactor gstate_init into Aquarium class
fbb2751 
Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
@jhesketh
kv: Attempt to notify watchers when disconnected
cfbf9d9 
Use the local cache to notify anything locally if possible.
This allows us to use a watch early in the process.

Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
(cherry picked from commit a138cd6)
@jhesketh
uvicorn: add support for restarting uvicorn
9e1f579 
Also add gstate property to request uvicorn restart.

Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
(cherry picked from commit fbe895e)
@jhesketh
ssl: Add initial support for supplying ssl certs
9b1798e 
Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
(cherry picked from commit 4eda45d)
@jhesketh
aqr: Fix shutdown procedure
a1452b1 
cephadm appears to leave open a thread lock, use os._exit to
quit when we're ready.

Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
@jhesketh
Copy link
Contributor Author

This has been reworked with the latest large refactor(s).

You can set an SSL cert by POST'ing to /api/local/ssl a json blob such as

{
  "use_ssl": true,
  "key_contents": "XYZ",
  "cert_contents": "ABC"
}

Obviously future improvements will be to auto-generate self-signed or allow lets-encrypt etc.

@jhesketh
aqr: fix mypy warnings
3319080 
Uvicorn is very close to implementing typing at which point we can
upgrade and remove the ignore.
encode/uvicorn#998

Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
votdev
votdev suggested changes Jan 18, 2022
View reviewed changes
src/gravel/api/local.py Outdated Show resolved Hide resolved
src/gravel/controllers/config.py Outdated Show resolved Hide resolved
@votdev
Copy link
Member

votdev commented Jan 18, 2022

Found a bug when the node is not deployed and shutdown is forced.

node1:/srv/aquarium # ./tools/run_aquarium.sh --debug
INFO:     2022-01-18 07:32:25 -- aquarium -- Aquarium startup!
DEBUG:    2022-01-18 07:32:25 -- config -- Aquarium config dir: /etc/aquarium
DEBUG:    2022-01-18 07:32:25 -- selector_events -- Using selector: EpollSelector
DEBUG:    2022-01-18 07:32:25 -- aquarium -- Starting main Aquarium task.
DEBUG:    2022-01-18 07:32:25 -- mgr -- Starting main task.
DEBUG:    2022-01-18 07:32:25 -- mgr -- Checking deployment state
DEBUG:    2022-01-18 07:32:25 -- utils -- run ['lvm', 'lvs', '--noheadings', '-o', 'vg_name,lv_name', '@aquarium']: retcode = 0
INFO:     2022-01-18 07:32:25 -- mgr -- System Disk not found, assuming fresh node.
DEBUG:    2022-01-18 07:32:25 -- kv -- Starting cluster connection thread
DEBUG:    2022-01-18 07:32:25 -- aquarium -- Starting uvicorn
DEBUG:    2022-01-18 07:32:25 -- aquarium -- Waiting for node to be installed.
INFO:     2022-01-18 07:32:25 -- kv -- Can't get cluster handle: '[errno 2] RADOS object not found (error calling conf_read_file)' - will keep retrying
DEBUG:    2022-01-18 07:32:25 -- kv -- Cluster connection thread sleeping for 10 seconds
INFO:     Started server process [3692]
INFO:     2022-01-18 07:32:25 -- server -- Started server process [3692]
INFO:     Waiting for application startup.
INFO:     2022-01-18 07:32:25 -- on -- Waiting for application startup.
INFO:     Application startup complete.
INFO:     2022-01-18 07:32:25 -- on -- Application startup complete.
INFO:     Uvicorn running on http://0.0.0.0:80 (Press CTRL+C to quit)
INFO:     2022-01-18 07:32:25 -- server -- Uvicorn running on http://0.0.0.0:80 (Press CTRL+C to quit)
^CDEBUG:    2022-01-18 07:32:26 -- mgr -- Checking deployment state
DEBUG:    2022-01-18 07:32:26 -- aquarium -- Stopping uvicorn
INFO:     Shutting down
INFO:     2022-01-18 07:32:26 -- server -- Shutting down
INFO:     Waiting for application shutdown.
INFO:     2022-01-18 07:32:26 -- on -- Waiting for application shutdown.
INFO:     Application shutdown complete.
INFO:     2022-01-18 07:32:26 -- on -- Application shutdown complete.
INFO:     Finished server process [3692]
INFO:     2022-01-18 07:32:26 -- server -- Finished server process [3692]
INFO:     2022-01-18 07:32:26 -- aquarium -- Aquarium shutdown!
INFO:     2022-01-18 07:32:26 -- aquarium -- shutting down gstate
INFO:     2022-01-18 07:32:26 -- gstate -- shutdown!
DEBUG:    2022-01-18 07:32:26 -- kv -- Shutting down cluster connection
DEBUG:    2022-01-18 07:32:26 -- kv -- Cluster connection is shut down
Traceback (most recent call last):
  File "./aquarium.py", line 344, in <module>
    main()
  File "./aquarium.py", line 339, in main
    asyncio.run(aqr.run())
  File "/usr/lib64/python3.8/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
  File "/usr/lib64/python3.8/asyncio/base_events.py", line 616, in run_until_complete
    return future.result()
  File "./aquarium.py", line 180, in run
    await self.shutdown()
  File "./aquarium.py", line 285, in shutdown
    await self.gstate.shutdown()
  File "/srv/aquarium/src/gravel/controllers/gstate.py", line 201, in shutdown
    await self.tick_task
AttributeError: 'GlobalState' object has no attribute 'tick_task'

Can be fixed by:

--- a/src/gravel/controllers/gstate.py	(revision 3319080e55ea440a316c753aeac90408ab939522)
+++ b/src/gravel/controllers/gstate.py	(date 1642491153943)
@@ -198,7 +198,8 @@
         self._is_shutting_down = True
         await self._kvstore.close()
         logger.info("shutdown!")
-        await self.tick_task
+        if hasattr(self, 'tick_task'):
+            await self.tick_task
 
     async def tick(self) -> None:
         while not self._is_shutting_down:

@jhesketh
ssl: Fix shutting down gstate
16ff173 
If we shut down gstate before the node is bootstrapped there may be
nothing ready to tick; so check this first.

Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
@jhesketh
ssl: Capitalise HTTPS
f454bdb 
Signed-off-by: Joshua Hesketh <jhesketh@suse.com>
@jhesketh
Copy link
Contributor Author

@votdev good catches, thanks for that 👍

@jecluis jecluis closed this Feb 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@votdev votdev votdev requested changes

@jecluis jecluis Awaiting requested review from jecluis

Assignees
No one assigned
Labels
gravel Related to the Aquarium Backend
Projects
aquarium
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jhesketh @votdev @jecluis