forked from projectcalico/calico
/
resource.go
368 lines (329 loc) · 10.2 KB
/
resource.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
package template
import (
"bytes"
"errors"
"fmt"
"os"
"os/exec"
"path"
"path/filepath"
"runtime"
"strconv"
"strings"
"text/template"
"github.com/BurntSushi/toml"
"github.com/kelseyhightower/memkv"
log "github.com/sirupsen/logrus"
"github.com/dtest11/calico/confd/pkg/backends"
)
type Config struct {
ConfDir string
ConfigDir string
KeepStageFile bool
Noop bool
Prefix string
StoreClient backends.StoreClient
SyncOnly bool
TemplateDir string
}
// TemplateResourceConfig holds the parsed template resource.
type TemplateResourceConfig struct {
TemplateResource TemplateResource `toml:"template"`
}
// TemplateResource is the representation of a parsed template resource.
type TemplateResource struct {
CheckCmd string `toml:"check_cmd"`
Dest string
FileMode os.FileMode
Gid int
Keys []string
Mode string
Prefix string
ReloadCmd string `toml:"reload_cmd"`
Src string
StageFile *os.File
Uid int
ExpandedKeys []string
funcMap map[string]interface{}
keepStageFile bool
noop bool
store memkv.Store
storeClient backends.StoreClient
syncOnly bool
shellCmd string
}
var ErrEmptySrc = errors.New("empty src template")
// NewTemplateResource creates a TemplateResource.
func NewTemplateResource(path string, config Config) (*TemplateResource, error) {
if config.StoreClient == nil {
return nil, errors.New("A valid StoreClient is required.")
}
// Set the default uid and gid so we can determine if it was
// unset from configuration.
tc := &TemplateResourceConfig{TemplateResource{Uid: -1, Gid: -1}}
log.Debug("Loading template resource from " + path)
_, err := toml.DecodeFile(path, &tc)
if err != nil {
return nil, fmt.Errorf("Cannot process template resource %s - %s", path, err.Error())
}
tr := &tc.TemplateResource
tr.keepStageFile = config.KeepStageFile
tr.noop = config.Noop
tr.storeClient = config.StoreClient
tr.funcMap = newFuncMap()
tr.store = memkv.New()
tr.syncOnly = config.SyncOnly
addFuncs(tr.funcMap, tr.store.FuncMap)
if runtime.GOOS == "windows" {
tr.shellCmd = "powershell"
} else {
tr.shellCmd = "/bin/sh"
}
if config.Prefix != "" {
tr.Prefix = config.Prefix
}
if !strings.HasPrefix(tr.Prefix, "/") {
tr.Prefix = "/" + tr.Prefix
}
// Replace "NODENAME" in the prefix by the actual node name.
tr.Prefix = strings.Replace(tr.Prefix, "//NODENAME", "/"+NodeName, 1)
if tr.Src == "" {
return nil, ErrEmptySrc
}
if tr.Uid == -1 {
tr.Uid = os.Geteuid()
}
if tr.Gid == -1 {
tr.Gid = os.Getegid()
}
// Calculate the set of keys including the prefix.
tr.ExpandedKeys = expandKeys(tr.Prefix, tr.Keys)
tr.Src = filepath.Join(config.TemplateDir, tr.Src)
return tr, nil
}
// setVars sets the Vars for template resource.
func (t *TemplateResource) setVars() error {
var err error
log.Debug("Retrieving keys from store")
log.Debug("Key prefix set to " + t.Prefix)
result, err := t.storeClient.GetValues(t.ExpandedKeys)
if err != nil {
return err
}
t.store.Purge()
for k, v := range result {
t.store.Set(path.Join("/", strings.TrimPrefix(k, t.Prefix)), v)
}
return nil
}
// createStageFile stages the src configuration file by processing the src
// template and setting the desired owner, group, and mode. It also sets the
// StageFile for the template resource.
// It returns an error if any.
func (t *TemplateResource) createStageFile() error {
log.Debug("Using source template " + t.Src)
if !isFileExist(t.Src) {
return errors.New("Missing template: " + t.Src)
}
log.Debug("Compiling source template " + t.Src)
tmpl, err := template.New(filepath.Base(t.Src)).Funcs(t.funcMap).ParseFiles(t.Src)
if err != nil {
return fmt.Errorf("Unable to process template %s, %s", t.Src, err)
}
// create TempFile in Dest directory to avoid cross-filesystem issues
temp, err := os.CreateTemp(filepath.Dir(t.Dest), "."+filepath.Base(t.Dest))
if err != nil {
return err
}
if err = tmpl.Execute(temp, nil); err != nil {
// The key error to return is the failure to execute.
// to preserve that error ignore the errors in close and clean
temp.Close() // nolint:errcheck
os.Remove(temp.Name()) // nolint:errcheck
return err
}
defer func() {
if e := temp.Close(); e != nil {
// Just log the error but don't carry it up the calling stack.
log.WithError(e).WithField("filename", temp.Name()).Error("error closing file")
}
}()
// Set the owner, group, and mode on the stage file now to make it easier to
// compare against the destination configuration file later.
if err := os.Chmod(temp.Name(), t.FileMode); err != nil {
log.WithError(err).WithField("filename", temp.Name()).Error("error changing mode")
return err
}
if runtime.GOOS != "windows" {
// Windows doesn't support chown, apparently:
// resource.go 178: error changing ownership error=chown .peerings.ps1761844858: not supported by windows filename=".peerings.ps1761844858"
if err := os.Chown(temp.Name(), t.Uid, t.Gid); err != nil {
log.WithError(err).WithField("filename", temp.Name()).Error("error changing ownership")
return err
}
}
t.StageFile = temp
return nil
}
// sync compares the staged and dest config files and attempts to sync them
// if they differ. sync will run a config check command if set before
// overwriting the target config file. Finally, sync will run a reload command
// if set to have the application or service pick up the changes.
// It returns an error if any.
func (t *TemplateResource) sync(key string) error {
staged := t.StageFile.Name()
if t.keepStageFile {
log.Info("Keeping staged file: " + staged)
} else {
defer func() {
if e := os.Remove(staged); e != nil {
if !os.IsNotExist(e) {
// Just log the error but don't carry it up the calling stack.
log.WithError(e).WithField("filename", staged).Error("error removing file")
} else {
log.Debugf("Ignore not exists err. %s", e.Error())
}
}
}()
}
log.Debug("Comparing candidate config to " + t.Dest)
ok, err := sameConfig(staged, t.Dest)
if err != nil {
log.Error(err.Error())
}
if t.noop {
log.Warning("Noop mode enabled. " + t.Dest + " will not be modified")
return nil
}
if !ok {
log.Debug("Target config " + t.Dest + " out of sync")
if !t.syncOnly && t.CheckCmd != "" {
if err := t.check(); err != nil {
if isFileExist(t.Dest) {
return errors.New("Config check failed: " + err.Error())
}
log.Info("Check failed, but file does not yet exist - create anyway")
}
}
log.Debug("Overwriting target config " + t.Dest)
err := os.Rename(staged, t.Dest)
if err != nil {
if strings.Contains(err.Error(), "device or resource busy") {
log.Debug("Rename failed - target is likely a mount. Trying to write instead")
// try to open the file and write to it
var contents []byte
var rerr error
contents, rerr = os.ReadFile(staged)
if rerr != nil {
return rerr
}
if err := os.WriteFile(t.Dest, contents, t.FileMode); err != nil {
log.WithError(err).WithField("filename", t.Dest).Error("failed to write to file")
return err
}
// make sure owner and group match the temp file, in case the file was created with WriteFile
if err := os.Chown(t.Dest, t.Uid, t.Gid); err != nil {
log.WithError(err).WithField("filename", t.Dest).Error("failed to change owner")
return err
}
} else {
return err
}
}
if !t.syncOnly && t.ReloadCmd != "" {
if err := t.reload(); err != nil {
return err
}
}
msg := "Target config " + t.Dest + " has been updated"
if key != "" {
msg += fmt.Sprintf(" due to change in key: %s", key)
}
log.Info(msg)
} else {
log.Debug("Target config " + t.Dest + " in sync")
}
return nil
}
// check executes the check command to validate the staged config file. The
// command is modified so that any references to src template are substituted
// with a string representing the full path of the staged file. This allows the
// check to be run on the staged file before overwriting the destination config
// file.
// It returns nil if the check command returns 0 and there are no other errors.
func (t *TemplateResource) check() error {
var cmdBuffer bytes.Buffer
data := make(map[string]string)
data["src"] = t.StageFile.Name()
tmpl, err := template.New("checkcmd").Parse(t.CheckCmd)
if err != nil {
return err
}
if err := tmpl.Execute(&cmdBuffer, data); err != nil {
return err
}
log.Debug("Running checkcmd: " + cmdBuffer.String())
c := exec.Command(t.shellCmd, "-c", cmdBuffer.String())
output, err := c.CombinedOutput()
if err != nil {
log.Errorf("Error from checkcmd %q: %q", cmdBuffer.String(), string(output))
return err
}
log.Debug(fmt.Sprintf("Output from checkcmd: %q", string(output)))
return nil
}
// reload executes the reload command.
// It returns nil if the reload command returns 0.
func (t *TemplateResource) reload() error {
log.Debug("Running reloadcmd: " + t.ReloadCmd)
c := exec.Command(t.shellCmd, "-c", t.ReloadCmd)
output, err := c.CombinedOutput()
if err != nil {
log.Error(fmt.Sprintf("Error from reloadcmd: %q", string(output)))
return err
}
log.Debug(fmt.Sprintf("Output from reloadcmd: %q", string(output)))
return nil
}
// process is a convenience function that wraps calls to the three main tasks
// required to keep local configuration files in sync. First we gather vars
// from the store, then we stage a candidate configuration file, and finally sync
// things up.
// It accepts an optional string representing the key that triggered this processing.
// It returns an error if any.
func (t *TemplateResource) process(key string) error {
if err := t.setFileMode(); err != nil {
return err
}
if err := t.setVars(); err != nil {
return err
}
if err := t.createStageFile(); err != nil {
return err
}
if err := t.sync(key); err != nil {
return err
}
return nil
}
// setFileMode sets the FileMode.
func (t *TemplateResource) setFileMode() error {
if t.Mode == "" {
if !isFileExist(t.Dest) {
t.FileMode = 0644
} else {
fi, err := os.Stat(t.Dest)
if err != nil {
return err
}
t.FileMode = fi.Mode()
}
} else {
mode, err := strconv.ParseUint(t.Mode, 0, 32)
if err != nil {
return err
}
t.FileMode = os.FileMode(mode)
}
return nil
}