You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

221 lines
6.3 KiB

5 years ago
7 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
4 years ago
  1. package command
  2. import (
  3. "context"
  4. "fmt"
  5. "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
  6. "net/http"
  7. "time"
  8. "github.com/chrislusf/seaweedfs/weed/pb"
  9. "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
  10. "github.com/chrislusf/seaweedfs/weed/security"
  11. "github.com/gorilla/mux"
  12. "github.com/chrislusf/seaweedfs/weed/glog"
  13. "github.com/chrislusf/seaweedfs/weed/s3api"
  14. stats_collect "github.com/chrislusf/seaweedfs/weed/stats"
  15. "github.com/chrislusf/seaweedfs/weed/util"
  16. )
  17. var (
  18. s3StandaloneOptions S3Options
  19. )
  20. type S3Options struct {
  21. filer *string
  22. bindIp *string
  23. port *int
  24. config *string
  25. domainName *string
  26. tlsPrivateKey *string
  27. tlsCertificate *string
  28. metricsHttpPort *int
  29. allowEmptyFolder *bool
  30. auditLogConfig *string
  31. }
  32. func init() {
  33. cmdS3.Run = runS3 // break init cycle
  34. s3StandaloneOptions.filer = cmdS3.Flag.String("filer", "localhost:8888", "filer server address")
  35. s3StandaloneOptions.bindIp = cmdS3.Flag.String("ip.bind", "", "ip address to bind to")
  36. s3StandaloneOptions.port = cmdS3.Flag.Int("port", 8333, "s3 server http listen port")
  37. s3StandaloneOptions.domainName = cmdS3.Flag.String("domainName", "", "suffix of the host name in comma separated list, {bucket}.{domainName}")
  38. s3StandaloneOptions.config = cmdS3.Flag.String("config", "", "path to the config file")
  39. s3StandaloneOptions.auditLogConfig = cmdS3.Flag.String("auditLogConfig", "", "path to the audit log config file")
  40. s3StandaloneOptions.tlsPrivateKey = cmdS3.Flag.String("key.file", "", "path to the TLS private key file")
  41. s3StandaloneOptions.tlsCertificate = cmdS3.Flag.String("cert.file", "", "path to the TLS certificate file")
  42. s3StandaloneOptions.metricsHttpPort = cmdS3.Flag.Int("metricsPort", 0, "Prometheus metrics listen port")
  43. s3StandaloneOptions.allowEmptyFolder = cmdS3.Flag.Bool("allowEmptyFolder", true, "allow empty folders")
  44. }
  45. var cmdS3 = &Command{
  46. UsageLine: "s3 [-port=8333] [-filer=<ip:port>] [-config=</path/to/config.json>]",
  47. Short: "start a s3 API compatible server that is backed by a filer",
  48. Long: `start a s3 API compatible server that is backed by a filer.
  49. By default, you can use any access key and secret key to access the S3 APIs.
  50. To enable credential based access, create a config.json file similar to this:
  51. {
  52. "identities": [
  53. {
  54. "name": "anonymous",
  55. "actions": [
  56. "Read"
  57. ]
  58. },
  59. {
  60. "name": "some_admin_user",
  61. "credentials": [
  62. {
  63. "accessKey": "some_access_key1",
  64. "secretKey": "some_secret_key1"
  65. }
  66. ],
  67. "actions": [
  68. "Admin",
  69. "Read",
  70. "List",
  71. "Tagging",
  72. "Write"
  73. ]
  74. },
  75. {
  76. "name": "some_read_only_user",
  77. "credentials": [
  78. {
  79. "accessKey": "some_access_key2",
  80. "secretKey": "some_secret_key2"
  81. }
  82. ],
  83. "actions": [
  84. "Read"
  85. ]
  86. },
  87. {
  88. "name": "some_normal_user",
  89. "credentials": [
  90. {
  91. "accessKey": "some_access_key3",
  92. "secretKey": "some_secret_key3"
  93. }
  94. ],
  95. "actions": [
  96. "Read",
  97. "List",
  98. "Tagging",
  99. "Write"
  100. ]
  101. },
  102. {
  103. "name": "user_limited_to_bucket1",
  104. "credentials": [
  105. {
  106. "accessKey": "some_access_key4",
  107. "secretKey": "some_secret_key4"
  108. }
  109. ],
  110. "actions": [
  111. "Read:bucket1",
  112. "List:bucket1",
  113. "Tagging:bucket1",
  114. "Write:bucket1"
  115. ]
  116. }
  117. ]
  118. }
  119. `,
  120. }
  121. func runS3(cmd *Command, args []string) bool {
  122. util.LoadConfiguration("security", false)
  123. go stats_collect.StartMetricsServer(*s3StandaloneOptions.metricsHttpPort)
  124. return s3StandaloneOptions.startS3Server()
  125. }
  126. func (s3opt *S3Options) startS3Server() bool {
  127. filerAddress := pb.ServerAddress(*s3opt.filer)
  128. filerBucketsPath := "/buckets"
  129. grpcDialOption := security.LoadClientTLS(util.GetViper(), "grpc.client")
  130. // metrics read from the filer
  131. var metricsAddress string
  132. var metricsIntervalSec int
  133. for {
  134. err := pb.WithGrpcFilerClient(false, filerAddress, grpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
  135. resp, err := client.GetFilerConfiguration(context.Background(), &filer_pb.GetFilerConfigurationRequest{})
  136. if err != nil {
  137. return fmt.Errorf("get filer %s configuration: %v", filerAddress, err)
  138. }
  139. filerBucketsPath = resp.DirBuckets
  140. metricsAddress, metricsIntervalSec = resp.MetricsAddress, int(resp.MetricsIntervalSec)
  141. glog.V(0).Infof("S3 read filer buckets dir: %s", filerBucketsPath)
  142. return nil
  143. })
  144. if err != nil {
  145. glog.V(0).Infof("wait to connect to filer %s grpc address %s", *s3opt.filer, filerAddress.ToGrpcAddress())
  146. time.Sleep(time.Second)
  147. } else {
  148. glog.V(0).Infof("connected to filer %s grpc address %s", *s3opt.filer, filerAddress.ToGrpcAddress())
  149. break
  150. }
  151. }
  152. go stats_collect.LoopPushingMetric("s3", stats_collect.SourceName(uint32(*s3opt.port)), metricsAddress, metricsIntervalSec)
  153. router := mux.NewRouter().SkipClean(true)
  154. _, s3ApiServer_err := s3api.NewS3ApiServer(router, &s3api.S3ApiServerOption{
  155. Filer: filerAddress,
  156. Port: *s3opt.port,
  157. Config: *s3opt.config,
  158. DomainName: *s3opt.domainName,
  159. BucketsPath: filerBucketsPath,
  160. GrpcDialOption: grpcDialOption,
  161. AllowEmptyFolder: *s3opt.allowEmptyFolder,
  162. })
  163. if s3ApiServer_err != nil {
  164. glog.Fatalf("S3 API Server startup error: %v", s3ApiServer_err)
  165. }
  166. httpS := &http.Server{Handler: router}
  167. listenAddress := fmt.Sprintf("%s:%d", *s3opt.bindIp, *s3opt.port)
  168. s3ApiListener, err := util.NewListener(listenAddress, time.Duration(10)*time.Second)
  169. if err != nil {
  170. glog.Fatalf("S3 API Server listener on %s error: %v", listenAddress, err)
  171. }
  172. if len(*s3opt.auditLogConfig) > 0 {
  173. s3err.InitAuditLog(*s3opt.auditLogConfig)
  174. if s3err.Logger != nil {
  175. defer s3err.Logger.Close()
  176. }
  177. }
  178. if *s3opt.tlsPrivateKey != "" {
  179. glog.V(0).Infof("Start Seaweed S3 API Server %s at https port %d", util.Version(), *s3opt.port)
  180. if err = httpS.ServeTLS(s3ApiListener, *s3opt.tlsCertificate, *s3opt.tlsPrivateKey); err != nil {
  181. glog.Fatalf("S3 API Server Fail to serve: %v", err)
  182. }
  183. } else {
  184. glog.V(0).Infof("Start Seaweed S3 API Server %s at http port %d", util.Version(), *s3opt.port)
  185. if err = httpS.Serve(s3ApiListener); err != nil {
  186. glog.Fatalf("S3 API Server Fail to serve: %v", err)
  187. }
  188. }
  189. return true
  190. }