Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10999 Commits
32 Branches
300 Tags
171 MiB
Tree: a371ac7337
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a371ac7337'
${ noResults }
seaweedfs/weed/server/filer_server.go

244 lines
8.6 KiB
Raw Normal View History

working filer server!
11 years ago
simplify metrics settings
6 years ago
go fmt
7 years ago
default "weed server -filer" to same directory as -mdir
6 years ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
writing meta logs is working
5 years ago
only broad cast when there are waiting threads
11 months ago
simplify metrics settings
6 years ago
go fmt
7 years ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
filer: support default rack fix https://github.com/chrislusf/seaweedfs/issues/1546
4 years ago
filer: optional recursive deletion fix https://github.com/chrislusf/seaweedfs/issues/1176
5 years ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
support dameng as filer store
4 months ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
working filer server!
11 years ago
add dir list limit option
7 years ago
Implement SRV lookups for filer (#4767)
1 year ago
filer: add filer group
3 years ago
filer, volume: add concurrent upload size limit to avoid OOM add some back pressure when writes are slow
4 years ago
filer server: allow upload file to specific dataNode
3 years ago
filer, volume: add concurrent upload size limit to avoid OOM add some back pressure when writes are slow
4 years ago
change server address from string to a type
3 years ago
filer, volume: add concurrent upload size limit to avoid OOM add some back pressure when writes are slow
4 years ago
dedicated upload processor avoid thundering effect of overloading volume servers
4 years ago
filer, volume: add concurrent upload size limit to avoid OOM add some back pressure when writes are slow
4 years ago
Add filer command line parameter to let Filer UI show/hide directory delete button
3 years ago
Add download speed limit support (#3408)
3 years ago
add -disk to filer command (#4247) * add -disk to filer command * add diskType to filer.grpc * use filer.disk when filerWebDavOptions.disk is empty * add filer.disk to weed server command. --------- Co-authored-by: 三千院羽 <3000y@MacBook-Pro.lan>
2 years ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
Disable filer UI in configuration (#5297) * Add filer.ui.enabled configuration property * Add filer.expose_directory_metadata to config * Ammend commit * Remove ShowUI reference * Update all routes that allow directory metadata * Add cmd flag to server.go
11 months ago
add dir list limit option
7 years ago
working filer server!
11 years ago
only broad cast when there are waiting threads
11 months ago
ensure memory is aligned fix https://github.com/seaweedfs/seaweedfs/issues/3427
3 years ago
upgrade protoc to 3.17.3 $brew install protobuf $ protoc --version libprotoc 3.17.3 $ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 $ go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1
3 years ago
adding grpc mutual tls
6 years ago
rename filer2 to filer
4 years ago
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client - one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
3 years ago
fix: filer authenticate with with volume server (#5480)
10 months ago
adding grpc mutual tls
6 years ago
writing meta logs is working
5 years ago
refactoring
4 years ago
add client id for all metadata listening clients
3 years ago
metadata subscription uses client epoch
3 years ago
working filer server!
11 years ago
add dir list limit option
7 years ago
embed static resources via statik
6 years ago
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client - one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
3 years ago
fix: filer authenticate with with volume server (#5480)
10 months ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
Removed problematic if statement (#5180) This if statement was causing the value of option.AllowedOrigins to be always equal to "*". Now the values in the config file will be used when present. This allows for people who don't need this feature to not update their security.toml files.
1 year ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
Disable filer UI in configuration (#5297) * Add filer.ui.enabled configuration property * Add filer.expose_directory_metadata to config * Ammend commit * Remove ShowUI reference * Update all routes that allow directory metadata * Add cmd flag to server.go
11 months ago
working filer server!
11 years ago
filer, volume: add concurrent upload size limit to avoid OOM add some back pressure when writes are slow
4 years ago
metadata subscription uses client epoch
3 years ago
filer, volume: add concurrent upload size limit to avoid OOM add some back pressure when writes are slow
4 years ago
working filer server!
11 years ago
filer: able to tail meta data changes
5 years ago
use fixed list of masters in both filer and volume servers
7 years ago
Implement SRV lookups for filer (#4767)
1 year ago
use fixed list of masters in both filer and volume servers
7 years ago
fix: disallow file name too long when writing a file (#4881) * fix: disallow file name too long when writing a file * bool LongerName to MaxFilenameLength --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
1 year ago
only broad cast when there are waiting threads
11 months ago
aggregate multiple filer metadata chagne events
5 years ago
filer: option to encrypt data on volume server
5 years ago
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client - one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
3 years ago
fix: filer authenticate with with volume server (#5480)
10 months ago
use fixed list of masters in both filer and volume servers
7 years ago
filer: replication follows master config if not specified
4 years ago
re-ordering
5 years ago
change server address from string to a type
3 years ago
Added context for the MasterClient's methods to avoid endless loops (#5628) * Added context for the MasterClient's methods to avoid endless loops * Returned WithClient function. Added WithClientCustomGetMaster function * Hid unused ctx arguments * Using a common context for the KeepConnectedToMaster and WaitUntilConnected functions * Changed the context termination check in the tryConnectToMaster function * Added a child context to the tryConnectToMaster function * Added a common context for KeepConnectedToMaster and WaitUntilConnected functions in benchmark
8 months ago
add leveldb store 1. switch to viper for filer store configuration 2. simplify FindEntry() return values, removing “found” 3. add leveldb store
7 years ago
periodic scripts exeuction from leader master
6 years ago
Set default leveldb2 enabled avoid Filer store is enabled for both leveldb2 and mysql
3 years ago
default "weed server -filer" to same directory as -mdir
6 years ago
filer: default filer store directory 1. set default filer store directory 2. set peers, avoiding empty string counted as 1.
5 years ago
filer: add -defaultStoreDir so that filer.toml can be skipped fix https://github.com/chrislusf/seaweedfs/issues/1659
4 years ago
default "weed server -filer" to same directory as -mdir
6 years ago
periodic scripts exeuction from leader master
6 years ago
properly working filer
7 years ago
filer: optional recursive deletion fix https://github.com/chrislusf/seaweedfs/issues/1176
5 years ago
fix setting default value
5 years ago
filer: fix configuration settings
5 years ago
chore: fix some typos in comments (#5497)
10 months ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
s3: deprecating filer.options.buckets_fsync
4 years ago
fresh filer store bootstrap from the oldest peer
3 years ago
merge notification config with filer.toml
7 years ago
support env variables to overwrite toml file
5 years ago
add filer notification
7 years ago
embed static resources via statik
6 years ago
weed filer, weed master: add option to disable http
6 years ago
added healthz endpoint to filer (#4899)
1 year ago
weed filer, weed master: add option to disable http
6 years ago
filer add readonly public port
8 years ago
filer: readonly handle static resources fix https://github.com/chrislusf/seaweedfs/issues/1641
4 years ago
chore: filer healthz handler check filer store (#5208)
1 year ago
filer add readonly public port
8 years ago
working filer server!
11 years ago
Added context for the MasterClient's methods to avoid endless loops (#5628) * Added context for the MasterClient's methods to avoid endless loops * Returned WithClient function. Added WithClientCustomGetMaster function * Hid unused ctx arguments * Using a common context for the KeepConnectedToMaster and WaitUntilConnected functions * Changed the context termination check in the tryConnectToMaster function * Added a child context to the tryConnectToMaster function * Added a common context for KeepConnectedToMaster and WaitUntilConnected functions in benchmark
8 months ago
fresh filer store bootstrap from the oldest peer
3 years ago
bootstrap filer from one peer
7 months ago
add missing error in the log related to https://github.com/seaweedfs/seaweedfs/issues/5084
1 year ago
fresh filer store bootstrap from the oldest peer
3 years ago
filer: default filer store directory 1. set default filer store directory 2. set peers, avoiding empty string counted as 1.
5 years ago
filer: load filer conf when starting
4 years ago
add ReadRemote(), add read remote setup when filer starts
4 years ago
refacotr: move signal handling and pprof to grace package
5 years ago
filer: close stores if interrupted
5 years ago
refactor
2 years ago
add distributed lock manager
2 years ago
Revert "Revert "Merge branch 'master' into sub"" This reverts commit 0bb97709d41b1be4c74f01dcc65aac6d5f88bd16.
1 year ago
simplify metrics settings
6 years ago
filer: replication follows master config if not specified
4 years ago
fail fast if filer configured wrong masters fix https://github.com/chrislusf/seaweedfs/issues/1257
5 years ago
simplify metrics settings
6 years ago
Implement SRV lookups for filer (#4767)
1 year ago
use streaming mode for long poll grpc calls streaming mode would create separate grpc connections for each call. this is to ensure the long poll connections are properly closed.
3 years ago
filer: replication follows master config if not specified
4 years ago
loop through all masters
5 years ago
simplify metrics settings
6 years ago
volume: get metrics configuration from master fix https://github.com/chrislusf/seaweedfs/issues/1354
4 years ago
working filer server!
11 years ago
  1. package weed_server
  3. import (
  4. "context"
  5. "fmt"
  6. "net/http"
  7. "os"
  8. "strings"
  9. "sync"
  10. "sync/atomic"
  11. "time"
  13. "github.com/seaweedfs/seaweedfs/weed/stats"
  15. "google.golang.org/grpc"
  17. "github.com/seaweedfs/seaweedfs/weed/util/grace"
  19. "github.com/seaweedfs/seaweedfs/weed/operation"
  20. "github.com/seaweedfs/seaweedfs/weed/pb"
  21. "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
  22. "github.com/seaweedfs/seaweedfs/weed/pb/master_pb"
  23. "github.com/seaweedfs/seaweedfs/weed/util"
  25. "github.com/seaweedfs/seaweedfs/weed/filer"
  26. _ "github.com/seaweedfs/seaweedfs/weed/filer/arangodb"
  27. _ "github.com/seaweedfs/seaweedfs/weed/filer/cassandra"
  28. _ "github.com/seaweedfs/seaweedfs/weed/filer/dameng"
  29. _ "github.com/seaweedfs/seaweedfs/weed/filer/elastic/v7"
  30. _ "github.com/seaweedfs/seaweedfs/weed/filer/etcd"
  31. _ "github.com/seaweedfs/seaweedfs/weed/filer/hbase"
  32. _ "github.com/seaweedfs/seaweedfs/weed/filer/leveldb"
  33. _ "github.com/seaweedfs/seaweedfs/weed/filer/leveldb2"
  34. _ "github.com/seaweedfs/seaweedfs/weed/filer/leveldb3"
  35. _ "github.com/seaweedfs/seaweedfs/weed/filer/mongodb"
  36. _ "github.com/seaweedfs/seaweedfs/weed/filer/mysql"
  37. _ "github.com/seaweedfs/seaweedfs/weed/filer/mysql2"
  38. _ "github.com/seaweedfs/seaweedfs/weed/filer/postgres"
  39. _ "github.com/seaweedfs/seaweedfs/weed/filer/postgres2"
  40. _ "github.com/seaweedfs/seaweedfs/weed/filer/redis"
  41. _ "github.com/seaweedfs/seaweedfs/weed/filer/redis2"
  42. _ "github.com/seaweedfs/seaweedfs/weed/filer/redis3"
  43. _ "github.com/seaweedfs/seaweedfs/weed/filer/sqlite"
  44. _ "github.com/seaweedfs/seaweedfs/weed/filer/ydb"
  45. "github.com/seaweedfs/seaweedfs/weed/glog"
  46. "github.com/seaweedfs/seaweedfs/weed/notification"
  47. _ "github.com/seaweedfs/seaweedfs/weed/notification/aws_sqs"
  48. _ "github.com/seaweedfs/seaweedfs/weed/notification/gocdk_pub_sub"
  49. _ "github.com/seaweedfs/seaweedfs/weed/notification/google_pub_sub"
  50. _ "github.com/seaweedfs/seaweedfs/weed/notification/kafka"
  51. _ "github.com/seaweedfs/seaweedfs/weed/notification/log"
  52. "github.com/seaweedfs/seaweedfs/weed/security"
  53. )
  55. type FilerOption struct {
  56. Masters *pb.ServerDiscovery
  57. FilerGroup string
  58. Collection string
  59. DefaultReplication string
  60. DisableDirListing bool
  61. MaxMB int
  62. DirListingLimit int
  63. DataCenter string
  64. Rack string
  65. DataNode string
  66. DefaultLevelDbDir string
  67. DisableHttp bool
  68. Host pb.ServerAddress
  69. recursiveDelete bool
  70. Cipher bool
  71. SaveToFilerLimit int64
  72. ConcurrentUploadLimit int64
  73. ShowUIDirectoryDelete bool
  74. DownloadMaxBytesPs int64
  75. DiskType string
  76. AllowedOrigins []string
  77. ExposeDirectoryData bool
  78. }
  80. type FilerServer struct {
  81. inFlightDataSize int64
  82. listenersWaits int64
  84. // notifying clients
  85. listenersLock sync.Mutex
  86. listenersCond *sync.Cond
  88. inFlightDataLimitCond *sync.Cond
  90. filer_pb.UnimplementedSeaweedFilerServer
  91. option *FilerOption
  92. secret security.SigningKey
  93. filer *filer.Filer
  94. filerGuard *security.Guard
  95. volumeGuard *security.Guard
  96. grpcDialOption grpc.DialOption
  98. // metrics read from the master
  99. metricsAddress string
  100. metricsIntervalSec int
  102. // track known metadata listeners
  103. knownListenersLock sync.Mutex
  104. knownListeners map[int32]int32
  105. }
  107. func NewFilerServer(defaultMux, readonlyMux *http.ServeMux, option *FilerOption) (fs *FilerServer, err error) {
  109. v := util.GetViper()
  110. signingKey := v.GetString("jwt.filer_signing.key")
  111. v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
  112. expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
  114. readSigningKey := v.GetString("jwt.filer_signing.read.key")
  115. v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
  116. readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
  118. volumeSigningKey := v.GetString("jwt.signing.key")
  119. v.SetDefault("jwt.signing.expires_after_seconds", 10)
  120. volumeExpiresAfterSec := v.GetInt("jwt.signing.expires_after_seconds")
  122. volumeReadSigningKey := v.GetString("jwt.signing.read.key")
  123. v.SetDefault("jwt.signing.read.expires_after_seconds", 60)
  124. volumeReadExpiresAfterSec := v.GetInt("jwt.signing.read.expires_after_seconds")
  126. v.SetDefault("cors.allowed_origins.values", "*")
  128. allowedOrigins := v.GetString("cors.allowed_origins.values")
  129. domains := strings.Split(allowedOrigins, ",")
  130. option.AllowedOrigins = domains
  132. v.SetDefault("filer.expose_directory_metadata.enabled", true)
  133. returnDirMetadata := v.GetBool("filer.expose_directory_metadata.enabled")
  134. option.ExposeDirectoryData = returnDirMetadata
  136. fs = &FilerServer{
  137. option: option,
  138. grpcDialOption: security.LoadClientTLS(util.GetViper(), "grpc.filer"),
  139. knownListeners: make(map[int32]int32),
  140. inFlightDataLimitCond: sync.NewCond(new(sync.Mutex)),
  141. }
  142. fs.listenersCond = sync.NewCond(&fs.listenersLock)
  144. option.Masters.RefreshBySrvIfAvailable()
  145. if len(option.Masters.GetInstances()) == 0 {
  146. glog.Fatal("master list is required!")
  147. }
  148. v.SetDefault("filer.options.max_file_name_length", 255)
  149. maxFilenameLength := v.GetUint32("filer.options.max_file_name_length")
  150. fs.filer = filer.NewFiler(*option.Masters, fs.grpcDialOption, option.Host, option.FilerGroup, option.Collection, option.DefaultReplication, option.DataCenter, maxFilenameLength, func() {
  151. if atomic.LoadInt64(&fs.listenersWaits) > 0 {
  152. fs.listenersCond.Broadcast()
  153. }
  154. })
  155. fs.filer.Cipher = option.Cipher
  156. // we do not support IP whitelist right now
  157. fs.filerGuard = security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec)
  158. fs.volumeGuard = security.NewGuard([]string{}, volumeSigningKey, volumeExpiresAfterSec, volumeReadSigningKey, volumeReadExpiresAfterSec)
  160. fs.checkWithMaster()
  162. go stats.LoopPushingMetric("filer", string(fs.option.Host), fs.metricsAddress, fs.metricsIntervalSec)
  163. go fs.filer.KeepMasterClientConnected(context.Background())
  165. if !util.LoadConfiguration("filer", false) {
  166. v.SetDefault("leveldb2.enabled", true)
  167. v.SetDefault("leveldb2.dir", option.DefaultLevelDbDir)
  168. _, err := os.Stat(option.DefaultLevelDbDir)
  169. if os.IsNotExist(err) {
  170. os.MkdirAll(option.DefaultLevelDbDir, 0755)
  171. }
  172. glog.V(0).Infof("default to create filer store dir in %s", option.DefaultLevelDbDir)
  173. } else {
  174. glog.Warningf("skipping default store dir in %s", option.DefaultLevelDbDir)
  175. }
  176. util.LoadConfiguration("notification", false)
  178. fs.option.recursiveDelete = v.GetBool("filer.options.recursive_delete")
  179. v.SetDefault("filer.options.buckets_folder", "/buckets")
  180. fs.filer.DirBucketsPath = v.GetString("filer.options.buckets_folder")
  181. // TODO deprecated, will be removed after 2020-12-31
  182. // replaced by https://github.com/seaweedfs/seaweedfs/wiki/Path-Specific-Configuration
  183. // fs.filer.FsyncBuckets = v.GetStringSlice("filer.options.buckets_fsync")
  184. isFresh := fs.filer.LoadConfiguration(v)
  186. notification.LoadConfiguration(v, "notification.")
  188. handleStaticResources(defaultMux)
  189. if !option.DisableHttp {
  190. defaultMux.HandleFunc("/healthz", fs.filerHealthzHandler)
  191. defaultMux.HandleFunc("/", fs.filerHandler)
  192. }
  193. if defaultMux != readonlyMux {
  194. handleStaticResources(readonlyMux)
  195. readonlyMux.HandleFunc("/healthz", fs.filerHealthzHandler)
  196. readonlyMux.HandleFunc("/", fs.readonlyFilerHandler)
  197. }
  199. existingNodes := fs.filer.ListExistingPeerUpdates(context.Background())
  200. startFromTime := time.Now().Add(-filer.LogFlushInterval)
  201. if isFresh {
  202. glog.V(0).Infof("%s bootstrap from peers %+v", option.Host, existingNodes)
  203. if err := fs.filer.MaybeBootstrapFromOnePeer(option.Host, existingNodes, startFromTime); err != nil {
  204. glog.Fatalf("%s bootstrap from %+v: %v", option.Host, existingNodes, err)
  205. }
  206. }
  207. fs.filer.AggregateFromPeers(option.Host, existingNodes, startFromTime)
  209. fs.filer.LoadFilerConf()
  211. fs.filer.LoadRemoteStorageConfAndMapping()
  213. grace.OnInterrupt(func() {
  214. fs.filer.Shutdown()
  215. })
  217. fs.filer.Dlm.LockRing.SetTakeSnapshotCallback(fs.OnDlmChangeSnapshot)
  219. return fs, nil
  220. }
  222. func (fs *FilerServer) checkWithMaster() {
  224. isConnected := false
  225. for !isConnected {
  226. fs.option.Masters.RefreshBySrvIfAvailable()
  227. for _, master := range fs.option.Masters.GetInstances() {
  228. readErr := operation.WithMasterServerClient(false, master, fs.grpcDialOption, func(masterClient master_pb.SeaweedClient) error {
  229. resp, err := masterClient.GetMasterConfiguration(context.Background(), &master_pb.GetMasterConfigurationRequest{})
  230. if err != nil {
  231. return fmt.Errorf("get master %s configuration: %v", master, err)
  232. }
  233. fs.metricsAddress, fs.metricsIntervalSec = resp.MetricsAddress, int(resp.MetricsIntervalSeconds)
  234. return nil
  235. })
  236. if readErr == nil {
  237. isConnected = true
  238. } else {
  239. time.Sleep(7 * time.Second)
  240. }
  241. }
  242. }
  244. }