From e45c6b5e21d7aca626982ae1967816c4b9dc6854 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Tue, 13 Aug 2013 09:31:19 -0700 Subject: [PATCH] add white list to both master and volume servers prepare for v0.41 --- go/weed/master.go | 46 ++++++++++++++++++++++++++-------------------- go/weed/version.go | 2 +- go/weed/volume.go | 20 -------------------- go/weed/weed.go | 19 +++++++++++++++++++ 4 files changed, 46 insertions(+), 41 deletions(-) diff --git a/go/weed/master.go b/go/weed/master.go index ccf186fac..3cec1e5d3 100644 --- a/go/weed/master.go +++ b/go/weed/master.go @@ -1,14 +1,14 @@ package main import ( - "bytes" - "code.google.com/p/weed-fs/go/operation" + "bytes" + "code.google.com/p/weed-fs/go/glog" + "code.google.com/p/weed-fs/go/operation" "code.google.com/p/weed-fs/go/replication" "code.google.com/p/weed-fs/go/storage" "code.google.com/p/weed-fs/go/topology" "encoding/json" "errors" - "code.google.com/p/weed-fs/go/glog" "net/http" "runtime" "strconv" @@ -31,15 +31,18 @@ var cmdMaster = &Command{ } var ( - mport = cmdMaster.Flag.Int("port", 9333, "http listen port") - metaFolder = cmdMaster.Flag.String("mdir", "/tmp", "data directory to store mappings") - volumeSizeLimitMB = cmdMaster.Flag.Uint("volumeSizeLimitMB", 32*1024, "Default Volume Size in MegaBytes") - mpulse = cmdMaster.Flag.Int("pulseSeconds", 5, "number of seconds between heartbeats") - confFile = cmdMaster.Flag.String("conf", "/etc/weedfs/weedfs.conf", "xml configuration file") - defaultRepType = cmdMaster.Flag.String("defaultReplicationType", "000", "Default replication type if not specified.") - mReadTimeout = cmdMaster.Flag.Int("readTimeout", 3, "connection read timeout in seconds") - mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") - garbageThreshold = cmdMaster.Flag.String("garbageThreshold", "0.3", "threshold to vacuum and reclaim spaces") + mport = cmdMaster.Flag.Int("port", 9333, "http listen port") + metaFolder = cmdMaster.Flag.String("mdir", "/tmp", "data directory to store mappings") + volumeSizeLimitMB = cmdMaster.Flag.Uint("volumeSizeLimitMB", 32*1024, "Default Volume Size in MegaBytes") + mpulse = cmdMaster.Flag.Int("pulseSeconds", 5, "number of seconds between heartbeats") + confFile = cmdMaster.Flag.String("conf", "/etc/weedfs/weedfs.conf", "xml configuration file") + defaultRepType = cmdMaster.Flag.String("defaultReplicationType", "000", "Default replication type if not specified.") + mReadTimeout = cmdMaster.Flag.Int("readTimeout", 3, "connection read timeout in seconds") + mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") + garbageThreshold = cmdMaster.Flag.String("garbageThreshold", "0.3", "threshold to vacuum and reclaim spaces") + masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") + + masterWhiteList []string ) var topo *topology.Topology @@ -202,6 +205,9 @@ func runMaster(cmd *Command, args []string) bool { *mMaxCpu = runtime.NumCPU() } runtime.GOMAXPROCS(*mMaxCpu) + if *masterWhiteListOption != "" { + masterWhiteList = strings.Split(*masterWhiteListOption, ",") + } var e error if topo, e = topology.NewTopology("topo", *confFile, *metaFolder, "weed", uint64(*volumeSizeLimitMB)*1024*1024, *mpulse); e != nil { @@ -209,15 +215,15 @@ func runMaster(cmd *Command, args []string) bool { } vg = replication.NewDefaultVolumeGrowth() glog.V(0).Infoln("Volume Size Limit is", *volumeSizeLimitMB, "MB") - http.HandleFunc("/dir/assign", dirAssignHandler) - http.HandleFunc("/dir/lookup", dirLookupHandler) - http.HandleFunc("/dir/join", dirJoinHandler) - http.HandleFunc("/dir/status", dirStatusHandler) - http.HandleFunc("/vol/grow", volumeGrowHandler) - http.HandleFunc("/vol/status", volumeStatusHandler) - http.HandleFunc("/vol/vacuum", volumeVacuumHandler) + http.HandleFunc("/dir/assign", secure(masterWhiteList, dirAssignHandler)) + http.HandleFunc("/dir/lookup", secure(masterWhiteList, dirLookupHandler)) + http.HandleFunc("/dir/join", secure(masterWhiteList, dirJoinHandler)) + http.HandleFunc("/dir/status", secure(masterWhiteList, dirStatusHandler)) + http.HandleFunc("/vol/grow", secure(masterWhiteList, volumeGrowHandler)) + http.HandleFunc("/vol/status", secure(masterWhiteList, volumeStatusHandler)) + http.HandleFunc("/vol/vacuum", secure(masterWhiteList, volumeVacuumHandler)) - http.HandleFunc("/submit", submitFromMasterServerHandler) + http.HandleFunc("/submit", secure(masterWhiteList, submitFromMasterServerHandler)) http.HandleFunc("/", redirectHandler) topo.StartRefreshWritableVolumes(*garbageThreshold) diff --git a/go/weed/version.go b/go/weed/version.go index 608585204..90b129721 100644 --- a/go/weed/version.go +++ b/go/weed/version.go @@ -6,7 +6,7 @@ import ( ) const ( - VERSION = "0.40" + VERSION = "0.41" ) var cmdVersion = &Command{ diff --git a/go/weed/volume.go b/go/weed/volume.go index a0d931473..34c2bc30b 100644 --- a/go/weed/volume.go +++ b/go/weed/volume.go @@ -7,7 +7,6 @@ import ( "code.google.com/p/weed-fs/go/storage" "math/rand" "mime" - "net" "net/http" "os" "path/filepath" @@ -385,22 +384,3 @@ func runVolume(cmd *Command, args []string) bool { } return true } - -func secure(whiteList []string, f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) { - return func(w http.ResponseWriter, r *http.Request) { - if len(whiteList) == 0 { - f(w, r) - return - } - host, _, err := net.SplitHostPort(r.RemoteAddr) - if err == nil { - for _, ip := range whiteList { - if ip == host { - f(w, r) - return - } - } - } - writeJsonQuiet(w, r, map[string]interface{}{"error": "No write permisson from " + host}) - } -} diff --git a/go/weed/weed.go b/go/weed/weed.go index 57fe62281..dc74b7650 100644 --- a/go/weed/weed.go +++ b/go/weed/weed.go @@ -7,6 +7,7 @@ import ( "fmt" "io" "math/rand" + "net" "net/http" "os" "strings" @@ -223,3 +224,21 @@ func debug(params ...interface{}) { glog.V(0).Infoln(params) } } +func secure(whiteList []string, f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) { + return func(w http.ResponseWriter, r *http.Request) { + if len(whiteList) == 0 { + f(w, r) + return + } + host, _, err := net.SplitHostPort(r.RemoteAddr) + if err == nil { + for _, ip := range whiteList { + if ip == host { + f(w, r) + return + } + } + } + writeJsonQuiet(w, r, map[string]interface{}{"error": "No write permisson from " + host}) + } +}