Browse Source

add white list to both master and volume servers

prepare for v0.41
pull/2/head
Chris Lu 12 years ago
parent
commit
e45c6b5e21
  1. 24
      go/weed/master.go
  2. 2
      go/weed/version.go
  3. 20
      go/weed/volume.go
  4. 19
      go/weed/weed.go

24
go/weed/master.go

@ -2,13 +2,13 @@ package main
import (
"bytes"
"code.google.com/p/weed-fs/go/glog"
"code.google.com/p/weed-fs/go/operation"
"code.google.com/p/weed-fs/go/replication"
"code.google.com/p/weed-fs/go/storage"
"code.google.com/p/weed-fs/go/topology"
"encoding/json"
"errors"
"code.google.com/p/weed-fs/go/glog"
"net/http"
"runtime"
"strconv"
@ -40,6 +40,9 @@ var (
mReadTimeout = cmdMaster.Flag.Int("readTimeout", 3, "connection read timeout in seconds")
mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
garbageThreshold = cmdMaster.Flag.String("garbageThreshold", "0.3", "threshold to vacuum and reclaim spaces")
masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
masterWhiteList []string
)
var topo *topology.Topology
@ -202,6 +205,9 @@ func runMaster(cmd *Command, args []string) bool {
*mMaxCpu = runtime.NumCPU()
}
runtime.GOMAXPROCS(*mMaxCpu)
if *masterWhiteListOption != "" {
masterWhiteList = strings.Split(*masterWhiteListOption, ",")
}
var e error
if topo, e = topology.NewTopology("topo", *confFile, *metaFolder, "weed",
uint64(*volumeSizeLimitMB)*1024*1024, *mpulse); e != nil {
@ -209,15 +215,15 @@ func runMaster(cmd *Command, args []string) bool {
}
vg = replication.NewDefaultVolumeGrowth()
glog.V(0).Infoln("Volume Size Limit is", *volumeSizeLimitMB, "MB")
http.HandleFunc("/dir/assign", dirAssignHandler)
http.HandleFunc("/dir/lookup", dirLookupHandler)
http.HandleFunc("/dir/join", dirJoinHandler)
http.HandleFunc("/dir/status", dirStatusHandler)
http.HandleFunc("/vol/grow", volumeGrowHandler)
http.HandleFunc("/vol/status", volumeStatusHandler)
http.HandleFunc("/vol/vacuum", volumeVacuumHandler)
http.HandleFunc("/dir/assign", secure(masterWhiteList, dirAssignHandler))
http.HandleFunc("/dir/lookup", secure(masterWhiteList, dirLookupHandler))
http.HandleFunc("/dir/join", secure(masterWhiteList, dirJoinHandler))
http.HandleFunc("/dir/status", secure(masterWhiteList, dirStatusHandler))
http.HandleFunc("/vol/grow", secure(masterWhiteList, volumeGrowHandler))
http.HandleFunc("/vol/status", secure(masterWhiteList, volumeStatusHandler))
http.HandleFunc("/vol/vacuum", secure(masterWhiteList, volumeVacuumHandler))
http.HandleFunc("/submit", submitFromMasterServerHandler)
http.HandleFunc("/submit", secure(masterWhiteList, submitFromMasterServerHandler))
http.HandleFunc("/", redirectHandler)
topo.StartRefreshWritableVolumes(*garbageThreshold)

2
go/weed/version.go

@ -6,7 +6,7 @@ import (
)
const (
VERSION = "0.40"
VERSION = "0.41"
)
var cmdVersion = &Command{

20
go/weed/volume.go

@ -7,7 +7,6 @@ import (
"code.google.com/p/weed-fs/go/storage"
"math/rand"
"mime"
"net"
"net/http"
"os"
"path/filepath"
@ -385,22 +384,3 @@ func runVolume(cmd *Command, args []string) bool {
}
return true
}
func secure(whiteList []string, f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
if len(whiteList) == 0 {
f(w, r)
return
}
host, _, err := net.SplitHostPort(r.RemoteAddr)
if err == nil {
for _, ip := range whiteList {
if ip == host {
f(w, r)
return
}
}
}
writeJsonQuiet(w, r, map[string]interface{}{"error": "No write permisson from " + host})
}
}

19
go/weed/weed.go

@ -7,6 +7,7 @@ import (
"fmt"
"io"
"math/rand"
"net"
"net/http"
"os"
"strings"
@ -223,3 +224,21 @@ func debug(params ...interface{}) {
glog.V(0).Infoln(params)
}
}
func secure(whiteList []string, f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
if len(whiteList) == 0 {
f(w, r)
return
}
host, _, err := net.SplitHostPort(r.RemoteAddr)
if err == nil {
for _, ip := range whiteList {
if ip == host {
f(w, r)
return
}
}
}
writeJsonQuiet(w, r, map[string]interface{}{"error": "No write permisson from " + host})
}
}
Loading…
Cancel
Save