ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-06-01 23:30:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

switch around how we do config (avoid space-separated filenames)

Browse Source
This commit is contained in:
meejah 2019-04-08 23:33:40 -06:00
parent 3d7055711a
commit f0e3b69f90
4 changed files with 44 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/proposed/grid-manager/managed-grid.rst
View File

@ -174,7 +174,7 @@ Enrolling a Storage Server: Config
You may edit the ``[storage]`` section of the ``tahoe.cfg`` file to You may edit the ``[storage]`` section of the ``tahoe.cfg`` file to
turn on grid-management with ``grid_management = true``. You then must turn on grid-management with ``grid_management = true``. You then must
also provide a ``[grid_management_keys]]`` section in the config-file which also provide a ``[grid_management_keys]`` section in the config-file which
lists ``name = path/to/certificate`` pairs. lists ``name = path/to/certificate`` pairs.
These certificate files are issued by the ``tahoe grid-manager sign`` These certificate files are issued by the ``tahoe grid-manager sign``
@ -278,7 +278,10 @@ certificates into the grid. We do this by adding some configuration
(in ``tahoe.cfg``):: (in ``tahoe.cfg``)::
[storage] [storage]
grid_manager_certificate_files = gridmanager.cert grid_management = true
[grid_manager_certificates]
default = gridmanager.cert
Add the above bit to each node's ``tahoe.cfg`` and re-start the Add the above bit to each node's ``tahoe.cfg`` and re-start the
storage nodes. storage nodes.

5
integration/test_grid_manager.py
View File

@ -115,7 +115,6 @@ def test_reject_storage_server(reactor, request, storage_nodes, temp_dir, introd
) )
assert sorted(json.loads(gm_config)['storage_servers'].keys()) == ['storage0', 'storage1'] assert sorted(json.loads(gm_config)['storage_servers'].keys()) == ['storage0', 'storage1']
# XXX FIXME need to shut-down and nuke carol when we're done this # XXX FIXME need to shut-down and nuke carol when we're done this
# test (i.d. request.addfinalizer) # test (i.d. request.addfinalizer)
carol = yield util._create_node( carol = yield util._create_node(
@ -136,7 +135,9 @@ def test_reject_storage_server(reactor, request, storage_nodes, temp_dir, introd
with open(join(storage._node_dir, "gridmanager.cert"), "w") as f: with open(join(storage._node_dir, "gridmanager.cert"), "w") as f:
f.write(cert) f.write(cert)
config = configutil.get_config(join(storage._node_dir, "tahoe.cfg")) config = configutil.get_config(join(storage._node_dir, "tahoe.cfg"))
config.set("storage", "grid_manager_certificate_files", "gridmanager.cert") config.set("storage", "grid_management", "True")
config.add_section("grid_manager_certificates")
config.set("grid_manager_certificates", "default", "gridmanager.cert")
config.write(open(join(storage._node_dir, "tahoe.cfg"), "w")) config.write(open(join(storage._node_dir, "tahoe.cfg"), "w"))
# re-start this storage server # re-start this storage server

54
src/allmydata/client.py
View File

@ -59,6 +59,7 @@ def _valid_config_sections():
"stats_gatherer.furl", "stats_gatherer.furl",
), ),
"grid_managers": None, # means "any options valid" "grid_managers": None, # means "any options valid"
"grid_manager_certificates": None,
"drop_upload": ( # deprecated already? "drop_upload": ( # deprecated already?
"enabled", "enabled",
), ),
@ -81,7 +82,7 @@ def _valid_config_sections():
"readonly", "readonly",
"reserved_space", "reserved_space",
"storage_dir", "storage_dir",
"grid_manager_certificate_files", "grid_management",
), ),
"sftpd": ( "sftpd": (
"accounts.file", "accounts.file",
@ -409,6 +410,34 @@ def create_storage_farm_broker(config, default_connection_handlers, foolscap_con
return sb return sb
def _load_grid_manager_certificates(config):
"""
Load all Grid Manager certificates in the config in a list. An
empty list is returned if there are none.
"""
grid_manager_certificates = []
cert_fnames = list(config.enumerate_section("grid_manager_certificates").values())
for fname in cert_fnames:
fname = config.get_config_path(fname.decode('ascii'))
if not os.path.exists(fname):
raise ValueError(
"Grid Manager certificate file '{}' doesn't exist".format(
fname
)
)
with open(fname, 'r') as f:
cert = json.load(f)
if set(cert.keys()) != {"certificate", "signature"}:
raise ValueError(
"Unknown key in Grid Manager certificate '{}'".format(
fname
)
)
grid_manager_certificates.append(cert)
return grid_manager_certificates
@implementer(IStatsProducer) @implementer(IStatsProducer)
class _Client(node.Node, pollmixin.PollMixin): class _Client(node.Node, pollmixin.PollMixin):
@ -604,27 +633,8 @@ class _Client(node.Node, pollmixin.PollMixin):
grid_manager_certificates = [] grid_manager_certificates = []
# XXX this is probably a bad idea for multiple fnames -- what if self.config.get_config("storage", "grid_management", default=False, boolean=True):
# about spaces in filenames? grid_manager_certificates = _load_grid_manager_certificates(self.config)
cert_fnames = self.get_config("storage", "grid_manager_certificate_files", "")
for fname in cert_fnames.split():
fname = self.config.get_config_path(fname.decode('ascii'))
if not os.path.exists(fname):
raise ValueError(
"Grid Manager certificate file '{}' doesn't exist".format(
fname
)
)
with open(fname, 'r') as f:
cert = json.load(f)
if set(cert.keys()) != {"certificate", "signature"}:
raise ValueError(
"Unknown key in Grid Manager certificate '{}'".format(
fname
)
)
grid_manager_certificates.append(cert)
# XXX we should probably verify that the certificates are # XXX we should probably verify that the certificates are
# valid and not expired, as that could be confusing for the # valid and not expired, as that could be confusing for the

11
src/allmydata/scripts/admin.py
View File

@ -118,18 +118,15 @@ def add_grid_manager_cert(options):
cert_fname = "{}.cert".format(options['name']) cert_fname = "{}.cert".format(options['name'])
cert_path = config.get_config_path(cert_fname) cert_path = config.get_config_path(cert_fname)
cert_bytes = json.dumps(options.certificate_data, indent=4) + '\n' cert_bytes = json.dumps(options.certificate_data, indent=4) + '\n'
# cert_name = options['name'] cert_name = options['name']
if exists(cert_path): if exists(cert_path):
print("Already have file '{}'".format(cert_path), file=options.parent.parent.stderr) print("Already have file '{}'".format(cert_path), file=options.parent.parent.stderr)
return 1 return 1
gm_certs = config.get_config("storage", "grid_manager_certificate_files", "").split() config.set_config("storage", "grid_management", "True")
if cert_fname not in gm_certs: config.add_section("grid_manager_certificates")
gm_certs.append(cert_fname) config.set_config("grid_manager_certificates", cert_name, cert_fname)
config.set_config("storage", "grid_manager_certificate_files", " ".join(gm_certs))
# print("grid_manager_certificate_files in {}: {}".format(config_path, len(gm_certs)))
# write all the data out # write all the data out