Line data Source code
1 : //! Code to manage safekeepers
2 : //!
3 : //! In the local test environment, the data for each safekeeper is stored in
4 : //!
5 : //! ```text
6 : //! .neon/safekeepers/<safekeeper id>
7 : //! ```
8 : use std::error::Error as _;
9 : use std::future::Future;
10 : use std::io::Write;
11 : use std::path::PathBuf;
12 : use std::time::Duration;
13 : use std::{io, result};
14 :
15 : use anyhow::Context;
16 : use camino::Utf8PathBuf;
17 : use http_utils::error::HttpErrorBody;
18 : use postgres_connection::PgConnectionConfig;
19 : use reqwest::{IntoUrl, Method};
20 : use thiserror::Error;
21 : use utils::auth::{Claims, Scope};
22 : use utils::id::NodeId;
23 :
24 : use crate::background_process;
25 : use crate::local_env::{LocalEnv, SafekeeperConf};
26 :
27 : #[derive(Error, Debug)]
28 : pub enum SafekeeperHttpError {
29 0 : #[error("request error: {0}{}", .0.source().map(|e| format!(": {e}")).unwrap_or_default())]
30 : Transport(#[from] reqwest::Error),
31 :
32 : #[error("Error: {0}")]
33 : Response(String),
34 : }
35 :
36 : type Result<T> = result::Result<T, SafekeeperHttpError>;
37 :
38 : pub(crate) trait ResponseErrorMessageExt: Sized {
39 : fn error_from_body(self) -> impl Future<Output = Result<Self>> + Send;
40 : }
41 :
42 : impl ResponseErrorMessageExt for reqwest::Response {
43 0 : async fn error_from_body(self) -> Result<Self> {
44 0 : let status = self.status();
45 0 : if !(status.is_client_error() || status.is_server_error()) {
46 0 : return Ok(self);
47 0 : }
48 0 :
49 0 : // reqwest does not export its error construction utility functions, so let's craft the message ourselves
50 0 : let url = self.url().to_owned();
51 0 : Err(SafekeeperHttpError::Response(
52 0 : match self.json::<HttpErrorBody>().await {
53 0 : Ok(err_body) => format!("Error: {}", err_body.msg),
54 0 : Err(_) => format!("Http error ({}) at {}.", status.as_u16(), url),
55 : },
56 : ))
57 0 : }
58 : }
59 :
60 : //
61 : // Control routines for safekeeper.
62 : //
63 : // Used in CLI and tests.
64 : //
65 : #[derive(Debug)]
66 : pub struct SafekeeperNode {
67 : pub id: NodeId,
68 :
69 : pub conf: SafekeeperConf,
70 :
71 : pub pg_connection_config: PgConnectionConfig,
72 : pub env: LocalEnv,
73 : pub http_client: reqwest::Client,
74 : pub listen_addr: String,
75 : pub http_base_url: String,
76 : }
77 :
78 : impl SafekeeperNode {
79 0 : pub fn from_env(env: &LocalEnv, conf: &SafekeeperConf) -> SafekeeperNode {
80 0 : let listen_addr = if let Some(ref listen_addr) = conf.listen_addr {
81 0 : listen_addr.clone()
82 : } else {
83 0 : "127.0.0.1".to_string()
84 : };
85 0 : SafekeeperNode {
86 0 : id: conf.id,
87 0 : conf: conf.clone(),
88 0 : pg_connection_config: Self::safekeeper_connection_config(&listen_addr, conf.pg_port),
89 0 : env: env.clone(),
90 0 : http_client: env.create_http_client(),
91 0 : http_base_url: format!("http://{}:{}/v1", listen_addr, conf.http_port),
92 0 : listen_addr,
93 0 : }
94 0 : }
95 :
96 : /// Construct libpq connection string for connecting to this safekeeper.
97 0 : fn safekeeper_connection_config(addr: &str, port: u16) -> PgConnectionConfig {
98 0 : PgConnectionConfig::new_host_port(url::Host::parse(addr).unwrap(), port)
99 0 : }
100 :
101 0 : pub fn datadir_path_by_id(env: &LocalEnv, sk_id: NodeId) -> PathBuf {
102 0 : env.safekeeper_data_dir(&format!("sk{sk_id}"))
103 0 : }
104 :
105 0 : pub fn datadir_path(&self) -> PathBuf {
106 0 : SafekeeperNode::datadir_path_by_id(&self.env, self.id)
107 0 : }
108 :
109 0 : pub fn pid_file(&self) -> Utf8PathBuf {
110 0 : Utf8PathBuf::from_path_buf(self.datadir_path().join("safekeeper.pid"))
111 0 : .expect("non-Unicode path")
112 0 : }
113 :
114 : /// Initializes a safekeeper node by creating all necessary files,
115 : /// e.g. SSL certificates and JWT token file.
116 0 : pub fn initialize(&self) -> anyhow::Result<()> {
117 0 : if self.env.generate_local_ssl_certs {
118 0 : self.env.generate_ssl_cert(
119 0 : &self.datadir_path().join("server.crt"),
120 0 : &self.datadir_path().join("server.key"),
121 0 : )?;
122 0 : }
123 :
124 : // Generate a token file for authentication with other safekeepers
125 0 : if self.conf.auth_enabled {
126 0 : let token = self
127 0 : .env
128 0 : .generate_auth_token(&Claims::new(None, Scope::SafekeeperData))?;
129 :
130 0 : let token_path = self.datadir_path().join("peer_jwt_token");
131 0 : std::fs::write(token_path, token)?;
132 0 : }
133 :
134 0 : Ok(())
135 0 : }
136 :
137 0 : pub async fn start(
138 0 : &self,
139 0 : extra_opts: &[String],
140 0 : retry_timeout: &Duration,
141 0 : ) -> anyhow::Result<()> {
142 0 : print!(
143 0 : "Starting safekeeper at '{}' in '{}', retrying for {:?}",
144 0 : self.pg_connection_config.raw_address(),
145 0 : self.datadir_path().display(),
146 0 : retry_timeout,
147 0 : );
148 0 : io::stdout().flush().unwrap();
149 0 :
150 0 : let listen_pg = format!("{}:{}", self.listen_addr, self.conf.pg_port);
151 0 : let listen_http = format!("{}:{}", self.listen_addr, self.conf.http_port);
152 0 : let id = self.id;
153 0 : let datadir = self.datadir_path();
154 0 :
155 0 : let id_string = id.to_string();
156 0 : // TODO: add availability_zone to the config.
157 0 : // Right now we just specify any value here and use it to check metrics in tests.
158 0 : let availability_zone = format!("sk-{}", id_string);
159 :
160 0 : let mut args = vec![
161 0 : "-D".to_owned(),
162 0 : datadir
163 0 : .to_str()
164 0 : .with_context(|| {
165 0 : format!("Datadir path {datadir:?} cannot be represented as a unicode string")
166 0 : })?
167 0 : .to_owned(),
168 0 : "--id".to_owned(),
169 0 : id_string,
170 0 : "--listen-pg".to_owned(),
171 0 : listen_pg,
172 0 : "--listen-http".to_owned(),
173 0 : listen_http,
174 0 : "--availability-zone".to_owned(),
175 0 : availability_zone,
176 : ];
177 0 : if let Some(pg_tenant_only_port) = self.conf.pg_tenant_only_port {
178 0 : let listen_pg_tenant_only = format!("{}:{}", self.listen_addr, pg_tenant_only_port);
179 0 : args.extend(["--listen-pg-tenant-only".to_owned(), listen_pg_tenant_only]);
180 0 : }
181 0 : if !self.conf.sync {
182 0 : args.push("--no-sync".to_owned());
183 0 : }
184 :
185 0 : let broker_endpoint = format!("{}", self.env.broker.client_url());
186 0 : args.extend(["--broker-endpoint".to_owned(), broker_endpoint]);
187 0 :
188 0 : let mut backup_threads = String::new();
189 0 : if let Some(threads) = self.conf.backup_threads {
190 0 : backup_threads = threads.to_string();
191 0 : args.extend(["--backup-threads".to_owned(), backup_threads]);
192 0 : } else {
193 0 : drop(backup_threads);
194 0 : }
195 :
196 0 : if let Some(ref remote_storage) = self.conf.remote_storage {
197 0 : args.extend(["--remote-storage".to_owned(), remote_storage.clone()]);
198 0 : }
199 :
200 0 : let key_path = self.env.base_data_dir.join("auth_public_key.pem");
201 0 : if self.conf.auth_enabled {
202 0 : let key_path_string = key_path
203 0 : .to_str()
204 0 : .with_context(|| {
205 0 : format!("Key path {key_path:?} cannot be represented as a unicode string")
206 0 : })?
207 0 : .to_owned();
208 0 : args.extend([
209 0 : "--pg-auth-public-key-path".to_owned(),
210 0 : key_path_string.clone(),
211 0 : ]);
212 0 : args.extend([
213 0 : "--pg-tenant-only-auth-public-key-path".to_owned(),
214 0 : key_path_string.clone(),
215 0 : ]);
216 0 : args.extend([
217 0 : "--http-auth-public-key-path".to_owned(),
218 0 : key_path_string.clone(),
219 0 : ]);
220 0 : }
221 :
222 0 : if let Some(https_port) = self.conf.https_port {
223 0 : args.extend([
224 0 : "--listen-https".to_owned(),
225 0 : format!("{}:{}", self.listen_addr, https_port),
226 0 : ]);
227 0 : }
228 0 : if let Some(ssl_ca_file) = self.env.ssl_ca_cert_path() {
229 0 : args.push(format!("--ssl-ca-file={}", ssl_ca_file.to_str().unwrap()));
230 0 : }
231 :
232 0 : if self.conf.auth_enabled {
233 0 : let token_path = self.datadir_path().join("peer_jwt_token");
234 0 : let token_path_str = token_path
235 0 : .to_str()
236 0 : .with_context(|| {
237 0 : format!("Token path {token_path:?} cannot be represented as a unicode string")
238 0 : })?
239 0 : .to_owned();
240 0 : args.extend(["--auth-token-path".to_owned(), token_path_str]);
241 0 : }
242 :
243 0 : args.extend_from_slice(extra_opts);
244 0 :
245 0 : let env_variables = Vec::new();
246 0 : background_process::start_process(
247 0 : &format!("safekeeper-{id}"),
248 0 : &datadir,
249 0 : &self.env.safekeeper_bin(),
250 0 : &args,
251 0 : env_variables,
252 0 : background_process::InitialPidFile::Expect(self.pid_file()),
253 0 : retry_timeout,
254 0 : || async {
255 0 : match self.check_status().await {
256 0 : Ok(()) => Ok(true),
257 0 : Err(SafekeeperHttpError::Transport(_)) => Ok(false),
258 0 : Err(e) => Err(anyhow::anyhow!("Failed to check node status: {e}")),
259 : }
260 0 : },
261 0 : )
262 0 : .await
263 0 : }
264 :
265 : ///
266 : /// Stop the server.
267 : ///
268 : /// If 'immediate' is true, we use SIGQUIT, killing the process immediately.
269 : /// Otherwise we use SIGTERM, triggering a clean shutdown
270 : ///
271 : /// If the server is not running, returns success
272 : ///
273 0 : pub fn stop(&self, immediate: bool) -> anyhow::Result<()> {
274 0 : background_process::stop_process(
275 0 : immediate,
276 0 : &format!("safekeeper {}", self.id),
277 0 : &self.pid_file(),
278 0 : )
279 0 : }
280 :
281 0 : fn http_request<U: IntoUrl>(&self, method: Method, url: U) -> reqwest::RequestBuilder {
282 0 : // TODO: authentication
283 0 : //if self.env.auth_type == AuthType::NeonJWT {
284 0 : // builder = builder.bearer_auth(&self.env.safekeeper_auth_token)
285 0 : //}
286 0 : self.http_client.request(method, url)
287 0 : }
288 :
289 0 : pub async fn check_status(&self) -> Result<()> {
290 0 : self.http_request(Method::GET, format!("{}/{}", self.http_base_url, "status"))
291 0 : .send()
292 0 : .await?
293 0 : .error_from_body()
294 0 : .await?;
295 0 : Ok(())
296 0 : }
297 : }
|
