Line data Source code
1 : //! Code to manage safekeepers
2 : //!
3 : //! In the local test environment, the data for each safekeeper is stored in
4 : //!
5 : //! ```text
6 : //! .neon/safekeepers/<safekeeper id>
7 : //! ```
8 : use std::error::Error as _;
9 : use std::future::Future;
10 : use std::io::Write;
11 : use std::path::PathBuf;
12 : use std::time::Duration;
13 : use std::{io, result};
14 :
15 : use anyhow::Context;
16 : use camino::Utf8PathBuf;
17 : use http_utils::error::HttpErrorBody;
18 : use postgres_connection::PgConnectionConfig;
19 : use reqwest::{IntoUrl, Method};
20 : use thiserror::Error;
21 : use utils::auth::{Claims, Scope};
22 : use utils::id::NodeId;
23 :
24 : use crate::background_process;
25 : use crate::local_env::{LocalEnv, SafekeeperConf};
26 :
27 : #[derive(Error, Debug)]
28 : pub enum SafekeeperHttpError {
29 0 : #[error("request error: {0}{}", .0.source().map(|e| format!(": {e}")).unwrap_or_default())]
30 : Transport(#[from] reqwest::Error),
31 :
32 : #[error("Error: {0}")]
33 : Response(String),
34 : }
35 :
36 : type Result<T> = result::Result<T, SafekeeperHttpError>;
37 :
38 : pub(crate) trait ResponseErrorMessageExt: Sized {
39 : fn error_from_body(self) -> impl Future<Output = Result<Self>> + Send;
40 : }
41 :
42 : impl ResponseErrorMessageExt for reqwest::Response {
43 0 : async fn error_from_body(self) -> Result<Self> {
44 0 : let status = self.status();
45 0 : if !(status.is_client_error() || status.is_server_error()) {
46 0 : return Ok(self);
47 0 : }
48 0 :
49 0 : // reqwest does not export its error construction utility functions, so let's craft the message ourselves
50 0 : let url = self.url().to_owned();
51 0 : Err(SafekeeperHttpError::Response(
52 0 : match self.json::<HttpErrorBody>().await {
53 0 : Ok(err_body) => format!("Error: {}", err_body.msg),
54 0 : Err(_) => format!("Http error ({}) at {}.", status.as_u16(), url),
55 : },
56 : ))
57 0 : }
58 : }
59 :
60 : //
61 : // Control routines for safekeeper.
62 : //
63 : // Used in CLI and tests.
64 : //
65 : #[derive(Debug)]
66 : pub struct SafekeeperNode {
67 : pub id: NodeId,
68 :
69 : pub conf: SafekeeperConf,
70 :
71 : pub pg_connection_config: PgConnectionConfig,
72 : pub env: LocalEnv,
73 : pub http_client: reqwest::Client,
74 : pub listen_addr: String,
75 : pub http_base_url: String,
76 : }
77 :
78 : impl SafekeeperNode {
79 0 : pub fn from_env(env: &LocalEnv, conf: &SafekeeperConf) -> SafekeeperNode {
80 0 : let listen_addr = if let Some(ref listen_addr) = conf.listen_addr {
81 0 : listen_addr.clone()
82 : } else {
83 0 : "127.0.0.1".to_string()
84 : };
85 0 : SafekeeperNode {
86 0 : id: conf.id,
87 0 : conf: conf.clone(),
88 0 : pg_connection_config: Self::safekeeper_connection_config(&listen_addr, conf.pg_port),
89 0 : env: env.clone(),
90 0 : http_client: reqwest::Client::new(),
91 0 : http_base_url: format!("http://{}:{}/v1", listen_addr, conf.http_port),
92 0 : listen_addr,
93 0 : }
94 0 : }
95 :
96 : /// Construct libpq connection string for connecting to this safekeeper.
97 0 : fn safekeeper_connection_config(addr: &str, port: u16) -> PgConnectionConfig {
98 0 : PgConnectionConfig::new_host_port(url::Host::parse(addr).unwrap(), port)
99 0 : }
100 :
101 0 : pub fn datadir_path_by_id(env: &LocalEnv, sk_id: NodeId) -> PathBuf {
102 0 : env.safekeeper_data_dir(&format!("sk{sk_id}"))
103 0 : }
104 :
105 0 : pub fn datadir_path(&self) -> PathBuf {
106 0 : SafekeeperNode::datadir_path_by_id(&self.env, self.id)
107 0 : }
108 :
109 0 : pub fn pid_file(&self) -> Utf8PathBuf {
110 0 : Utf8PathBuf::from_path_buf(self.datadir_path().join("safekeeper.pid"))
111 0 : .expect("non-Unicode path")
112 0 : }
113 :
114 : /// Initializes a safekeeper node by creating all necessary files,
115 : /// e.g. SSL certificates.
116 0 : pub fn initialize(&self) -> anyhow::Result<()> {
117 0 : if self.env.generate_local_ssl_certs {
118 0 : self.env.generate_ssl_cert(
119 0 : &self.datadir_path().join("server.crt"),
120 0 : &self.datadir_path().join("server.key"),
121 0 : )?;
122 0 : }
123 0 : Ok(())
124 0 : }
125 :
126 0 : pub async fn start(
127 0 : &self,
128 0 : extra_opts: &[String],
129 0 : retry_timeout: &Duration,
130 0 : ) -> anyhow::Result<()> {
131 0 : print!(
132 0 : "Starting safekeeper at '{}' in '{}', retrying for {:?}",
133 0 : self.pg_connection_config.raw_address(),
134 0 : self.datadir_path().display(),
135 0 : retry_timeout,
136 0 : );
137 0 : io::stdout().flush().unwrap();
138 0 :
139 0 : let listen_pg = format!("{}:{}", self.listen_addr, self.conf.pg_port);
140 0 : let listen_http = format!("{}:{}", self.listen_addr, self.conf.http_port);
141 0 : let id = self.id;
142 0 : let datadir = self.datadir_path();
143 0 :
144 0 : let id_string = id.to_string();
145 0 : // TODO: add availability_zone to the config.
146 0 : // Right now we just specify any value here and use it to check metrics in tests.
147 0 : let availability_zone = format!("sk-{}", id_string);
148 :
149 0 : let mut args = vec![
150 0 : "-D".to_owned(),
151 0 : datadir
152 0 : .to_str()
153 0 : .with_context(|| {
154 0 : format!("Datadir path {datadir:?} cannot be represented as a unicode string")
155 0 : })?
156 0 : .to_owned(),
157 0 : "--id".to_owned(),
158 0 : id_string,
159 0 : "--listen-pg".to_owned(),
160 0 : listen_pg,
161 0 : "--listen-http".to_owned(),
162 0 : listen_http,
163 0 : "--availability-zone".to_owned(),
164 0 : availability_zone,
165 : ];
166 0 : if let Some(pg_tenant_only_port) = self.conf.pg_tenant_only_port {
167 0 : let listen_pg_tenant_only = format!("{}:{}", self.listen_addr, pg_tenant_only_port);
168 0 : args.extend(["--listen-pg-tenant-only".to_owned(), listen_pg_tenant_only]);
169 0 : }
170 0 : if !self.conf.sync {
171 0 : args.push("--no-sync".to_owned());
172 0 : }
173 :
174 0 : let broker_endpoint = format!("{}", self.env.broker.client_url());
175 0 : args.extend(["--broker-endpoint".to_owned(), broker_endpoint]);
176 0 :
177 0 : let mut backup_threads = String::new();
178 0 : if let Some(threads) = self.conf.backup_threads {
179 0 : backup_threads = threads.to_string();
180 0 : args.extend(["--backup-threads".to_owned(), backup_threads]);
181 0 : } else {
182 0 : drop(backup_threads);
183 0 : }
184 :
185 0 : if let Some(ref remote_storage) = self.conf.remote_storage {
186 0 : args.extend(["--remote-storage".to_owned(), remote_storage.clone()]);
187 0 : }
188 :
189 0 : let key_path = self.env.base_data_dir.join("auth_public_key.pem");
190 0 : if self.conf.auth_enabled {
191 0 : let key_path_string = key_path
192 0 : .to_str()
193 0 : .with_context(|| {
194 0 : format!("Key path {key_path:?} cannot be represented as a unicode string")
195 0 : })?
196 0 : .to_owned();
197 0 : args.extend([
198 0 : "--pg-auth-public-key-path".to_owned(),
199 0 : key_path_string.clone(),
200 0 : ]);
201 0 : args.extend([
202 0 : "--pg-tenant-only-auth-public-key-path".to_owned(),
203 0 : key_path_string.clone(),
204 0 : ]);
205 0 : args.extend([
206 0 : "--http-auth-public-key-path".to_owned(),
207 0 : key_path_string.clone(),
208 0 : ]);
209 0 : }
210 :
211 0 : if let Some(https_port) = self.conf.https_port {
212 0 : args.extend([
213 0 : "--listen-https".to_owned(),
214 0 : format!("{}:{}", self.listen_addr, https_port),
215 0 : ]);
216 0 : }
217 0 : if let Some(ssl_ca_file) = self.env.ssl_ca_cert_path() {
218 0 : args.push(format!("--ssl-ca-file={}", ssl_ca_file.to_str().unwrap()));
219 0 : }
220 :
221 0 : args.extend_from_slice(extra_opts);
222 0 :
223 0 : background_process::start_process(
224 0 : &format!("safekeeper-{id}"),
225 0 : &datadir,
226 0 : &self.env.safekeeper_bin(),
227 0 : &args,
228 0 : self.safekeeper_env_variables()?,
229 0 : background_process::InitialPidFile::Expect(self.pid_file()),
230 0 : retry_timeout,
231 0 : || async {
232 0 : match self.check_status().await {
233 0 : Ok(()) => Ok(true),
234 0 : Err(SafekeeperHttpError::Transport(_)) => Ok(false),
235 0 : Err(e) => Err(anyhow::anyhow!("Failed to check node status: {e}")),
236 : }
237 0 : },
238 0 : )
239 0 : .await
240 0 : }
241 :
242 0 : fn safekeeper_env_variables(&self) -> anyhow::Result<Vec<(String, String)>> {
243 0 : // Generate a token to connect from safekeeper to peers
244 0 : if self.conf.auth_enabled {
245 0 : let token = self
246 0 : .env
247 0 : .generate_auth_token(&Claims::new(None, Scope::SafekeeperData))?;
248 0 : Ok(vec![("SAFEKEEPER_AUTH_TOKEN".to_owned(), token)])
249 : } else {
250 0 : Ok(Vec::new())
251 : }
252 0 : }
253 :
254 : ///
255 : /// Stop the server.
256 : ///
257 : /// If 'immediate' is true, we use SIGQUIT, killing the process immediately.
258 : /// Otherwise we use SIGTERM, triggering a clean shutdown
259 : ///
260 : /// If the server is not running, returns success
261 : ///
262 0 : pub fn stop(&self, immediate: bool) -> anyhow::Result<()> {
263 0 : background_process::stop_process(
264 0 : immediate,
265 0 : &format!("safekeeper {}", self.id),
266 0 : &self.pid_file(),
267 0 : )
268 0 : }
269 :
270 0 : fn http_request<U: IntoUrl>(&self, method: Method, url: U) -> reqwest::RequestBuilder {
271 0 : // TODO: authentication
272 0 : //if self.env.auth_type == AuthType::NeonJWT {
273 0 : // builder = builder.bearer_auth(&self.env.safekeeper_auth_token)
274 0 : //}
275 0 : self.http_client.request(method, url)
276 0 : }
277 :
278 0 : pub async fn check_status(&self) -> Result<()> {
279 0 : self.http_request(Method::GET, format!("{}/{}", self.http_base_url, "status"))
280 0 : .send()
281 0 : .await?
282 0 : .error_from_body()
283 0 : .await?;
284 0 : Ok(())
285 0 : }
286 : }
|
