2024-09-09 14:34:00 +00:00
|
|
|
package network
|
2024-06-17 20:15:28 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"context"
|
|
|
|
"encoding/json"
|
2024-09-09 14:34:00 +00:00
|
|
|
"errors"
|
2024-06-17 20:15:28 +00:00
|
|
|
"fmt"
|
|
|
|
"isle/bootstrap"
|
2024-09-07 13:11:04 +00:00
|
|
|
"isle/daemon/daecommon"
|
2024-06-17 20:15:28 +00:00
|
|
|
"isle/garage"
|
|
|
|
"isle/nebula"
|
2024-09-09 14:34:00 +00:00
|
|
|
"isle/secrets"
|
2025-01-01 11:38:16 +00:00
|
|
|
"isle/toolkit"
|
2024-06-17 20:15:28 +00:00
|
|
|
"path/filepath"
|
2024-11-05 20:25:04 +00:00
|
|
|
"time"
|
2024-06-17 20:15:28 +00:00
|
|
|
|
2024-06-22 15:49:56 +00:00
|
|
|
"dev.mediocregopher.com/mediocre-go-lib.git/mctx"
|
2024-07-07 10:44:49 +00:00
|
|
|
"dev.mediocregopher.com/mediocre-go-lib.git/mlog"
|
2024-06-17 20:15:28 +00:00
|
|
|
"github.com/minio/minio-go/v7"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Paths within garage's global bucket.
|
|
|
|
const (
|
|
|
|
garageGlobalBucketBootstrapHostsDirPath = "bootstrap/hosts"
|
|
|
|
)
|
|
|
|
|
2024-10-24 20:14:13 +00:00
|
|
|
func getGarageClientParams(
|
|
|
|
ctx context.Context,
|
|
|
|
secretsStore secrets.Store,
|
|
|
|
currBootstrap bootstrap.Bootstrap,
|
2024-09-09 14:34:00 +00:00
|
|
|
) (
|
|
|
|
GarageClientParams, error,
|
|
|
|
) {
|
|
|
|
creds, err := daecommon.GetGarageS3APIGlobalBucketCredentials(
|
2024-10-24 20:14:13 +00:00
|
|
|
ctx, secretsStore,
|
2024-09-09 14:34:00 +00:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return GarageClientParams{}, fmt.Errorf("getting garage global bucket creds: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-10-24 20:14:13 +00:00
|
|
|
rpcSecret, err := daecommon.GetGarageRPCSecret(ctx, secretsStore)
|
2024-09-09 14:34:00 +00:00
|
|
|
if err != nil && !errors.Is(err, secrets.ErrNotFound) {
|
|
|
|
return GarageClientParams{}, fmt.Errorf("getting garage rpc secret: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return GarageClientParams{
|
2024-11-08 16:46:44 +00:00
|
|
|
Node: currBootstrap.ChooseGarageNode(),
|
2024-09-09 14:34:00 +00:00
|
|
|
GlobalBucketS3APICredentials: creds,
|
|
|
|
RPCSecret: rpcSecret,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func garageApplyLayout(
|
|
|
|
ctx context.Context,
|
|
|
|
logger *mlog.Logger,
|
2024-09-10 20:51:33 +00:00
|
|
|
networkConfig daecommon.NetworkConfig,
|
2025-01-04 14:50:17 +00:00
|
|
|
adminClient *garage.AdminClient,
|
2024-10-31 12:04:19 +00:00
|
|
|
prevHost, currHost bootstrap.Host,
|
2024-09-09 14:34:00 +00:00
|
|
|
) error {
|
|
|
|
var (
|
2024-10-31 12:04:19 +00:00
|
|
|
hostName = currHost.Name
|
2024-09-10 20:51:33 +00:00
|
|
|
allocs = networkConfig.Storage.Allocations
|
2024-11-08 16:46:44 +00:00
|
|
|
roles = make([]garage.Role, len(allocs))
|
|
|
|
roleIDs = map[string]struct{}{}
|
2024-10-31 12:04:19 +00:00
|
|
|
|
|
|
|
idsToRemove = make([]string, 0, len(prevHost.Garage.Instances))
|
2024-09-09 14:34:00 +00:00
|
|
|
)
|
|
|
|
|
2024-10-07 19:12:47 +00:00
|
|
|
defer adminClient.Close()
|
|
|
|
|
2024-09-09 14:34:00 +00:00
|
|
|
for i, alloc := range allocs {
|
2024-10-31 12:04:19 +00:00
|
|
|
id := daecommon.BootstrapGarageHostForAlloc(currHost, alloc).ID
|
2024-11-08 16:46:44 +00:00
|
|
|
roleIDs[id] = struct{}{}
|
2024-09-09 14:34:00 +00:00
|
|
|
|
2024-11-08 16:46:44 +00:00
|
|
|
roles[i] = garage.Role{
|
2024-09-09 14:34:00 +00:00
|
|
|
ID: id,
|
|
|
|
Capacity: alloc.Capacity * 1_000_000_000,
|
2024-11-12 17:18:47 +00:00
|
|
|
Zone: string(hostName),
|
2024-09-09 14:34:00 +00:00
|
|
|
Tags: []string{},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-10-31 12:04:19 +00:00
|
|
|
for _, prevInst := range prevHost.Garage.Instances {
|
2024-11-08 16:46:44 +00:00
|
|
|
if _, ok := roleIDs[prevInst.ID]; !ok {
|
2024-10-31 12:04:19 +00:00
|
|
|
idsToRemove = append(idsToRemove, prevInst.ID)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-11-08 16:46:44 +00:00
|
|
|
return adminClient.ApplyLayout(ctx, roles, idsToRemove)
|
2024-09-09 14:34:00 +00:00
|
|
|
}
|
|
|
|
|
2024-07-07 18:01:10 +00:00
|
|
|
func garageInitializeGlobalBucket(
|
|
|
|
ctx context.Context,
|
|
|
|
logger *mlog.Logger,
|
2024-09-10 20:51:33 +00:00
|
|
|
networkConfig daecommon.NetworkConfig,
|
2025-01-04 14:50:17 +00:00
|
|
|
adminClient *garage.AdminClient,
|
2024-10-31 12:04:19 +00:00
|
|
|
host bootstrap.Host,
|
2024-07-07 18:01:10 +00:00
|
|
|
) (
|
|
|
|
garage.S3APICredentials, error,
|
|
|
|
) {
|
|
|
|
creds, err := adminClient.CreateS3APICredentials(
|
|
|
|
ctx, garage.GlobalBucketS3APICredentialsName,
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return creds, fmt.Errorf("creating global bucket credentials: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
bucketID, err := adminClient.CreateBucket(ctx, garage.GlobalBucket)
|
|
|
|
if err != nil {
|
|
|
|
return creds, fmt.Errorf("creating global bucket: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := adminClient.GrantBucketPermissions(
|
|
|
|
ctx,
|
|
|
|
bucketID,
|
|
|
|
creds.ID,
|
|
|
|
garage.BucketPermissionRead,
|
|
|
|
garage.BucketPermissionWrite,
|
|
|
|
); err != nil {
|
|
|
|
return creds, fmt.Errorf(
|
|
|
|
"granting permissions to shared global bucket key: %w", err,
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
return creds, nil
|
|
|
|
}
|
|
|
|
|
2024-10-24 20:14:13 +00:00
|
|
|
func getGarageBootstrapHosts(
|
|
|
|
ctx context.Context,
|
|
|
|
logger *mlog.Logger,
|
|
|
|
secretsStore secrets.Store,
|
|
|
|
currBootstrap bootstrap.Bootstrap,
|
2024-06-17 20:15:28 +00:00
|
|
|
) (
|
2024-07-12 13:30:21 +00:00
|
|
|
map[nebula.HostName]bootstrap.Host, error,
|
2024-06-17 20:15:28 +00:00
|
|
|
) {
|
2024-10-24 20:14:13 +00:00
|
|
|
garageClientParams, err := getGarageClientParams(
|
|
|
|
ctx, secretsStore, currBootstrap,
|
|
|
|
)
|
2024-07-13 12:34:06 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("getting garage client params: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-06-17 20:15:28 +00:00
|
|
|
var (
|
2024-07-13 12:34:06 +00:00
|
|
|
client = garageClientParams.GlobalBucketS3APIClient()
|
2024-07-12 13:30:21 +00:00
|
|
|
hosts = map[nebula.HostName]bootstrap.Host{}
|
2024-06-17 20:15:28 +00:00
|
|
|
|
|
|
|
objInfoCh = client.ListObjects(
|
|
|
|
ctx, garage.GlobalBucket,
|
|
|
|
minio.ListObjectsOptions{
|
|
|
|
Prefix: garageGlobalBucketBootstrapHostsDirPath,
|
|
|
|
Recursive: true,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
2024-10-07 19:12:47 +00:00
|
|
|
defer client.Close()
|
|
|
|
|
2024-06-17 20:15:28 +00:00
|
|
|
for objInfo := range objInfoCh {
|
|
|
|
|
|
|
|
ctx := mctx.Annotate(ctx, "objectKey", objInfo.Key)
|
|
|
|
|
|
|
|
if objInfo.Err != nil {
|
|
|
|
return nil, fmt.Errorf("listing objects: %w", objInfo.Err)
|
|
|
|
}
|
|
|
|
|
|
|
|
obj, err := client.GetObject(
|
|
|
|
ctx, garage.GlobalBucket, objInfo.Key, minio.GetObjectOptions{},
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("retrieving object %q: %w", objInfo.Key, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var authedHost bootstrap.AuthenticatedHost
|
|
|
|
|
|
|
|
err = json.NewDecoder(obj).Decode(&authedHost)
|
|
|
|
obj.Close()
|
|
|
|
|
|
|
|
if err != nil {
|
2024-10-24 20:14:13 +00:00
|
|
|
logger.Warn(ctx, "Object contains invalid json", err)
|
2024-06-17 20:15:28 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2024-07-13 12:34:06 +00:00
|
|
|
host, err := authedHost.Unwrap(currBootstrap.CAPublicCredentials)
|
2024-06-17 20:15:28 +00:00
|
|
|
if err != nil {
|
2024-10-24 20:14:13 +00:00
|
|
|
logger.Warn(ctx, "Host could not be authenticated", err)
|
2025-01-02 13:08:24 +00:00
|
|
|
continue
|
2024-06-17 20:15:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
hosts[host.Name] = host
|
|
|
|
}
|
|
|
|
|
|
|
|
return hosts, nil
|
|
|
|
}
|
2024-07-12 15:05:39 +00:00
|
|
|
|
2024-09-09 14:34:00 +00:00
|
|
|
// putGarageBoostrapHost places the <hostname>.json.signed file for this host
|
|
|
|
// into garage so that other hosts are able to see relevant configuration for
|
|
|
|
// it.
|
2024-10-24 20:14:13 +00:00
|
|
|
func putGarageBoostrapHost(
|
|
|
|
ctx context.Context,
|
|
|
|
secretsStore secrets.Store,
|
|
|
|
currBootstrap bootstrap.Bootstrap,
|
2024-09-09 14:34:00 +00:00
|
|
|
) error {
|
2024-10-24 20:14:13 +00:00
|
|
|
garageClientParams, err := getGarageClientParams(
|
|
|
|
ctx, secretsStore, currBootstrap,
|
|
|
|
)
|
2024-09-09 14:34:00 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("getting garage client params: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
host = currBootstrap.ThisHost()
|
|
|
|
client = garageClientParams.GlobalBucketS3APIClient()
|
|
|
|
)
|
|
|
|
|
2024-10-07 19:12:47 +00:00
|
|
|
defer client.Close()
|
|
|
|
|
2024-09-09 14:34:00 +00:00
|
|
|
configured, err := nebula.Sign(
|
|
|
|
host.HostConfigured, currBootstrap.PrivateCredentials.SigningPrivateKey,
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("signing host configured data: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
hostB, err := json.Marshal(bootstrap.AuthenticatedHost{
|
|
|
|
Assigned: currBootstrap.SignedHostAssigned,
|
|
|
|
Configured: configured,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("encoding host data: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
filePath := filepath.Join(
|
|
|
|
garageGlobalBucketBootstrapHostsDirPath,
|
|
|
|
string(host.Name)+".json.signed",
|
|
|
|
)
|
|
|
|
|
|
|
|
_, err = client.PutObject(
|
|
|
|
ctx,
|
|
|
|
garage.GlobalBucket,
|
|
|
|
filePath,
|
|
|
|
bytes.NewReader(hostB),
|
|
|
|
int64(len(hostB)),
|
|
|
|
minio.PutObjectOptions{},
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("writing to %q in global bucket: %w", filePath, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2024-07-12 15:05:39 +00:00
|
|
|
func removeGarageBootstrapHost(
|
2024-10-07 19:12:47 +00:00
|
|
|
ctx context.Context, client *garage.S3APIClient, hostName nebula.HostName,
|
2024-07-12 15:05:39 +00:00
|
|
|
) error {
|
|
|
|
|
|
|
|
filePath := filepath.Join(
|
|
|
|
garageGlobalBucketBootstrapHostsDirPath,
|
|
|
|
string(hostName)+".json.signed",
|
|
|
|
)
|
|
|
|
|
|
|
|
return client.RemoveObject(
|
|
|
|
ctx, garage.GlobalBucket, filePath, minio.RemoveObjectOptions{},
|
|
|
|
)
|
|
|
|
}
|
2024-11-05 20:25:04 +00:00
|
|
|
|
|
|
|
// We can wait for the garage instance to appear healthy, but there are cases
|
|
|
|
// where they still haven't fully synced the list of buckets and bucket
|
|
|
|
// credentials. For those cases it's necessary to do this as an additional
|
|
|
|
// check.
|
|
|
|
func garageWaitForAlloc(
|
|
|
|
ctx context.Context,
|
|
|
|
logger *mlog.Logger,
|
2025-01-04 14:50:17 +00:00
|
|
|
adminClient *garage.AdminClient,
|
2024-11-05 20:25:04 +00:00
|
|
|
) error {
|
2025-01-01 11:38:16 +00:00
|
|
|
logger.Info(ctx, "Checking if garage instance has synced bucket list")
|
|
|
|
if err := toolkit.UntilTrue(
|
|
|
|
ctx,
|
|
|
|
logger,
|
|
|
|
2*time.Second,
|
|
|
|
func() (bool, error) {
|
|
|
|
buckets, err := adminClient.ListBuckets(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return false, fmt.Errorf("listing buckets: %w", err)
|
|
|
|
} else if len(buckets) == 0 {
|
|
|
|
logger.Info(ctx, "Bucket list not yet synced")
|
|
|
|
return false, nil
|
2024-11-05 20:25:04 +00:00
|
|
|
}
|
|
|
|
|
2025-01-01 11:38:16 +00:00
|
|
|
return true, nil
|
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
return fmt.Errorf("waiting for bucket list to sync: %w", err)
|
2024-11-05 20:25:04 +00:00
|
|
|
}
|
2025-01-01 11:38:16 +00:00
|
|
|
|
|
|
|
logger.Info(ctx, "Checking if garage instance has synced credentials")
|
|
|
|
if err := toolkit.UntilTrue(
|
|
|
|
ctx,
|
|
|
|
logger,
|
|
|
|
2*time.Second,
|
|
|
|
func() (bool, error) {
|
|
|
|
credentials, err := adminClient.ListS3APICredentials(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return false, fmt.Errorf("listing credentials: %w", err)
|
|
|
|
} else if len(credentials) == 0 {
|
|
|
|
logger.Info(ctx, "Credentials not yet synced")
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return true, nil
|
|
|
|
},
|
|
|
|
); err != nil {
|
|
|
|
return fmt.Errorf("waiting for credentials list to sync: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
2024-11-05 20:25:04 +00:00
|
|
|
}
|