Skip to content

Commit

Permalink
feat: support docker use the auth when starting (apache#2403)
Browse files Browse the repository at this point in the history
- allow user to set env for docker to set auth mode
- download keystore when package
- fix a curl error (also use curl first in `function` download)

---------

Co-authored-by: imbajin <[email protected]>
  • Loading branch information
aroundabout and imbajin authored Jan 15, 2024
1 parent 57cd0e8 commit de5904a
Show file tree
Hide file tree
Showing 14 changed files with 227 additions and 56 deletions.
1 change: 0 additions & 1 deletion .licenserc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,6 @@ header: # `header` section is configurations for source codes license header.
- '**/util/StringEncoding.java'
- 'hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/opencypher/CypherOpProcessor.java'
- 'hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/opencypher/CypherPlugin.java'
- 'hugegraph-server/hugegraph-dist/src/assembly/static/bin/wait-storage.sh'
comment: on-failure # on what condition license-eye will comment on the pull request, `on-failure`, `always`, `never`.

# license-location-threshold specifies the index threshold where the license header can be located,
Expand Down
1 change: 0 additions & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,5 @@ hugegraph-core/src/main/java/org/apache/hugegraph/traversal/optimize/HugeScriptT
hugegraph-core/src/main/java/org/apache/hugegraph/type/Nameable.java from https://github.com/JanusGraph/janusgraph
hugegraph-core/src/main/java/org/apache/hugegraph/type/define/Cardinality.java from https://github.com/JanusGraph/janusgraph
hugegraph-core/src/main/java/org/apache/hugegraph/util/StringEncoding.java from https://github.com/JanusGraph/janusgraph
hugegraph-dist/src/assembly/static/bin/wait-storage.sh from https://github.com/JanusGraph/janusgraph
hugegraph-api/src/main/java/org/apache/hugegraph/opencypher/CypherOpProcessor.java from https://github.com/opencypher/cypher-for-gremlin
hugegraph-api/src/main/java/org/apache/hugegraph/opencypher/CypherPlugin.java from https://github.com/opencypher/cypher-for-gremlin
26 changes: 14 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,24 @@ Billions of vertices and edges can be easily stored into and queried from HugeGr

## Quick Start

### 1. Download Way
### 1. Docker Way (Convenient for Test)

We can use `docker run -itd --name=graph -p 8080:8080 hugegraph/hugegraph` to quickly start an inner
HugeGraph server with `RocksDB` (in backgrounds) for **test/dev**.
You can visit [doc page](https://hugegraph.apache.org/docs/quickstart/hugegraph-server/#3-deploy) or the [README](hugegraph-server/hugegraph-dist/docker/READEME.md) for more details.

> Note:
>
> 1. The docker image of hugegraph is a convenience release, but not **official distribution** artifacts. You can find more details from [ASF Release Distribution Policy](https://infra.apache.org/release-distribution.html#dockerhub).
>
> 2. Recommand to use `release tag`(like `1.2.0`) for the stable version. Use `latest` tag to experience the newest functions in development.
### 2. Download Way

Visit [Download Page](https://hugegraph.apache.org/docs/download/download/) and refer the [doc](https://hugegraph.apache.org/docs/quickstart/hugegraph-server/#32-download-the-binary-tar-tarball)
to download the latest release package and start the server.

### 2. Source Building Way
### 3. Source Building Way

Visit [Source Building Page](https://hugegraph.apache.org/docs/quickstart/hugegraph-server/#33-source-code-compilation) and follow the
steps to build the source code and start the server.
Expand All @@ -49,17 +61,7 @@ And here are links of other **HugeGraph** component/repositories:
3. [hugegraph-commons](https://github.com/apache/incubator-hugegraph-commons) (**common & rpc** libs)
4. [hugegraph-website](https://github.com/apache/incubator-hugegraph-doc) (**doc & website** code)

### 3. Docker Way (Convenient for Test)

We can use `docker run -itd --name=graph -p 8080:8080 hugegraph/hugegraph` to quickly start an inner
HugeGraph server with `RocksDB` (in backgrounds) for **test/dev**.
You can visit [doc page](https://hugegraph.apache.org/docs/quickstart/hugegraph-server/#3-deploy) or the [README](hugegraph-server/hugegraph-dist/docker/READEME.md) for more details.

> Note:
>
> 1. The docker image of hugegraph is a convenience release, but not **official distribution** artifacts. You can find more details from [ASF Release Distribution Policy](https://infra.apache.org/release-distribution.html#dockerhub).
>
> 2. Recommand to use `release tag`(like `1.0.0`) for the stable version. Use `latest` tag to experience the newest functions in development.

## License

Expand Down
31 changes: 27 additions & 4 deletions hugegraph-server/hugegraph-dist/docker/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@
>
> 1. The docker image of hugegraph is a convenience release, not official distribution artifacts from ASF. You can find more details from [ASF Release Distribution Policy](https://infra.apache.org/release-distribution.html#dockerhub).
>
> 2. Recommand to use `release tag`(like `1.0.0`) for the stable version. Use `latest` tag to experience the newest functions in development.
> 2. Recommand to use `release tag`(like `1.2.0`) for the stable version. Use `latest` tag to experience the newest functions in development.
## 1. Deploy

We can use docker to quickly start an inner HugeGraph server with RocksDB in background.

1. Using docker run

Use `docker run -itd --name=graph -p 18080:8080 hugegraph/hugegraph` to start hugegraph server.
Use `docker run -itd --name=graph -p 8080:8080 hugegraph/hugegraph` to start hugegraph server.

2. Using docker compose

Expand All @@ -35,7 +35,7 @@ If you want to customize the pre-loaded data, please mount the the groovy script

1. Using docker run

Use `docker run -itd --name=graph -p 18080:8080 -e PRELOAD=true -v /path/to/yourScript:/hugegraph/scripts/example.groovy hugegraph/hugegraph`
Use `docker run -itd --name=graph -p 8080:8080 -e PRELOAD=true -v /path/to/yourScript:/hugegraph/scripts/example.groovy hugegraph/hugegraph`
to start hugegraph server.

2. Using docker compose
Expand All @@ -57,4 +57,27 @@ If you want to customize the pre-loaded data, please mount the the groovy script

3. Using start-hugegraph.sh

If you deploy HugeGraph server without docker, you can also pass arguments using `-p`, like this: `bin/start-hugegraph.sh -p true`.
If you deploy HugeGraph server without docker, you can also pass arguments using `-p`, like this: `bin/start-hugegraph.sh -p true`.

## 3. Enable Authentication

1. Using docker run

Use `docker run -itd --name=graph -p 8080:8080 -e AUTH=true -e PASSWORD=123456 hugegraph/hugegraph` to enable the authentication and set the password with `-e AUTH=true -e PASSWORD=123456`.

2. Using docker compose

Similarly, we can set the envionment variables in the docker-compose.yaml:

```yaml
version: '3'
services:
server:
image: hugegraph/hugegraph
container_name: graph
ports:
- 8080:8080
environment:
- AUTH=true
- PASSWORD=123456
```
17 changes: 15 additions & 2 deletions hugegraph-server/hugegraph-dist/docker/docker-entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,24 @@
# under the License.
#


# wait for storage like cassandra
./bin/wait-storage.sh

./bin/init-store.sh
# set auth if needed
if [[ $AUTH == "true" ]]; then
# set password if use do not provide
if [ -z "$PASSWORD" ]; then
echo "you have not set the password, we will use the default password"
PASSWORD="hugegraph"
fi
echo "init hugegraph with auth"
./bin/enable-auth.sh
echo "$PASSWORD" | ./bin/init-store.sh
else
./bin/init-store.sh
fi

# start hugegraph
./bin/start-hugegraph.sh -j "$JAVA_OPTS" -g zgc

tail -f /dev/null
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ services:
image: hugegraph/hugegraph
container_name: cas-graph
ports:
- 18080:8080
- 8080:8080
environment:
hugegraph.backend: cassandra
hugegraph.serializer: cassandra
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,20 @@
# under the License.
#

curl --version >/dev/null 2>&1 ||
{
echo 'ERROR: Please install `curl` first if you need `hugegraph-server.keystore`'
exit
}

./bin/wait-storage.sh
# TODO: perhaps it's necessary verify the checksum before reusing the existing keystore
if [[ ! -f hugegraph-server.keystore ]]; then
curl -s -S -L -o hugegraph-server.keystore \
https://github.com/apache/hugegraph-doc/raw/binary-1.0/dist/server/hugegraph-server.keystore ||
{
echo 'ERROR: Download `hugegraph-server.keystore` from GitHub failed, please check your network connection'
exit
}
fi

./bin/init-store.sh

./bin/start-hugegraph.sh -d false -j "$JAVA_OPTS" -g zgc
echo 'INFO: Successfully download `hugegraph-server.keystore`'
File renamed without changes.
41 changes: 40 additions & 1 deletion hugegraph-server/hugegraph-dist/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@
<exec executable="${shell-executable}"
dir="${project.basedir}"
failonerror="false">
<arg line="./dist.sh"/>
<arg line="./download_swagger_ui.sh"/>
</exec>
</target>
</configuration>
Expand Down Expand Up @@ -216,6 +216,45 @@
</target>
</configuration>
</execution>
<execution>
<id>download-keystore</id>
<phase>prepare-package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<exec executable="${shell-executable}"
dir="${project.basedir}"
failonerror="false">
<arg line="./download_keystore.sh"/>
</exec>
</target>
</configuration>
</execution>
<execution>
<id>cp-keystore</id>
<phase>package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<exec executable="cp"
dir="${project.basedir}"
failonerror="false">
<arg value="hugegraph-server.keystore"/>
<arg value="../${final.name}/conf/hugegraph-server.keystore"/>
</exec>
<exec executable="rm"
dir="${project.basedir}"
failonerror="false">
<arg value="-rf"/>
<arg value="hugegraph-server.keystore"/>
</exec>
</target>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
Expand Down
1 change: 0 additions & 1 deletion hugegraph-server/hugegraph-dist/release-docs/LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,6 @@ The text of each license is the standard Apache 2.0 license.
hugegraph-core/src/main/java/org/apache/hugegraph/type/Nameable.java from https://github.com/JanusGraph/janusgraph
hugegraph-core/src/main/java/org/apache/hugegraph/type/define/Cardinality.java from https://github.com/JanusGraph/janusgraph
hugegraph-core/src/main/java/org/apache/hugegraph/util/StringEncoding.java from https://github.com/JanusGraph/janusgraph
hugegraph-dist/src/assembly/static/bin/wait-storage.sh from https://github.com/JanusGraph/janusgraph
hugegraph-core/src/main/java/org/apache/hugegraph/traversal/optimize/HugeScriptTraversal.java from https://github.com/apache/tinkerpop
hugegraph-test/src/main/java/org/apache/hugegraph/tinkerpop/ProcessBasicSuite.java from https://github.com/apache/tinkerpop
hugegraph-test/src/main/java/org/apache/hugegraph/tinkerpop/StructureBasicSuite.java from https://github.com/apache/tinkerpop
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with this
# work for additional information regarding copyright ownership. The ASF
# licenses this file to You under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

function abs_path() {
SOURCE="${BASH_SOURCE[0]}"
while [[ -h "$SOURCE" ]]; do
DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
SOURCE="$(readlink "$SOURCE")"
[[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE"
done
cd -P "$(dirname "$SOURCE")" && pwd
}

BIN=$(abs_path)
TOP="$(cd "${BIN}"/../ && pwd)"
CONF="$TOP/conf"

GREMLIN_SERVER_CONF="gremlin-server.yaml"
REST_SERVER_CONF="rest-server.properties"
GRAPH_CONF="hugegraph.properties"

# make a backup
BAK_CONF="$TOP/conf-bak"
mkdir -p "$BAK_CONF"
cp "${CONF}/${GREMLIN_SERVER_CONF}" "${BAK_CONF}/${GREMLIN_SERVER_CONF}.bak"
cp "${CONF}/${REST_SERVER_CONF}" "${BAK_CONF}/${REST_SERVER_CONF}.bak"
cp "${CONF}/graphs/${GRAPH_CONF}" "${BAK_CONF}/${GRAPH_CONF}.bak"


sed -i -e '$a\authentication: {' \
-e '$a\ authenticator: org.apache.hugegraph.auth.StandardAuthenticator,' \
-e '$a\ authenticationHandler: org.apache.hugegraph.auth.WsAndHttpBasicAuthHandler,' \
-e '$a\ config: {tokens: conf/rest-server.properties}' \
-e '$a\}' ${CONF}/${GREMLIN_SERVER_CONF}

sed -i -e '$a\auth.authenticator=org.apache.hugegraph.auth.StandardAuthenticator' \
-e '$a\auth.graph_store=hugegraph' ${CONF}/${REST_SERVER_CONF}

sed -i 's/gremlin.graph=org.apache.hugegraph.HugeFactory/gremlin.graph=org.apache.hugegraph.auth.HugeFactoryAuthProxy/g' ${CONF}/graphs/${GRAPH_CONF}
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ if [ -z "${HADOOP_GREMLIN_LIBS:-}" ]; then
fi

if [ -z "${JAVA_OPTIONS:-}" ]; then
JAVA_OPTIONS="-Dtinkerpop.ext=$EXT -Dlog4j.configurationFile=conf/log4j2.xml -Dgremlin.log4j.level=$GREMLIN_LOG_LEVEL -javaagent:$LIB/jamm-0.3.0.jar"
JAVA_OPTIONS="-Dtinkerpop.ext=$EXT -Dlog4j.configurationFile=conf/log4j2.xml -Dgremlin.log4j.level=$GREMLIN_LOG_LEVEL -javaagent:$LIB/jamm-0.3.2.jar"
fi

if [ "$PROFILING_ENABLED" = true ]; then
Expand Down
34 changes: 23 additions & 11 deletions hugegraph-server/hugegraph-dist/src/assembly/static/bin/util.sh
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@
#
function command_available() {
local cmd=$1
if [ "$(command -v "$cmd" >/dev/null 2>&1)" ]; then
return 1
else
if [[ -x "$(command -v "$cmd")" ]]; then
return 0
else
return 1
fi
}

Expand Down Expand Up @@ -131,6 +131,7 @@ function wait_for_startup() {
local stop_s=$((now_s + timeout_s))

local status
local error_file_name="startup_error.txt"

echo -n "Connecting to $server_name ($server_url)"
while [ "$now_s" -le $stop_s ]; do
Expand All @@ -141,16 +142,22 @@ function wait_for_startup() {
return 1
fi

status=$(curl -I -s -k -w "%{http_code}" -o /dev/null "$server_url")
status=$(curl -I -sS -k -w "%{http_code}" -o /dev/null "$server_url" 2> "$error_file_name")
if [[ $status -eq 200 || $status -eq 401 ]]; then
echo "OK"
echo "Started [pid $pid]"
if [ -e "$error_file_name" ]; then
rm "$error_file_name"
fi
return 0
fi
sleep 2
now_s=$(date '+%s')
done

echo ""
cat "$error_file_name"
rm "$error_file_name"
echo "The operation timed out(${timeout_s}s) when attempting to connect to $server_url" >&2
return 1
}
Expand Down Expand Up @@ -267,15 +274,20 @@ function get_ip() {

function download() {
local path=$1
local link_url=$2

if command_available "wget"; then
local download_url=$2
if command_available "curl"; then
if [ ! -d "$path" ]; then
mkdir -p "$path" || {
echo "Failed to create directory: $path"
exit 1
}
fi
curl -L "${download_url}" -o "${path}/$(basename "${download_url}")"
elif command_available "wget"; then
wget --help | grep -q '\--show-progress' && progress_opt="-q --show-progress" || progress_opt=""
wget "${link_url}" -P "${path}" $progress_opt
elif command_available "curl"; then
curl "${link_url}" -o "${path}"/"${link_url}"
wget "${download_url}" -P "${path}" $progress_opt
else
echo "Required wget or curl but they are unavailable"
echo "Required curl or wget but they are unavailable"
exit 1
fi
}
Expand Down
Loading

0 comments on commit de5904a

Please sign in to comment.