Skip to content

Commit

Permalink
Merge pull request #281 from SeanHai/auth
Browse files Browse the repository at this point in the history
support enable etcd auth
  • Loading branch information
SeanHai authored Aug 31, 2023
2 parents dbe508e + dc048d1 commit 956c953
Show file tree
Hide file tree
Showing 7 changed files with 193 additions and 3 deletions.
12 changes: 9 additions & 3 deletions cli/command/deploy.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ const (
CREATE_CONTAINER = playbook.CREATE_CONTAINER
SYNC_CONFIG = playbook.SYNC_CONFIG
START_ETCD = playbook.START_ETCD
ENABLE_ETCD_AUTH = playbook.ENABLE_ETCD_AUTH
START_MDS = playbook.START_MDS
CREATE_PHYSICAL_POOL = playbook.CREATE_PHYSICAL_POOL
START_CHUNKSERVER = playbook.START_CHUNKSERVER
Expand All @@ -65,6 +66,7 @@ var (
CREATE_CONTAINER,
SYNC_CONFIG,
START_ETCD,
ENABLE_ETCD_AUTH,
START_MDS,
CREATE_PHYSICAL_POOL,
START_CHUNKSERVER,
Expand All @@ -79,13 +81,15 @@ var (
CREATE_CONTAINER,
SYNC_CONFIG,
START_ETCD,
ENABLE_ETCD_AUTH,
START_MDS,
CREATE_LOGICAL_POOL,
START_METASERVER,
}

DEPLOY_FILTER_ROLE = map[int]string{
START_ETCD: ROLE_ETCD,
ENABLE_ETCD_AUTH: ROLE_ETCD,
START_MDS: ROLE_MDS,
START_CHUNKSERVER: ROLE_CHUNKSERVER,
START_SNAPSHOTCLONE: ROLE_SNAPSHOTCLONE,
Expand All @@ -99,6 +103,7 @@ var (
CREATE_PHYSICAL_POOL: 1,
CREATE_LOGICAL_POOL: 1,
BALANCE_LEADER: 1,
ENABLE_ETCD_AUTH: 1,
}

CAN_SKIP_ROLES = []string{
Expand Down Expand Up @@ -160,11 +165,12 @@ func skipServiceRole(deployConfigs []*topology.DeployConfig, options deployOptio
return dcs
}

func skipDeploySteps(deploySteps []int, options deployOptions) []int {
func skipDeploySteps(dcs []*topology.DeployConfig, deploySteps []int, options deployOptions) []int {
steps := []int{}
skipped := utils.Slice2Map(options.skip)
for _, step := range deploySteps {
if step == START_SNAPSHOTCLONE && skipped[ROLE_SNAPSHOTCLONE] {
if (step == START_SNAPSHOTCLONE && skipped[ROLE_SNAPSHOTCLONE]) ||
(step == ENABLE_ETCD_AUTH && len(dcs) > 0 && !dcs[0].GetEtcdAuthEnable()) {
continue
}
steps = append(steps, step)
Expand Down Expand Up @@ -211,7 +217,7 @@ func genDeployPlaybook(curveadm *cli.CurveAdm,
if kind == topology.KIND_CURVEBS {
steps = CURVEBS_DEPLOY_STEPS
}
steps = skipDeploySteps(steps, options)
steps = skipDeploySteps(dcs, steps, options)
poolset := options.poolset
diskType := options.poolsetDiskType

Expand Down
3 changes: 3 additions & 0 deletions internal/configure/topology/dc_get.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,9 @@ func (dc *DeployConfig) GetS3Address() string { return dc.getString(CONFI
func (dc *DeployConfig) GetS3BucketName() string { return dc.getString(CONFIG_S3_BUCKET_NAME) }
func (dc *DeployConfig) GetEnableRDMA() bool { return dc.getBool(CONFIG_ENABLE_RDMA) }
func (dc *DeployConfig) GetEnableRenameAt2() bool { return dc.getBool(CONFIG_ENABLE_RENAMEAT2) }
func (dc *DeployConfig) GetEtcdAuthEnable() bool { return dc.getBool(CONFIG_ETCD_AUTH_ENABLE) }
func (dc *DeployConfig) GetEtcdAuthUsername() string { return dc.getString(CONFIG_ETCD_AUTH_USERNAME) }
func (dc *DeployConfig) GetEtcdAuthPassword() string { return dc.getString(CONFIG_ETCD_AUTH_PASSWORD) }
func (dc *DeployConfig) GetEnableChunkfilePool() bool {
return dc.getBool(CONFIG_ENABLE_CHUNKFILE_POOL)
}
Expand Down
21 changes: 21 additions & 0 deletions internal/configure/topology/dc_item.go
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,27 @@ var (
true,
nil,
)

CONFIG_ETCD_AUTH_ENABLE = itemset.insert(
"etcd.auth.enable",
REQUIRE_BOOL,
false,
false,
)

CONFIG_ETCD_AUTH_USERNAME = itemset.insert(
"etcd.auth.username",
REQUIRE_STRING,
false,
nil,
)

CONFIG_ETCD_AUTH_PASSWORD = itemset.insert(
"etcd.auth.password",
REQUIRE_STRING,
false,
nil,
)
)

func (i *item) Key() string {
Expand Down
1 change: 1 addition & 0 deletions internal/errno/errno.go
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,7 @@ var (
ERR_INVALID_DEVICE_USAGE = EC(410020, "invalid device usage")
ERR_ENCRYPT_FILE_FAILED = EC(410021, "encrypt file failed")
ERR_CLIENT_ID_NOT_FOUND = EC(410022, "client id not found")
ERR_ENABLE_ETCD_AUTH_FAILED = EC(410023, "enable etcd auth failed")

// 420: common (curvebs client)
ERR_VOLUME_ALREADY_MAPPED = EC(420000, "volume already mapped")
Expand Down
3 changes: 3 additions & 0 deletions internal/playbook/factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ const (
SYNC_CONFIG
START_SERVICE
START_ETCD
ENABLE_ETCD_AUTH
START_MDS
START_CHUNKSERVER
START_SNAPSHOTCLONE
Expand Down Expand Up @@ -223,6 +224,8 @@ func (p *Playbook) createTasks(step *PlaybookStep) (*tasks.Tasks, error) {
START_SNAPSHOTCLONE,
START_METASERVER:
t, err = comm.NewStartServiceTask(curveadm, config.GetDC(i))
case ENABLE_ETCD_AUTH:
t, err = comm.NewEnableEtcdAuthTask(curveadm, config.GetDC(i))
case STOP_SERVICE:
t, err = comm.NewStopServiceTask(curveadm, config.GetDC(i))
case RESTART_SERVICE:
Expand Down
50 changes: 50 additions & 0 deletions internal/task/scripts/enable_etcd_auth.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
* Copyright (c) 2023 NetEase Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/*
* Project: Curveadm
* Created Date: 2023-08-02
* Author: wanghai (SeanHai)
*/

package scripts

var ENABLE_ETCD_AUTH = `
#!/usr/bin/env bash
if [ $# -ne 3 ]; then
echo "Usage: $0 endpoints username password"
exit 1
fi
endpoints=$1
username=$2
password=$3
root_user=root
# create root user
etcdctl --endpoints=${endpoints} user add ${root_user}:${password} && \
etcdctl --endpoints=${endpoints} user grant-role ${root_user} root || exit 1
# create user if not root
if [ "${username}" != "${root_user}" ]; then
etcdctl --endpoints=${endpoints} user add ${username}:${password} && \
etcdctl --endpoints=${endpoints} user grant-role ${username} root || exit 1
fi
# enable auth
etcdctl --endpoints=${endpoints} auth enable --user=${root_user}:${password} || exit 1
`
106 changes: 106 additions & 0 deletions internal/task/task/common/etcd_auth_enable.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
/*
* Copyright (c) 2023 NetEase Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/*
* Project: Curveadm
* Created Date: 2023-08-02
* Author: wanghai (SeanHai)
*/

package common

import (
"fmt"

"github.com/opencurve/curveadm/cli/cli"
"github.com/opencurve/curveadm/internal/configure/topology"
"github.com/opencurve/curveadm/internal/errno"
"github.com/opencurve/curveadm/internal/task/context"
"github.com/opencurve/curveadm/internal/task/scripts"
"github.com/opencurve/curveadm/internal/task/step"
"github.com/opencurve/curveadm/internal/task/task"
tui "github.com/opencurve/curveadm/internal/tui/common"
)

func checkEnableEtcdAuthStatus(success *bool, out *string) step.LambdaType {
return func(ctx *context.Context) error {
if !*success {
return errno.ERR_ENABLE_ETCD_AUTH_FAILED.S(*out)
}
return nil
}
}

func NewEnableEtcdAuthTask(curveadm *cli.CurveAdm, dc *topology.DeployConfig) (*task.Task, error) {
serviceId := curveadm.GetServiceId(dc.GetId())
containerId, err := curveadm.GetContainerId(serviceId)
if curveadm.IsSkip(dc) {
return nil, nil
} else if err != nil {
return nil, err
}
hc, err := curveadm.GetHost(dc.GetHost())
if err != nil {
return nil, err
}

var success bool
var out string
host, role := dc.GetHost(), dc.GetRole()
// new task
subname := fmt.Sprintf("host=%s role=%s containerId=%s",
dc.GetHost(), dc.GetRole(), tui.TrimContainerId(containerId))
t := task.NewTask("Enable Etcd Auth", subname, hc.GetSSHConfig())

script := scripts.ENABLE_ETCD_AUTH
layout := dc.GetProjectLayout()
scriptPath := fmt.Sprintf("%s/enable_auth.sh", layout.ServiceBinDir)

etcdEndPoints, err := dc.GetVariables().Get("cluster_etcd_addr")
if err != nil {
return nil, err
}

t.AddStep(&step.ListContainers{
ShowAll: true,
Format: `"{{.ID}}"`,
Filter: fmt.Sprintf("id=%s", containerId),
Out: &out,
ExecOptions: curveadm.ExecOptions(),
})
t.AddStep(&step.Lambda{
Lambda: CheckContainerExist(host, role, containerId, &out),
})
t.AddStep(&step.InstallFile{ // install /curvebs(fs)/etcd/sbin/enable_auth.sh
ContainerId: &containerId,
ContainerDestPath: scriptPath,
Content: &script,
ExecOptions: curveadm.ExecOptions(),
})
command := fmt.Sprintf("/bin/bash %s %s %s %s", scriptPath, etcdEndPoints, dc.GetEtcdAuthUsername(),
dc.GetEtcdAuthPassword())
t.AddStep(&step.ContainerExec{
ContainerId: &containerId,
Success: &success,
Out: &out,
Command: command,
ExecOptions: curveadm.ExecOptions(),
})
t.AddStep(&step.Lambda{
Lambda: checkEnableEtcdAuthStatus(&success, &out),
})
return t, nil
}

0 comments on commit 956c953

Please sign in to comment.