vault: cleanup and doc update

opencadc · Mar 26, 2024 · 419ef83 · 419ef83
1 parent 0c4c36e
commit 419ef83
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 70 deletions.
diff --git a/vault/README.md b/vault/README.md
@@ -41,7 +41,6 @@ org.opencadc.vault.nodes.password={password for vospace pool}
 org.opencadc.vault.nodes.url=jdbc:postgresql://{server}/{database}
 
 org.opencadc.vault.inventory.maxActive={max connections for inventory pool}
-# optional: config for separate inventory pool
 org.opencadc.vault.inventory.username={username for inventory pool}
 org.opencadc.vault.inventory.password={password for inventory pool}
 org.opencadc.vault.inventory.url=jdbc:postgresql://{server}/{database}
@@ -58,13 +57,12 @@ VOSI-availability output.
 
 The _inventory_ account owns and manages (create, alter, drop) inventory database objects and manages
 all the content (update and delete Artifact,  insert DeletedArtifactEvent). The database is specified 
-in the JDBC URL and the schema name is specified in the minoc.properties (below). Failure to connect or 
+in the JDBC URL and the schema name is specified in the vault.properties (below). Failure to connect or 
 initialize the database will show up in logs and in the VOSI-availability output. The _inventory_ content 
 may be in the same database as the _nodes_, in a different database in the same server, or in a different 
-server entirely. See `org.opencadc.vault.singlePool` below for the pros and cons. Note: it is a good
-idea to set `maxActive` to a valid integer (e.g. 1 because the tomcat connection pool doesn't like 0 and
-decides to make it 100 instead) when using a single pool; this avoids an ugly but meaningless stack trace 
-in the logs at startup.
+server entirely. See `org.opencadc.vault.singlePool` below for the pros and cons. The _inventory_ pool must
+be functional for initialization, availability checks (`maxActive` = 1 with `singlePool` is sufficient), and
+the connection information is re-used by an internal background thread that synchronizes data node sizes.
 
 The _uws_ account owns and manages (create, alter, drop) uws database objects in the `uws` schema and manages all
 the content (insert, update, delete). The database is specified in the JDBC URLFailure to connect or initialize the
@@ -128,28 +126,21 @@ DeletedArtifactEvent are done in a separate transaction and if that fails the Ar
 orphaned until the vault validation (see ???) runs and fixes such a discrepancy. However, _singlePool_ = `false` 
 allows the content to be stored in two separate databases or servers.
 
-The _root.owner_ owns the root node and has full read and write permission in the root container, so it can 
-create and delete container nodes at the root and assign container node properties that are normally read-only
-to normal users: owner, quota, etc. This must be set to the username of the admin.
+The _root.owner_ key configures the owner of the root node; the owner and has full read and write permission 
+in the root container, so it can create and delete container nodes at the root and assign container node properties 
+that are normally read-only to normal users: owner, quota, etc. This must be set to the username of the admin.
 
-The _storage.namespace_ configures `vault` to use the specified namespace in storage-inventory to store files. 
+The _storage.namespace_ key configures `vault` to use the specified namespace in storage-inventory to store files. 
 This only applies to new data nodes that are created and will not effect previously created nodes and artifacts.
 Probably don't want to change this... prevent change? TBD.
 
-### vault-availability.properties (optional)
+### cadc-log.properties (optional)
+See <a href="https://github.com/opencadc/core/tree/master/cadc-log">cadc-log</a> for common 
+dynamic logging control.
 
-The vault-availability.properties file specifies which users have the authority to change the availability state of 
-the vault service. Each entry consists of a key=value pair. The key is always "users". The value is the x500 canonical 
-user name.
-
-Example:
-```
-users = {user identity}
-```
-`users` specifies the user(s) who are authorized to make calls to the service. The value is a list of user
-identities (X500 distingushed name), one line per user. Optional: if the `vault-availability.properties` is 
-not found or does not list any `users`, the service will function in the default mode (ReadWrite) and the 
-state will not be changeable.
+### cadc-vosi.properties (optional)
+See <a href="https://github.com/opencadc/reg/tree/master/cadc-vosi">cadc-vosi</a> for common 
+service state control.
 
 ## building it
 ```

diff --git a/vault/src/main/java/org/opencadc/vault/ServiceAvailability.java b/vault/src/main/java/org/opencadc/vault/ServiceAvailability.java
@@ -201,15 +201,15 @@ private String getState() {
         }
         return ret;
     }
-
+    
     private void setOffline(boolean offline) {
-        String jndiArtifactSync = appName + "-" + DataNodeSizeSync.class.getName();
+        String jndiKey = appName + "-" + DataNodeSizeSync.class.getName();
         try {
             InitialContext initialContext = new InitialContext();
-            DataNodeSizeSync async = (DataNodeSizeSync) initialContext.lookup(jndiArtifactSync);
+            DataNodeSizeSync async = (DataNodeSizeSync) initialContext.lookup(jndiKey);
             async.setOffline(offline);
         } catch (NamingException e) {
-            log.debug(String.format("unable to unbind %s - %s", jndiArtifactSync, e.getMessage()));
+            log.debug(String.format("unable to find %s - %s", jndiKey, e.getMessage()));
         }
     }
 }
diff --git a/vault/src/main/java/org/opencadc/vault/VaultInitAction.java b/vault/src/main/java/org/opencadc/vault/VaultInitAction.java
@@ -69,6 +69,7 @@
 
 import ca.nrc.cadc.db.DBUtil;
 import ca.nrc.cadc.rest.InitAction;
+import ca.nrc.cadc.rest.RestAction;
 import ca.nrc.cadc.util.InvalidConfigException;
 import ca.nrc.cadc.util.MultiValuedProperties;
 import ca.nrc.cadc.util.PropertiesReader;
@@ -131,12 +132,11 @@ public class VaultInitAction extends InitAction {
     private Namespace storageNamespace;
     private Map<String, Object> vosDaoConfig;
     private Map<String, Object> invDaoConfig;
-    private List<String> allocationParents = new ArrayList<>();
 
-    private String jndiNodePersistence;
+    private String jndiNodePersistence; // store in JNDI for cadc-vos-server lib
     private String jndiPreauthKeys;  // store pubkey in JNDI for download via GetKeyAction
 
-    private String jndiSiteAvailabilities;
+    private String jndiSiteAvailabilities; // store in JNDI to share with ProtocolsGenerator
     private Thread availabilityCheck;
 
     private String jndiDataNodeSizeSync; // store in JNDI to support availability mode change
@@ -149,8 +149,9 @@ public VaultInitAction() {
     @Override
     public void doInit() {
         initConfig();
-        initDatabase();
-        initUWSDatabase();
+        initDatabaseVOS();
+        initDatabaseINV();
+        initDatabaseUWS();
         initNodePersistence();
         initKeyPair();
         initAvailabilityCheck();
@@ -324,7 +325,7 @@ private void initConfig() {
         }
     }
 
-    private void initDatabase() {
+    private void initDatabaseVOS() {
         try {
             String dsname = (String) vosDaoConfig.get("jndiDataSourceName");
             String schema = (String) vosDaoConfig.get("vosSchema");
@@ -336,7 +337,9 @@ private void initDatabase() {
         } catch (Exception ex) {
             throw new IllegalStateException("check/init vospace database failed", ex);
         }
-
+    }
+
+    private void initDatabaseINV() {
         try {
             String dsname = (String) invDaoConfig.get("jndiDataSourceName");
             String schema = (String) invDaoConfig.get("invSchema");
@@ -350,7 +353,7 @@ private void initDatabase() {
         }
     }
 
-    private void initUWSDatabase() {
+    private void initDatabaseUWS() {
         try {
             log.info("initDatabase: " + JNDI_UWS_DATASOURCE + " uws START");
             DataSource uws = DBUtil.findJNDIDataSource(JNDI_UWS_DATASOURCE);
@@ -466,9 +469,19 @@ private void initBackgroundWorkers() {
             Map<String,Object> iterprops = getIteratorConfig(props);
             log.warn("iterator pool: " + iterprops.get("jndiDataSourceName"));
             artifactDAO.setConfig(iterprops);
+
+            // determine startup mode
+            boolean offline = false; // normal
+            String key = appName + RestAction.STATE_MODE_KEY;
+            String ret = System.getProperty(key);
+            if (ret != null 
+                    && (RestAction.STATE_READ_ONLY.equals(ret) || RestAction.STATE_OFFLINE.equals(ret))) {
+                offline = true;
+            }
 
             terminateBackgroundWorkers();
             DataNodeSizeSync async = new DataNodeSizeSync(hsDAO, artifactDAO, storageNamespace);
+            async.setOffline(offline);
             this.dataNodeSizeSyncThread = new Thread(async);
             dataNodeSizeSyncThread.setDaemon(true);
             dataNodeSizeSyncThread.start();

diff --git a/vault/src/main/webapp/WEB-INF/web.xml b/vault/src/main/webapp/WEB-INF/web.xml
@@ -37,6 +37,40 @@
     <load-on-startup>1</load-on-startup>
   </servlet>
 
+  <!-- VOSI availability -->
+  <servlet>
+    <servlet-name>AvailabilityServlet</servlet-name>
+    <servlet-class>ca.nrc.cadc.vosi.AvailabilityServlet</servlet-class>
+    <init-param>
+      <param-name>ca.nrc.cadc.vosi.AvailabilityPlugin</param-name>
+      <param-value>org.opencadc.vault.ServiceAvailability</param-value>
+    </init-param>
+    <load-on-startup>2</load-on-startup>
+  </servlet>
+
+  <!-- VOSI capabilities -->
+  <servlet>
+    <servlet-name>CapabilitiesServlet</servlet-name>
+    <servlet-class>ca.nrc.cadc.rest.RestServlet</servlet-class>
+    <init-param>
+      <param-name>init</param-name>
+      <param-value>ca.nrc.cadc.vosi.CapInitAction</param-value>
+    </init-param>
+    <init-param>
+      <param-name>head</param-name>
+      <param-value>ca.nrc.cadc.vosi.CapHeadAction</param-value>
+    </init-param>
+    <init-param>
+      <param-name>get</param-name>
+      <param-value>ca.nrc.cadc.vosi.CapGetAction</param-value>
+    </init-param>
+    <init-param>
+      <param-name>input</param-name>
+      <param-value>/capabilities.xml</param-value>
+    </init-param>
+    <load-on-startup>2</load-on-startup>
+  </servlet>
+
   <servlet>
     <servlet-name>NodesServlet</servlet-name>
     <servlet-class>ca.nrc.cadc.rest.RestServlet</servlet-class>
@@ -64,7 +98,7 @@
       <param-name>delete</param-name>
       <param-value>org.opencadc.vospace.server.actions.DeleteNodeAction</param-value>
     </init-param>
-    <load-on-startup>2</load-on-startup>
+    <load-on-startup>3</load-on-startup>
   </servlet>
 
   <servlet>
@@ -208,40 +242,6 @@
   </servlet>
 
 
-  <!-- VOSI capabilities -->
-  <servlet>
-    <servlet-name>CapabilitiesServlet</servlet-name>
-    <servlet-class>ca.nrc.cadc.rest.RestServlet</servlet-class>
-    <init-param>
-      <param-name>init</param-name>
-      <param-value>ca.nrc.cadc.vosi.CapInitAction</param-value>
-    </init-param>
-    <init-param>
-      <param-name>head</param-name>
-      <param-value>ca.nrc.cadc.vosi.CapHeadAction</param-value>
-    </init-param>
-    <init-param>
-      <param-name>get</param-name>
-      <param-value>ca.nrc.cadc.vosi.CapGetAction</param-value>
-    </init-param>
-    <init-param>
-      <param-name>input</param-name>
-      <param-value>/capabilities.xml</param-value>
-    </init-param>
-    <load-on-startup>3</load-on-startup>
-  </servlet>
-
-  <!-- VOSI availability -->
-  <servlet>
-    <servlet-name>AvailabilityServlet</servlet-name>
-    <servlet-class>ca.nrc.cadc.vosi.AvailabilityServlet</servlet-class>
-    <init-param>
-      <param-name>ca.nrc.cadc.vosi.AvailabilityPlugin</param-name>
-      <param-value>org.opencadc.vault.ServiceAvailability</param-value>
-    </init-param>
-    <load-on-startup>3</load-on-startup>
-  </servlet>
-
     <!-- hopefully temporary -->
     <!-- internal servlet to assist async transfer servlet -->
     <servlet>