From 419ef8306cdfbe8818afcb21b290864ed209bdfa Mon Sep 17 00:00:00 2001 From: Patrick Dowler Date: Tue, 26 Mar 2024 14:19:01 -0700 Subject: [PATCH] vault: cleanup and doc update --- vault/README.md | 37 ++++------ .../opencadc/vault/ServiceAvailability.java | 8 +-- .../org/opencadc/vault/VaultInitAction.java | 29 +++++--- vault/src/main/webapp/WEB-INF/web.xml | 70 +++++++++---------- 4 files changed, 74 insertions(+), 70 deletions(-) diff --git a/vault/README.md b/vault/README.md index 15323212..f2ef1086 100644 --- a/vault/README.md +++ b/vault/README.md @@ -41,7 +41,6 @@ org.opencadc.vault.nodes.password={password for vospace pool} org.opencadc.vault.nodes.url=jdbc:postgresql://{server}/{database} org.opencadc.vault.inventory.maxActive={max connections for inventory pool} -# optional: config for separate inventory pool org.opencadc.vault.inventory.username={username for inventory pool} org.opencadc.vault.inventory.password={password for inventory pool} org.opencadc.vault.inventory.url=jdbc:postgresql://{server}/{database} @@ -58,13 +57,12 @@ VOSI-availability output. The _inventory_ account owns and manages (create, alter, drop) inventory database objects and manages all the content (update and delete Artifact, insert DeletedArtifactEvent). The database is specified -in the JDBC URL and the schema name is specified in the minoc.properties (below). Failure to connect or +in the JDBC URL and the schema name is specified in the vault.properties (below). Failure to connect or initialize the database will show up in logs and in the VOSI-availability output. The _inventory_ content may be in the same database as the _nodes_, in a different database in the same server, or in a different -server entirely. See `org.opencadc.vault.singlePool` below for the pros and cons. Note: it is a good -idea to set `maxActive` to a valid integer (e.g. 1 because the tomcat connection pool doesn't like 0 and -decides to make it 100 instead) when using a single pool; this avoids an ugly but meaningless stack trace -in the logs at startup. +server entirely. See `org.opencadc.vault.singlePool` below for the pros and cons. The _inventory_ pool must +be functional for initialization, availability checks (`maxActive` = 1 with `singlePool` is sufficient), and +the connection information is re-used by an internal background thread that synchronizes data node sizes. The _uws_ account owns and manages (create, alter, drop) uws database objects in the `uws` schema and manages all the content (insert, update, delete). The database is specified in the JDBC URLFailure to connect or initialize the @@ -128,28 +126,21 @@ DeletedArtifactEvent are done in a separate transaction and if that fails the Ar orphaned until the vault validation (see ???) runs and fixes such a discrepancy. However, _singlePool_ = `false` allows the content to be stored in two separate databases or servers. -The _root.owner_ owns the root node and has full read and write permission in the root container, so it can -create and delete container nodes at the root and assign container node properties that are normally read-only -to normal users: owner, quota, etc. This must be set to the username of the admin. +The _root.owner_ key configures the owner of the root node; the owner and has full read and write permission +in the root container, so it can create and delete container nodes at the root and assign container node properties +that are normally read-only to normal users: owner, quota, etc. This must be set to the username of the admin. -The _storage.namespace_ configures `vault` to use the specified namespace in storage-inventory to store files. +The _storage.namespace_ key configures `vault` to use the specified namespace in storage-inventory to store files. This only applies to new data nodes that are created and will not effect previously created nodes and artifacts. Probably don't want to change this... prevent change? TBD. -### vault-availability.properties (optional) +### cadc-log.properties (optional) +See cadc-log for common +dynamic logging control. -The vault-availability.properties file specifies which users have the authority to change the availability state of -the vault service. Each entry consists of a key=value pair. The key is always "users". The value is the x500 canonical -user name. - -Example: -``` -users = {user identity} -``` -`users` specifies the user(s) who are authorized to make calls to the service. The value is a list of user -identities (X500 distingushed name), one line per user. Optional: if the `vault-availability.properties` is -not found or does not list any `users`, the service will function in the default mode (ReadWrite) and the -state will not be changeable. +### cadc-vosi.properties (optional) +See cadc-vosi for common +service state control. ## building it ``` diff --git a/vault/src/main/java/org/opencadc/vault/ServiceAvailability.java b/vault/src/main/java/org/opencadc/vault/ServiceAvailability.java index b1e53f10..5a76fb1b 100644 --- a/vault/src/main/java/org/opencadc/vault/ServiceAvailability.java +++ b/vault/src/main/java/org/opencadc/vault/ServiceAvailability.java @@ -201,15 +201,15 @@ private String getState() { } return ret; } - + private void setOffline(boolean offline) { - String jndiArtifactSync = appName + "-" + DataNodeSizeSync.class.getName(); + String jndiKey = appName + "-" + DataNodeSizeSync.class.getName(); try { InitialContext initialContext = new InitialContext(); - DataNodeSizeSync async = (DataNodeSizeSync) initialContext.lookup(jndiArtifactSync); + DataNodeSizeSync async = (DataNodeSizeSync) initialContext.lookup(jndiKey); async.setOffline(offline); } catch (NamingException e) { - log.debug(String.format("unable to unbind %s - %s", jndiArtifactSync, e.getMessage())); + log.debug(String.format("unable to find %s - %s", jndiKey, e.getMessage())); } } } diff --git a/vault/src/main/java/org/opencadc/vault/VaultInitAction.java b/vault/src/main/java/org/opencadc/vault/VaultInitAction.java index b61f3470..a80f0452 100644 --- a/vault/src/main/java/org/opencadc/vault/VaultInitAction.java +++ b/vault/src/main/java/org/opencadc/vault/VaultInitAction.java @@ -69,6 +69,7 @@ import ca.nrc.cadc.db.DBUtil; import ca.nrc.cadc.rest.InitAction; +import ca.nrc.cadc.rest.RestAction; import ca.nrc.cadc.util.InvalidConfigException; import ca.nrc.cadc.util.MultiValuedProperties; import ca.nrc.cadc.util.PropertiesReader; @@ -131,12 +132,11 @@ public class VaultInitAction extends InitAction { private Namespace storageNamespace; private Map vosDaoConfig; private Map invDaoConfig; - private List allocationParents = new ArrayList<>(); - private String jndiNodePersistence; + private String jndiNodePersistence; // store in JNDI for cadc-vos-server lib private String jndiPreauthKeys; // store pubkey in JNDI for download via GetKeyAction - private String jndiSiteAvailabilities; + private String jndiSiteAvailabilities; // store in JNDI to share with ProtocolsGenerator private Thread availabilityCheck; private String jndiDataNodeSizeSync; // store in JNDI to support availability mode change @@ -149,8 +149,9 @@ public VaultInitAction() { @Override public void doInit() { initConfig(); - initDatabase(); - initUWSDatabase(); + initDatabaseVOS(); + initDatabaseINV(); + initDatabaseUWS(); initNodePersistence(); initKeyPair(); initAvailabilityCheck(); @@ -324,7 +325,7 @@ private void initConfig() { } } - private void initDatabase() { + private void initDatabaseVOS() { try { String dsname = (String) vosDaoConfig.get("jndiDataSourceName"); String schema = (String) vosDaoConfig.get("vosSchema"); @@ -336,7 +337,9 @@ private void initDatabase() { } catch (Exception ex) { throw new IllegalStateException("check/init vospace database failed", ex); } - + } + + private void initDatabaseINV() { try { String dsname = (String) invDaoConfig.get("jndiDataSourceName"); String schema = (String) invDaoConfig.get("invSchema"); @@ -350,7 +353,7 @@ private void initDatabase() { } } - private void initUWSDatabase() { + private void initDatabaseUWS() { try { log.info("initDatabase: " + JNDI_UWS_DATASOURCE + " uws START"); DataSource uws = DBUtil.findJNDIDataSource(JNDI_UWS_DATASOURCE); @@ -466,9 +469,19 @@ private void initBackgroundWorkers() { Map iterprops = getIteratorConfig(props); log.warn("iterator pool: " + iterprops.get("jndiDataSourceName")); artifactDAO.setConfig(iterprops); + + // determine startup mode + boolean offline = false; // normal + String key = appName + RestAction.STATE_MODE_KEY; + String ret = System.getProperty(key); + if (ret != null + && (RestAction.STATE_READ_ONLY.equals(ret) || RestAction.STATE_OFFLINE.equals(ret))) { + offline = true; + } terminateBackgroundWorkers(); DataNodeSizeSync async = new DataNodeSizeSync(hsDAO, artifactDAO, storageNamespace); + async.setOffline(offline); this.dataNodeSizeSyncThread = new Thread(async); dataNodeSizeSyncThread.setDaemon(true); dataNodeSizeSyncThread.start(); diff --git a/vault/src/main/webapp/WEB-INF/web.xml b/vault/src/main/webapp/WEB-INF/web.xml index fffacd30..f57bad3b 100644 --- a/vault/src/main/webapp/WEB-INF/web.xml +++ b/vault/src/main/webapp/WEB-INF/web.xml @@ -37,6 +37,40 @@ 1 + + + AvailabilityServlet + ca.nrc.cadc.vosi.AvailabilityServlet + + ca.nrc.cadc.vosi.AvailabilityPlugin + org.opencadc.vault.ServiceAvailability + + 2 + + + + + CapabilitiesServlet + ca.nrc.cadc.rest.RestServlet + + init + ca.nrc.cadc.vosi.CapInitAction + + + head + ca.nrc.cadc.vosi.CapHeadAction + + + get + ca.nrc.cadc.vosi.CapGetAction + + + input + /capabilities.xml + + 2 + + NodesServlet ca.nrc.cadc.rest.RestServlet @@ -64,7 +98,7 @@ delete org.opencadc.vospace.server.actions.DeleteNodeAction - 2 + 3 @@ -208,40 +242,6 @@ - - - CapabilitiesServlet - ca.nrc.cadc.rest.RestServlet - - init - ca.nrc.cadc.vosi.CapInitAction - - - head - ca.nrc.cadc.vosi.CapHeadAction - - - get - ca.nrc.cadc.vosi.CapGetAction - - - input - /capabilities.xml - - 3 - - - - - AvailabilityServlet - ca.nrc.cadc.vosi.AvailabilityServlet - - ca.nrc.cadc.vosi.AvailabilityPlugin - org.opencadc.vault.ServiceAvailability - - 3 - -