openstack/swift
Code Issues Proposed changes
0edfb879a7
swift/test/unit/common/test_wsgi.py

2319 lines
88 KiB
Python
Raw Normal View History

Change OpenStack LLC to Foundation Change-Id: I7c3df47c31759dbeb3105f8883e2688ada848d58 Closes-bug: #1214176
2013-09-20 01:00:54 +08:00
# Copyright (c) 2010 OpenStack Foundation
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Pep8 unit test modules for hacking and one liners (4 of 12) Address all the "hacking" lines that are flagged, and all the modules that just have one item flagged. Change-Id: I372a4bdf9c7748f73e38c4fd55e5954f1afade5b Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-08-31 22:36:58 -04:00
"""Tests for swift.common.wsgi"""
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
from argparse import Namespace
fixed some minor things in tests that pyflakes complained about Change-Id: Ifeab56a964630bcf941e932fcbe39e6572e62975
2013-03-26 20:42:26 +00:00
import errno
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
import logging
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
import socket
import unittest
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
import os
from textwrap import dedent
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
from collections import defaultdict
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
import types
import eventlet.wsgi
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
monkey_patch_mimetools() now does nothing on py3 The mimetools module has been removed from Python 3: modify monkey_patch_mimetools() to do nothing on Python 3. Skip test_monkey_patch_mimetools() on Python 3. Change-Id: I50f01ec159efedbb4df759ddd1e13928ac28fba6
2016-07-26 19:42:46 +02:00
import six
Replace StringIO with BytesIO for WSGI input wsgi.input is a binary stream (bytes), not a text stream (unicode). * Replace StringIO with BytesIO for WSGI input * Replace StringIO('') with StringIO() and replace WsgiStringIO('') with WsgiStringIO(): an empty string is already the default value Change-Id: I09c9527be2265a6847189aeeb74a17261ddc781a
2015-05-27 18:01:37 +02:00
from six import BytesIO
Get StringIO and cStringIO from six.moves * replace "from cStringIO import StringIO" with "from six.moves import cStringIO as StringIO" * replace "from StringIO import StringIO" with "from six import StringIO" * replace "import cStringIO" and "cStringIO.StringIO()" with "from six import moves" and "moves.cStringIO()" * replace "import StringIO" and "StringIO.StringIO()" with "import six" and "six.StringIO()" This patch was generated by the stringio operation of the sixer tool: https://pypi.python.org/pypi/sixer Change-Id: Iacba77fec3045f96773d1090c0bd48613729a561
2015-05-27 17:27:47 +02:00
from six import StringIO
py3: Replace urllib imports with six.moves.urllib The urllib, urllib2 and urlparse modules of Python 2 were reorganized into a new urllib namespace on Python 3. Replace urllib, urllib2 and urlparse imports with six.moves.urllib to make the modified code compatible with Python 2 and Python 3. The initial patch was generated by the urllib operation of the sixer tool on: bin/* swift/ test/. Change-Id: I61a8c7fb7972eabc7da8dad3b3d34bceee5c5d93
2015-10-08 15:03:52 +02:00
from six.moves.urllib.parse import quote
monkey_patch_mimetools() now does nothing on py3 The mimetools module has been removed from Python 3: modify monkey_patch_mimetools() to do nothing on Python 3. Skip test_monkey_patch_mimetools() on Python 3. Change-Id: I50f01ec159efedbb4df759ddd1e13928ac28fba6
2016-07-26 19:42:46 +02:00
if six.PY2:
import mimetools
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Object replication ssync (an rsync alternative) For this commit, ssync is just a direct replacement for how we use rsync. Assuming we switch over to ssync completely someday and drop rsync, we will then be able to improve the algorithms even further (removing local objects as we successfully transfer each one rather than waiting for whole partitions, using an index.db with hash-trees, etc., etc.) For easier review, this commit can be thought of in distinct parts: 1) New global_conf_callback functionality for allowing services to perform setup code before workers, etc. are launched. (This is then used by ssync in the object server to create a cross-worker semaphore to restrict concurrent incoming replication.) 2) A bit of shifting of items up from object server and replicator to diskfile or DEFAULT conf sections for better sharing of the same settings. conn_timeout, node_timeout, client_timeout, network_chunk_size, disk_chunk_size. 3) Modifications to the object server and replicator to optionally use ssync in place of rsync. This is done in a generic enough way that switching to FutureSync should be easy someday. 4) The biggest part, and (at least for now) completely optional part, are the new ssync_sender and ssync_receiver files. Nice and isolated for easier testing and visibility into test coverage, etc. All the usual logging, statsd, recon, etc. instrumentation is still there when using ssync, just as it is when using rsync. Beyond the essential error and exceptional condition logging, I have not added any additional instrumentation at this time. Unless there is something someone finds super pressing to have added to the logging, I think such additions would be better as separate change reviews. FOR NOW, IT IS NOT RECOMMENDED TO USE SSYNC ON PRODUCTION CLUSTERS. Some of us will be in a limited fashion to look for any subtle issues, tuning, etc. but generally ssync is an experimental feature. In its current implementation it is probably going to be a bit slower than rsync, but if all goes according to plan it will end up much faster. There are no comparisions yet between ssync and rsync other than some raw virtual machine testing I've done to show it should compete well enough once we can put it in use in the real world. If you Tweet, Google+, or whatever, be sure to indicate it's experimental. It'd be best to keep it out of deployment guides, howtos, etc. until we all figure out if we like it, find it to be stable, etc. Change-Id: If003dcc6f4109e2d2a42f4873a0779110fff16d6
2013-08-28 16:10:43 +00:00
import mock
Import filter and app into namespace correctly The module used to simply "import swift", and then reference the classes: swift.common.middleware.catch_errors.CatchErrorsMiddleware swift.proxy.server.Application in order to very that the WSGI services loaded the proper filters and apps. However, those references only happen to work, as the WSGI loading would properly import the rest of the path so that the namespace reference would be okay. If the WSGI configuration were to change, or if the behavior of WSGI broke, instead of of seeing the actual failure condition, a module attribute error would result instead: AttributeError: 'module' object has no attribute 'middleware' The referenced names are now properly imported with this change to avoid misleading error conditions. Change-Id: Ifff4271bc5be1136bf17e4e5b291b01033d608db Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-11-14 13:56:47 -05:00
import swift.common.middleware.catch_errors
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
import swift.common.middleware.gatekeeper
Import filter and app into namespace correctly The module used to simply "import swift", and then reference the classes: swift.common.middleware.catch_errors.CatchErrorsMiddleware swift.proxy.server.Application in order to very that the WSGI services loaded the proper filters and apps. However, those references only happen to work, as the WSGI loading would properly import the rest of the path so that the namespace reference would be okay. If the WSGI configuration were to change, or if the behavior of WSGI broke, instead of of seeing the actual failure condition, a module attribute error would result instead: AttributeError: 'module' object has no attribute 'middleware' The referenced names are now properly imported with this change to avoid misleading error conditions. Change-Id: Ifff4271bc5be1136bf17e4e5b291b01033d608db Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-11-14 13:56:47 -05:00
import swift.proxy.server
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
import swift.obj.server as obj_server
import swift.container.server as container_server
import swift.account.server as account_server
local WSGI Request and Response classes This change replaces WebOb with a mostly compatible local library, swift.common.swob. Subtle changes to WebOb's API over the years have been a huge headache. Swift doesn't even run on the current version. There are a few incompatibilities to simplify the implementation/interface: * It only implements the header properties we use. More can be easily added. * Casts header values to str on assignment. * Response classes ("HTTPNotFound") are no longer subclasses, but partials on Response, so things like isinstance no longer work on them. * Unlike newer webob versions, will never return unicode objects. Change-Id: I76617a0903ee2286b25a821b3c935c86ff95233f
2012-09-04 14:02:19 -07:00
from swift.common.swob import Request
Update FakeRing and FakeLogger FakeLogger gets better log level handling Parameterize logger on some daemons which were previously unparameterized and try and use the interface in tests. FakeRing use more real code The existing FakeRing mock's implementation bit me on some pretty subtle character encoding issue by-passing the hash_path code that is normally part of get_part_nodes. This change tries to exercise more of the real ring code paths when it makes sense and provide a better Fake for use in testing. Add write_fake_ring helper to test.unit for when you need a real ring. DocImpact Implements: blueprint storage-policies Change-Id: Id2e3740b1dd569050f4e083617e7dd6a4249027e
2014-04-28 19:22:51 -07:00
from swift.common import wsgi, utils
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
from swift.common.storage_policy import POLICIES
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Open-code eventlet.listen() Recently out gate started blowing up intermittently with a strange case of ports mixed up. Sometimes a functional tests tries to authorize on a port that's clearly an object server port, and the like. As it turns out, eventlet developers added an unavoidable SO_REUSEPORT into listen(), which makes listen(("localhost",0) to reuse ports. There's an issue about it: https://github.com/eventlet/eventlet/issues/411 This patch is working around the problem while eventlet people consider the issue. Change-Id: I67522909f96495a6a30e1acdb79835dce2189549
2017-05-11 01:39:14 -06:00
from test import listen_zero
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
from test.unit import (
temptree, with_tempdir, write_fake_ring, patch_policies, FakeLogger)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
from paste.deploy import loadwsgi
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def _fake_rings(tmpdir):
Update FakeRing and FakeLogger FakeLogger gets better log level handling Parameterize logger on some daemons which were previously unparameterized and try and use the interface in tests. FakeRing use more real code The existing FakeRing mock's implementation bit me on some pretty subtle character encoding issue by-passing the hash_path code that is normally part of get_part_nodes. This change tries to exercise more of the real ring code paths when it makes sense and provide a better Fake for use in testing. Add write_fake_ring helper to test.unit for when you need a real ring. DocImpact Implements: blueprint storage-policies Change-Id: Id2e3740b1dd569050f4e083617e7dd6a4249027e
2014-04-28 19:22:51 -07:00
write_fake_ring(os.path.join(tmpdir, 'account.ring.gz'))
write_fake_ring(os.path.join(tmpdir, 'container.ring.gz'))
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
for policy in POLICIES:
Add Storage Policy support to Object Server Objects now have a storage policy index associated with them as well; this is determined by their filesystem path. Like before, objects in policy 0 are in /srv/node/$disk/objects; this provides compatibility on upgrade. (Recall that policy 0 is given to all existing data when a cluster is upgraded.) Objects in policy 1 are in /srv/node/$disk/objects-1, objects in policy 2 are in /srv/node/$disk/objects-2, and so on. * 'quarantined' dir already created 'objects' subdir so now there will also be objects-N created at the same level This commit does not address replicators, auditors, or updaters except where method signatures changed. They'll still work if your cluster has only one storage policy, though. DocImpact Implements: blueprint storage-policies Change-Id: I459f3ed97df516cb0c9294477c28729c30f48e09
2014-05-27 01:17:13 -07:00
obj_ring_path = \
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
os.path.join(tmpdir, policy.ring_name + '.ring.gz')
Add Storage Policy support to Object Server Objects now have a storage policy index associated with them as well; this is determined by their filesystem path. Like before, objects in policy 0 are in /srv/node/$disk/objects; this provides compatibility on upgrade. (Recall that policy 0 is given to all existing data when a cluster is upgraded.) Objects in policy 1 are in /srv/node/$disk/objects-1, objects in policy 2 are in /srv/node/$disk/objects-2, and so on. * 'quarantined' dir already created 'objects' subdir so now there will also be objects-N created at the same level This commit does not address replicators, auditors, or updaters except where method signatures changed. They'll still work if your cluster has only one storage policy, though. DocImpact Implements: blueprint storage-policies Change-Id: I459f3ed97df516cb0c9294477c28729c30f48e09
2014-05-27 01:17:13 -07:00
write_fake_ring(obj_ring_path)
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
# make sure there's no other ring cached on this policy
policy.object_ring = None
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
fix swob for make_pre_authed_request Change-Id: Ic263f4a77a0aa0eb40078772a567eb41a60e40f7
2012-10-08 15:45:40 -07:00
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
@patch_policies
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
class TestWSGI(unittest.TestCase):
Pep8 unit test modules for hacking and one liners (4 of 12) Address all the "hacking" lines that are flagged, and all the modules that just have one item flagged. Change-Id: I372a4bdf9c7748f73e38c4fd55e5954f1afade5b Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-08-31 22:36:58 -04:00
"""Tests for swift.common.wsgi"""
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def setUp(self):
utils.HASH_PATH_PREFIX = 'startcap'
monkey_patch_mimetools() now does nothing on py3 The mimetools module has been removed from Python 3: modify monkey_patch_mimetools() to do nothing on Python 3. Skip test_monkey_patch_mimetools() on Python 3. Change-Id: I50f01ec159efedbb4df759ddd1e13928ac28fba6
2016-07-26 19:42:46 +02:00
if six.PY2:
self._orig_parsetype = mimetools.Message.parsetype
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def tearDown(self):
monkey_patch_mimetools() now does nothing on py3 The mimetools module has been removed from Python 3: modify monkey_patch_mimetools() to do nothing on Python 3. Skip test_monkey_patch_mimetools() on Python 3. Change-Id: I50f01ec159efedbb4df759ddd1e13928ac28fba6
2016-07-26 19:42:46 +02:00
if six.PY2:
mimetools.Message.parsetype = self._orig_parsetype
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
No longer import nose Since Python 2.7, unittest in the standard library has included mulitple facilities for skipping tests by decorators as well as an exception. Switch to that directly, rather than importing nose. Change-Id: I4009033473ea24f0d0faed3670db844f40051f30
2017-11-07 12:05:27 +11:00
@unittest.skipIf(six.PY3, "test specific to Python 2")
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
def test_monkey_patch_mimetools(self):
sio = StringIO('blah')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).type, 'text/plain')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('blah')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).plisttext, '')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('blah')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).maintype, 'text')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('blah')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).subtype, 'plain')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).type, 'text/html')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).plisttext,
'; charset=ISO-8859-4')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).maintype, 'text')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).subtype, 'html')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
wsgi.monkey_patch_mimetools()
sio = StringIO('blah')
Using assertIsNone() instead of assertEqual(None) Following OpenStack Style Guidelines: [1] http://docs.openstack.org/developer/hacking/#unit-tests-and-assertraises [H203] Unit test assertions tend to give better messages for more specific assertions. As a result, assertIsNone(...) is preferred over assertEqual(None, ...) and assertIs(..., None) Change-Id: If4db8872c4f5705c1fff017c4891626e9ce4d1e4
2017-06-07 11:37:01 +08:00
self.assertIsNone(mimetools.Message(sio).type)
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('blah')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).plisttext, '')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('blah')
Using assertIsNone() instead of assertEqual(None) Following OpenStack Style Guidelines: [1] http://docs.openstack.org/developer/hacking/#unit-tests-and-assertraises [H203] Unit test assertions tend to give better messages for more specific assertions. As a result, assertIsNone(...) is preferred over assertEqual(None, ...) and assertIs(..., None) Change-Id: If4db8872c4f5705c1fff017c4891626e9ce4d1e4
2017-06-07 11:37:01 +08:00
self.assertIsNone(mimetools.Message(sio).maintype)
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('blah')
Using assertIsNone() instead of assertEqual(None) Following OpenStack Style Guidelines: [1] http://docs.openstack.org/developer/hacking/#unit-tests-and-assertraises [H203] Unit test assertions tend to give better messages for more specific assertions. As a result, assertIsNone(...) is preferred over assertEqual(None, ...) and assertIs(..., None) Change-Id: If4db8872c4f5705c1fff017c4891626e9ce4d1e4
2017-06-07 11:37:01 +08:00
self.assertIsNone(mimetools.Message(sio).subtype)
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).type, 'text/html')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).plisttext,
'; charset=ISO-8859-4')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).maintype, 'text')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
sio = StringIO('Content-Type: text/html; charset=ISO-8859-4')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(mimetools.Message(sio).subtype, 'html')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def test_init_request_processor(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
pipeline = proxy-server
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
app, conf, logger, log_name = wsgi.init_request_processor(
conf_file, 'proxy-server')
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
# verify pipeline is: catch_errors -> gatekeeper -> listing_formats ->
# copy -> dlo -> proxy-server
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
expected = swift.common.middleware.catch_errors.CatchErrorMiddleware
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
self.assertIsInstance(app, expected)
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
app = app.app
expected = swift.common.middleware.gatekeeper.GatekeeperMiddleware
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
self.assertIsInstance(app, expected)
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
app = app.app
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
expected = swift.common.middleware.listing_formats.ListingFilter
self.assertIsInstance(app, expected)
app = app.app
expected = swift.common.middleware.copy.ServerSideCopyMiddleware
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
self.assertIsInstance(app, expected)
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
app = app.app
expected = swift.common.middleware.dlo.DynamicLargeObject
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
self.assertIsInstance(app, expected)
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
versioned writes middleware Rewrite object versioning as middleware to simplify the PUT method in the object controller. The functionality remains basically the same with the only major difference being the ability to now version slo manifest files. dlo manifests are still not supported as part of this patch. Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> DocImpact Change-Id: Ie899290b3312e201979eafefb253d1a60b65b837 Signed-off-by: Thiago da Silva <thiago@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com>
2014-11-09 13:13:27 -05:00
app = app.app
expected = \
swift.common.middleware.versioned_writes.VersionedWritesMiddleware
pep8: replace deprecated calls to assert_() The TestCase.assert_() has been deprecated in Python 2.7. Replace it with assertTrue() or even better methods (assertIn, assertNotIn, assertIsInstance) which provide better error messages. Change-Id: I21c730351470031a2dabe5238693095eabdb8964
2015-08-16 10:34:26 +02:00
self.assertIsInstance(app, expected)
versioned writes middleware Rewrite object versioning as middleware to simplify the PUT method in the object controller. The functionality remains basically the same with the only major difference being the ability to now version slo manifest files. dlo manifests are still not supported as part of this patch. Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> DocImpact Change-Id: Ie899290b3312e201979eafefb253d1a60b65b837 Signed-off-by: Thiago da Silva <thiago@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com>
2014-11-09 13:13:27 -05:00
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
app = app.app
expected = swift.proxy.server.Application
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
self.assertIsInstance(app, expected)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
# config settings applied to app instance
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(0.2, app.conn_timeout)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
# appconfig returns values from 'proxy-server' section
expected = {
'__file__': conf_file,
'here': os.path.dirname(conf_file),
'conn_timeout': '0.2',
'swift_dir': t,
Enable per policy proxy config options This is an alternative approach to that proposed in [1] Adds support for optional per-policy config sections to be added in proxy-server.conf. This is highly desirable to allow per-policy affinity options to be set for use with duplicated EC policies [2] and composite rings [3]. Certain options found in per-policy conf sections will override their equivalents that may be set in the [app:proxy-server] section. Currently the options handled that way are: sorting_method read_affinity write_affinity write_affinity_node_count For example: [proxy-server:policy:0] sorting_method = affinity read_affinity = r1=100 write_affinity = r1 write_affinity_node_count = 1 * replicas The corresponding attributes of the proxy-server Application are now available from instances of an OverrideConf object that is obtained from Application.get_policy_options(policy). [1] Related-Change: I9104fc789ba85ab3ab5ccd34096125b482821389 [2] Related-Change: Idd155401982a2c48110c30b480966a863f6bd305 [3] Related-Change: I0d8928b55020592f8e75321d1f7678688301d797 Co-Authored-By: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp> Change-Id: I3f718f425f525baa80045ba067950c752bcaaefc
2017-03-21 18:53:13 +00:00
'__name__': 'proxy-server'
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
}
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(expected, conf)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
# logger works
logger.info('testing')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual('proxy-server', log_name)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Update container sync to use internal client This patch changes container sync to use Internal Client instead of Direct Client. In the current design, container sync uses direct_get_object to get the newest source object(which talks to storage node directly). This works fine for replication storage policies however in erasure coding policies, direct_get_object would only return part of the object(it's encoded as several pieces). Using Internal Client can get the original object in EC case. Note that for the container sync put/delete part, it's working in EC since it's using Simple Client. Signed-off-by: Yuan Zhou <yuan.zhou@intel.com> DocImpact Change-Id: I91952bc9337f354ce6024bf8392046a1ecf6ecc9
2014-12-24 11:52:34 +08:00
@with_tempdir
def test_loadapp_from_file(self, tempdir):
conf_path = os.path.join(tempdir, 'object-server.conf')
conf_body = """
[app:main]
use = egg:swift#object
"""
contents = dedent(conf_body)
with open(conf_path, 'w') as f:
f.write(contents)
app = wsgi.loadapp(conf_path)
self.assertTrue(isinstance(app, obj_server.ObjectController))
def test_loadapp_from_string(self):
conf_body = """
[app:main]
use = egg:swift#object
"""
app = wsgi.loadapp(wsgi.ConfigString(conf_body))
self.assertTrue(isinstance(app, obj_server.ObjectController))
Refactor proxy-server conf loading to a helper function There were two middlewares using a common pattern to load the proxy-server app config section. The existing pattern fails to recognise option overrides that are declared using paste-deploy's 'set' notation, as illustrated by the change to test_dlo.py in this patch. This patch replaces the existing code with a helper function that loads the proxy-server config using the paste-deploy loader. The resulting config dict is therefore exactly the same as that used to initialise the proxy-server app. Change-Id: Ib58ce03e2010f41e7eb11f1a6dc78b0b7f55d466
2017-12-05 10:36:38 -08:00
@with_tempdir
def test_load_app_config(self, tempdir):
conf_file = os.path.join(tempdir, 'file.conf')
def _write_and_load_conf_file(conf):
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
with open(conf_file, 'wt') as fd:
Refactor proxy-server conf loading to a helper function There were two middlewares using a common pattern to load the proxy-server app config section. The existing pattern fails to recognise option overrides that are declared using paste-deploy's 'set' notation, as illustrated by the change to test_dlo.py in this patch. This patch replaces the existing code with a helper function that loads the proxy-server config using the paste-deploy loader. The resulting config dict is therefore exactly the same as that used to initialise the proxy-server app. Change-Id: Ib58ce03e2010f41e7eb11f1a6dc78b0b7f55d466
2017-12-05 10:36:38 -08:00
fd.write(dedent(conf))
return wsgi.load_app_config(conf_file)
# typical case - DEFAULT options override same option in other sections
conf_str = """
[DEFAULT]
dflt_option = dflt-value
[pipeline:main]
pipeline = proxy-logging proxy-server
[filter:proxy-logging]
use = egg:swift#proxy_logging
[app:proxy-server]
use = egg:swift#proxy
proxy_option = proxy-value
dflt_option = proxy-dflt-value
"""
proxy_conf = _write_and_load_conf_file(conf_str)
self.assertEqual('proxy-value', proxy_conf['proxy_option'])
self.assertEqual('dflt-value', proxy_conf['dflt_option'])
# 'set' overrides DEFAULT option
conf_str = """
[DEFAULT]
dflt_option = dflt-value
[pipeline:main]
pipeline = proxy-logging proxy-server
[filter:proxy-logging]
use = egg:swift#proxy_logging
[app:proxy-server]
use = egg:swift#proxy
proxy_option = proxy-value
set dflt_option = proxy-dflt-value
"""
proxy_conf = _write_and_load_conf_file(conf_str)
self.assertEqual('proxy-value', proxy_conf['proxy_option'])
self.assertEqual('proxy-dflt-value', proxy_conf['dflt_option'])
# actual proxy server app name is dereferenced
conf_str = """
[pipeline:main]
pipeline = proxy-logging proxyserverapp
[filter:proxy-logging]
use = egg:swift#proxy_logging
[app:proxyserverapp]
use = egg:swift#proxy
proxy_option = proxy-value
dflt_option = proxy-dflt-value
"""
proxy_conf = _write_and_load_conf_file(conf_str)
self.assertEqual('proxy-value', proxy_conf['proxy_option'])
self.assertEqual('proxy-dflt-value', proxy_conf['dflt_option'])
# no pipeline
conf_str = """
[filter:proxy-logging]
use = egg:swift#proxy_logging
[app:proxy-server]
use = egg:swift#proxy
proxy_option = proxy-value
"""
proxy_conf = _write_and_load_conf_file(conf_str)
self.assertEqual({}, proxy_conf)
# no matching section
conf_str = """
[pipeline:main]
pipeline = proxy-logging proxy-server
[filter:proxy-logging]
use = egg:swift#proxy_logging
"""
proxy_conf = _write_and_load_conf_file(conf_str)
self.assertEqual({}, proxy_conf)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def test_init_request_processor_from_conf_dir(self):
config_dir = {
'proxy-server.conf.d/pipeline.conf': """
[pipeline:main]
pipeline = catch_errors proxy-server
""",
'proxy-server.conf.d/app.conf': """
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
""",
'proxy-server.conf.d/catch-errors.conf': """
[filter:catch_errors]
use = egg:swift#catch_errors
"""
}
# strip indent from test config contents
config_dir = dict((f, dedent(c)) for (f, c) in config_dir.items())
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
with mock.patch('swift.proxy.server.Application.modify_wsgi_pipeline'):
with temptree(*zip(*config_dir.items())) as conf_root:
conf_dir = os.path.join(conf_root, 'proxy-server.conf.d')
with open(os.path.join(conf_dir, 'swift.conf'), 'w') as f:
f.write('[DEFAULT]\nswift_dir = %s' % conf_root)
_fake_rings(conf_root)
app, conf, logger, log_name = wsgi.init_request_processor(
conf_dir, 'proxy-server')
# verify pipeline is catch_errors -> proxy-server
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
expected = swift.common.middleware.catch_errors.CatchErrorMiddleware
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue(isinstance(app, expected))
self.assertTrue(isinstance(app.app, swift.proxy.server.Application))
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
# config settings applied to app instance
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(0.2, app.app.conn_timeout)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
# appconfig returns values from 'proxy-server' section
expected = {
'__file__': conf_dir,
'here': conf_dir,
'conn_timeout': '0.2',
'swift_dir': conf_root,
Enable per policy proxy config options This is an alternative approach to that proposed in [1] Adds support for optional per-policy config sections to be added in proxy-server.conf. This is highly desirable to allow per-policy affinity options to be set for use with duplicated EC policies [2] and composite rings [3]. Certain options found in per-policy conf sections will override their equivalents that may be set in the [app:proxy-server] section. Currently the options handled that way are: sorting_method read_affinity write_affinity write_affinity_node_count For example: [proxy-server:policy:0] sorting_method = affinity read_affinity = r1=100 write_affinity = r1 write_affinity_node_count = 1 * replicas The corresponding attributes of the proxy-server Application are now available from instances of an OverrideConf object that is obtained from Application.get_policy_options(policy). [1] Related-Change: I9104fc789ba85ab3ab5ccd34096125b482821389 [2] Related-Change: Idd155401982a2c48110c30b480966a863f6bd305 [3] Related-Change: I0d8928b55020592f8e75321d1f7678688301d797 Co-Authored-By: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp> Change-Id: I3f718f425f525baa80045ba067950c752bcaaefc
2017-03-21 18:53:13 +00:00
'__name__': 'proxy-server'
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
}
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(expected, conf)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
# logger works
logger.info('testing')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual('proxy-server', log_name)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
make the bind_port config setting required In a long-term effort to change the recommended ports for Swift, the first step is to require the bind_port in config files. Later, we can change the recommended setting. Anyone currently explicitly setting the ports will not be affected. Anyone not setting the ports will need to specify them to match their rings. DocImpact Change-Id: Icca83a263acdd0afc9016424a3e9f8c15e944789
2014-09-01 11:22:53 -07:00
def test_get_socket_bad_values(self):
# first try with no port set
self.assertRaises(wsgi.ConfigFilePortError, wsgi.get_socket, {})
# next try with a bad port value set
self.assertRaises(wsgi.ConfigFilePortError, wsgi.get_socket,
{'bind_port': 'abc'})
self.assertRaises(wsgi.ConfigFilePortError, wsgi.get_socket,
{'bind_port': None})
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
def test_get_socket(self):
# stubs
make the bind_port config setting required In a long-term effort to change the recommended ports for Swift, the first step is to require the bind_port in config files. Later, we can change the recommended setting. Anyone currently explicitly setting the ports will not be affected. Anyone not setting the ports will need to specify them to match their rings. DocImpact Change-Id: Icca83a263acdd0afc9016424a3e9f8c15e944789
2014-09-01 11:22:53 -07:00
conf = {'bind_port': 54321}
ssl_conf = conf.copy()
ssl_conf.update({
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
'cert_file': '',
'key_file': '',
make the bind_port config setting required In a long-term effort to change the recommended ports for Swift, the first step is to require the bind_port in config files. Later, we can change the recommended setting. Anyone currently explicitly setting the ports will not be affected. Anyone not setting the ports will need to specify them to match their rings. DocImpact Change-Id: Icca83a263acdd0afc9016424a3e9f8c15e944789
2014-09-01 11:22:53 -07:00
})
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
# mocks
Convert all old-style classes to new-style This cleanup has been slowly happening for a while; let's finish it. Change-Id: I1561e3540d524834e0cc5bc725ab80936eae1f0e
2014-03-03 17:28:48 -08:00
class MockSocket(object):
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
def __init__(self):
self.opts = defaultdict(dict)
def setsockopt(self, level, optname, value):
self.opts[level][optname] = value
def mock_listen(*args, **kwargs):
return MockSocket()
Convert all old-style classes to new-style This cleanup has been slowly happening for a while; let's finish it. Change-Id: I1561e3540d524834e0cc5bc725ab80936eae1f0e
2014-03-03 17:28:48 -08:00
class MockSsl(object):
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
def __init__(self):
self.wrap_socket_called = []
def wrap_socket(self, sock, **kwargs):
self.wrap_socket_called.append(kwargs)
return sock
# patch
old_listen = wsgi.listen
old_ssl = wsgi.ssl
try:
wsgi.listen = mock_listen
wsgi.ssl = MockSsl()
# test
sock = wsgi.get_socket(conf)
# assert
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue(isinstance(sock, MockSocket))
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
expected_socket_opts = {
socket.SOL_SOCKET: {
socket.SO_KEEPALIVE: 1,
},
Use TCP_NODELAY for created sockets. Mark Seger at HP has been looking at small objects, 1 and 2 KB size, and with Rick Jones' help noticed that TCP protocol traces showed effects from the Nagel algorithm client-to-server and server-to-client. This patch just addresses our WSGI server responses, but does not address out-bound connections from the various servers. Change-Id: I11f86df1f56fba1c6ab6084dc1f580c395f072dc Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-11-25 13:30:41 -05:00
socket.IPPROTO_TCP: {
socket.TCP_NODELAY: 1,
}
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
}
Optional TCP_KEEPIDLE in unit tests Allows to run unit tests on BSD-based platforms. The commit da99c339 that solved the problem doesn't contain fixes of unit tests. Change-Id: Iff1771c1cbb37c30a888cd1da4fca5636e5797e7
2013-06-18 18:05:28 +04:00
if hasattr(socket, 'TCP_KEEPIDLE'):
Use TCP_NODELAY for created sockets. Mark Seger at HP has been looking at small objects, 1 and 2 KB size, and with Rick Jones' help noticed that TCP protocol traces showed effects from the Nagel algorithm client-to-server and server-to-client. This patch just addresses our WSGI server responses, but does not address out-bound connections from the various servers. Change-Id: I11f86df1f56fba1c6ab6084dc1f580c395f072dc Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-11-25 13:30:41 -05:00
expected_socket_opts[socket.IPPROTO_TCP][
socket.TCP_KEEPIDLE] = 600
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(sock.opts, expected_socket_opts)
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
# test ssl
sock = wsgi.get_socket(ssl_conf)
expected_kwargs = {
'certfile': '',
'keyfile': '',
}
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(wsgi.ssl.wrap_socket_called, [expected_kwargs])
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
finally:
wsgi.listen = old_listen
wsgi.ssl = old_ssl
def test_address_in_use(self):
# stubs
make the bind_port config setting required In a long-term effort to change the recommended ports for Swift, the first step is to require the bind_port in config files. Later, we can change the recommended setting. Anyone currently explicitly setting the ports will not be affected. Anyone not setting the ports will need to specify them to match their rings. DocImpact Change-Id: Icca83a263acdd0afc9016424a3e9f8c15e944789
2014-09-01 11:22:53 -07:00
conf = {'bind_port': 54321}
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
# mocks
def mock_listen(*args, **kwargs):
raise socket.error(errno.EADDRINUSE)
def value_error_listen(*args, **kwargs):
raise ValueError('fake')
def mock_sleep(*args):
pass
Convert all old-style classes to new-style This cleanup has been slowly happening for a while; let's finish it. Change-Id: I1561e3540d524834e0cc5bc725ab80936eae1f0e
2014-03-03 17:28:48 -08:00
class MockTime(object):
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
"""Fast clock advances 10 seconds after every call to time
"""
def __init__(self):
self.current_time = old_time.time()
def time(self, *args, **kwargs):
rv = self.current_time
# advance for next call
self.current_time += 10
return rv
old_listen = wsgi.listen
old_sleep = wsgi.sleep
old_time = wsgi.time
try:
wsgi.listen = mock_listen
wsgi.sleep = mock_sleep
wsgi.time = MockTime()
# test error
self.assertRaises(Exception, wsgi.get_socket, conf)
# different error
wsgi.listen = value_error_listen
self.assertRaises(ValueError, wsgi.get_socket, conf)
finally:
wsgi.listen = old_listen
wsgi.sleep = old_sleep
wsgi.time = old_time
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def test_run_server(self):
config = """
[DEFAULT]
client_timeout = 30
Set default wsgi workers to cpu_count Change the default value of wsgi workers from 1 to auto. The new default value for workers in the proxy, container, account & object wsgi servers will spawn as many workers per process as you have cpu cores. This will not be ideal for some configurations, but it's much more likely to produce a successful out of the box deployment. Inspect the number of cpu_cores using python's multiprocessing when available. Multiprocessing was added in python 2.6, but I know I've compiled python without it before on accident. The cpu_count method seems to be pretty system agnostic, but it says it can raise NotImplementedError or sometimes return 0. Add a new utility method 'config_auto_int_value' to pull an integer out of the config which has a dynamic default. * drive by s/container/proxy/ in proxy-server.conf.5 * fix misplaced max_clients in *-server.conf-sample * update doc/development_saio to force workers = 1 DocImpact Change-Id: Ifa563d22952c902ab8cbe1d339ba385413c54e95
2013-07-11 17:00:57 -07:00
max_clients = 1000
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
swift_dir = TEMPDIR
[pipeline:main]
pipeline = proxy-server
[app:proxy-server]
use = egg:swift#proxy
Set default wsgi workers to cpu_count Change the default value of wsgi workers from 1 to auto. The new default value for workers in the proxy, container, account & object wsgi servers will spawn as many workers per process as you have cpu cores. This will not be ideal for some configurations, but it's much more likely to produce a successful out of the box deployment. Inspect the number of cpu_cores using python's multiprocessing when available. Multiprocessing was added in python 2.6, but I know I've compiled python without it before on accident. The cpu_count method seems to be pretty system agnostic, but it says it can raise NotImplementedError or sometimes return 0. Add a new utility method 'config_auto_int_value' to pull an integer out of the config which has a dynamic default. * drive by s/container/proxy/ in proxy-server.conf.5 * fix misplaced max_clients in *-server.conf-sample * update doc/development_saio to force workers = 1 DocImpact Change-Id: Ifa563d22952c902ab8cbe1d339ba385413c54e95
2013-07-11 17:00:57 -07:00
# while "set" values normally override default
set client_timeout = 20
# this section is not in conf during run_server
set max_clients = 10
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
with mock.patch('swift.proxy.server.Application.'
Move all monkey patching to one function Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2
2016-04-15 12:43:44 -07:00
'modify_wsgi_pipeline'), \
mock.patch('swift.common.wsgi.wsgi') as _wsgi, \
Always pass capitalize_response_headers=False to eventlet.wsgi.server() For a while, this was conditional because we supported old Eventlet versions that didn't have this keyword arg. Now, we require new-enough Eventlet that it's always available, so let's get rid of the conditional crud. The flag was introduced in Eventlet 0.15, and we require >= 0.17.4. Change-Id: Id089e29e7ecfc8cec79c520f604aa01bdae0dcf0
2018-05-23 18:15:57 -07:00
mock.patch('swift.common.wsgi.eventlet') as _wsgi_evt:
Move all monkey patching to one function Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2
2016-04-15 12:43:44 -07:00
conf = wsgi.appconfig(conf_file)
logger = logging.getLogger('test')
sock = listen_zero()
wsgi.run_server(conf, logger, sock)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(30, _wsgi.WRITE_TIMEOUT)
Move all monkey patching to one function Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2
2016-04-15 12:43:44 -07:00
_wsgi_evt.hubs.use_hub.assert_called_with(utils.get_hub())
_wsgi_evt.debug.hub_exceptions.assert_called_with(False)
Fixes for mock 1.1 The new release of mock 1.1 is more strict. It helped to find bugs in tests. Closes-Bug: #1473369 Change-Id: Id179513c6010d827cbcbdda7692a920e29213bcb
2015-07-10 13:04:44 +02:00
self.assertTrue(_wsgi.server.called)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
args, kwargs = _wsgi.server.call_args
server_sock, server_app, server_logger = args
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(sock, server_sock)
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue(isinstance(server_app, swift.proxy.server.Application))
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(20, server_app.client_timeout)
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue(isinstance(server_logger, wsgi.NullLogger))
self.assertTrue('custom_pool' in kwargs)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(1000, kwargs['custom_pool'].size)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
proto_class = kwargs['protocol']
self.assertEqual(proto_class, wsgi.SwiftHttpProtocol)
self.assertEqual('HTTP/1.0', proto_class.default_request_version)
def test_run_server_proxied(self):
config = """
[DEFAULT]
client_timeout = 30
max_clients = 1000
swift_dir = TEMPDIR
[pipeline:main]
pipeline = proxy-server
[app:proxy-server]
use = egg:swift#proxy
# these "set" values override defaults
set client_timeout = 20
set max_clients = 10
require_proxy_protocol = true
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
with mock.patch('swift.proxy.server.Application.'
'modify_wsgi_pipeline'), \
mock.patch('swift.common.wsgi.wsgi') as _wsgi, \
Always pass capitalize_response_headers=False to eventlet.wsgi.server() For a while, this was conditional because we supported old Eventlet versions that didn't have this keyword arg. Now, we require new-enough Eventlet that it's always available, so let's get rid of the conditional crud. The flag was introduced in Eventlet 0.15, and we require >= 0.17.4. Change-Id: Id089e29e7ecfc8cec79c520f604aa01bdae0dcf0
2018-05-23 18:15:57 -07:00
mock.patch('swift.common.wsgi.eventlet') as _eventlet:
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
conf = wsgi.appconfig(conf_file,
name='proxy-server')
logger = logging.getLogger('test')
sock = listen_zero()
wsgi.run_server(conf, logger, sock)
self.assertEqual(20, _wsgi.WRITE_TIMEOUT)
_eventlet.hubs.use_hub.assert_called_with(utils.get_hub())
_eventlet.debug.hub_exceptions.assert_called_with(False)
self.assertTrue(_wsgi.server.called)
args, kwargs = _wsgi.server.call_args
server_sock, server_app, server_logger = args
self.assertEqual(sock, server_sock)
self.assertTrue(isinstance(server_app, swift.proxy.server.Application))
self.assertEqual(20, server_app.client_timeout)
self.assertTrue(isinstance(server_logger, wsgi.NullLogger))
self.assertTrue('custom_pool' in kwargs)
self.assertEqual(10, kwargs['custom_pool'].size)
proto_class = kwargs['protocol']
self.assertEqual(proto_class, wsgi.SwiftHttpProxiedProtocol)
self.assertEqual('HTTP/1.0', proto_class.default_request_version)
Disable case-changing behavior in Eventlet RFC 2616 says that HTTP header fields are case-insensitive. However, there are some S3 clients who don't accept normalized header by Swift and Eventlet. For example, AWS Java SDK expects that an etag header is 'ETag', not 'Etag'. This patch disables Eventlet's header capitalization so that the swift3 middleware can normalize the response headers as those clients expect. Note that this change requires a fix for Eventlet, which will be included in the next Eventlet release (v0.15). Change-Id: I6d3428b0dafef776bdb3ebac7639b3126fa5e60d
2014-04-22 09:28:15 +09:00
def test_run_server_with_latest_eventlet(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = proxy-server
[app:proxy-server]
use = egg:swift#proxy
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
Get rid of contextlib.nested() for py3 contextlib.nested() is missing completely in Python 3. Since 2.7, we can use multiple context managers in a 'with' statement, like so: with thing1() as t1, thing2() as t2: do_stuff() Now, if we had some code that needed to nest an arbitrary number of context managers, there's stuff we could do with contextlib.ExitStack and such... but we don't. We only use contextlib.nested() in tests to set up bunches of mocks without crazy-deep indentation, and all that stuff fits perfectly into multiple-context-manager 'with' statements. Change-Id: Id472958b007948f05dbd4c7fb8cf3ffab58e2681
2015-10-21 13:05:37 -07:00
with mock.patch('swift.proxy.server.Application.'
'modify_wsgi_pipeline'), \
mock.patch('swift.common.wsgi.wsgi') as _wsgi, \
Always pass capitalize_response_headers=False to eventlet.wsgi.server() For a while, this was conditional because we supported old Eventlet versions that didn't have this keyword arg. Now, we require new-enough Eventlet that it's always available, so let's get rid of the conditional crud. The flag was introduced in Eventlet 0.15, and we require >= 0.17.4. Change-Id: Id089e29e7ecfc8cec79c520f604aa01bdae0dcf0
2018-05-23 18:15:57 -07:00
mock.patch('swift.common.wsgi.eventlet'):
Disable case-changing behavior in Eventlet RFC 2616 says that HTTP header fields are case-insensitive. However, there are some S3 clients who don't accept normalized header by Swift and Eventlet. For example, AWS Java SDK expects that an etag header is 'ETag', not 'Etag'. This patch disables Eventlet's header capitalization so that the swift3 middleware can normalize the response headers as those clients expect. Note that this change requires a fix for Eventlet, which will be included in the next Eventlet release (v0.15). Change-Id: I6d3428b0dafef776bdb3ebac7639b3126fa5e60d
2014-04-22 09:28:15 +09:00
conf = wsgi.appconfig(conf_file)
logger = logging.getLogger('test')
Open-code eventlet.listen() Recently out gate started blowing up intermittently with a strange case of ports mixed up. Sometimes a functional tests tries to authorize on a port that's clearly an object server port, and the like. As it turns out, eventlet developers added an unavoidable SO_REUSEPORT into listen(), which makes listen(("localhost",0) to reuse ports. There's an issue about it: https://github.com/eventlet/eventlet/issues/411 This patch is working around the problem while eventlet people consider the issue. Change-Id: I67522909f96495a6a30e1acdb79835dce2189549
2017-05-11 01:39:14 -06:00
sock = listen_zero()
Disable case-changing behavior in Eventlet RFC 2616 says that HTTP header fields are case-insensitive. However, there are some S3 clients who don't accept normalized header by Swift and Eventlet. For example, AWS Java SDK expects that an etag header is 'ETag', not 'Etag'. This patch disables Eventlet's header capitalization so that the swift3 middleware can normalize the response headers as those clients expect. Note that this change requires a fix for Eventlet, which will be included in the next Eventlet release (v0.15). Change-Id: I6d3428b0dafef776bdb3ebac7639b3126fa5e60d
2014-04-22 09:28:15 +09:00
wsgi.run_server(conf, logger, sock)
Fixes for mock 1.1 The new release of mock 1.1 is more strict. It helped to find bugs in tests. Closes-Bug: #1473369 Change-Id: Id179513c6010d827cbcbdda7692a920e29213bcb
2015-07-10 13:04:44 +02:00
self.assertTrue(_wsgi.server.called)
Disable case-changing behavior in Eventlet RFC 2616 says that HTTP header fields are case-insensitive. However, there are some S3 clients who don't accept normalized header by Swift and Eventlet. For example, AWS Java SDK expects that an etag header is 'ETag', not 'Etag'. This patch disables Eventlet's header capitalization so that the swift3 middleware can normalize the response headers as those clients expect. Note that this change requires a fix for Eventlet, which will be included in the next Eventlet release (v0.15). Change-Id: I6d3428b0dafef776bdb3ebac7639b3126fa5e60d
2014-04-22 09:28:15 +09:00
args, kwargs = _wsgi.server.call_args
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(kwargs.get('capitalize_response_headers'), False)
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
self.assertTrue('protocol' in kwargs)
self.assertEqual('HTTP/1.0',
kwargs['protocol'].default_request_version)
Disable case-changing behavior in Eventlet RFC 2616 says that HTTP header fields are case-insensitive. However, there are some S3 clients who don't accept normalized header by Swift and Eventlet. For example, AWS Java SDK expects that an etag header is 'ETag', not 'Etag'. This patch disables Eventlet's header capitalization so that the swift3 middleware can normalize the response headers as those clients expect. Note that this change requires a fix for Eventlet, which will be included in the next Eventlet release (v0.15). Change-Id: I6d3428b0dafef776bdb3ebac7639b3126fa5e60d
2014-04-22 09:28:15 +09:00
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def test_run_server_conf_dir(self):
config_dir = {
'proxy-server.conf.d/pipeline.conf': """
[pipeline:main]
pipeline = proxy-server
""",
'proxy-server.conf.d/app.conf': """
[app:proxy-server]
use = egg:swift#proxy
""",
'proxy-server.conf.d/default.conf': """
[DEFAULT]
client_timeout = 30
"""
}
# strip indent from test config contents
config_dir = dict((f, dedent(c)) for (f, c) in config_dir.items())
with temptree(*zip(*config_dir.items())) as conf_root:
conf_dir = os.path.join(conf_root, 'proxy-server.conf.d')
with open(os.path.join(conf_dir, 'swift.conf'), 'w') as f:
f.write('[DEFAULT]\nswift_dir = %s' % conf_root)
_fake_rings(conf_root)
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
with mock.patch('swift.proxy.server.Application.'
Move all monkey patching to one function Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2
2016-04-15 12:43:44 -07:00
'modify_wsgi_pipeline'), \
mock.patch('swift.common.wsgi.wsgi') as _wsgi, \
mock.patch('swift.common.wsgi.eventlet') as _wsgi_evt, \
mock.patch.dict('os.environ', {'TZ': ''}), \
mock.patch('time.tzset'):
conf = wsgi.appconfig(conf_dir)
logger = logging.getLogger('test')
sock = listen_zero()
wsgi.run_server(conf, logger, sock)
self.assertTrue(os.environ['TZ'] is not '')
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(30, _wsgi.WRITE_TIMEOUT)
Move all monkey patching to one function Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2
2016-04-15 12:43:44 -07:00
_wsgi_evt.hubs.use_hub.assert_called_with(utils.get_hub())
_wsgi_evt.debug.hub_exceptions.assert_called_with(False)
Fixes for mock 1.1 The new release of mock 1.1 is more strict. It helped to find bugs in tests. Closes-Bug: #1473369 Change-Id: Id179513c6010d827cbcbdda7692a920e29213bcb
2015-07-10 13:04:44 +02:00
self.assertTrue(_wsgi.server.called)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
args, kwargs = _wsgi.server.call_args
server_sock, server_app, server_logger = args
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(sock, server_sock)
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue(isinstance(server_app, swift.proxy.server.Application))
self.assertTrue(isinstance(server_logger, wsgi.NullLogger))
self.assertTrue('custom_pool' in kwargs)
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
self.assertTrue('protocol' in kwargs)
self.assertEqual('HTTP/1.0',
kwargs['protocol'].default_request_version)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Let eventlet.wsgi.server log tracebacks when eventlet_debug is enabled The "logging" available in eventlet.wsgi.server/BaseHTTPServer doesn't generally suite our needs, so it should be bypassed using a NullLogger in production. But in development it can be useful if tracebacks generated from inside eventlet.wsgi (say a NameError in DiskFile.__iter__) end up in logs. Since we already have eventlet_debug parsed inside of run_server we can skip the NullLogger bypass and let stuff blast out to STDERR when configured for development/debug logging. Change-Id: I20a9e82c7fed8948bf649f1f8571b4145fca201d
2014-07-09 16:04:20 -07:00
def test_run_server_debug(self):
config = """
[DEFAULT]
eventlet_debug = yes
client_timeout = 30
max_clients = 1000
swift_dir = TEMPDIR
[pipeline:main]
pipeline = proxy-server
[app:proxy-server]
use = egg:swift#proxy
# while "set" values normally override default
set client_timeout = 20
# this section is not in conf during run_server
set max_clients = 10
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
with mock.patch('swift.proxy.server.Application.'
Move all monkey patching to one function Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2
2016-04-15 12:43:44 -07:00
'modify_wsgi_pipeline'), \
mock.patch('swift.common.wsgi.wsgi') as _wsgi, \
mock.patch('swift.common.wsgi.eventlet') as _wsgi_evt:
mock_server = _wsgi.server
_wsgi.server = lambda *args, **kwargs: mock_server(
*args, **kwargs)
conf = wsgi.appconfig(conf_file)
logger = logging.getLogger('test')
sock = listen_zero()
wsgi.run_server(conf, logger, sock)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(30, _wsgi.WRITE_TIMEOUT)
Move all monkey patching to one function Change-Id: I2db2e53c50bcfa17f08a136581cfd7ac4958ada2
2016-04-15 12:43:44 -07:00
_wsgi_evt.hubs.use_hub.assert_called_with(utils.get_hub())
_wsgi_evt.debug.hub_exceptions.assert_called_with(True)
Fixes for mock 1.1 The new release of mock 1.1 is more strict. It helped to find bugs in tests. Closes-Bug: #1473369 Change-Id: Id179513c6010d827cbcbdda7692a920e29213bcb
2015-07-10 13:04:44 +02:00
self.assertTrue(mock_server.called)
Let eventlet.wsgi.server log tracebacks when eventlet_debug is enabled The "logging" available in eventlet.wsgi.server/BaseHTTPServer doesn't generally suite our needs, so it should be bypassed using a NullLogger in production. But in development it can be useful if tracebacks generated from inside eventlet.wsgi (say a NameError in DiskFile.__iter__) end up in logs. Since we already have eventlet_debug parsed inside of run_server we can skip the NullLogger bypass and let stuff blast out to STDERR when configured for development/debug logging. Change-Id: I20a9e82c7fed8948bf649f1f8571b4145fca201d
2014-07-09 16:04:20 -07:00
args, kwargs = mock_server.call_args
server_sock, server_app, server_logger = args
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(sock, server_sock)
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue(isinstance(server_app, swift.proxy.server.Application))
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(20, server_app.client_timeout)
Using assertIsNone() instead of assertEqual(None) Following OpenStack Style Guidelines: [1] http://docs.openstack.org/developer/hacking/#unit-tests-and-assertraises [H203] Unit test assertions tend to give better messages for more specific assertions. As a result, assertIsNone(...) is preferred over assertEqual(None, ...) and assertIs(..., None) Change-Id: If4db8872c4f5705c1fff017c4891626e9ce4d1e4
2017-06-07 11:37:01 +08:00
self.assertIsNone(server_logger)
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue('custom_pool' in kwargs)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(1000, kwargs['custom_pool'].size)
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
self.assertTrue('protocol' in kwargs)
self.assertEqual('HTTP/1.0',
kwargs['protocol'].default_request_version)
Let eventlet.wsgi.server log tracebacks when eventlet_debug is enabled The "logging" available in eventlet.wsgi.server/BaseHTTPServer doesn't generally suite our needs, so it should be bypassed using a NullLogger in production. But in development it can be useful if tracebacks generated from inside eventlet.wsgi (say a NameError in DiskFile.__iter__) end up in logs. Since we already have eventlet_debug parsed inside of run_server we can skip the NullLogger bypass and let stuff blast out to STDERR when configured for development/debug logging. Change-Id: I20a9e82c7fed8948bf649f1f8571b4145fca201d
2014-07-09 16:04:20 -07:00
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
def test_appconfig_dir_ignores_hidden_files(self):
config_dir = {
'server.conf.d/01.conf': """
[app:main]
use = egg:swift#proxy
port = 8080
""",
'server.conf.d/.01.conf.swp': """
[app:main]
use = egg:swift#proxy
port = 8081
""",
}
# strip indent from test config contents
config_dir = dict((f, dedent(c)) for (f, c) in config_dir.items())
with temptree(*zip(*config_dir.items())) as path:
conf_dir = os.path.join(path, 'server.conf.d')
conf = wsgi.appconfig(conf_dir)
expected = {
'__file__': os.path.join(path, 'server.conf.d'),
'here': os.path.join(path, 'server.conf.d'),
Enable per policy proxy config options This is an alternative approach to that proposed in [1] Adds support for optional per-policy config sections to be added in proxy-server.conf. This is highly desirable to allow per-policy affinity options to be set for use with duplicated EC policies [2] and composite rings [3]. Certain options found in per-policy conf sections will override their equivalents that may be set in the [app:proxy-server] section. Currently the options handled that way are: sorting_method read_affinity write_affinity write_affinity_node_count For example: [proxy-server:policy:0] sorting_method = affinity read_affinity = r1=100 write_affinity = r1 write_affinity_node_count = 1 * replicas The corresponding attributes of the proxy-server Application are now available from instances of an OverrideConf object that is obtained from Application.get_policy_options(policy). [1] Related-Change: I9104fc789ba85ab3ab5ccd34096125b482821389 [2] Related-Change: Idd155401982a2c48110c30b480966a863f6bd305 [3] Related-Change: I0d8928b55020592f8e75321d1f7678688301d797 Co-Authored-By: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp> Change-Id: I3f718f425f525baa80045ba067950c752bcaaefc
2017-03-21 18:53:13 +00:00
'port': '8080', '__name__': 'main'
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
}
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(conf, expected)
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Fixed another make_pre_auth bug (wsgi.input) Change-Id: I8b3c182ab85d4c5545e0a4259a64a496ebaf2bcb
2012-05-31 18:33:12 +00:00
def test_pre_auth_wsgi_input(self):
oldenv = {}
newenv = wsgi.make_pre_authed_env(oldenv)
self.assertTrue('wsgi.input' in newenv)
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
self.assertEqual(newenv['wsgi.input'].read(), b'')
Fixed another make_pre_auth bug (wsgi.input) Change-Id: I8b3c182ab85d4c5545e0a4259a64a496ebaf2bcb
2012-05-31 18:33:12 +00:00
Replace StringIO with BytesIO for WSGI input wsgi.input is a binary stream (bytes), not a text stream (unicode). * Replace StringIO with BytesIO for WSGI input * Replace StringIO('') with StringIO() and replace WsgiStringIO('') with WsgiStringIO(): an empty string is already the default value Change-Id: I09c9527be2265a6847189aeeb74a17261ddc781a
2015-05-27 18:01:37 +02:00
oldenv = {'wsgi.input': BytesIO(b'original wsgi.input')}
Fixed another make_pre_auth bug (wsgi.input) Change-Id: I8b3c182ab85d4c5545e0a4259a64a496ebaf2bcb
2012-05-31 18:33:12 +00:00
newenv = wsgi.make_pre_authed_env(oldenv)
self.assertTrue('wsgi.input' in newenv)
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
self.assertEqual(newenv['wsgi.input'].read(), b'')
Fixed another make_pre_auth bug (wsgi.input) Change-Id: I8b3c182ab85d4c5545e0a4259a64a496ebaf2bcb
2012-05-31 18:33:12 +00:00
Use a doubled proxy-logging instead of each middleware handling it differently (if at all) Adding a swift.source to wsgi pre_auth funcs and all middleware that makes subrequests to proxy server. NOTE: This change will result in a change in the number of proxy logs made for staticweb, formpost, tempurl, and any other middleware that performs sub requests (including swauth and SOS). Please see docs for details. DocImpact Change-Id: I80cf2806add1c3d34054147e2515944be340455b
2013-02-06 10:57:17 -08:00
oldenv = {'swift.source': 'UT'}
newenv = wsgi.make_pre_authed_env(oldenv)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(newenv['swift.source'], 'UT')
Use a doubled proxy-logging instead of each middleware handling it differently (if at all) Adding a swift.source to wsgi pre_auth funcs and all middleware that makes subrequests to proxy server. NOTE: This change will result in a change in the number of proxy logs made for staticweb, formpost, tempurl, and any other middleware that performs sub requests (including swauth and SOS). Please see docs for details. DocImpact Change-Id: I80cf2806add1c3d34054147e2515944be340455b
2013-02-06 10:57:17 -08:00
oldenv = {'swift.source': 'UT'}
newenv = wsgi.make_pre_authed_env(oldenv, swift_source='SA')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(newenv['swift.source'], 'SA')
Use a doubled proxy-logging instead of each middleware handling it differently (if at all) Adding a swift.source to wsgi pre_auth funcs and all middleware that makes subrequests to proxy server. NOTE: This change will result in a change in the number of proxy logs made for staticweb, formpost, tempurl, and any other middleware that performs sub requests (including swauth and SOS). Please see docs for details. DocImpact Change-Id: I80cf2806add1c3d34054147e2515944be340455b
2013-02-06 10:57:17 -08:00
adding unit tests
2011-08-30 12:07:32 -07:00
def test_pre_auth_req(self):
class FakeReq(object):
@classmethod
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
def fake_blank(cls, path, environ=None, body=b'', headers=None):
Uses None instead of mutables for function param defaults As seen on #1174809, changes use of mutable types as default arguments and defaults them within the method. Otherwise, those defaults can be unexpectedly persisted with the function between invocations and erupt into mass hysteria on the streets. There was indeed a test (TestSimpleClient.test_get_with_retries) that was erroneously relying on this behavior. Since previous tests had populated their own instantiations with a token, this test only passed because the modified headers dict from previous tests was being overridden. As expected, with the mutable defaults fix in SimpleClient, this test begain to fail since it never specified any token, yet it has always passed anyway. This change also now provides the expected token. Change-Id: If95f11d259008517dab511e88acfe9731e5a99b5 Related-Bug: #1174809
2014-05-10 05:15:12 -05:00
if environ is None:
environ = {}
if headers is None:
headers = {}
Test: Use assertIsNone() in unittest Use assertIsNone() instead of assertEqual(), because assertEqual() still fails on false values when compared to None Change-Id: Ic52c319e3e55135df834fdf857982e1721bc44bb
2017-06-25 10:29:23 +08:00
self.assertIsNone(environ['swift.authorize']('test'))
Fixing bug with x-trans-id. Will now be set on all incoming requests to proxy and trans-ids will not be reused. Change-Id: Ieb59cadd9925a122566c98374b9736e77d3f98dd
2011-10-13 09:36:17 -07:00
self.assertFalse('HTTP_X_TRANS_ID' in environ)
adding unit tests
2011-08-30 12:07:32 -07:00
was_blank = Request.blank
Request.blank = FakeReq.fake_blank
wsgi.make_pre_authed_request({'HTTP_X_TRANS_ID': '1234'},
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
'PUT', '/', body=b'tester', headers={})
adding unit tests
2011-08-30 12:07:32 -07:00
wsgi.make_pre_authed_request({'HTTP_X_TRANS_ID': '1234'},
'PUT', '/', headers={})
Request.blank = was_blank
removed unneeded daemonize function from utils, pulled get_socket out of run_wsgi, reworked test_utils and test_wsgi
2010-11-19 12:15:41 -06:00
fix pre_auth request funcs to handle quoted paths Change-Id: I739e3f600cedab5c7174a5b1f0ff2ec6003fc453
2012-05-07 13:46:41 -07:00
def test_pre_auth_req_with_quoted_path(self):
r = wsgi.make_pre_authed_request(
{'HTTP_X_TRANS_ID': '1234'}, 'PUT', path=quote('/a space'),
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
body=b'tester', headers={})
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, quote('/a space'))
fix pre_auth request funcs to handle quoted paths Change-Id: I739e3f600cedab5c7174a5b1f0ff2ec6003fc453
2012-05-07 13:46:41 -07:00
Fixed query removal bug in make_pre_authed_request Change-Id: I1b8238fb2ffe07b1474f7d8f040fdc620b6897d7
2012-05-27 21:48:13 +00:00
def test_pre_auth_req_drops_query(self):
r = wsgi.make_pre_authed_request(
{'QUERY_STRING': 'original'}, 'GET', 'path')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.query_string, 'original')
Fixed query removal bug in make_pre_authed_request Change-Id: I1b8238fb2ffe07b1474f7d8f040fdc620b6897d7
2012-05-27 21:48:13 +00:00
r = wsgi.make_pre_authed_request(
{'QUERY_STRING': 'original'}, 'GET', 'path?replacement')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.query_string, 'replacement')
Fixed query removal bug in make_pre_authed_request Change-Id: I1b8238fb2ffe07b1474f7d8f040fdc620b6897d7
2012-05-27 21:48:13 +00:00
r = wsgi.make_pre_authed_request(
{'QUERY_STRING': 'original'}, 'GET', 'path?')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.query_string, '')
Fixed query removal bug in make_pre_authed_request Change-Id: I1b8238fb2ffe07b1474f7d8f040fdc620b6897d7
2012-05-27 21:48:13 +00:00
fix swob for make_pre_authed_request Change-Id: Ic263f4a77a0aa0eb40078772a567eb41a60e40f7
2012-10-08 15:45:40 -07:00
def test_pre_auth_req_with_body(self):
r = wsgi.make_pre_authed_request(
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
{'QUERY_STRING': 'original'}, 'GET', 'path', b'the body')
self.assertEqual(r.body, b'the body')
Fixed query removal bug in make_pre_authed_request Change-Id: I1b8238fb2ffe07b1474f7d8f040fdc620b6897d7
2012-05-27 21:48:13 +00:00
Fixed bugs re: make_pre_authed* and SCRIPT_NAME There were bugs with SCRIPT_NAME and swift.common.wsgi.make_pre_authed* functions. 1) SCRIPT_NAME wasn't copied with PATH_INFO, which it should've been. 2) When a new path was given, SCRIPT_NAME wasn't set to an empty string but just omitted, which is allowed by spec, but really should be set. For completeness, if SCRIPT_NAME doesn't exist in the source env, it will be created in the new env, but as an empty string. Change-Id: Ifbc27ed8ff357038c54df4d37de46cfd5e31372e
2012-10-30 15:40:41 +00:00
def test_pre_auth_creates_script_name(self):
e = wsgi.make_pre_authed_env({})
self.assertTrue('SCRIPT_NAME' in e)
def test_pre_auth_copies_script_name(self):
e = wsgi.make_pre_authed_env({'SCRIPT_NAME': '/script_name'})
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(e['SCRIPT_NAME'], '/script_name')
Fixed bugs re: make_pre_authed* and SCRIPT_NAME There were bugs with SCRIPT_NAME and swift.common.wsgi.make_pre_authed* functions. 1) SCRIPT_NAME wasn't copied with PATH_INFO, which it should've been. 2) When a new path was given, SCRIPT_NAME wasn't set to an empty string but just omitted, which is allowed by spec, but really should be set. For completeness, if SCRIPT_NAME doesn't exist in the source env, it will be created in the new env, but as an empty string. Change-Id: Ifbc27ed8ff357038c54df4d37de46cfd5e31372e
2012-10-30 15:40:41 +00:00
def test_pre_auth_copies_script_name_unless_path_overridden(self):
e = wsgi.make_pre_authed_env({'SCRIPT_NAME': '/script_name'},
path='/override')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(e['SCRIPT_NAME'], '')
self.assertEqual(e['PATH_INFO'], '/override')
Fixed bugs re: make_pre_authed* and SCRIPT_NAME There were bugs with SCRIPT_NAME and swift.common.wsgi.make_pre_authed* functions. 1) SCRIPT_NAME wasn't copied with PATH_INFO, which it should've been. 2) When a new path was given, SCRIPT_NAME wasn't set to an empty string but just omitted, which is allowed by spec, but really should be set. For completeness, if SCRIPT_NAME doesn't exist in the source env, it will be created in the new env, but as an empty string. Change-Id: Ifbc27ed8ff357038c54df4d37de46cfd5e31372e
2012-10-30 15:40:41 +00:00
Use a doubled proxy-logging instead of each middleware handling it differently (if at all) Adding a swift.source to wsgi pre_auth funcs and all middleware that makes subrequests to proxy server. NOTE: This change will result in a change in the number of proxy logs made for staticweb, formpost, tempurl, and any other middleware that performs sub requests (including swauth and SOS). Please see docs for details. DocImpact Change-Id: I80cf2806add1c3d34054147e2515944be340455b
2013-02-06 10:57:17 -08:00
def test_pre_auth_req_swift_source(self):
r = wsgi.make_pre_authed_request(
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
{'QUERY_STRING': 'original'}, 'GET', 'path', b'the body',
Use a doubled proxy-logging instead of each middleware handling it differently (if at all) Adding a swift.source to wsgi pre_auth funcs and all middleware that makes subrequests to proxy server. NOTE: This change will result in a change in the number of proxy logs made for staticweb, formpost, tempurl, and any other middleware that performs sub requests (including swauth and SOS). Please see docs for details. DocImpact Change-Id: I80cf2806add1c3d34054147e2515944be340455b
2013-02-06 10:57:17 -08:00
swift_source='UT')
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
self.assertEqual(r.body, b'the body')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.environ['swift.source'], 'UT')
Fixed bugs re: make_pre_authed* and SCRIPT_NAME There were bugs with SCRIPT_NAME and swift.common.wsgi.make_pre_authed* functions. 1) SCRIPT_NAME wasn't copied with PATH_INFO, which it should've been. 2) When a new path was given, SCRIPT_NAME wasn't set to an empty string but just omitted, which is allowed by spec, but really should be set. For completeness, if SCRIPT_NAME doesn't exist in the source env, it will be created in the new env, but as an empty string. Change-Id: Ifbc27ed8ff357038c54df4d37de46cfd5e31372e
2012-10-30 15:40:41 +00:00
Object replication ssync (an rsync alternative) For this commit, ssync is just a direct replacement for how we use rsync. Assuming we switch over to ssync completely someday and drop rsync, we will then be able to improve the algorithms even further (removing local objects as we successfully transfer each one rather than waiting for whole partitions, using an index.db with hash-trees, etc., etc.) For easier review, this commit can be thought of in distinct parts: 1) New global_conf_callback functionality for allowing services to perform setup code before workers, etc. are launched. (This is then used by ssync in the object server to create a cross-worker semaphore to restrict concurrent incoming replication.) 2) A bit of shifting of items up from object server and replicator to diskfile or DEFAULT conf sections for better sharing of the same settings. conn_timeout, node_timeout, client_timeout, network_chunk_size, disk_chunk_size. 3) Modifications to the object server and replicator to optionally use ssync in place of rsync. This is done in a generic enough way that switching to FutureSync should be easy someday. 4) The biggest part, and (at least for now) completely optional part, are the new ssync_sender and ssync_receiver files. Nice and isolated for easier testing and visibility into test coverage, etc. All the usual logging, statsd, recon, etc. instrumentation is still there when using ssync, just as it is when using rsync. Beyond the essential error and exceptional condition logging, I have not added any additional instrumentation at this time. Unless there is something someone finds super pressing to have added to the logging, I think such additions would be better as separate change reviews. FOR NOW, IT IS NOT RECOMMENDED TO USE SSYNC ON PRODUCTION CLUSTERS. Some of us will be in a limited fashion to look for any subtle issues, tuning, etc. but generally ssync is an experimental feature. In its current implementation it is probably going to be a bit slower than rsync, but if all goes according to plan it will end up much faster. There are no comparisions yet between ssync and rsync other than some raw virtual machine testing I've done to show it should compete well enough once we can put it in use in the real world. If you Tweet, Google+, or whatever, be sure to indicate it's experimental. It'd be best to keep it out of deployment guides, howtos, etc. until we all figure out if we like it, find it to be stable, etc. Change-Id: If003dcc6f4109e2d2a42f4873a0779110fff16d6
2013-08-28 16:10:43 +00:00
def test_run_server_global_conf_callback(self):
calls = defaultdict(lambda: 0)
def _initrp(conf_file, app_section, *args, **kwargs):
return (
{'__file__': 'test', 'workers': 0},
'logger',
'log_name')
def _global_conf_callback(preloaded_app_conf, global_conf):
calls['_global_conf_callback'] += 1
self.assertEqual(
preloaded_app_conf, {'__file__': 'test', 'workers': 0})
self.assertEqual(global_conf, {'log_name': 'log_name'})
global_conf['test1'] = 'one'
def _loadapp(uri, name=None, **kwargs):
calls['_loadapp'] += 1
self.assertTrue('global_conf' in kwargs)
self.assertEqual(kwargs['global_conf'],
{'log_name': 'log_name', 'test1': 'one'})
Get rid of contextlib.nested() for py3 contextlib.nested() is missing completely in Python 3. Since 2.7, we can use multiple context managers in a 'with' statement, like so: with thing1() as t1, thing2() as t2: do_stuff() Now, if we had some code that needed to nest an arbitrary number of context managers, there's stuff we could do with contextlib.ExitStack and such... but we don't. We only use contextlib.nested() in tests to set up bunches of mocks without crazy-deep indentation, and all that stuff fits perfectly into multiple-context-manager 'with' statements. Change-Id: Id472958b007948f05dbd4c7fb8cf3ffab58e2681
2015-10-21 13:05:37 -07:00
with mock.patch.object(wsgi, '_initrp', _initrp), \
mock.patch.object(wsgi, 'get_socket'), \
mock.patch.object(wsgi, 'drop_privileges'), \
mock.patch.object(wsgi, 'loadapp', _loadapp), \
mock.patch.object(wsgi, 'capture_stdio'), \
Move eventlet patch before call to loadapp Ran into an eventlet bug[0] while integration Swift/Barbican in TripleO. It is very similar to a previous bug related to keystonemiddleware[1]. Suggestion from urllib3[2] is to patch eventlet "as early as possible". Traceback[3] shows that urllib3 is being imported before the eventlet patch, so moved the patch to before the loadapp call. [0] - http://paste.openstack.org/show/658046/ [1] - https://bugs.launchpad.net/swift/+bug/1662473 [2] - https://github.com/shazow/urllib3/issues/1104 [3] - https://gist.github.com/thiagodasilva/12dad7dc4f940b046dd0863b6f82a78b Change-Id: I74e580f31349bdefd187cc5d6770a7041a936bef
2018-02-08 18:18:15 -05:00
mock.patch.object(wsgi, 'run_server'), \
mock.patch('swift.common.utils.eventlet') as _utils_evt:
Object replication ssync (an rsync alternative) For this commit, ssync is just a direct replacement for how we use rsync. Assuming we switch over to ssync completely someday and drop rsync, we will then be able to improve the algorithms even further (removing local objects as we successfully transfer each one rather than waiting for whole partitions, using an index.db with hash-trees, etc., etc.) For easier review, this commit can be thought of in distinct parts: 1) New global_conf_callback functionality for allowing services to perform setup code before workers, etc. are launched. (This is then used by ssync in the object server to create a cross-worker semaphore to restrict concurrent incoming replication.) 2) A bit of shifting of items up from object server and replicator to diskfile or DEFAULT conf sections for better sharing of the same settings. conn_timeout, node_timeout, client_timeout, network_chunk_size, disk_chunk_size. 3) Modifications to the object server and replicator to optionally use ssync in place of rsync. This is done in a generic enough way that switching to FutureSync should be easy someday. 4) The biggest part, and (at least for now) completely optional part, are the new ssync_sender and ssync_receiver files. Nice and isolated for easier testing and visibility into test coverage, etc. All the usual logging, statsd, recon, etc. instrumentation is still there when using ssync, just as it is when using rsync. Beyond the essential error and exceptional condition logging, I have not added any additional instrumentation at this time. Unless there is something someone finds super pressing to have added to the logging, I think such additions would be better as separate change reviews. FOR NOW, IT IS NOT RECOMMENDED TO USE SSYNC ON PRODUCTION CLUSTERS. Some of us will be in a limited fashion to look for any subtle issues, tuning, etc. but generally ssync is an experimental feature. In its current implementation it is probably going to be a bit slower than rsync, but if all goes according to plan it will end up much faster. There are no comparisions yet between ssync and rsync other than some raw virtual machine testing I've done to show it should compete well enough once we can put it in use in the real world. If you Tweet, Google+, or whatever, be sure to indicate it's experimental. It'd be best to keep it out of deployment guides, howtos, etc. until we all figure out if we like it, find it to be stable, etc. Change-Id: If003dcc6f4109e2d2a42f4873a0779110fff16d6
2013-08-28 16:10:43 +00:00
wsgi.run_wsgi('conf_file', 'app_section',
global_conf_callback=_global_conf_callback)
Get rid of contextlib.nested() for py3 contextlib.nested() is missing completely in Python 3. Since 2.7, we can use multiple context managers in a 'with' statement, like so: with thing1() as t1, thing2() as t2: do_stuff() Now, if we had some code that needed to nest an arbitrary number of context managers, there's stuff we could do with contextlib.ExitStack and such... but we don't. We only use contextlib.nested() in tests to set up bunches of mocks without crazy-deep indentation, and all that stuff fits perfectly into multiple-context-manager 'with' statements. Change-Id: Id472958b007948f05dbd4c7fb8cf3ffab58e2681
2015-10-21 13:05:37 -07:00
Object replication ssync (an rsync alternative) For this commit, ssync is just a direct replacement for how we use rsync. Assuming we switch over to ssync completely someday and drop rsync, we will then be able to improve the algorithms even further (removing local objects as we successfully transfer each one rather than waiting for whole partitions, using an index.db with hash-trees, etc., etc.) For easier review, this commit can be thought of in distinct parts: 1) New global_conf_callback functionality for allowing services to perform setup code before workers, etc. are launched. (This is then used by ssync in the object server to create a cross-worker semaphore to restrict concurrent incoming replication.) 2) A bit of shifting of items up from object server and replicator to diskfile or DEFAULT conf sections for better sharing of the same settings. conn_timeout, node_timeout, client_timeout, network_chunk_size, disk_chunk_size. 3) Modifications to the object server and replicator to optionally use ssync in place of rsync. This is done in a generic enough way that switching to FutureSync should be easy someday. 4) The biggest part, and (at least for now) completely optional part, are the new ssync_sender and ssync_receiver files. Nice and isolated for easier testing and visibility into test coverage, etc. All the usual logging, statsd, recon, etc. instrumentation is still there when using ssync, just as it is when using rsync. Beyond the essential error and exceptional condition logging, I have not added any additional instrumentation at this time. Unless there is something someone finds super pressing to have added to the logging, I think such additions would be better as separate change reviews. FOR NOW, IT IS NOT RECOMMENDED TO USE SSYNC ON PRODUCTION CLUSTERS. Some of us will be in a limited fashion to look for any subtle issues, tuning, etc. but generally ssync is an experimental feature. In its current implementation it is probably going to be a bit slower than rsync, but if all goes according to plan it will end up much faster. There are no comparisions yet between ssync and rsync other than some raw virtual machine testing I've done to show it should compete well enough once we can put it in use in the real world. If you Tweet, Google+, or whatever, be sure to indicate it's experimental. It'd be best to keep it out of deployment guides, howtos, etc. until we all figure out if we like it, find it to be stable, etc. Change-Id: If003dcc6f4109e2d2a42f4873a0779110fff16d6
2013-08-28 16:10:43 +00:00
self.assertEqual(calls['_global_conf_callback'], 1)
self.assertEqual(calls['_loadapp'], 1)
Move eventlet patch before call to loadapp Ran into an eventlet bug[0] while integration Swift/Barbican in TripleO. It is very similar to a previous bug related to keystonemiddleware[1]. Suggestion from urllib3[2] is to patch eventlet "as early as possible". Traceback[3] shows that urllib3 is being imported before the eventlet patch, so moved the patch to before the loadapp call. [0] - http://paste.openstack.org/show/658046/ [1] - https://bugs.launchpad.net/swift/+bug/1662473 [2] - https://github.com/shazow/urllib3/issues/1104 [3] - https://gist.github.com/thiagodasilva/12dad7dc4f940b046dd0863b6f82a78b Change-Id: I74e580f31349bdefd187cc5d6770a7041a936bef
2018-02-08 18:18:15 -05:00
_utils_evt.patcher.monkey_patch.assert_called_with(all=False,
socket=True,
select=True,
thread=True)
Object replication ssync (an rsync alternative) For this commit, ssync is just a direct replacement for how we use rsync. Assuming we switch over to ssync completely someday and drop rsync, we will then be able to improve the algorithms even further (removing local objects as we successfully transfer each one rather than waiting for whole partitions, using an index.db with hash-trees, etc., etc.) For easier review, this commit can be thought of in distinct parts: 1) New global_conf_callback functionality for allowing services to perform setup code before workers, etc. are launched. (This is then used by ssync in the object server to create a cross-worker semaphore to restrict concurrent incoming replication.) 2) A bit of shifting of items up from object server and replicator to diskfile or DEFAULT conf sections for better sharing of the same settings. conn_timeout, node_timeout, client_timeout, network_chunk_size, disk_chunk_size. 3) Modifications to the object server and replicator to optionally use ssync in place of rsync. This is done in a generic enough way that switching to FutureSync should be easy someday. 4) The biggest part, and (at least for now) completely optional part, are the new ssync_sender and ssync_receiver files. Nice and isolated for easier testing and visibility into test coverage, etc. All the usual logging, statsd, recon, etc. instrumentation is still there when using ssync, just as it is when using rsync. Beyond the essential error and exceptional condition logging, I have not added any additional instrumentation at this time. Unless there is something someone finds super pressing to have added to the logging, I think such additions would be better as separate change reviews. FOR NOW, IT IS NOT RECOMMENDED TO USE SSYNC ON PRODUCTION CLUSTERS. Some of us will be in a limited fashion to look for any subtle issues, tuning, etc. but generally ssync is an experimental feature. In its current implementation it is probably going to be a bit slower than rsync, but if all goes according to plan it will end up much faster. There are no comparisions yet between ssync and rsync other than some raw virtual machine testing I've done to show it should compete well enough once we can put it in use in the real world. If you Tweet, Google+, or whatever, be sure to indicate it's experimental. It'd be best to keep it out of deployment guides, howtos, etc. until we all figure out if we like it, find it to be stable, etc. Change-Id: If003dcc6f4109e2d2a42f4873a0779110fff16d6
2013-08-28 16:10:43 +00:00
Return an exit code for configuration errors Red Hat's QA noticed that in case of the infamous "xattr>=0.4" error, swift-init exits with a zero error code, which confuses startup scripts (not Systemd though -- that one knows exactly if processes run or not). The easiest fix is to return the error code like Guido's blog post suggested. Change-Id: I7badd8742375a7cb2aa5606277316477b8083f8d Fixes: rhbz#1020480
2013-11-22 18:57:44 -07:00
def test_run_server_success(self):
calls = defaultdict(lambda: 0)
def _initrp(conf_file, app_section, *args, **kwargs):
calls['_initrp'] += 1
return (
{'__file__': 'test', 'workers': 0},
'logger',
'log_name')
def _loadapp(uri, name=None, **kwargs):
calls['_loadapp'] += 1
Get rid of contextlib.nested() for py3 contextlib.nested() is missing completely in Python 3. Since 2.7, we can use multiple context managers in a 'with' statement, like so: with thing1() as t1, thing2() as t2: do_stuff() Now, if we had some code that needed to nest an arbitrary number of context managers, there's stuff we could do with contextlib.ExitStack and such... but we don't. We only use contextlib.nested() in tests to set up bunches of mocks without crazy-deep indentation, and all that stuff fits perfectly into multiple-context-manager 'with' statements. Change-Id: Id472958b007948f05dbd4c7fb8cf3ffab58e2681
2015-10-21 13:05:37 -07:00
with mock.patch.object(wsgi, '_initrp', _initrp), \
mock.patch.object(wsgi, 'get_socket'), \
mock.patch.object(wsgi, 'drop_privileges'), \
mock.patch.object(wsgi, 'loadapp', _loadapp), \
mock.patch.object(wsgi, 'capture_stdio'), \
Move eventlet patch before call to loadapp Ran into an eventlet bug[0] while integration Swift/Barbican in TripleO. It is very similar to a previous bug related to keystonemiddleware[1]. Suggestion from urllib3[2] is to patch eventlet "as early as possible". Traceback[3] shows that urllib3 is being imported before the eventlet patch, so moved the patch to before the loadapp call. [0] - http://paste.openstack.org/show/658046/ [1] - https://bugs.launchpad.net/swift/+bug/1662473 [2] - https://github.com/shazow/urllib3/issues/1104 [3] - https://gist.github.com/thiagodasilva/12dad7dc4f940b046dd0863b6f82a78b Change-Id: I74e580f31349bdefd187cc5d6770a7041a936bef
2018-02-08 18:18:15 -05:00
mock.patch.object(wsgi, 'run_server'), \
mock.patch('swift.common.utils.eventlet') as _utils_evt:
Return an exit code for configuration errors Red Hat's QA noticed that in case of the infamous "xattr>=0.4" error, swift-init exits with a zero error code, which confuses startup scripts (not Systemd though -- that one knows exactly if processes run or not). The easiest fix is to return the error code like Guido's blog post suggested. Change-Id: I7badd8742375a7cb2aa5606277316477b8083f8d Fixes: rhbz#1020480
2013-11-22 18:57:44 -07:00
rc = wsgi.run_wsgi('conf_file', 'app_section')
self.assertEqual(calls['_initrp'], 1)
self.assertEqual(calls['_loadapp'], 1)
self.assertEqual(rc, 0)
Move eventlet patch before call to loadapp Ran into an eventlet bug[0] while integration Swift/Barbican in TripleO. It is very similar to a previous bug related to keystonemiddleware[1]. Suggestion from urllib3[2] is to patch eventlet "as early as possible". Traceback[3] shows that urllib3 is being imported before the eventlet patch, so moved the patch to before the loadapp call. [0] - http://paste.openstack.org/show/658046/ [1] - https://bugs.launchpad.net/swift/+bug/1662473 [2] - https://github.com/shazow/urllib3/issues/1104 [3] - https://gist.github.com/thiagodasilva/12dad7dc4f940b046dd0863b6f82a78b Change-Id: I74e580f31349bdefd187cc5d6770a7041a936bef
2018-02-08 18:18:15 -05:00
_utils_evt.patcher.monkey_patch.assert_called_with(all=False,
socket=True,
select=True,
thread=True)
Return an exit code for configuration errors Red Hat's QA noticed that in case of the infamous "xattr>=0.4" error, swift-init exits with a zero error code, which confuses startup scripts (not Systemd though -- that one knows exactly if processes run or not). The easiest fix is to return the error code like Guido's blog post suggested. Change-Id: I7badd8742375a7cb2aa5606277316477b8083f8d Fixes: rhbz#1020480
2013-11-22 18:57:44 -07:00
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
@mock.patch('swift.common.wsgi.run_server')
@mock.patch('swift.common.wsgi.WorkersStrategy')
@mock.patch('swift.common.wsgi.ServersPerPortStrategy')
def test_run_server_strategy_plumbing(self, mock_per_port, mock_workers,
mock_run_server):
# Make sure the right strategy gets used in a number of different
# config cases.
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
mock_per_port().do_bind_ports.return_value = 'stop early'
mock_workers().do_bind_ports.return_value = 'stop early'
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
logger = FakeLogger()
stub__initrp = [
{'__file__': 'test', 'workers': 2}, # conf
logger,
'log_name',
]
Delay port binding to reduce wait at process start With the new default behavior of eventlet 0.20 to set SO_REUSEPORT on listening sockets, it becomes easy to have a zero-downtime reload. By binding the listening socket as late as we can, we can reduce the time an incoming connection will stay in queue, waiting for the process to be ready to handle the connection. This commit moves the socket binding after the load of the application. On some benchmarks, it reduced the wait-time for incoming connections from about 1.1s to about 350ms. Change-Id: I045f4c9aa2c07cdc5ed95afd028540f1b3874637
2017-06-05 11:35:56 +02:00
with mock.patch.object(wsgi, '_initrp', return_value=stub__initrp), \
mock.patch.object(wsgi, 'loadapp'), \
mock.patch.object(wsgi, 'capture_stdio'):
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
for server_type in ('account-server', 'container-server',
'object-server'):
mock_per_port.reset_mock()
mock_workers.reset_mock()
logger._clear()
self.assertEqual(1, wsgi.run_wsgi('conf_file', server_type))
self.assertEqual([
'stop early',
], logger.get_lines_for_level('error'))
self.assertEqual([], mock_per_port.mock_calls)
self.assertEqual([
mock.call(stub__initrp[0], logger),
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
mock.call().do_bind_ports(),
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
], mock_workers.mock_calls)
stub__initrp[0]['servers_per_port'] = 3
for server_type in ('account-server', 'container-server'):
mock_per_port.reset_mock()
mock_workers.reset_mock()
logger._clear()
self.assertEqual(1, wsgi.run_wsgi('conf_file', server_type))
self.assertEqual([
'stop early',
], logger.get_lines_for_level('error'))
self.assertEqual([], mock_per_port.mock_calls)
self.assertEqual([
mock.call(stub__initrp[0], logger),
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
mock.call().do_bind_ports(),
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
], mock_workers.mock_calls)
mock_per_port.reset_mock()
mock_workers.reset_mock()
logger._clear()
self.assertEqual(1, wsgi.run_wsgi('conf_file', 'object-server'))
self.assertEqual([
'stop early',
], logger.get_lines_for_level('error'))
self.assertEqual([
mock.call(stub__initrp[0], logger, servers_per_port=3),
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
mock.call().do_bind_ports(),
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
], mock_per_port.mock_calls)
self.assertEqual([], mock_workers.mock_calls)
Return an exit code for configuration errors Red Hat's QA noticed that in case of the infamous "xattr>=0.4" error, swift-init exits with a zero error code, which confuses startup scripts (not Systemd though -- that one knows exactly if processes run or not). The easiest fix is to return the error code like Guido's blog post suggested. Change-Id: I7badd8742375a7cb2aa5606277316477b8083f8d Fixes: rhbz#1020480
2013-11-22 18:57:44 -07:00
def test_run_server_failure1(self):
calls = defaultdict(lambda: 0)
def _initrp(conf_file, app_section, *args, **kwargs):
calls['_initrp'] += 1
raise wsgi.ConfigFileError('test exception')
def _loadapp(uri, name=None, **kwargs):
calls['_loadapp'] += 1
Get rid of contextlib.nested() for py3 contextlib.nested() is missing completely in Python 3. Since 2.7, we can use multiple context managers in a 'with' statement, like so: with thing1() as t1, thing2() as t2: do_stuff() Now, if we had some code that needed to nest an arbitrary number of context managers, there's stuff we could do with contextlib.ExitStack and such... but we don't. We only use contextlib.nested() in tests to set up bunches of mocks without crazy-deep indentation, and all that stuff fits perfectly into multiple-context-manager 'with' statements. Change-Id: Id472958b007948f05dbd4c7fb8cf3ffab58e2681
2015-10-21 13:05:37 -07:00
with mock.patch.object(wsgi, '_initrp', _initrp), \
mock.patch.object(wsgi, 'get_socket'), \
mock.patch.object(wsgi, 'drop_privileges'), \
mock.patch.object(wsgi, 'loadapp', _loadapp), \
mock.patch.object(wsgi, 'capture_stdio'), \
mock.patch.object(wsgi, 'run_server'):
Return an exit code for configuration errors Red Hat's QA noticed that in case of the infamous "xattr>=0.4" error, swift-init exits with a zero error code, which confuses startup scripts (not Systemd though -- that one knows exactly if processes run or not). The easiest fix is to return the error code like Guido's blog post suggested. Change-Id: I7badd8742375a7cb2aa5606277316477b8083f8d Fixes: rhbz#1020480
2013-11-22 18:57:44 -07:00
rc = wsgi.run_wsgi('conf_file', 'app_section')
self.assertEqual(calls['_initrp'], 1)
self.assertEqual(calls['_loadapp'], 0)
self.assertEqual(rc, 1)
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
def test_pre_auth_req_with_empty_env_no_path(self):
r = wsgi.make_pre_authed_request(
{}, 'GET')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, quote(''))
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
self.assertTrue('SCRIPT_NAME' in r.environ)
self.assertTrue('PATH_INFO' in r.environ)
def test_pre_auth_req_with_env_path(self):
r = wsgi.make_pre_authed_request(
{'PATH_INFO': '/unquoted path with %20'}, 'GET')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, quote('/unquoted path with %20'))
self.assertEqual(r.environ['SCRIPT_NAME'], '')
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
def test_pre_auth_req_with_env_script(self):
r = wsgi.make_pre_authed_request({'SCRIPT_NAME': '/hello'}, 'GET')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, quote('/hello'))
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
def test_pre_auth_req_with_env_path_and_script(self):
env = {'PATH_INFO': '/unquoted path with %20',
'SCRIPT_NAME': '/script'}
r = wsgi.make_pre_authed_request(env, 'GET')
expected_path = quote(env['SCRIPT_NAME'] + env['PATH_INFO'])
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, expected_path)
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
env = {'PATH_INFO': '', 'SCRIPT_NAME': '/script'}
r = wsgi.make_pre_authed_request(env, 'GET')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, '/script')
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
env = {'PATH_INFO': '/path', 'SCRIPT_NAME': ''}
r = wsgi.make_pre_authed_request(env, 'GET')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, '/path')
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
env = {'PATH_INFO': '', 'SCRIPT_NAME': ''}
r = wsgi.make_pre_authed_request(env, 'GET')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, '')
Fix make_pre_authed_request function to not fail when path arg is None. The default value for the path arg to the function is None. However, if the path arg is not set or is set to None an exception is generated when the path value is passed to urllib.unquote(). The function doc states that if path is not provided then the value in the env is used, so fix is to implement this behaviour. Change-Id: I085124acb6ef3cecb2375bb97d27996e0c6fd36e Fixes: bug #1198149
2013-07-05 13:18:16 +01:00
def test_pre_auth_req_path_overrides_env(self):
env = {'PATH_INFO': '/path', 'SCRIPT_NAME': '/script'}
r = wsgi.make_pre_authed_request(env, 'GET', '/override')
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(r.path, '/override')
self.assertEqual(r.environ['SCRIPT_NAME'], '')
self.assertEqual(r.environ['PATH_INFO'], '/override')
conf.d support Allow Swift daemons and servers to optionally accept a directory as the configuration parameter. Directory based configuration leverages ConfigParser's native multi-file support. Files ending in '.conf' in the given directory are parsed in lexicographical order. Filenames starting with '.' are ignored. A mixture of file and directory configuration paths is not supported - if the configuration path is a file behavior is unchanged. * update swift-init to search for conf.d paths when building servers (e.g. /etc/swift/proxy-server.conf.d/) * new script swift-config can be used to inspect the cumulative configuration * pull a little bit of code out of run_wsgi and test separately * fix example config bug for the proxy servers client_disconnect option * added section on directory based configuration to deployment guide DocImpact Implements: blueprint confd Change-Id: I89b0f48e538117f28590cf6698401f74ef58003b
2013-03-25 16:34:43 -07:00
Keep user id and project id in subrequests env Keep HTTP_X_USER_ID and HTTP_X_PROJECT_ID to be available as user_id and project_id in storage.objects.outgoing.bytes in ceilometer when downloading a multipart object. Change-Id: I0f4734f021e5d6e84d48ed9bebeb321d7a9590ad Closes-Bug: #1477283
2015-08-12 15:00:45 -04:00
def test_make_env_keep_user_project_id(self):
oldenv = {'HTTP_X_USER_ID': '1234', 'HTTP_X_PROJECT_ID': '5678'}
newenv = wsgi.make_env(oldenv)
self.assertTrue('HTTP_X_USER_ID' in newenv)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(newenv['HTTP_X_USER_ID'], '1234')
Keep user id and project id in subrequests env Keep HTTP_X_USER_ID and HTTP_X_PROJECT_ID to be available as user_id and project_id in storage.objects.outgoing.bytes in ceilometer when downloading a multipart object. Change-Id: I0f4734f021e5d6e84d48ed9bebeb321d7a9590ad Closes-Bug: #1477283
2015-08-12 15:00:45 -04:00
self.assertTrue('HTTP_X_PROJECT_ID' in newenv)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(newenv['HTTP_X_PROJECT_ID'], '5678')
Keep user id and project id in subrequests env Keep HTTP_X_USER_ID and HTTP_X_PROJECT_ID to be available as user_id and project_id in storage.objects.outgoing.bytes in ceilometer when downloading a multipart object. Change-Id: I0f4734f021e5d6e84d48ed9bebeb321d7a9590ad Closes-Bug: #1477283
2015-08-12 15:00:45 -04:00
Pass HTTP_REFERER down to subrequests Currently a HTTP_REFERER (Referer) header isn't passed down to subrequests. This means *LO subrequests to segment containers return a 403 on a *LO GET when accessed by requests using referer ACLs. Currently the only way around referer access to *LO's is to make the segments container world readable. This change makes sure the referer header is passed into subrequests allowing a segments container to only need to be locked down with the same referer as the *LO container. This is a 1 line change to code, but also adds a unit and 2 functional functional tests (one for DLO and one for SLO). Change-Id: I1fa5328979302d9c8133aa739787c8dae6084f54 Closes-Bug: #1526575
2015-12-16 17:19:24 +11:00
def test_make_env_keeps_referer(self):
oldenv = {'HTTP_REFERER': 'http://blah.example.com'}
newenv = wsgi.make_env(oldenv)
self.assertTrue('HTTP_REFERER' in newenv)
self.assertEqual(newenv['HTTP_REFERER'], 'http://blah.example.com')
Make info caching work across subrequests Previously, if you called get_account_info, get_container_info, or get_object_info, then the results of that call would be cached in the WSGI environment as top-level keys. This is okay, except that if you, in middleware, copy the WSGI environment and then make a subrequest using the copy, information retrieved in the subrequest is cached only in the copy and not in the original. This can mean lots of extra trips to memcache for, say, SLO validation where the segments are in another container; the object HEAD ends up getting container info for the segment container, but then the next object HEAD gets it again. This commit moves the cache for get_*_info into a dictionary at environ['swift.infocache']; this way, you can shallow-copy the request environment and still get the benefits from the cache. Change-Id: I3481b38b41c33cd1e39e19baab56193c5f9bf6ac
2016-01-21 13:19:30 -08:00
def test_make_env_keeps_infocache(self):
oldenv = {'swift.infocache': {}}
newenv = wsgi.make_env(oldenv)
self.assertIs(newenv.get('swift.infocache'), oldenv['swift.infocache'])
Pep8 unit test modules w/ <= 10 violations (5 of 12) Change-Id: I8e82c14ada52d44df5a31e08982ac79cd7e5c969 Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-08-31 23:13:15 -04:00
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
class TestSwiftHttpProtocol(unittest.TestCase):
def setUp(self):
patcher = mock.patch('swift.common.wsgi.wsgi.HttpProtocol')
self.mock_super = patcher.start()
self.addCleanup(patcher.stop)
def _proto_obj(self):
# Make an object we can exercise... note the base class's __init__()
# does a bunch of work, so we just new up an object like eventlet.wsgi
# does.
proto_class = wsgi.SwiftHttpProtocol
try:
the_obj = types.InstanceType(proto_class)
except AttributeError:
the_obj = proto_class.__new__(proto_class)
# Install some convenience mocks
the_obj.server = Namespace(app=Namespace(logger=mock.Mock()),
url_length_limit=777,
log=mock.Mock())
the_obj.send_error = mock.Mock()
return the_obj
def test_swift_http_protocol_log_request(self):
proto_obj = self._proto_obj()
self.assertEqual(None, proto_obj.log_request('ignored'))
def test_swift_http_protocol_log_message(self):
proto_obj = self._proto_obj()
proto_obj.log_message('a%sc', 'b')
self.assertEqual([mock.call.error('ERROR WSGI: a%sc', 'b')],
proto_obj.server.app.logger.mock_calls)
def test_swift_http_protocol_log_message_no_logger(self):
# If the app somehow had no logger attribute or it was None, don't blow
# up
proto_obj = self._proto_obj()
delattr(proto_obj.server.app, 'logger')
proto_obj.log_message('a%sc', 'b')
Use valid eventlet logger method eventlet<=0.17.4 LoggerFileWrapper does not have an error() method so don't try to call it. Instead, use info() which even in newer eventlet versions does exactly the same as error(). This bug only manifests in unit tests once the Related-Bug has been fixed (see Related-Change). Closes-Bug: #1777836 Related-Bug: #1777701 Related-Change: I68fd9d0263a6720aaf0d90b8ea6da1158105ac01 Change-Id: I46190567549826c811ffa51e9a71a38a20d9ce97
2018-06-20 10:09:38 +01:00
self.assertEqual([mock.call.info('ERROR WSGI: a%sc', 'b')],
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
proto_obj.server.log.mock_calls)
proto_obj.server.log.reset_mock()
proto_obj.server.app.logger = None
proto_obj.log_message('a%sc', 'b')
Use valid eventlet logger method eventlet<=0.17.4 LoggerFileWrapper does not have an error() method so don't try to call it. Instead, use info() which even in newer eventlet versions does exactly the same as error(). This bug only manifests in unit tests once the Related-Bug has been fixed (see Related-Change). Closes-Bug: #1777836 Related-Bug: #1777701 Related-Change: I68fd9d0263a6720aaf0d90b8ea6da1158105ac01 Change-Id: I46190567549826c811ffa51e9a71a38a20d9ce97
2018-06-20 10:09:38 +01:00
self.assertEqual([mock.call.info('ERROR WSGI: a%sc', 'b')],
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
proto_obj.server.log.mock_calls)
def test_swift_http_protocol_parse_request_no_proxy(self):
proto_obj = self._proto_obj()
proto_obj.raw_requestline = b'jimmy jam'
proto_obj.client_address = ('a', '123')
self.assertEqual(False, proto_obj.parse_request())
self.assertEqual([], self.mock_super.mock_calls)
self.assertEqual([
mock.call(400, "Bad HTTP/0.9 request type ('jimmy')"),
], proto_obj.send_error.mock_calls)
self.assertEqual(('a', '123'), proto_obj.client_address)
class TestProxyProtocol(unittest.TestCase):
def _run_bytes_through_protocol(self, bytes_from_client, protocol_class):
rfile = BytesIO(bytes_from_client)
wfile = BytesIO()
# All this fakery is needed to make the WSGI server process one
# connection, possibly with multiple requests, in the main
# greenthread. It doesn't hurt correctness if the function is called
# in a separate greenthread, but it makes using the debugger harder.
class FakeGreenthread(object):
def link(self, a_callable, *args):
a_callable(self, *args)
class FakePool(object):
def spawn(self, a_callable, *args, **kwargs):
a_callable(*args, **kwargs)
return FakeGreenthread()
def spawn_n(self, a_callable, *args, **kwargs):
a_callable(*args, **kwargs)
def waitall(self):
pass
def dinky_app(env, start_response):
start_response("200 OK", [])
Update SERVER_ADDR/SERVER_PORT from PROXY protocol Also take a reasonable guess as to whether HTTPS/wsgi.url_scheme ought to be updated. Change-Id: Iada8a1f4921f07986e6399bc1279e9a602117b1c
2018-05-25 13:33:07 -07:00
body = '\r\n'.join([
'got addr: %s %s' % (
env.get("REMOTE_ADDR", "<missing>"),
env.get("REMOTE_PORT", "<missing>")),
'on addr: %s %s' % (
env.get("SERVER_ADDR", "<missing>"),
env.get("SERVER_PORT", "<missing>")),
'https is %s (scheme %s)' % (
env.get("HTTPS", "<missing>"),
env.get("wsgi.url_scheme", "<missing>")),
]) + '\r\n'
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
return [body.encode("utf-8")]
Fix test_wsgi.py tests failing with eventlet <=0.18.4 Older versions of eventlet expect getsocketname() to return a tuple, and newer versions are happy to receive a tuple, so fix the mock to return a tuple. Change-Id: I68fd9d0263a6720aaf0d90b8ea6da1158105ac01 Closes-Bug: #1777701
2018-06-20 09:59:55 +01:00
addr = ('127.0.0.1', 8359)
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
fake_tcp_socket = mock.Mock(
setsockopt=lambda *a: None,
makefile=lambda mode, bufsize: rfile if 'r' in mode else wfile,
Fix test_wsgi.py tests failing with eventlet <=0.18.4 Older versions of eventlet expect getsocketname() to return a tuple, and newer versions are happy to receive a tuple, so fix the mock to return a tuple. Change-Id: I68fd9d0263a6720aaf0d90b8ea6da1158105ac01 Closes-Bug: #1777701
2018-06-20 09:59:55 +01:00
getsockname=lambda *a: addr
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
)
Fix test_wsgi.py tests failing with eventlet <=0.18.4 Older versions of eventlet expect getsocketname() to return a tuple, and newer versions are happy to receive a tuple, so fix the mock to return a tuple. Change-Id: I68fd9d0263a6720aaf0d90b8ea6da1158105ac01 Closes-Bug: #1777701
2018-06-20 09:59:55 +01:00
fake_listen_socket = mock.Mock(
accept=mock.MagicMock(
side_effect=[[fake_tcp_socket, addr],
# KeyboardInterrupt breaks the WSGI server out of
# its infinite accept-process-close loop.
KeyboardInterrupt]),
getsockname=lambda *a: addr)
Update SERVER_ADDR/SERVER_PORT from PROXY protocol Also take a reasonable guess as to whether HTTPS/wsgi.url_scheme ought to be updated. Change-Id: Iada8a1f4921f07986e6399bc1279e9a602117b1c
2018-05-25 13:33:07 -07:00
del fake_listen_socket.do_handshake
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
# If we let the WSGI server close rfile/wfile then we can't access
# their contents any more.
with mock.patch.object(wfile, 'close', lambda: None), \
mock.patch.object(rfile, 'close', lambda: None):
eventlet.wsgi.server(
fake_listen_socket, dinky_app,
protocol=protocol_class,
custom_pool=FakePool(),
log_output=False, # quiet the test run
)
return wfile.getvalue()
def test_request_with_proxy(self):
Update SERVER_ADDR/SERVER_PORT from PROXY protocol Also take a reasonable guess as to whether HTTPS/wsgi.url_scheme ought to be updated. Change-Id: Iada8a1f4921f07986e6399bc1279e9a602117b1c
2018-05-25 13:33:07 -07:00
bytes_out = self._run_bytes_through_protocol((
b"PROXY TCP4 192.168.0.1 192.168.0.11 56423 4433\r\n"
b"GET /someurl HTTP/1.0\r\n"
b"User-Agent: something or other\r\n"
b"\r\n"
), wsgi.SwiftHttpProxiedProtocol)
lines = [l for l in bytes_out.split(b"\r\n") if l]
self.assertEqual(lines[0], b"HTTP/1.1 200 OK") # sanity check
self.assertEqual(lines[-3:], [
b"got addr: 192.168.0.1 56423",
b"on addr: 192.168.0.11 4433",
b"https is <missing> (scheme http)",
])
def test_request_with_proxy_https(self):
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
bytes_out = self._run_bytes_through_protocol((
b"PROXY TCP4 192.168.0.1 192.168.0.11 56423 443\r\n"
b"GET /someurl HTTP/1.0\r\n"
b"User-Agent: something or other\r\n"
b"\r\n"
), wsgi.SwiftHttpProxiedProtocol)
lines = [l for l in bytes_out.split(b"\r\n") if l]
self.assertEqual(lines[0], b"HTTP/1.1 200 OK") # sanity check
Update SERVER_ADDR/SERVER_PORT from PROXY protocol Also take a reasonable guess as to whether HTTPS/wsgi.url_scheme ought to be updated. Change-Id: Iada8a1f4921f07986e6399bc1279e9a602117b1c
2018-05-25 13:33:07 -07:00
self.assertEqual(lines[-3:], [
b"got addr: 192.168.0.1 56423",
b"on addr: 192.168.0.11 443",
b"https is on (scheme https)",
])
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
def test_multiple_requests_with_proxy(self):
bytes_out = self._run_bytes_through_protocol((
b"PROXY TCP4 192.168.0.1 192.168.0.11 56423 443\r\n"
b"GET /someurl HTTP/1.1\r\n"
b"User-Agent: something or other\r\n"
b"\r\n"
b"GET /otherurl HTTP/1.1\r\n"
b"User-Agent: something or other\r\n"
b"Connection: close\r\n"
b"\r\n"
), wsgi.SwiftHttpProxiedProtocol)
lines = bytes_out.split(b"\r\n")
self.assertEqual(lines[0], b"HTTP/1.1 200 OK") # sanity check
# the address in the PROXY line is applied to every request
addr_lines = [l for l in lines if l.startswith(b"got addr")]
self.assertEqual(addr_lines, [b"got addr: 192.168.0.1 56423"] * 2)
Update SERVER_ADDR/SERVER_PORT from PROXY protocol Also take a reasonable guess as to whether HTTPS/wsgi.url_scheme ought to be updated. Change-Id: Iada8a1f4921f07986e6399bc1279e9a602117b1c
2018-05-25 13:33:07 -07:00
addr_lines = [l for l in lines if l.startswith(b"on addr")]
self.assertEqual(addr_lines, [b"on addr: 192.168.0.11 443"] * 2)
addr_lines = [l for l in lines if l.startswith(b"https is")]
self.assertEqual(addr_lines, [b"https is on (scheme https)"] * 2)
Add support for PROXY protocol v1 (only) ...to the proxy-server. The point is to allow the Swift proxy server to log accurate client IP addresses when there is a proxy or SSL-terminator between the client and the Swift proxy server. Example servers supporting this PROXY protocol: stud (v1 only) stunnel haproxy hitch (v2 only) varnish See http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt The feature is enabled by adding this to your proxy config file: [app:proxy-server] use = egg:swift#proxy ... require_proxy_protocol = true The protocol specification states: The receiver MUST be configured to only receive the protocol described in this specification and MUST not try to guess whether the protocol header is present or not. so valid deployments are: 1) require_proxy_protocol = false (or missing; default is false) and NOT behind a proxy that adds or proxies existing PROXY lines. 2) require_proxy_protocol = true and IS behind a proxy that adds or proxies existing PROXY lines. Specifically, in the default configuration, one cannot send the swift proxy PROXY lines (no change from before this patch). When this feature is enabled, one _must_ send PROXY lines. Change-Id: Icb88902f0a89b8d980c860be032d5e822845d03a
2016-09-20 16:38:45 -07:00
def test_missing_proxy_line(self):
bytes_out = self._run_bytes_through_protocol((
# whoops, no PROXY line here
b"GET /someurl HTTP/1.0\r\n"
b"User-Agent: something or other\r\n"
b"\r\n"
), wsgi.SwiftHttpProxiedProtocol)
lines = [l for l in bytes_out.split(b"\r\n") if l]
self.assertIn(b"400 Invalid PROXY line", lines[0])
def test_malformed_proxy_lines(self):
for bad_line in [b'PROXY jojo',
b'PROXYjojo a b c d e',
b'PROXY a b c d e', # bad INET protocol and family
]:
bytes_out = self._run_bytes_through_protocol(
bad_line, wsgi.SwiftHttpProxiedProtocol)
lines = [l for l in bytes_out.split(b"\r\n") if l]
self.assertIn(b"400 Invalid PROXY line", lines[0])
def test_unknown_client_addr(self):
# For "UNKNOWN", the rest of the line before the CRLF may be omitted by
# the sender, and the receiver must ignore anything presented before
# the CRLF is found.
for unknown_line in [b'PROXY UNKNOWN', # mimimal valid unknown
b'PROXY UNKNOWNblahblah', # also valid
b'PROXY UNKNOWN a b c d']:
bytes_out = self._run_bytes_through_protocol((
unknown_line + (b"\r\n"
b"GET /someurl HTTP/1.0\r\n"
b"User-Agent: something or other\r\n"
b"\r\n")
), wsgi.SwiftHttpProxiedProtocol)
lines = [l for l in bytes_out.split(b"\r\n") if l]
self.assertIn(b"200 OK", lines[0])
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
class TestServersPerPortStrategy(unittest.TestCase):
def setUp(self):
self.logger = FakeLogger()
self.conf = {
'workers': 100, # ignored
'user': 'bob',
'swift_dir': '/jim/cricket',
'ring_check_interval': '76',
'bind_ip': '2.3.4.5',
}
self.servers_per_port = 3
self.s1, self.s2 = mock.MagicMock(), mock.MagicMock()
patcher = mock.patch('swift.common.wsgi.get_socket',
side_effect=[self.s1, self.s2])
self.mock_get_socket = patcher.start()
self.addCleanup(patcher.stop)
patcher = mock.patch('swift.common.wsgi.drop_privileges')
self.mock_drop_privileges = patcher.start()
self.addCleanup(patcher.stop)
patcher = mock.patch('swift.common.wsgi.BindPortsCache')
self.mock_cache_class = patcher.start()
self.addCleanup(patcher.stop)
patcher = mock.patch('swift.common.wsgi.os.setsid')
self.mock_setsid = patcher.start()
self.addCleanup(patcher.stop)
patcher = mock.patch('swift.common.wsgi.os.chdir')
self.mock_chdir = patcher.start()
self.addCleanup(patcher.stop)
patcher = mock.patch('swift.common.wsgi.os.umask')
self.mock_umask = patcher.start()
self.addCleanup(patcher.stop)
self.all_bind_ports_for_node = \
self.mock_cache_class().all_bind_ports_for_node
self.ports = (6006, 6007)
self.all_bind_ports_for_node.return_value = set(self.ports)
self.strategy = wsgi.ServersPerPortStrategy(self.conf, self.logger,
self.servers_per_port)
def test_loop_timeout(self):
# This strategy should loop every ring_check_interval seconds, even if
# no workers exit.
self.assertEqual(76, self.strategy.loop_timeout())
# Check the default
del self.conf['ring_check_interval']
self.strategy = wsgi.ServersPerPortStrategy(self.conf, self.logger,
self.servers_per_port)
self.assertEqual(15, self.strategy.loop_timeout())
def test_bind_ports(self):
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.assertEqual(set((6006, 6007)), self.strategy.bind_ports)
self.assertEqual([
mock.call({'workers': 100, # ignored
'user': 'bob',
'swift_dir': '/jim/cricket',
'ring_check_interval': '76',
'bind_ip': '2.3.4.5',
'bind_port': 6006}),
mock.call({'workers': 100, # ignored
'user': 'bob',
'swift_dir': '/jim/cricket',
'ring_check_interval': '76',
'bind_ip': '2.3.4.5',
'bind_port': 6007}),
], self.mock_get_socket.mock_calls)
self.assertEqual(
6006, self.strategy.port_pid_state.port_for_sock(self.s1))
self.assertEqual(
6007, self.strategy.port_pid_state.port_for_sock(self.s2))
self.assertEqual([mock.call()], self.mock_setsid.mock_calls)
self.assertEqual([mock.call('/')], self.mock_chdir.mock_calls)
self.assertEqual([mock.call(0o22)], self.mock_umask.mock_calls)
def test_bind_ports_ignores_setsid_errors(self):
self.mock_setsid.side_effect = OSError()
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.assertEqual(set((6006, 6007)), self.strategy.bind_ports)
self.assertEqual([
mock.call({'workers': 100, # ignored
'user': 'bob',
'swift_dir': '/jim/cricket',
'ring_check_interval': '76',
'bind_ip': '2.3.4.5',
'bind_port': 6006}),
mock.call({'workers': 100, # ignored
'user': 'bob',
'swift_dir': '/jim/cricket',
'ring_check_interval': '76',
'bind_ip': '2.3.4.5',
'bind_port': 6007}),
], self.mock_get_socket.mock_calls)
self.assertEqual(
6006, self.strategy.port_pid_state.port_for_sock(self.s1))
self.assertEqual(
6007, self.strategy.port_pid_state.port_for_sock(self.s2))
self.assertEqual([mock.call()], self.mock_setsid.mock_calls)
self.assertEqual([mock.call('/')], self.mock_chdir.mock_calls)
self.assertEqual([mock.call(0o22)], self.mock_umask.mock_calls)
def test_no_fork_sock(self):
Replace assertEqual(None, *) with assertIsNone in tests As swift no longer supports Python 2.6, replace assertEqual(None, *) with assertIsNone in tests to have more clear messages in case of failure. Change-Id: I94af3e8156ef40465d4f7a2cb79fb99fc7bbda56 Closes-Bug: #1280522
2016-02-16 23:44:27 +08:00
self.assertIsNone(self.strategy.no_fork_sock())
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
def test_new_worker_socks(self):
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.all_bind_ports_for_node.reset_mock()
pid = 88
got_si = []
for s, i in self.strategy.new_worker_socks():
got_si.append((s, i))
self.strategy.register_worker_start(s, i, pid)
pid += 1
self.assertEqual([
(self.s1, 0), (self.s1, 1), (self.s1, 2),
(self.s2, 0), (self.s2, 1), (self.s2, 2),
], got_si)
self.assertEqual([
'Started child %d (PID %d) for port %d' % (0, 88, 6006),
'Started child %d (PID %d) for port %d' % (1, 89, 6006),
'Started child %d (PID %d) for port %d' % (2, 90, 6006),
'Started child %d (PID %d) for port %d' % (0, 91, 6007),
'Started child %d (PID %d) for port %d' % (1, 92, 6007),
'Started child %d (PID %d) for port %d' % (2, 93, 6007),
], self.logger.get_lines_for_level('notice'))
self.logger._clear()
# Steady-state...
self.assertEqual([], list(self.strategy.new_worker_socks()))
self.all_bind_ports_for_node.reset_mock()
# Get rid of servers for ports which disappear from the ring
self.ports = (6007,)
self.all_bind_ports_for_node.return_value = set(self.ports)
self.s1.reset_mock()
self.s2.reset_mock()
with mock.patch('swift.common.wsgi.greenio') as mock_greenio:
self.assertEqual([], list(self.strategy.new_worker_socks()))
self.assertEqual([
mock.call(), # ring_check_interval has passed...
], self.all_bind_ports_for_node.mock_calls)
self.assertEqual([
mock.call.shutdown_safe(self.s1),
], mock_greenio.mock_calls)
self.assertEqual([
mock.call.close(),
], self.s1.mock_calls)
self.assertEqual([], self.s2.mock_calls) # not closed
self.assertEqual([
'Closing unnecessary sock for port %d' % 6006,
], self.logger.get_lines_for_level('notice'))
self.logger._clear()
# Create new socket & workers for new ports that appear in ring
self.ports = (6007, 6009)
self.all_bind_ports_for_node.return_value = set(self.ports)
self.s1.reset_mock()
self.s2.reset_mock()
s3 = mock.MagicMock()
self.mock_get_socket.side_effect = Exception('ack')
# But first make sure we handle failure to bind to the requested port!
got_si = []
for s, i in self.strategy.new_worker_socks():
got_si.append((s, i))
self.strategy.register_worker_start(s, i, pid)
pid += 1
self.assertEqual([], got_si)
self.assertEqual([
'Unable to bind to port %d: %s' % (6009, Exception('ack')),
'Unable to bind to port %d: %s' % (6009, Exception('ack')),
'Unable to bind to port %d: %s' % (6009, Exception('ack')),
], self.logger.get_lines_for_level('critical'))
self.logger._clear()
# Will keep trying, so let it succeed again
self.mock_get_socket.side_effect = [s3]
got_si = []
for s, i in self.strategy.new_worker_socks():
got_si.append((s, i))
self.strategy.register_worker_start(s, i, pid)
pid += 1
self.assertEqual([
(s3, 0), (s3, 1), (s3, 2),
], got_si)
self.assertEqual([
'Started child %d (PID %d) for port %d' % (0, 94, 6009),
'Started child %d (PID %d) for port %d' % (1, 95, 6009),
'Started child %d (PID %d) for port %d' % (2, 96, 6009),
], self.logger.get_lines_for_level('notice'))
self.logger._clear()
# Steady-state...
self.assertEqual([], list(self.strategy.new_worker_socks()))
self.all_bind_ports_for_node.reset_mock()
# Restart a guy who died on us
self.strategy.register_worker_exit(95) # server_idx == 1
got_si = []
for s, i in self.strategy.new_worker_socks():
got_si.append((s, i))
self.strategy.register_worker_start(s, i, pid)
pid += 1
self.assertEqual([
(s3, 1),
], got_si)
self.assertEqual([
'Started child %d (PID %d) for port %d' % (1, 97, 6009),
], self.logger.get_lines_for_level('notice'))
self.logger._clear()
# Check log_sock_exit
self.strategy.log_sock_exit(self.s2, 2)
self.assertEqual([
'Child %d (PID %d, port %d) exiting normally' % (
2, os.getpid(), 6007),
], self.logger.get_lines_for_level('notice'))
# It's ok to register_worker_exit for a PID that's already had its
# socket closed due to orphaning.
# This is one of the workers for port 6006 that already got reaped.
Replace assertEqual(None, *) with assertIsNone in tests As swift no longer supports Python 2.6, replace assertEqual(None, *) with assertIsNone in tests to have more clear messages in case of failure. Change-Id: I94af3e8156ef40465d4f7a2cb79fb99fc7bbda56 Closes-Bug: #1280522
2016-02-16 23:44:27 +08:00
self.assertIsNone(self.strategy.register_worker_exit(89))
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
def test_post_fork_hook(self):
self.strategy.post_fork_hook()
self.assertEqual([
mock.call('bob', call_setsid=False),
], self.mock_drop_privileges.mock_calls)
def test_shutdown_sockets(self):
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
with mock.patch('swift.common.wsgi.greenio') as mock_greenio:
self.strategy.shutdown_sockets()
self.assertEqual([
mock.call.shutdown_safe(self.s1),
mock.call.shutdown_safe(self.s2),
], mock_greenio.mock_calls)
self.assertEqual([
mock.call.close(),
], self.s1.mock_calls)
self.assertEqual([
mock.call.close(),
], self.s2.mock_calls)
class TestWorkersStrategy(unittest.TestCase):
def setUp(self):
self.logger = FakeLogger()
self.conf = {
'workers': 2,
'user': 'bob',
}
self.strategy = wsgi.WorkersStrategy(self.conf, self.logger)
patcher = mock.patch('swift.common.wsgi.get_socket',
return_value='abc')
self.mock_get_socket = patcher.start()
self.addCleanup(patcher.stop)
patcher = mock.patch('swift.common.wsgi.drop_privileges')
self.mock_drop_privileges = patcher.start()
self.addCleanup(patcher.stop)
def test_loop_timeout(self):
Fix regression in WSGI server SIGHUP behavior The SIGHUP receipt used to pop us out of an os.wait() where now, it's in a "green" wait() and Timeout() combo, some part of which eats the signal receipt. This causes the while loop condition to never get checked and SIGHUP no longer works as a server reload command. The fix is to loop at least every 0.5 seconds, as a trade-off between not busy-waiting and checking the "keep running" condition often enough to feel responsive. Change-Id: I95283b8b7cfc2998ab5813e0ad3ca1fa231696c8 Closes-Bug: #1479972
2015-07-30 14:32:08 -07:00
# This strategy should sit in the green.os.wait() for a bit (to avoid
# busy-waiting) but not forever (so the keep-running flag actually
# gets checked).
self.assertEqual(0.5, self.strategy.loop_timeout())
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
def test_binding(self):
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.assertIsNone(self.strategy.do_bind_ports())
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.assertEqual('abc', self.strategy.sock)
self.assertEqual([
mock.call(self.conf),
], self.mock_get_socket.mock_calls)
self.assertEqual([
mock.call('bob'),
], self.mock_drop_privileges.mock_calls)
self.mock_get_socket.side_effect = wsgi.ConfigFilePortError()
self.assertEqual(
'bind_port wasn\'t properly set in the config file. '
'It must be explicitly set to a valid port number.',
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports())
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
def test_no_fork_sock(self):
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Replace assertEqual(None, *) with assertIsNone in tests As swift no longer supports Python 2.6, replace assertEqual(None, *) with assertIsNone in tests to have more clear messages in case of failure. Change-Id: I94af3e8156ef40465d4f7a2cb79fb99fc7bbda56 Closes-Bug: #1280522
2016-02-16 23:44:27 +08:00
self.assertIsNone(self.strategy.no_fork_sock())
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.conf['workers'] = 0
self.strategy = wsgi.WorkersStrategy(self.conf, self.logger)
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.assertEqual('abc', self.strategy.no_fork_sock())
def test_new_worker_socks(self):
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
pid = 88
sock_count = 0
for s, i in self.strategy.new_worker_socks():
self.assertEqual('abc', s)
Replace assertEqual(None, *) with assertIsNone in tests As swift no longer supports Python 2.6, replace assertEqual(None, *) with assertIsNone in tests to have more clear messages in case of failure. Change-Id: I94af3e8156ef40465d4f7a2cb79fb99fc7bbda56 Closes-Bug: #1280522
2016-02-16 23:44:27 +08:00
self.assertIsNone(i) # unused for this strategy
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.strategy.register_worker_start(s, 'unused', pid)
pid += 1
sock_count += 1
Refactoring, test infrastructure changes and cleanup ...in preparation for the container sharding feature. Co-Authored-By: Matthew Oliver <matt@oliver.net.au> Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Change-Id: I4455677abb114a645cff93cd41b394d227e805de
2018-05-01 15:12:05 +01:00
mypid = os.getpid()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.assertEqual([
Refactoring, test infrastructure changes and cleanup ...in preparation for the container sharding feature. Co-Authored-By: Matthew Oliver <matt@oliver.net.au> Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Change-Id: I4455677abb114a645cff93cd41b394d227e805de
2018-05-01 15:12:05 +01:00
'Started child %s from parent %s' % (88, mypid),
'Started child %s from parent %s' % (89, mypid),
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
], self.logger.get_lines_for_level('notice'))
self.assertEqual(2, sock_count)
self.assertEqual([], list(self.strategy.new_worker_socks()))
sock_count = 0
self.strategy.register_worker_exit(88)
self.assertEqual([
Refactoring, test infrastructure changes and cleanup ...in preparation for the container sharding feature. Co-Authored-By: Matthew Oliver <matt@oliver.net.au> Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Change-Id: I4455677abb114a645cff93cd41b394d227e805de
2018-05-01 15:12:05 +01:00
'Removing dead child %s from parent %s' % (88, mypid)
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
], self.logger.get_lines_for_level('error'))
for s, i in self.strategy.new_worker_socks():
self.assertEqual('abc', s)
Replace assertEqual(None, *) with assertIsNone in tests As swift no longer supports Python 2.6, replace assertEqual(None, *) with assertIsNone in tests to have more clear messages in case of failure. Change-Id: I94af3e8156ef40465d4f7a2cb79fb99fc7bbda56 Closes-Bug: #1280522
2016-02-16 23:44:27 +08:00
self.assertIsNone(i) # unused for this strategy
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
self.strategy.register_worker_start(s, 'unused', pid)
pid += 1
sock_count += 1
self.assertEqual(1, sock_count)
self.assertEqual([
Refactoring, test infrastructure changes and cleanup ...in preparation for the container sharding feature. Co-Authored-By: Matthew Oliver <matt@oliver.net.au> Co-Authored-By: Tim Burke <tim.burke@gmail.com> Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Change-Id: I4455677abb114a645cff93cd41b394d227e805de
2018-05-01 15:12:05 +01:00
'Started child %s from parent %s' % (88, mypid),
'Started child %s from parent %s' % (89, mypid),
'Started child %s from parent %s' % (90, mypid),
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
], self.logger.get_lines_for_level('notice'))
def test_post_fork_hook(self):
# Just don't crash or do something stupid
Replace assertEqual(None, *) with assertIsNone in tests As swift no longer supports Python 2.6, replace assertEqual(None, *) with assertIsNone in tests to have more clear messages in case of failure. Change-Id: I94af3e8156ef40465d4f7a2cb79fb99fc7bbda56 Closes-Bug: #1280522
2016-02-16 23:44:27 +08:00
self.assertIsNone(self.strategy.post_fork_hook())
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
def test_shutdown_sockets(self):
self.mock_get_socket.return_value = mock.MagicMock()
Untangle ServersPerPortStrategy.bind_ports The "method" `bind_ports` only gets called once on startup - and *during it's execution* it gets mutated to a list inside `_reload_bind_ports` - afterwards all references are only to the attribute `bind_ports`. It 100% works, but at first glance seems dubious. Renaming the method do_bind_ports seems more obvious. Change-Id: Ic01621e478f1140644e26ba41715d93963a00945
2017-06-09 15:29:21 -07:00
self.strategy.do_bind_ports()
Allow 1+ object-servers-per-disk deployment Enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configs. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required), binds to all ports as defined in the ring, and forks off the specified number of workers per listen socket. The child, per-port servers drop privileges and behave pretty much how object-server workers always have, except that because the ring has unique ports per disk, the object-servers will only be handling requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket), starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is found to no longer be in the ring. The ring files are stat'ed at most every "ring_check_interval" seconds, as configured in the object-server config (same default of 15s). Immediately stopping all swift-object-worker processes still works by sending the parent a SIGTERM. Likewise, a SIGHUP to the parent process still causes the parent process to close all listen sockets and exit, allowing existing children to finish serving their existing requests. The drop_privileges helper function now has an optional param to suppress the setsid() call, which otherwise screws up the child workers' process management. The class method RingData.load() can be told to only load the ring metadata (i.e. everything except replica2part2dev_id) with the optional kwarg, header_only=True. This is used to keep the parent and all forked off workers from unnecessarily having full copies of all storage policy rings in memory. A new helper class, swift.common.storage_policy.BindPortsCache, provides a method to return a set of all device ports in all rings for the server on which it is instantiated (identified by its set of IP addresses). The BindPortsCache instance will track mtimes of ring files, so they are not opened more frequently than necessary. This patch includes enhancements to the probe tests and object-replicator/object-reconstructor config plumbing to allow the probe tests to work correctly both in the "normal" config (same IP but unique ports for each SAIO "server") and a server-per-port setup where each SAIO "server" must have a unique IP address and unique port per disk within each "server". The main probe tests only work with 4 servers and 4 disks, but you can see the difference in the rings for the EC probe tests where there are 2 disks per server for a total of 8 disks. Specifically, swift.common.ring.utils.is_local_device() will ignore the ports when the "my_port" argument is None. Then, object-replicator and object-reconstructor both set self.bind_port to None if server_per_port is enabled. Bonus improvement for IPv6 addresses in is_local_device(). This PR for vagrant-swift-all-in-one will aid in testing this patch: https://github.com/swiftstack/vagrant-swift-all-in-one/pull/16/ Also allow SAIO to answer is_local_device() better; common SAIO setups have multiple "servers" all on the same host with different ports for the different "servers" (which happen to match the IPs specified in the rings for the devices on each of those "servers"). However, you can configure the SAIO to have different localhost IP addresses (e.g. 127.0.0.1, 127.0.0.2, etc.) in the ring and in the servers' config files' bind_ip setting. This new whataremyips() implementation combined with a little plumbing allows is_local_device() to accurately answer, even on an SAIO. In the default case (an unspecified bind_ip defaults to '0.0.0.0') as well as an explict "bind to everything" like '0.0.0.0' or '::', whataremyips() behaves as it always has, returning all IP addresses for the server. Also updated probe tests to handle each "server" in the SAIO having a unique IP address. For some (noisy) benchmarks that show servers_per_port=X is at least as good as the same number of "normal" workers: https://gist.github.com/dbishop/c214f89ca708a6b1624a#file-summary-md Benchmarks showing the benefits of I/O isolation with a small number of slow disks: https://gist.github.com/dbishop/fd0ab067babdecfb07ca#file-results-md If you were wondering what the overhead of threads_per_disk looks like: https://gist.github.com/dbishop/1d14755fedc86a161718#file-tabular_results-md DocImpact Change-Id: I2239a4000b41a7e7cc53465ce794af49d44796c6
2015-05-14 22:14:15 -07:00
with mock.patch('swift.common.wsgi.greenio') as mock_greenio:
self.strategy.shutdown_sockets()
self.assertEqual([
mock.call.shutdown_safe(self.mock_get_socket.return_value),
], mock_greenio.mock_calls)
self.assertEqual([
mock.call.close(),
], self.mock_get_socket.return_value.mock_calls)
def test_log_sock_exit(self):
self.strategy.log_sock_exit('blahblah', 'blahblah')
my_pid = os.getpid()
self.assertEqual([
'Child %d exiting normally' % my_pid,
], self.logger.get_lines_for_level('notice'))
Fix for subtle bug from 5c8f9c52e3f2944f01cea621326532e058a225f7 Change-Id: If2bd1d4a850936b2e575a96073c116a8b9522602
2012-12-21 19:24:16 +00:00
class TestWSGIContext(unittest.TestCase):
def test_app_call(self):
statuses = ['200 Ok', '404 Not Found']
def app(env, start_response):
start_response(statuses.pop(0), [('Content-Length', '3')])
yield 'Ok\n'
wc = wsgi.WSGIContext(app)
r = Request.blank('/')
it = wc._app_call(r.environ)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(wc._response_status, '200 Ok')
self.assertEqual(''.join(it), 'Ok\n')
Fix for subtle bug from 5c8f9c52e3f2944f01cea621326532e058a225f7 Change-Id: If2bd1d4a850936b2e575a96073c116a8b9522602
2012-12-21 19:24:16 +00:00
r = Request.blank('/')
it = wc._app_call(r.environ)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(wc._response_status, '404 Not Found')
self.assertEqual(''.join(it), 'Ok\n')
Fix for subtle bug from 5c8f9c52e3f2944f01cea621326532e058a225f7 Change-Id: If2bd1d4a850936b2e575a96073c116a8b9522602
2012-12-21 19:24:16 +00:00
Preserve closeability of app iterables PEP 333 (WSGI) says that if your iterable has a close() method, the framework must call it. WSGIContext._app_call pulls the first chunk off the returned iterable to make sure that it gets status and headers, and then it would itertools.chain() that first chunk back onto the iterable so the whole body went out. swob.Response.call_application() does it too. The problem is that an itertools.chain object doesn't have a close() method, so your iterable's fancy-pants close() method has no chance of getting called. This patch adds a slightly smarter CloseableChain that works like itertools.chain, but has a close() method that calls the underlying iterables' close() methods, if any. Change-Id: If975c93f53c27dfa0c2f52f4bbf599af25202f70
2013-12-03 14:49:57 -08:00
def test_app_iter_is_closable(self):
def app(env, start_response):
Wait for a non-empty chunk in WSGIContext._app_call We're functioning as a WSGI server here, so this bit from PEP-3333 seems to apply: > The start_response callable must not actually transmit the response > headers. Instead, it must store them for the server or gateway to > transmit only after the first iteration of the application return > value that yields a non-empty bytestrin ... . In other words, response > headers must not be sent until there is actual body data available, or > until the application's returned iterable is exhausted. Plus, it mirrors what swob.Request.call_application does. Change-Id: I1e8501f8ce91ea912780db64fee1c56bef809a98
2016-08-12 05:46:33 +00:00
yield ''
yield ''
Preserve closeability of app iterables PEP 333 (WSGI) says that if your iterable has a close() method, the framework must call it. WSGIContext._app_call pulls the first chunk off the returned iterable to make sure that it gets status and headers, and then it would itertools.chain() that first chunk back onto the iterable so the whole body went out. swob.Response.call_application() does it too. The problem is that an itertools.chain object doesn't have a close() method, so your iterable's fancy-pants close() method has no chance of getting called. This patch adds a slightly smarter CloseableChain that works like itertools.chain, but has a close() method that calls the underlying iterables' close() methods, if any. Change-Id: If975c93f53c27dfa0c2f52f4bbf599af25202f70
2013-12-03 14:49:57 -08:00
start_response('200 OK', [('Content-Length', '25')])
yield 'aaaaa'
yield 'bbbbb'
yield 'ccccc'
yield 'ddddd'
yield 'eeeee'
wc = wsgi.WSGIContext(app)
r = Request.blank('/')
iterable = wc._app_call(r.environ)
pep8 fix: assertEquals -> assertEqual assertEquals is deprecated in py3, replacing it. Change-Id: Ida206abbb13c320095bb9e3b25a2b66cc31bfba8 Co-Authored-By: Ondřej Nový <ondrej.novy@firma.seznam.cz>
2015-08-05 23:58:14 +05:30
self.assertEqual(wc._response_status, '200 OK')
Preserve closeability of app iterables PEP 333 (WSGI) says that if your iterable has a close() method, the framework must call it. WSGIContext._app_call pulls the first chunk off the returned iterable to make sure that it gets status and headers, and then it would itertools.chain() that first chunk back onto the iterable so the whole body went out. swob.Response.call_application() does it too. The problem is that an itertools.chain object doesn't have a close() method, so your iterable's fancy-pants close() method has no chance of getting called. This patch adds a slightly smarter CloseableChain that works like itertools.chain, but has a close() method that calls the underlying iterables' close() methods, if any. Change-Id: If975c93f53c27dfa0c2f52f4bbf599af25202f70
2013-12-03 14:49:57 -08:00
iterator = iter(iterable)
Replace it.next() with next(it) for py3 compat The Python 2 next() method of iterators was renamed to __next__() on Python 3. Use the builtin next() function instead which works on Python 2 and Python 3. Change-Id: Ic948bc574b58f1d28c5c58e3985906dee17fa51d
2015-06-15 22:10:45 +05:30
self.assertEqual('aaaaa', next(iterator))
self.assertEqual('bbbbb', next(iterator))
Preserve closeability of app iterables PEP 333 (WSGI) says that if your iterable has a close() method, the framework must call it. WSGIContext._app_call pulls the first chunk off the returned iterable to make sure that it gets status and headers, and then it would itertools.chain() that first chunk back onto the iterable so the whole body went out. swob.Response.call_application() does it too. The problem is that an itertools.chain object doesn't have a close() method, so your iterable's fancy-pants close() method has no chance of getting called. This patch adds a slightly smarter CloseableChain that works like itertools.chain, but has a close() method that calls the underlying iterables' close() methods, if any. Change-Id: If975c93f53c27dfa0c2f52f4bbf599af25202f70
2013-12-03 14:49:57 -08:00
iterable.close()
py3: port common/wsgi.py Note that we're punting on configuring socket buffer sizes (for now) Change-Id: I285a9b521fd0af381a227e0e824bc391817547f4
2018-02-01 15:25:53 -08:00
with self.assertRaises(StopIteration):
next(iterator)
Preserve closeability of app iterables PEP 333 (WSGI) says that if your iterable has a close() method, the framework must call it. WSGIContext._app_call pulls the first chunk off the returned iterable to make sure that it gets status and headers, and then it would itertools.chain() that first chunk back onto the iterable so the whole body went out. swob.Response.call_application() does it too. The problem is that an itertools.chain object doesn't have a close() method, so your iterable's fancy-pants close() method has no chance of getting called. This patch adds a slightly smarter CloseableChain that works like itertools.chain, but has a close() method that calls the underlying iterables' close() methods, if any. Change-Id: If975c93f53c27dfa0c2f52f4bbf599af25202f70
2013-12-03 14:49:57 -08:00
refactor some common code from crypto This patch moves some code from the crypto files to a more common modules that will be used by symlinks Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Change-Id: I1758693c5dd428f9f2157966aac49d97c2c7ab12 Signed-off-by: Thiago da Silva <thiago@redhat.com>
2017-02-28 11:57:10 -05:00
def test_update_content_length(self):
statuses = ['200 Ok']
def app(env, start_response):
start_response(statuses.pop(0), [('Content-Length', '30')])
yield 'Ok\n'
wc = wsgi.WSGIContext(app)
r = Request.blank('/')
it = wc._app_call(r.environ)
wc.update_content_length(35)
self.assertEqual(wc._response_status, '200 Ok')
self.assertEqual(''.join(it), 'Ok\n')
self.assertEqual(wc._response_headers, [('Content-Length', '35')])
Fix for subtle bug from 5c8f9c52e3f2944f01cea621326532e058a225f7 Change-Id: If2bd1d4a850936b2e575a96073c116a8b9522602
2012-12-21 19:24:16 +00:00
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
class TestPipelineWrapper(unittest.TestCase):
def setUp(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = healthcheck catch_errors tempurl proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:tempurl]
paste.filter_factory = swift.common.middleware.tempurl:filter_factory
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
ctx = wsgi.loadcontext(loadwsgi.APP, conf_file, global_conf={})
self.pipe = wsgi.PipelineWrapper(ctx)
def _entry_point_names(self):
# Helper method to return a list of the entry point names for the
# filters in the pipeline.
return [c.entry_point_name for c in self.pipe.context.filter_contexts]
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
def test_startswith(self):
self.assertTrue(self.pipe.startswith("healthcheck"))
self.assertFalse(self.pipe.startswith("tempurl"))
def test_startswith_no_filters(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
ctx = wsgi.loadcontext(loadwsgi.APP, conf_file, global_conf={})
pipe = wsgi.PipelineWrapper(ctx)
self.assertTrue(pipe.startswith('proxy'))
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
def test_insert_filter(self):
original_modules = ['healthcheck', 'catch_errors', None]
self.assertEqual(self._entry_point_names(), original_modules)
self.pipe.insert_filter(self.pipe.create_filter('catch_errors'))
expected_modules = ['catch_errors', 'healthcheck',
'catch_errors', None]
self.assertEqual(self._entry_point_names(), expected_modules)
def test_str(self):
self.assertEqual(
str(self.pipe),
Print pipeline names in the reported pipeline When current code modifies the pipeline, it prints the entry point names instead of the names used to construct the pipeline. This is inconvenient because a sysadmin cannot copy and paste from the log. We already save the pipeline name into contexts in most cases, so the fix simply reuses that to provide friendly names. Fixes bug: 1311802 Change-Id: Ic76baf1360cd521f140fa1980029ccbce58f1717
2014-05-09 19:10:08 -06:00
"healthcheck catch_errors tempurl proxy-server")
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
def test_str_unknown_filter(self):
Print pipeline names in the reported pipeline When current code modifies the pipeline, it prints the entry point names instead of the names used to construct the pipeline. This is inconvenient because a sysadmin cannot copy and paste from the log. We already save the pipeline name into contexts in most cases, so the fix simply reuses that to provide friendly names. Fixes bug: 1311802 Change-Id: Ic76baf1360cd521f140fa1980029ccbce58f1717
2014-05-09 19:10:08 -06:00
del self.pipe.context.filter_contexts[0].__dict__['name']
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
self.pipe.context.filter_contexts[0].object = 'mysterious'
self.assertEqual(
str(self.pipe),
Print pipeline names in the reported pipeline When current code modifies the pipeline, it prints the entry point names instead of the names used to construct the pipeline. This is inconvenient because a sysadmin cannot copy and paste from the log. We already save the pipeline name into contexts in most cases, so the fix simply reuses that to provide friendly names. Fixes bug: 1311802 Change-Id: Ic76baf1360cd521f140fa1980029ccbce58f1717
2014-05-09 19:10:08 -06:00
"<unknown> catch_errors tempurl proxy-server")
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
@patch_policies
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
@mock.patch('swift.common.utils.HASH_PATH_SUFFIX', new='endcap')
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
class TestPipelineModification(unittest.TestCase):
def pipeline_modules(self, app):
# This is rather brittle; it'll break if a middleware stores its app
# anywhere other than an attribute named "app", but it works for now.
pipe = []
Replace xrange() with six.moves.range() Patch generated by the xrange operation of the sixer tool: https://pypi.python.org/pypi/sixer Manual changes: * Fix indentation for pep8 checks * Fix TestGreenthreadSafeIterator.test_access_is_serialized of test.unit.common.test_utils: replace range(1, 11) with list(range(1, 11)) * Fix UnsafeXrange docstring, revert change Change-Id: Icb7e26135c5e57b5302b8bfe066b33cafe69fe4d
2015-05-25 18:28:02 +02:00
for _ in range(1000):
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
pipe.append(app.__class__.__module__)
if not hasattr(app, 'app'):
break
app = app.app
return pipe
def test_load_app(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = healthcheck proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
"""
def modify_func(app, pipe):
new = pipe.create_filter('catch_errors')
pipe.insert_filter(new)
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
with mock.patch(
'swift.proxy.server.Application.modify_wsgi_pipeline',
modify_func):
app = wsgi.loadapp(conf_file, global_conf={})
exp = swift.common.middleware.catch_errors.CatchErrorMiddleware
self.assertTrue(isinstance(app, exp), app)
exp = swift.common.middleware.healthcheck.HealthCheckMiddleware
self.assertTrue(isinstance(app.app, exp), app.app)
exp = swift.proxy.server.Application
self.assertTrue(isinstance(app.app.app, exp), app.app.app)
Don't lard up InternalClient with extra middleware One can argue that it makes sense for the client-facing proxy server to have certain middlewares like gatekeeper in its pipeline, but that is not desirable for InternalClient. In particular, it prevents you from passing in sysmeta headers using InternalClient, and I found myself wanting to do that earlier today. Now InternalClient's proxy application gets exactly what's configured; no more, no less. This will mean that the object expirer can read and write sysmeta headers, but I think we can trust it to keep our secrets. Change-Id: I17b4a89c24e600754701ee1645b40406421fa6f3
2014-02-27 18:30:15 -08:00
# make sure you can turn off the pipeline modification if you want
def blow_up(*_, **__):
raise self.fail("needs more struts")
with mock.patch(
'swift.proxy.server.Application.modify_wsgi_pipeline',
blow_up):
app = wsgi.loadapp(conf_file, global_conf={},
allow_modify_pipeline=False)
# the pipeline was untouched
exp = swift.common.middleware.healthcheck.HealthCheckMiddleware
self.assertTrue(isinstance(app, exp), app)
exp = swift.proxy.server.Application
self.assertTrue(isinstance(app.app, exp), app.app)
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
def test_proxy_unmodified_wsgi_pipeline(self):
# Make sure things are sane even when we modify nothing
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
pipeline = catch_errors gatekeeper proxy-server
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:catch_errors]
use = egg:swift#catch_errors
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
[filter:gatekeeper]
use = egg:swift#gatekeeper
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
app = wsgi.loadapp(conf_file, global_conf={})
self.assertEqual(self.pipeline_modules(app),
['swift.common.middleware.catch_errors',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.gatekeeper',
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
'swift.common.middleware.listing_formats',
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
'swift.common.middleware.copy',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.dlo',
versioned writes middleware Rewrite object versioning as middleware to simplify the PUT method in the object controller. The functionality remains basically the same with the only major difference being the ability to now version slo manifest files. dlo manifests are still not supported as part of this patch. Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> DocImpact Change-Id: Ie899290b3312e201979eafefb253d1a60b65b837 Signed-off-by: Thiago da Silva <thiago@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com>
2014-11-09 13:13:27 -05:00
'swift.common.middleware.versioned_writes',
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
'swift.proxy.server'])
def test_proxy_modify_wsgi_pipeline(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = healthcheck proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:healthcheck]
use = egg:swift#healthcheck
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
app = wsgi.loadapp(conf_file, global_conf={})
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
self.assertEqual(self.pipeline_modules(app),
['swift.common.middleware.catch_errors',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.gatekeeper',
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
'swift.common.middleware.listing_formats',
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
'swift.common.middleware.copy',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.dlo',
versioned writes middleware Rewrite object versioning as middleware to simplify the PUT method in the object controller. The functionality remains basically the same with the only major difference being the ability to now version slo manifest files. dlo manifests are still not supported as part of this patch. Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> DocImpact Change-Id: Ie899290b3312e201979eafefb253d1a60b65b837 Signed-off-by: Thiago da Silva <thiago@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com>
2014-11-09 13:13:27 -05:00
'swift.common.middleware.versioned_writes',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.healthcheck',
'swift.proxy.server'])
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
Add pipeline modification test for previously-recommended pipelines This includes every pipeline from etc/proxy-server.conf-sample since we switched from swauth to tempauth in 1.4.1. As much as anything, I view this as a canary for auto-insertion changes, so we can (somewhat easily) see where new middlewares will be placed when upgrading from old swifts. Change-Id: I117937ab6ce28f3bc219e809f07b563c45fc486f Related-Change: I88678fddc7a25b0f065b33eb26047321d0db4d38
2018-01-09 23:53:56 +00:00
def test_proxy_modify_wsgi_pipeline_recommended_pipelines(self):
to_test = [
# Version, filter-only pipeline, expected final pipeline
('1.4.1',
'catch_errors healthcheck cache ratelimit tempauth',
'catch_errors gatekeeper healthcheck memcache'
' listing_formats ratelimit tempauth copy dlo versioned_writes'),
('1.5.0',
'catch_errors healthcheck cache ratelimit tempauth proxy-logging',
'catch_errors gatekeeper healthcheck memcache ratelimit tempauth'
' proxy_logging listing_formats copy dlo versioned_writes'),
('1.8.0',
'catch_errors healthcheck proxy-logging cache slo ratelimit'
' tempauth container-quotas account-quotas proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats slo ratelimit tempauth copy dlo'
' versioned_writes container_quotas account_quotas'
' proxy_logging'),
('1.9.1',
'catch_errors healthcheck proxy-logging cache bulk slo ratelimit'
' tempauth container-quotas account-quotas proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats bulk slo ratelimit tempauth copy dlo'
' versioned_writes container_quotas account_quotas'
' proxy_logging'),
('1.12.0',
'catch_errors gatekeeper healthcheck proxy-logging cache'
' container_sync bulk slo ratelimit tempauth container-quotas'
' account-quotas proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats container_sync bulk slo ratelimit tempauth'
' copy dlo versioned_writes container_quotas account_quotas'
' proxy_logging'),
('1.13.0',
'catch_errors gatekeeper healthcheck proxy-logging cache'
' container_sync bulk slo dlo ratelimit tempauth'
' container-quotas account-quotas proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats container_sync bulk slo dlo ratelimit'
' tempauth copy versioned_writes container_quotas account_quotas'
' proxy_logging'),
('1.13.1',
'catch_errors gatekeeper healthcheck proxy-logging cache'
' container_sync bulk tempurl slo dlo ratelimit tempauth'
' container-quotas account-quotas proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats container_sync bulk tempurl slo dlo ratelimit'
' tempauth copy versioned_writes container_quotas account_quotas'
' proxy_logging'),
('2.0.0',
'catch_errors gatekeeper healthcheck proxy-logging cache'
' container_sync bulk tempurl ratelimit tempauth container-quotas'
' account-quotas slo dlo proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats container_sync bulk tempurl ratelimit tempauth'
' copy container_quotas account_quotas slo dlo versioned_writes'
' proxy_logging'),
('2.4.0',
'catch_errors gatekeeper healthcheck proxy-logging cache'
' container_sync bulk tempurl ratelimit tempauth container-quotas'
' account-quotas slo dlo versioned_writes proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats container_sync bulk tempurl ratelimit tempauth'
' copy container_quotas account_quotas slo dlo versioned_writes'
' proxy_logging'),
('2.8.0',
'catch_errors gatekeeper healthcheck proxy-logging cache'
' container_sync bulk tempurl ratelimit tempauth copy'
' container-quotas account-quotas slo dlo versioned_writes'
' proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats container_sync bulk tempurl ratelimit tempauth'
' copy container_quotas account_quotas slo dlo versioned_writes'
' proxy_logging'),
('2.16.0',
'catch_errors gatekeeper healthcheck proxy-logging cache'
' listing_formats container_sync bulk tempurl ratelimit'
' tempauth copy container-quotas account-quotas slo dlo'
' versioned_writes proxy-logging',
'catch_errors gatekeeper healthcheck proxy_logging memcache'
' listing_formats container_sync bulk tempurl ratelimit'
' tempauth copy container_quotas account_quotas slo dlo'
' versioned_writes proxy_logging'),
]
config = """
[DEFAULT]
swift_dir = %s
[pipeline:main]
pipeline = %s proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:cache]
use = egg:swift#memcache
[filter:listing_formats]
use = egg:swift#listing_formats
[filter:container_sync]
use = egg:swift#container_sync
[filter:bulk]
use = egg:swift#bulk
[filter:tempurl]
use = egg:swift#tempurl
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:tempauth]
use = egg:swift#tempauth
[filter:copy]
use = egg:swift#copy
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:versioned_writes]
use = egg:swift#versioned_writes
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
_fake_rings(t)
for version, pipeline, expected in to_test:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents % (t, pipeline))
app = wsgi.loadapp(conf_file, global_conf={})
actual = ' '.join(m.rsplit('.', 1)[1]
for m in self.pipeline_modules(app)[:-1])
self.assertEqual(
expected, actual,
'Pipeline mismatch for version %s: got\n %s\n'
'but expected\n %s' % (version, actual, expected))
Insert versioned_writes in correct pipeline position If not explicitly configured the versioned_writes middleware should be auto-inserted in the pipeline after slo and dlo, which is where the versioned_writes filter section's comments say it should be in proxy-server.conf-sample. At the moment it can end up being placed ahead of slo and dlo if they have been explicitly configured, which results in the linked bug manifesting. Closes-Bug: #1537042 Change-Id: I6ac95a331f4ef0d4887311940acc6f8bc00fb4eb
2016-01-27 13:50:57 +00:00
def test_proxy_modify_wsgi_pipeline_inserts_versioned_writes(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = slo dlo healthcheck proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:dlo]
use = egg:swift#dlo
[filter:slo]
use = egg:swift#slo
"""
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
app = wsgi.loadapp(conf_file, global_conf={})
self.assertEqual(self.pipeline_modules(app),
['swift.common.middleware.catch_errors',
'swift.common.middleware.gatekeeper',
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
'swift.common.middleware.listing_formats',
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
'swift.common.middleware.copy',
Insert versioned_writes in correct pipeline position If not explicitly configured the versioned_writes middleware should be auto-inserted in the pipeline after slo and dlo, which is where the versioned_writes filter section's comments say it should be in proxy-server.conf-sample. At the moment it can end up being placed ahead of slo and dlo if they have been explicitly configured, which results in the linked bug manifesting. Closes-Bug: #1537042 Change-Id: I6ac95a331f4ef0d4887311940acc6f8bc00fb4eb
2016-01-27 13:50:57 +00:00
'swift.common.middleware.slo',
'swift.common.middleware.dlo',
'swift.common.middleware.versioned_writes',
'swift.common.middleware.healthcheck',
'swift.proxy.server'])
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
def test_proxy_modify_wsgi_pipeline_ordering(self):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = healthcheck proxy-logging bulk tempurl proxy-server
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:tempurl]
use = egg:swift#tempurl
"""
new_req_filters = [
# not in pipeline, no afters
{'name': 'catch_errors'},
# already in pipeline
{'name': 'proxy_logging',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'after_fn': lambda _: ['catch_errors']},
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
# not in pipeline, comes after more than one thing
{'name': 'container_quotas',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'after_fn': lambda _: ['catch_errors', 'bulk']}]
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
with mock.patch.object(swift.proxy.server, 'required_filters',
new_req_filters):
app = wsgi.loadapp(conf_file, global_conf={})
self.assertEqual(self.pipeline_modules(app), [
'swift.common.middleware.catch_errors',
'swift.common.middleware.healthcheck',
'swift.common.middleware.proxy_logging',
'swift.common.middleware.bulk',
'swift.common.middleware.container_quotas',
'swift.common.middleware.tempurl',
'swift.proxy.server'])
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
def _proxy_modify_wsgi_pipeline(self, pipe):
config = """
[DEFAULT]
swift_dir = TEMPDIR
[pipeline:main]
pipeline = %s
[app:proxy-server]
use = egg:swift#proxy
conn_timeout = 0.2
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:gatekeeper]
use = egg:swift#gatekeeper
"""
config = config % (pipe,)
contents = dedent(config)
with temptree(['proxy-server.conf']) as t:
conf_file = os.path.join(t, 'proxy-server.conf')
with open(conf_file, 'w') as f:
f.write(contents.replace('TEMPDIR', t))
_fake_rings(t)
app = wsgi.loadapp(conf_file, global_conf={})
return app
def test_gatekeeper_insertion_catch_errors_configured_at_start(self):
# catch_errors is configured at start, gatekeeper is not configured,
# so gatekeeper should be inserted just after catch_errors
pipe = 'catch_errors healthcheck proxy-server'
app = self._proxy_modify_wsgi_pipeline(pipe)
self.assertEqual(self.pipeline_modules(app), [
'swift.common.middleware.catch_errors',
'swift.common.middleware.gatekeeper',
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
'swift.common.middleware.listing_formats',
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
'swift.common.middleware.copy',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.dlo',
versioned writes middleware Rewrite object versioning as middleware to simplify the PUT method in the object controller. The functionality remains basically the same with the only major difference being the ability to now version slo manifest files. dlo manifests are still not supported as part of this patch. Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> DocImpact Change-Id: Ie899290b3312e201979eafefb253d1a60b65b837 Signed-off-by: Thiago da Silva <thiago@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com>
2014-11-09 13:13:27 -05:00
'swift.common.middleware.versioned_writes',
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
'swift.common.middleware.healthcheck',
'swift.proxy.server'])
def test_gatekeeper_insertion_catch_errors_configured_not_at_start(self):
# catch_errors is configured, gatekeeper is not configured, so
# gatekeeper should be inserted at start of pipeline
pipe = 'healthcheck catch_errors proxy-server'
app = self._proxy_modify_wsgi_pipeline(pipe)
self.assertEqual(self.pipeline_modules(app), [
'swift.common.middleware.gatekeeper',
'swift.common.middleware.healthcheck',
'swift.common.middleware.catch_errors',
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
'swift.common.middleware.listing_formats',
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
'swift.common.middleware.copy',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.dlo',
versioned writes middleware Rewrite object versioning as middleware to simplify the PUT method in the object controller. The functionality remains basically the same with the only major difference being the ability to now version slo manifest files. dlo manifests are still not supported as part of this patch. Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> DocImpact Change-Id: Ie899290b3312e201979eafefb253d1a60b65b837 Signed-off-by: Thiago da Silva <thiago@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com>
2014-11-09 13:13:27 -05:00
'swift.common.middleware.versioned_writes',
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
'swift.proxy.server'])
def test_catch_errors_gatekeeper_configured_not_at_start(self):
# catch_errors is configured, gatekeeper is configured, so
# no change should be made to pipeline
pipe = 'healthcheck catch_errors gatekeeper proxy-server'
app = self._proxy_modify_wsgi_pipeline(pipe)
self.assertEqual(self.pipeline_modules(app), [
'swift.common.middleware.healthcheck',
'swift.common.middleware.catch_errors',
'swift.common.middleware.gatekeeper',
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
'swift.common.middleware.listing_formats',
Refactor server side copy as middleware Rewrite server side copy and 'object post as copy' feature as middleware to simplify the PUT method in the object controller code. COPY is no longer a verb implemented as public method in Proxy application. The server side copy middleware is inserted to the left of dlo, slo and versioned_writes middlewares in the proxy server pipeline. As a result, dlo and slo copy_hooks are no longer required. SLO manifests are now validated when copied so when copying a manifest to another account the referenced segments must be readable in that account for the manifest copy to succeed (previously this validation was not made, meaning the manifest was copied but could be unusable if the segments were not readable). With this change, there should be no change in functionality or existing behavior. This is asserted with (almost) no changes required to existing functional tests. Some notes (for operators): * Middleware required to be auto-inserted before slo and dlo and versioned_writes * Turning off server side copy is not configurable. * object_post_as_copy is no longer a configurable option of proxy server but of this middleware. However, for smooth upgrade, config option set in proxy server app is also read. DocImpact: Introducing server side copy as middleware Co-Authored-By: Alistair Coles <alistair.coles@hpe.com> Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: Ic96a92e938589a2f6add35a40741fd062f1c29eb Signed-off-by: Prashanth Pai <ppai@redhat.com> Signed-off-by: Thiago da Silva <thiago@redhat.com>
2015-02-18 11:59:31 +05:30
'swift.common.middleware.copy',
Move all DLO functionality to middleware This is for the same reason that SLO got pulled into middleware, which includes stuff like automatic retry of GETs on broken connection and the multi-ring storage policy stuff. The proxy will automatically insert the dlo middleware at an appropriate place in the pipeline the same way it does with the gatekeeper middleware. Clusters will still support DLOs after upgrade even with an old config file that doesn't mention dlo at all. Includes support for reading config values from the proxy server's config section so that upgraded clusters continue to work as before. Bonus fix: resolve 'after' vs. 'after_fn' in proxy's required filters list. Having two was confusing, so I kept the more-general one. DocImpact blueprint multi-ring-large-objects Change-Id: Ib3b3830c246816dd549fc74be98b4bc651e7bace
2013-11-21 17:31:16 -08:00
'swift.common.middleware.dlo',
versioned writes middleware Rewrite object versioning as middleware to simplify the PUT method in the object controller. The functionality remains basically the same with the only major difference being the ability to now version slo manifest files. dlo manifests are still not supported as part of this patch. Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> DocImpact Change-Id: Ie899290b3312e201979eafefb253d1a60b65b837 Signed-off-by: Thiago da Silva <thiago@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com>
2014-11-09 13:13:27 -05:00
'swift.common.middleware.versioned_writes',
Generic means for persisting system metadata. Middleware or core features may need to store metadata against accounts or containers. This patch adds a generic mechanism for system metadata to be persisted in backend databases, without polluting the user metadata namespace, by using the reserved header namespace x-<server_type>-sysmeta-*. Modifications are firstly that backend servers persist system metadata headers alongside user metadata and other system state. For accounts and containers, system metadata in PUT and POST requests is treated in a similar way to user metadata. System metadata is not yet supported for object requests. Secondly, changes in the proxy controllers ensure that headers in the system metadata namespace will pass through in requests to backend servers. Thirdly, system metadata returned from backend servers in GET or HEAD responses is added to the cached info dict, which middleware can access. Finally, a gatekeeper middleware module is provided which filters all system metadata headers from requests and responses by removing headers with names starting x-account-sysmeta-, x-container-sysmeta-. The gatekeeper also removes headers starting x-object-sysmeta- in anticipation of future support for system metadata being set for objects. This prevents clients from writing or reading system metadata. The required_filters list in swift/proxy/server.py is modified to include the gatekeeper middleware so that if the gatekeeper has not been configured in the pipeline then it will be automatically inserted close to the start of the pipeline. blueprint cluster-federation Change-Id: I80b8b14243cc59505f8c584920f8f527646b5f45
2013-12-03 22:02:39 +00:00
'swift.proxy.server'])
Force catch_errors into pipeline This commit adds a hook for WSGI applications (e.g. proxy.server.Application) to modify their WSGI pipelines. This is currently used by the proxy server to ensure that catch_errors is present; if it is missing, it is inserted as the first middleware in the pipeline. This lets us write new, mandatory middlewares for Swift without breaking existing deployments on upgrade. Change-Id: Ibed0f2edb6f80c25be182b3d4544e6a67c5050ad
2013-12-13 13:11:01 -08:00
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
@with_tempdir
def test_loadapp_proxy(self, tempdir):
conf_path = os.path.join(tempdir, 'proxy-server.conf')
conf_body = """
[DEFAULT]
swift_dir = %s
[pipeline:main]
pipeline = catch_errors cache proxy-server
[app:proxy-server]
use = egg:swift#proxy
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
""" % tempdir
with open(conf_path, 'w') as f:
f.write(dedent(conf_body))
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
_fake_rings(tempdir)
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
account_ring_path = os.path.join(tempdir, 'account.ring.gz')
container_ring_path = os.path.join(tempdir, 'container.ring.gz')
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
object_ring_paths = {}
for policy in POLICIES:
object_ring_paths[int(policy)] = os.path.join(
tempdir, policy.ring_name + '.ring.gz')
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
app = wsgi.loadapp(conf_path)
Move listing formatting out to proxy middleware Make some json -> (text, xml) stuff in a common module, reference that in account/container servers so we don't break existing clients (including out-of-date proxies), but have the proxy controllers always force a json listing. This simplifies operations on listings (such as the ones already happening in decrypter, or the ones planned for symlink and sharding) by only needing to consider a single response type. There is a downside of larger backend requests for text/plain listings, but it seems like a net win? Change-Id: Id3ce37aa0402e2d8dd5784ce329d7cb4fbaf700d
2017-03-23 18:26:21 -07:00
proxy_app = app.app.app.app.app.app.app.app
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
self.assertEqual(proxy_app.account_ring.serialized_path,
account_ring_path)
self.assertEqual(proxy_app.container_ring.serialized_path,
container_ring_path)
Fix issues with test_wsgi.py and Storage Policies Discovered some tests that were coupling the code under test with the storage policies configured in /etc/swift/swift.conf. There was some tests that created fake rings in their tempdirs, but didn't reset or patch the POLICIES global. So if your local config needed more rings that the fake's were setting up (just 2) the tests would puke when they loaded up an app that looked for rings. I think this probably started happening when we added eager object ring loading back into the proxy. * two TestCases in test_wsgi were missing @patch_policies * fixed issue with patch_policies that could cause state to bleed between tests * patch_policies' legacy and default collections get a FakeRing by default * drive-by cleanup for test_loadapp_proxy() ring serialized path handling * drive-by cleanup for test_internal_client that was doing basically the same thing as test_wsgi Change-Id: Ia706000ba961ed24f2c22b81041e53a0c3f302fc
2014-06-23 16:01:02 -07:00
for policy_index, expected_path in object_ring_paths.items():
object_ring = proxy_app.get_object_ring(policy_index)
self.assertEqual(expected_path, object_ring.serialized_path)
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
@with_tempdir
def test_loadapp_storage(self, tempdir):
expectations = {
'object': obj_server.ObjectController,
'container': container_server.ContainerController,
'account': account_server.AccountController,
}
for server_type, controller in expectations.items():
conf_path = os.path.join(
tempdir, '%s-server.conf' % server_type)
conf_body = """
[DEFAULT]
swift_dir = %s
[app:main]
use = egg:swift#%s
""" % (tempdir, server_type)
with open(conf_path, 'w') as f:
f.write(dedent(conf_body))
app = wsgi.loadapp(conf_path)
self.assertTrue(isinstance(app, controller))
def test_pipeline_property(self):
depth = 3
class FakeApp(object):
pass
class AppFilter(object):
def __init__(self, app):
self.app = app
# make a pipeline
app = FakeApp()
filtered_app = app
for i in range(depth):
filtered_app = AppFilter(filtered_app)
# AttributeError if no apps in the pipeline have attribute
wsgi._add_pipeline_properties(filtered_app, 'foo')
self.assertRaises(AttributeError, getattr, filtered_app, 'foo')
# set the attribute
unit tests: Replace "self.assert_" by "self.assertTrue" The assert_() method is deprecated and can be safely replaced by assertTrue(). This patch makes sure that running the tests does not create undesired warnings. Change-Id: I0602ba39ef93263386644ee68088d5f65fcb4a71
2015-07-21 19:23:00 +05:30
self.assertTrue(isinstance(app, FakeApp))
Extend interface on InternalClient * add get_object * allow extra headers passthrough on HEAD/metadata reqeusts * expose (account|container|get_object)_ring properties Pipeline propety access to the auto_create_account_prefix also allows us to bypass the early exit on a container HEAD for auto_create_accounts if the container-updater hasn't cycled yet. Allow overriding of storage policy index. This is something the reconciler will need so that it can GET from one policy, PUT in another, and then DELETE from the first one again. DocImpact Implements: blueprint storage-policies Change-Id: I9b287d15f2426022d669d1186c9e22dd8ca13fb9
2014-04-16 17:16:57 -07:00
app.foo = 'bar'
self.assertEqual(filtered_app.foo, 'bar')
# attribute is cached
app.foo = 'baz'
self.assertEqual(filtered_app.foo, 'bar')
Initial commit of Swift code
2010-07-12 17:03:45 -05:00
if __name__ == '__main__':
unittest.main()
Copy Permalink