GitLab

We can avoid most of the Mainloop.Run() code if we use asyncore
for delivering I/O events, and just concentrate on what's missing in
asyncore: singnal handling and timers. This way confd can be ported to
use Mainloop as well.
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Currently the http library only checks credentials when authentication
is required. This means that any credentials are accepted on the root
resource, for example, which makes problems hard to diagnose - the
user/pw works for all queries, until one tries to do a modification at
which point fails.

This patch changes the PreHandleRequest() function to not ignore
credentials when passed, even if we don't require authentication. This
makes the behavior of RAPI more predictable.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Allow expressions longer than one character to match.

Reviewed-by: imsnah

99% of the epydoc return tags are "@return:", but each of the modified files
had one "@returns:" line. We fix this for consistency.

Reviewed-by: imsnah

This patch changes the format of the HTTP error messages from text/html, which
is hard to parse from RAPI clients, to JSON which can be automatically parsed.

The error message is an object, which contains always three keys:
  - code, an integer with the error code
  - message, a short description
  - explain, holding (if available) a description of the error

In order to implement this, there is a bit of change to the http server
and executor classes. I've tested and the error handling still works
(but less optimal, no error message) in case the error formatting itself
raises an exception.

Reviewed-by: imsnah

This changes the RAPI error codes for luxi errors; a timeout error is
now reported properly as 504, while any other luxi error is reported as
502.

It would be good to convert even more errors into proper return codes in
the future.

Reviewed-by: imsnah

For queries, we don't want to require authentication. We fix this by adding an
override GetAuthRealm in the rapi daemon.

We also fix a method name.

Reviewed-by: imsnah

This patch rewraps some comments to shorter lengths, changes
double-quotes to single-quotes inside triple-quoted docstrings for
better editor handling.

It also fixes some epydoc errors, namely invalid crossreferences (after
method rename), documentation for inexistent (removed) parameters, etc.

Reviewed-by: ultrotter

The source port/addr is currently logged three times for each
connection, and this is unnecessary. We change two log entries to debug,
since they are useful for precise timing, and we keep only one at INFO
level.

Reviewed-by: imsnah

Two bad indentation cases and a missing variable.

Reviewed-by: imsnah

Lines in the password file are of the following format:

  <username> <password> [options]

Fields are separated by whitespace. Username and password are
mandatory, options are optional and separated by comma (",").
Empty lines and comments ("#") are ignored.

Reviewed-by: amishchenko

Reviewed-by: amishchenko

As per RFC2617.

Reviewed-by: amishchenko

The authentication class will override PreHandleRequest.

Reviewed-by: amishchenko

They're cheap to instantiate and doing this changes makes the code
a bit simpler.

Reviewed-by: ultrotter

All other exceptions are named after the error name in RFC2616 (HTTP/1.1).

Reviewed-by: amishchenko

Reviewed-by: amishchenko

Reviewed-by: amishchenko

Reviewed-by: amishchenko

More complex unittests will need some refactoring in the HTTP code.

Reviewed-by: amishchenko

Reviewed-by: iustinp

Otherwise it would be done on the first read/write operation, making
error handling more difficult (such as EOF during handshake).

Reviewed-by: iustinp

Reviewed-by: iustinp

Also add a comment next to the place where the SSL connection is shut
down.

Reviewed-by: iustinp

Reviewed-by: amishchenko

Reviewed-by: amishchenko

It'll be queried from other classes.

Reviewed-by: iustinp

It's more appropriate.

Reviewed-by: iustinp

This patch should fix all outstanding epydoc parsing errors; as such, we
switch epydoc into verbose mode so that any new errors will be visible.

Reviewed-by: imsnah

Reviewed-by: iustinp

This is a leftover from old code.

Reviewed-by: iustinp

This solves a problem with many concurrent requests. By default, 1024
is the maximum backlog on Linux kernels. We limit the number of clients
through MAX_CHILDREN, too. The idea of just increasing the backlog is
taken from lighttpd.

Reviewed-by: amishchenko

The combination of the current buffer splitting method and (4KB) buffer
size is very inefficient when writing big amounts of data. Just walking
over a 16 megabyte string using a 4K buffer takes (on a random computer)
1m06s, whereas using slices will decrease this to 0.080s, and slicing
with 32 KB size decreases this to 0.073s.

This means that uploading a big config file (it nears 1MB for big
clusters) will take more and more time per the number of nodes, since it
needs lots of slicing.

I happened upon this by accidentally setting all nodes as master
candidates, at which point just uploading the config file to all nodes
took 40s. Applying the patch decreases this to 15s (this probably can
still be optimized).

The patch also removes a duplicate constant (the one actually used is in
http/client.py), and changes the receive buffer size to use the same
constant.

Reviewed-by: imsnah

Reviewed-by: amishchenko

Reviewed-by: amishchenko

This includes a large rewrite of the HTTP server code. The handling of
OpenSSL errors had some problems that were hard to fix with its
structure. When preparing all of this, I realized that actually HTTP
is a message protocol and that the same code can be used on both the
server and client side to parse requests/responses, with only a few
differences. There are still a few TODOs in the code, but none should
be a show stopper. Many pylint warnings have been fixed, too.

The old code will be removed once all users have been migrated.

Reviewed-by: amishchenko

It should be consistent.

Reviewed-by: amishchenko

This is a preparation step for splitting the HTTP client and server code
into two separate modules.

Reviewed-by: amishchenko