Merge pull request #970 from docker/windows-syscall

Do not support SIGUSR1 and SIGUSR2 syscall handling in windows

Makefile

@@ -13,7 +13,7 @@ endif
 CTIMEVAR=-X $(NOTARY_PKG)/version.GitCommit=$(GITCOMMIT) -X $(NOTARY_PKG)/version.NotaryVersion=$(NOTARY_VERSION)
 GO_LDFLAGS=-ldflags "-w $(CTIMEVAR)"
 GO_LDFLAGS_STATIC=-ldflags "-w $(CTIMEVAR) -extldflags -static"
-GOOSES = darwin linux
+GOOSES = darwin linux windows
 NOTARY_BUILDTAGS ?= pkcs11
 NOTARYDIR := /go/src/github.com/docker/notary
 

buildscripts/circle_parallelism.sh

@@ -8,6 +8,7 @@ case $CIRCLE_NODE_INDEX in
    ;;
 2) SKIPENVCHECK=1 make TESTDB=mysql testdb
    SKIPENVCHECK=1 make TESTDB=mysql integration
+   SKIPENVCHECK=1 make cross  # just trying not to exceed 5 builders
    ;;
 3) SKIPENVCHECK=1 make TESTDB=rethink testdb
    SKIPENVCHECK=1 make TESTDB=rethink integration

buildscripts/covertest.py

@@ -32,7 +32,7 @@ def get_coverprofile_filename(pkg, buildtags):
         buildtags = "." + buildtags.replace(' ', '.')
     return pkg.replace('/', '-').replace(' ', '_') + buildtags + ".coverage.txt"
 
-def run_test_with_coverage(buildtags="", coverdir=".cover", pkgs=None, opts="", covermode="count"):
+def run_test_with_coverage(buildtags="", coverdir=".cover", pkgs=None, opts="", covermode="atomic"):
     """
     Run go test with coverage over the the given packages, with the following options
     """

buildscripts/cross.sh

@@ -7,15 +7,10 @@
 
 GOARCH="amd64"
 
-if [[ "${NOTARY_BUILDTAGS}" == *pkcs11* ]]; then
-	export CGO_ENABLED=1
-else
-	export CGO_ENABLED=0
-fi
-
-
 for os in "$@"; do
 	export GOOS="${os}"
+	BUILDTAGS="${NOTARY_BUILDTAGS}"
+	OUTFILE=notary
 
 	if [[ "${GOOS}" == "darwin" ]]; then
 		export CC="o64-clang"
@@ -24,18 +19,29 @@ for os in "$@"; do
 		# darwin binaries can't be compiled to be completely static with the -static flag
 		LDFLAGS="-s"
 	else
+		# no building with Cgo.  Also no building with pkcs11
+		if [[ "${GOOS}" == "windows" ]]; then
+			BUILDTAGS=
+			OUTFILE=notary.exe
+		fi
 		unset CC
 		unset CXX
 		LDFLAGS="-extldflags -static"
 	fi
 
+	if [[ "${BUILDTAGS}" == *pkcs11* ]]; then
+		export CGO_ENABLED=1
+	else
+		export CGO_ENABLED=0
+	fi
+
 	mkdir -p "${NOTARYDIR}/cross/${GOOS}/${GOARCH}";
 
 	set -x;
 	go build \
-		-o "${NOTARYDIR}/cross/${GOOS}/${GOARCH}/notary" \
+		-o "${NOTARYDIR}/cross/${GOOS}/${GOARCH}/${OUTFILE}" \
 		-a \
-		-tags "${NOTARY_BUILDTAGS}" \
+		-tags "${BUILDTAGS}" \
 		-ldflags "-w ${CTIMEVAR} ${LDFLAGS}"  \
 		./cmd/notary;
 	set +x;

cmd/notary-server/config.go

@@ -3,12 +3,9 @@ package main
 import (
 	"crypto/tls"
 	"fmt"
-	"os"
-	"os/signal"
 	"path"
 	"strconv"
 	"strings"
-	"syscall"
 	"time"
 
 	"github.com/Sirupsen/logrus"
@@ -293,31 +290,3 @@ func parseServerConfig(configFilePath string, hRegister healthRegister, doBootst
 		ConsistentCacheControlConfig: consistentCache,
 	}, nil
 }
-
-func setupSignalTrap() {
-	c := make(chan os.Signal, 1)
-	signal.Notify(c, notary.NotarySupportedSignals...)
-	go func() {
-		for {
-			signalHandle(<-c)
-		}
-	}()
-}
-
-// signalHandle will increase/decrease the logging level via the signal we get.
-func signalHandle(sig os.Signal) {
-	switch sig {
-	case syscall.SIGUSR1:
-		if err := utils.AdjustLogLevel(true); err != nil {
-			fmt.Printf("Attempt to increase log level failed, will remain at %s level, error: %s\n", logrus.GetLevel(), err)
-			return
-		}
-	case syscall.SIGUSR2:
-		if err := utils.AdjustLogLevel(false); err != nil {
-			fmt.Printf("Attempt to decrease log level failed, will remain at %s level, error: %s\n", logrus.GetLevel(), err)
-			return
-		}
-	}
-
-	fmt.Println("Successfully setting log level to ", logrus.GetLevel())
-}

cmd/notary-server/main.go

@@ -7,10 +7,12 @@ import (
 	"net/http"
 	_ "net/http/pprof"
 	"os"
+	"os/signal"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/health"
 	"github.com/docker/notary/server"
+	"github.com/docker/notary/utils"
 	"github.com/docker/notary/version"
 )
 
@@ -61,7 +63,10 @@ func main() {
 		logrus.Fatal(err.Error())
 	}
 
-	setupSignalTrap()
+	c := utils.SetupSignalTrap(utils.LogLevelSignalHandle)
+	if c != nil {
+		defer signal.Stop(c)
+	}
 
 	if flagStorage.doBootstrap {
 		err = bootstrap(ctx)

cmd/notary-server/main_test.go

@@ -6,14 +6,11 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 	"reflect"
 	"strings"
-	"syscall"
 	"testing"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/health"
 	"github.com/docker/notary"
 	"github.com/docker/notary/server/storage"
@@ -416,30 +413,3 @@ func TestSampleConfig(t *testing.T) {
 	// once for the DB, once for the trust service
 	require.Equal(t, registerCalled, 2)
 }
-
-func TestSignalHandle(t *testing.T) {
-	tempdir, err := ioutil.TempDir("", "test-signal-handle")
-	require.NoError(t, err)
-	defer os.RemoveAll(tempdir)
-	f, err := os.Create(filepath.Join(tempdir, "testSignalHandle.json"))
-	require.NoError(t, err)
-
-	f.WriteString(`{"logging": {"level": "info"}}`)
-
-	v := viper.New()
-	utils.SetupViper(v, "envPrefix")
-	err = utils.ParseViper(v, f.Name())
-	require.NoError(t, err)
-
-	// Info + SIGUSR1 -> Debug
-	signalHandle(syscall.SIGUSR1)
-	require.Equal(t, logrus.GetLevel(), logrus.DebugLevel)
-
-	// Debug + SIGUSR1 -> Debug
-	signalHandle(syscall.SIGUSR1)
-	require.Equal(t, logrus.GetLevel(), logrus.DebugLevel)
-
-	// Debug + SIGUSR2-> Info
-	signalHandle(syscall.SIGUSR2)
-	require.Equal(t, logrus.GetLevel(), logrus.InfoLevel)
-}

cmd/notary-signer/main.go

@@ -6,8 +6,10 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"os/signal"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/docker/notary/utils"
 	"github.com/docker/notary/version"
 	_ "github.com/go-sql-driver/mysql"
 )
@@ -66,6 +68,11 @@ func main() {
 		log.Println("RPC server listening on", signerConfig.GRPCAddr)
 	}
 
+	c := utils.SetupSignalTrap(utils.LogLevelSignalHandle)
+	if c != nil {
+		defer signal.Stop(c)
+	}
+
 	grpcServer.Serve(lis)
 }
 

cmd/notary/main_test.go

@@ -8,6 +8,7 @@ import (
 	"net/http/httptest"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -343,10 +344,10 @@ func TestConfigFileTLSCanBeRelativeToConfigOrAbsolute(t *testing.T) {
 		"remote_server": {
 			"url": "%s",
 			"root_ca": "root-ca.crt",
-			"tls_client_cert": "%s",
+			"tls_client_cert": %s,
 			"tls_client_key": "notary-server.key"
 		}
-	}`, s.URL, filepath.Join(tempDir, "notary-server.crt"))
+	}`, s.URL, strconv.Quote(filepath.Join(tempDir, "notary-server.crt")))
 	configFile.Close()
 
 	// copy the certs to be relative to the config directory

const.go

@@ -1,10 +1,6 @@
 package notary
 
-import (
-	"os"
-	"syscall"
-	"time"
-)
+import "time"
 
 // application wide constants
 const (
@@ -72,11 +68,3 @@ var NotaryDefaultExpiries = map[string]time.Duration{
 	"snapshot":  NotarySnapshotExpiry,
 	"timestamp": NotaryTimestampExpiry,
 }
-
-// NotarySupportedSignals contains the signals we would like to capture:
-// - SIGUSR1, indicates a increment of the log level.
-// - SIGUSR2, indicates a decrement of the log level.
-var NotarySupportedSignals = []os.Signal{
-	syscall.SIGUSR1,
-	syscall.SIGUSR2,
-}

const_nowindows.go

@@ -0,0 +1,16 @@
+// +build !windows
+
+package notary
+
+import (
+	"os"
+	"syscall"
+)
+
+// NotarySupportedSignals contains the signals we would like to capture:
+// - SIGUSR1, indicates a increment of the log level.
+// - SIGUSR2, indicates a decrement of the log level.
+var NotarySupportedSignals = []os.Signal{
+	syscall.SIGUSR1,
+	syscall.SIGUSR2,
+}

const_windows.go

@@ -0,0 +1,8 @@
+// +build windows
+
+package notary
+
+import "os"
+
+// NotarySupportedSignals does not contain any signals, because SIGUSR1/2 are not supported on windows
+var NotarySupportedSignals = []os.Signal{}

docs/reference/server-config.md

@@ -362,10 +362,12 @@ Example:
 </table>
 
 ## Hot logging level reload
-We don't support completely reloading notary configuration files yet at present. What we support for now is:
+We don't support completely reloading notary configuration files yet at present. What we support for Linux and OSX now is:
 - increase logging level by signaling `SIGUSR1`
 - decrease logging level by signaling `SIGUSR2`
 
+No signals and no dynamic logging level changes are supported for Windows yet.
+
 Example:
 
 To increase logging level

docs/reference/signer-config.md

@@ -210,6 +210,44 @@ The environment variables for the older passwords are optional, but Notary
 Signer will not be able to decrypt older keys if they are not provided, and
 attempts to sign data using those keys will fail.
 
+## Hot logging level reload
+We don't support completely reloading notary signer configuration files yet at present. What we support for Linux and OSX now is:
+- increase logging level by signaling `SIGUSR1`
+- decrease logging level by signaling `SIGUSR2`
+
+No signals and no dynamic logging level changes are supported for Windows yet.
+
+Example:
+
+To increase logging level
+```
+$ kill -s SIGUSR1 PID
+
+or
+
+$ docker exec -i CONTAINER_ID kill -s SIGUSR1 PID
+```
+
+To decrease logging level
+```
+$ kill -s SIGUSR2 PID
+
+or
+
+$ docker exec -i CONTAINER_ID kill -s SIGUSR2 PID
+```
+PID is the process id of `notary-signer` and it may not the PID 1 process if you are running
+the container with some kind of wrapper startup script or something.
+
+You can get the PID of `notary-signer` through
+```
+$ docker exec CONTAINER_ID ps aux
+
+or
+
+$ ps aux | grep "notary-signer -config" | grep -v "grep"
+```
+
 
 ## Related information
 

utils/configuration.go

@@ -5,6 +5,8 @@ package utils
 import (
 	"crypto/tls"
 	"fmt"
+	"os"
+	"os/signal"
 	"path/filepath"
 	"strings"
 
@@ -244,3 +246,20 @@ func AdjustLogLevel(increment bool) error {
 	logrus.SetLevel(lvl)
 	return nil
 }
+
+// SetupSignalTrap is a utility to trap supported signals hand handle them (currently by increasing logging)
+func SetupSignalTrap(handler func(os.Signal)) chan os.Signal {
+	if len(notary.NotarySupportedSignals) == 0 {
+		return nil
+
+	}
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, notary.NotarySupportedSignals...)
+	go func() {
+		for {
+			handler(<-c)
+		}
+	}()
+
+	return c
+}