-
Notifications
You must be signed in to change notification settings - Fork 101
/
Copy pathhttpAPI.go
728 lines (638 loc) · 23.7 KB
/
httpAPI.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package server
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"net/http/httputil"
"net/http/pprof"
"net/url"
"os"
"path/filepath"
"strconv"
"strings"
"sync"
"time"
"github.com/gardener/etcd-backup-restore/pkg/etcdutil"
etcdclient "github.com/gardener/etcd-backup-restore/pkg/etcdutil/client"
"github.com/gardener/etcd-backup-restore/pkg/initializer"
"github.com/gardener/etcd-backup-restore/pkg/initializer/validator"
"github.com/gardener/etcd-backup-restore/pkg/member"
"github.com/gardener/etcd-backup-restore/pkg/miscellaneous"
"github.com/gardener/etcd-backup-restore/pkg/snapshot/snapshotter"
"github.com/gardener/etcd-backup-restore/pkg/snapstore"
brtypes "github.com/gardener/etcd-backup-restore/pkg/types"
"github.com/prometheus/client_golang/prometheus/promhttp"
"github.com/sirupsen/logrus"
"go.etcd.io/etcd/clientv3"
"k8s.io/client-go/util/retry"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/yaml"
)
const (
initializationStatusNew = "New"
initializationStatusProgress = "Progress"
initializationStatusSuccessful = "Successful"
initializationStatusFailed = "Failed"
// serverReadHeaderTimeout is the timeout for reading the request headers, to avoid slowloris attacks.
serverReadHeaderTimeout = 5 * time.Second
)
var emptyStruct struct{}
// HandlerAckState denotes the state the handler would be in after sending a stop request to the snapshotter.
type HandlerAckState int32
const (
// HandlerAckDone is set when handler has been acknowledged of snapshotter termination.
HandlerAckDone uint32 = 0
// HandlerAckWaiting is set when handler starts waiting of snapshotter termination.
HandlerAckWaiting uint32 = 1
)
// HandlerRequest represents the type of request handler makes to the snapshotter.
type HandlerRequest int
const (
// HandlerSsrAbort is the HandlerRequest to the snapshotter to terminate the snapshot process.
HandlerSsrAbort HandlerRequest = 0
)
// HTTPHandler is implementation to handle HTTP API exposed by server
type HTTPHandler struct {
Initializer initializer.Initializer
Snapshotter *snapshotter.Snapshotter
EtcdConnectionConfig *brtypes.EtcdConnectionConfig
StorageProvider string
Port uint
server *http.Server
Logger *logrus.Entry
initializationStatusMutex sync.Mutex
AckState uint32
initializationStatus string
status int
StopCh chan struct{}
EnableProfiling bool
ReqCh chan struct{}
AckCh chan struct{}
EnableTLS bool
ServerTLSCertFile string
ServerTLSKeyFile string
HTTPHandlerMutex *sync.Mutex
SnapstoreConfig *brtypes.SnapstoreConfig
}
// healthCheck contains the HealthStatus of backup restore.
type healthCheck struct {
HealthStatus bool `json:"health"`
}
// GetStatus returns the current status in the HTTPHandler
func (h *HTTPHandler) GetStatus() int {
return h.status
}
// SetStatus sets the current status in the HTTPHandler
func (h *HTTPHandler) SetStatus(status int) {
if h.Logger != nil {
h.Logger.Infof("Setting status to : %d", status)
}
h.status = status
}
// SetSnapshotterToNil sets the current HTTPHandler.Snapshotter to Nil in the HTTPHandler.
func (h *HTTPHandler) SetSnapshotterToNil() {
h.HTTPHandlerMutex.Lock()
defer h.HTTPHandlerMutex.Unlock()
h.Snapshotter = nil
}
// SetSnapshotter sets the current HTTPHandler.Snapshotter in the HTTPHandler.
func (h *HTTPHandler) SetSnapshotter(ssr *snapshotter.Snapshotter) {
h.HTTPHandlerMutex.Lock()
defer h.HTTPHandlerMutex.Unlock()
h.Snapshotter = ssr
}
// RegisterHandler registers the handler for different requests
func (h *HTTPHandler) RegisterHandler() {
mux := http.NewServeMux()
if h.EnableProfiling {
registerPProfHandler(mux)
}
h.initializationStatus = "New"
mux.HandleFunc("/initialization/start", h.serveInitialize)
mux.HandleFunc("/initialization/status", h.serveInitializationStatus)
mux.HandleFunc("/snapshot/full", h.serveFullSnapshotTrigger)
mux.HandleFunc("/snapshot/delta", h.serveDeltaSnapshotTrigger)
mux.HandleFunc("/snapshot/latest", h.serveLatestSnapshotMetadata)
mux.HandleFunc("/config", h.serveConfig)
mux.HandleFunc("/healthz", h.serveHealthz)
mux.Handle("/metrics", promhttp.Handler())
h.server = &http.Server{
Addr: fmt.Sprintf(":%d", h.Port),
Handler: mux,
ReadHeaderTimeout: serverReadHeaderTimeout,
}
}
// registerPProfHandler registers the PProf handler for profiling.
func registerPProfHandler(mux *http.ServeMux) {
mux.HandleFunc("/debug/pprof/", pprof.Index)
mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
mux.HandleFunc("/debug/pprof/heap", pprof.Handler("heap").ServeHTTP)
mux.HandleFunc("/debug/pprof/goroutine", pprof.Handler("goroutine").ServeHTTP)
mux.HandleFunc("/debug/pprof/threadcreate", pprof.Handler("threadcreate").ServeHTTP)
mux.HandleFunc("/debug/pprof/block", pprof.Handler("block").ServeHTTP)
mux.HandleFunc("/debug/pprof/mutex", pprof.Handler("mutex").ServeHTTP)
}
// checkAndSetSecurityHeaders serves the health status of the server
func (h *HTTPHandler) checkAndSetSecurityHeaders(rw http.ResponseWriter) {
if h.EnableTLS {
rw.Header().Set("Strict-Transport-Security", "max-age=31536000")
rw.Header().Set("Content-Security-Policy", "default-src 'self'")
}
}
// Start starts the http server to listen for request
func (h *HTTPHandler) Start() {
h.Logger.Infof("Starting HTTP server at addr: %s", h.server.Addr)
if !h.EnableTLS {
err := h.server.ListenAndServe()
if err != nil && err != http.ErrServerClosed {
h.Logger.Fatalf("Failed to start http server: %v", err)
}
h.Logger.Infof("HTTP server closed gracefully.")
return
}
h.Logger.Infof("TLS enabled. Starting HTTPS server.")
err := h.server.ListenAndServeTLS(h.ServerTLSCertFile, h.ServerTLSKeyFile)
if err != nil && err != http.ErrServerClosed {
h.Logger.Fatalf("Failed to start HTTPS server: %v", err)
}
h.Logger.Infof("HTTPS server closed gracefully.")
}
// Stop stops the http server
func (h *HTTPHandler) Stop() error {
return h.server.Close()
}
// serveHealthz serves the health status of the server
func (h *HTTPHandler) serveHealthz(rw http.ResponseWriter, req *http.Request) {
h.checkAndSetSecurityHeaders(rw)
rw.WriteHeader(h.GetStatus())
healthCheck := &healthCheck{
HealthStatus: func() bool {
return h.GetStatus() == http.StatusOK
}(),
}
out, err := json.Marshal(healthCheck)
if err != nil {
h.Logger.Errorf("Unable to marshal health status to json: %v", err)
return
}
if _, err = rw.Write(out); err != nil {
h.Logger.Errorf("Unable to write health status response: %v", err)
}
}
// serveInitialize starts initialization for the configured Initializer
func (h *HTTPHandler) serveInitialize(rw http.ResponseWriter, req *http.Request) {
h.checkAndSetSecurityHeaders(rw)
h.Logger.Info("Received start initialization request.")
h.initializationStatusMutex.Lock()
defer h.initializationStatusMutex.Unlock()
if h.initializationStatus == initializationStatusNew {
h.Logger.Infof("Updating status from %s to %s", h.initializationStatus, initializationStatusProgress)
h.initializationStatus = initializationStatusProgress
go func() {
var mode validator.Mode
h.SetStatus(http.StatusServiceUnavailable)
failBelowRevisionStr := req.URL.Query().Get("failbelowrevision")
h.Logger.Infof("Validation failBelowRevision: %s", failBelowRevisionStr)
var failBelowRevision int64
if len(failBelowRevisionStr) != 0 {
var err error
failBelowRevision, err = strconv.ParseInt(failBelowRevisionStr, 10, 64)
if err != nil {
h.initializationStatusMutex.Lock()
defer h.initializationStatusMutex.Unlock()
h.Logger.Errorf("Failed initialization due wrong parameter value `failbelowrevision`: %v", err)
h.initializationStatus = initializationStatusFailed
return
}
}
switch modeVal := req.URL.Query().Get("mode"); modeVal {
case string(validator.Full):
mode = validator.Full
case string(validator.Sanity):
mode = validator.Sanity
default:
mode = validator.Full
}
h.Logger.Infof("Validation mode: %s", mode)
err := h.Initializer.Initialize(mode, failBelowRevision)
h.initializationStatusMutex.Lock()
defer h.initializationStatusMutex.Unlock()
if err != nil {
h.Logger.Errorf("Failed initialization: %v", err)
h.initializationStatus = initializationStatusFailed
return
}
h.Logger.Info("Successfully initialized data directory for etcd.")
h.initializationStatus = initializationStatusSuccessful
}()
}
rw.WriteHeader(http.StatusOK)
}
// serveInitializationStatus serves the etcd initialization progress status
func (h *HTTPHandler) serveInitializationStatus(rw http.ResponseWriter, req *http.Request) {
h.checkAndSetSecurityHeaders(rw)
h.initializationStatusMutex.Lock()
defer h.initializationStatusMutex.Unlock()
h.Logger.Infof("Responding to status request with: %s", h.initializationStatus)
rw.WriteHeader(http.StatusOK)
if _, err := rw.Write([]byte(h.initializationStatus)); err != nil {
h.Logger.Errorf("Unable to write latest snapshot metadata response: %v", err)
return
}
if h.initializationStatus == initializationStatusSuccessful || h.initializationStatus == initializationStatusFailed {
h.Logger.Infof("Updating status from %s to %s", h.initializationStatus, initializationStatusNew)
h.initializationStatus = initializationStatusNew
}
}
// serveFullSnapshotTrigger triggers an out-of-schedule full snapshot
// for the configured Snapshotter
func (h *HTTPHandler) serveFullSnapshotTrigger(rw http.ResponseWriter, req *http.Request) {
h.checkAndSetSecurityHeaders(rw)
if h.Snapshotter == nil {
if len(h.StorageProvider) > 0 {
h.Logger.Info("Fowarding the request to take out-of-schedule full snapshot to backup-restore leader")
h.delegateReqToLeader(rw, req)
return
}
h.Logger.Warnf("Ignoring out-of-schedule full snapshot request as snapshotter is not configured")
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
isFinal := false
if finalValue := req.URL.Query().Get("final"); finalValue != "" {
var err error
isFinal, err = strconv.ParseBool(finalValue)
if err != nil {
h.Logger.Warnf("Could not parse request parameter 'final' to bool: %v", err)
rw.WriteHeader(http.StatusBadRequest)
return
}
}
s, err := h.Snapshotter.TriggerFullSnapshot(req.Context(), isFinal)
if err != nil {
h.Logger.Warnf("Skipped triggering out-of-schedule full snapshot: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
out, err := json.Marshal(s)
if err != nil {
h.Logger.Warnf("Unable to marshal out-of-schedule full snapshot to json: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
rw.WriteHeader(http.StatusOK)
if _, err = rw.Write(out); err != nil {
h.Logger.Errorf("Unable to write latest snapshot metadata response: %v", err)
}
}
// serveDeltaSnapshotTrigger triggers an out-of-schedule delta snapshot
// for the configured Snapshotter
func (h *HTTPHandler) serveDeltaSnapshotTrigger(rw http.ResponseWriter, req *http.Request) {
h.checkAndSetSecurityHeaders(rw)
if h.Snapshotter == nil {
if len(h.StorageProvider) > 0 {
h.Logger.Info("Fowarding the request to take out-of-schedule delta snapshot to backup-restore leader")
h.delegateReqToLeader(rw, req)
return
}
h.Logger.Warnf("Ignoring out-of-schedule delta snapshot request as snapshotter is not configured")
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
s, err := h.Snapshotter.TriggerDeltaSnapshot()
if err != nil {
h.Logger.Warnf("Skipped triggering out-of-schedule delta snapshot: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
out, err := json.Marshal(s)
if err != nil {
h.Logger.Warnf("Unable to marshal out-of-schedule delta snapshot to json: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
rw.WriteHeader(http.StatusOK)
if _, err = rw.Write(out); err != nil {
h.Logger.Errorf("Unable to write latest snapshot metadata response: %v", err)
}
}
func (h *HTTPHandler) serveLatestSnapshotMetadata(rw http.ResponseWriter, req *http.Request) {
h.checkAndSetSecurityHeaders(rw)
if h.Snapshotter == nil {
if len(h.StorageProvider) > 0 {
h.Logger.Info("Fowarding the request of latest snapshot metadata to backup-restore leader")
h.delegateReqToLeader(rw, req)
return
}
h.Logger.Warnf("Ignoring latest snapshot metadata request as snapshotter is not configured")
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
store, err := snapstore.GetSnapstore(h.SnapstoreConfig)
if err != nil {
h.Logger.Warnf("Unable to create snapstore from configured storage provider: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
fullSnap, deltaSnaps, err := miscellaneous.GetLatestFullSnapshotAndDeltaSnapList(store)
if err != nil {
h.Logger.Warnf("Unable to fetch latest snapshots from snapstore: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
resp := latestSnapshotMetadataResponse{
FullSnapshot: fullSnap,
DeltaSnapshots: deltaSnaps,
}
out, err := json.Marshal(resp)
if err != nil {
h.Logger.Warnf("Unable to marshal latest snapshot metadata response to json: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
rw.WriteHeader(http.StatusOK)
if _, err = rw.Write(out); err != nil {
h.Logger.Errorf("Unable to write latest snapshot metadata response: %v", err)
}
}
func (h *HTTPHandler) serveConfig(rw http.ResponseWriter, req *http.Request) {
inputFileName := miscellaneous.EtcdConfigFilePath
dir, err := os.UserHomeDir()
if err != nil {
h.Logger.Warnf("Unable to get user home dir: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
outputFileName := filepath.Join(dir, "etcd.conf.yaml")
configYML, err := os.ReadFile(inputFileName) // #nosec G304 -- this is a trusted etcd config file.
if err != nil {
h.Logger.Warnf("Unable to read etcd config file: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
config := map[string]interface{}{}
if err := yaml.Unmarshal([]byte(configYML), &config); err != nil {
h.Logger.Warnf("Unable to unmarshal etcd config yaml file: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
// fetch pod name from env
podNS := os.Getenv("POD_NAMESPACE")
podName := os.Getenv("POD_NAME")
clientSet, err := miscellaneous.GetKubernetesClientSetOrError()
if err != nil {
h.Logger.Warnf("Failed to create clientset: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
config["name"] = podName
// fetch initial-advertise-peer-urls from etcd config file
initAdPeerURLs, err := miscellaneous.GetMemberPeerURLs(inputFileName)
if err != nil {
h.Logger.Warnf("Unable to get initial-advertise-peer-urls from etcd config file: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
config["initial-advertise-peer-urls"] = strings.Join(initAdPeerURLs, ",")
// fetch advertise-client-urls from etcd config file
advClientURLs, err := miscellaneous.GetMemberClientURLs(inputFileName)
if err != nil {
h.Logger.Warnf("Unable to get advertise-client-urls from etcd config file: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
config["advertise-client-urls"] = strings.Join(advClientURLs, ",")
config["initial-cluster"] = getInitialCluster(req.Context(), fmt.Sprint(config["initial-cluster"]), *h.EtcdConnectionConfig, *h.Logger, podName)
clusterSize, err := miscellaneous.GetClusterSize(fmt.Sprint(config["initial-cluster"]))
if err != nil {
h.Logger.Warnf("Unable to determine the cluster size: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
state, err := h.GetClusterState(req.Context(), clusterSize, clientSet, podName, podNS)
if err != nil {
h.Logger.Warnf("failed to get cluster state %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
config["initial-cluster-state"] = state
data, err := yaml.Marshal(&config)
if err != nil {
h.Logger.Warnf("Unable to marshal data to etcd config yaml file: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
if err := os.WriteFile(outputFileName, data, 0600); err != nil {
h.Logger.Warnf("Unable to write etcd config file: %v", err)
rw.WriteHeader(http.StatusInternalServerError)
return
}
http.ServeFile(rw, req, outputFileName)
h.Logger.Info("Served config for ETCD instance.")
}
// GetClusterState returns the Cluster state either `new` or `existing`.
func (h *HTTPHandler) GetClusterState(ctx context.Context, clusterSize int, client client.Client, podName string, podNS string) (string, error) {
if clusterSize == 1 {
return miscellaneous.ClusterStateNew, nil
}
// clusterSize > 1
state, err := miscellaneous.GetInitialClusterStateIfScaleup(ctx, *h.Logger, client, podName, podNS)
if err != nil {
return "", err
}
if state == nil {
// Not a Scale-up scenario.
// Either a multi-node bootstrap or a restoration of single member in multi-node.
m := member.NewMemberControl(h.EtcdConnectionConfig)
// check whether a learner is present in the cluster
// if a learner is present then return `ClusterStateExisting` else `ClusterStateNew`.
if present, err := m.IsLearnerPresent(ctx); present && err == nil {
return miscellaneous.ClusterStateExisting, nil
}
return miscellaneous.ClusterStateNew, nil
}
return *state, nil
}
func getInitialCluster(ctx context.Context, initialCluster string, etcdConn brtypes.EtcdConnectionConfig, logger logrus.Entry, podName string) string {
// INITIAL_CLUSTER served via the etcd config must be tailored to the number of members in the cluster at that point. Else etcd complains with error "member count is unequal"
// One reason why we might want to have a strict ordering when members are joining the cluster
// addmember subcommand achieves this by making sure the pod with the previous index is running before attempting to add itself as a learner
// We want to use the service endpoint since we're only supposed to connect to ready etcd members.
clientFactory := etcdutil.NewFactory(etcdConn, etcdclient.UseServiceEndpoints(true))
cli, err := clientFactory.NewCluster()
if err != nil {
logger.Warnf("Error with NewCluster() : %v", err)
return initialCluster
}
defer func() {
if err := cli.Close(); err != nil {
logger.Errorf("Error closing etcd cluster client: %v", err)
}
}()
ctx, cancel := context.WithTimeout(ctx, member.EtcdTimeout)
defer cancel()
var memList *clientv3.MemberListResponse
backoff := retry.DefaultBackoff
backoff.Steps = 2
backoff.Duration = member.RetryPeriod
err = retry.OnError(backoff, func(err error) bool {
return err != nil
}, func() error {
memList, err = cli.MemberList(ctx)
return err
})
noOfMembers := 0
if err != nil {
logger.Warnf("Could not list members : %v", err)
} else {
noOfMembers = len(memList.Members)
}
//If no members present or a single node cluster, consider as case of first member bootstraping. No need to edit INITIAL_CLUSTER in that case
if noOfMembers > 1 {
initialcluster := strings.Split(initialCluster, ",")
membrs := make(map[string]bool)
for _, y := range memList.Members {
membrs[y.Name] = true
}
cluster := ""
for _, y := range initialcluster {
// Add member to `initial-cluster` only if already a cluster member
z := strings.Split(y, "=")
if membrs[z[0]] || z[0] == podName {
cluster = cluster + y + ","
}
}
//remove trailing `,`
initialCluster = cluster[:len(cluster)-1]
}
return initialCluster
}
// delegateReqToLeader forwards the incoming http/https request to BackupLeader.
func (h *HTTPHandler) delegateReqToLeader(rw http.ResponseWriter, req *http.Request) {
// Get the BackupLeader URL
// Get the ReverseProxy object
// Delegate the http request to BackupLeader using the reverse proxy.
factory := etcdutil.NewFactory(*h.EtcdConnectionConfig)
clientMaintenance, err := factory.NewMaintenance()
if err != nil {
h.Logger.Warnf("failed to create etcd maintenance client: %v", err)
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
defer func() {
if err := clientMaintenance.Close(); err != nil {
h.Logger.Errorf("Error closing etcd maintenance client: %v", err)
}
}()
cl, err := factory.NewCluster()
if err != nil {
h.Logger.Warnf("failed to create etcd cluster client: %v", err)
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
defer func() {
if err := cl.Close(); err != nil {
h.Logger.Errorf("Error closing etcd cluster client: %v", err)
}
}()
ctx, cancel := context.WithTimeout(req.Context(), h.EtcdConnectionConfig.ConnectionTimeout.Duration)
defer cancel()
if len(h.EtcdConnectionConfig.Endpoints) == 0 {
h.Logger.Warnf("etcd endpoints are not passed correctly")
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
_, etcdLeaderEndPoint, err := miscellaneous.GetLeader(ctx, clientMaintenance, cl, h.EtcdConnectionConfig.Endpoints[0])
if err != nil {
h.Logger.Warnf("Unable to get the etcd leader endpoint: %v", err)
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
backupLeaderEndPoint, err := miscellaneous.GetBackupLeaderEndPoint(etcdLeaderEndPoint, h.Port)
if err != nil {
h.Logger.Warnf("Unable to get the backup leader endpoint: %v", err)
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
backupLeaderURL, err := url.Parse(backupLeaderEndPoint)
if err != nil {
h.Logger.Warnf("Unable to parse backup leader endpoint: %v", err)
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
isHealthy, err := IsBackupRestoreHealthy(backupLeaderEndPoint+"/healthz", h.EnableTLS, h.EtcdConnectionConfig.CaFile)
if err != nil {
h.Logger.Warnf("Unable to check backup leader health: %v", err)
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
// when backup-leader is not in a healthy state.
if !isHealthy {
h.Logger.Warnf("backup leader is not healthy: %v", err)
rw.WriteHeader(http.StatusMethodNotAllowed)
return
}
h.Logger.Infof("backup-restore leader with url [%v] is healthy", backupLeaderURL)
// create the reverse Proxy
revProxyHandler := httputil.NewSingleHostReverseProxy(backupLeaderURL)
if h.EnableTLS {
caCertPool := x509.NewCertPool()
caCert, err := os.ReadFile(h.EtcdConnectionConfig.CaFile)
if err != nil {
return
}
caCertPool.AppendCertsFromPEM(caCert)
revProxyHandler.Transport = &http.Transport{
TLSClientConfig: &tls.Config{ // #nosec G402 -- TLSClientConfig.MinVersion=1.2 by default.
RootCAs: caCertPool,
},
}
}
revProxyHandler.ServeHTTP(rw, req)
}
// IsBackupRestoreHealthy checks whether the backup-restore of given backup-restore URL is healthy or not.
func IsBackupRestoreHealthy(backupRestoreURL string, TLSEnabled bool, rootCA string) (healthy bool, err error) {
var health healthCheck
cl := &http.Client{}
if TLSEnabled {
caCertPool := x509.NewCertPool()
caCert, err := os.ReadFile(rootCA) // #nosec G304 -- this is a trusted root CA file.
if err != nil {
return false, err
}
caCertPool.AppendCertsFromPEM(caCert)
cl.Transport = &http.Transport{
TLSClientConfig: &tls.Config{ // #nosec G402 -- TLSClientConfig.MinVersion=1.2 by default.
RootCAs: caCertPool,
},
}
}
response, err := cl.Get(backupRestoreURL)
if err != nil {
return false, err
}
defer func() {
if err1 := response.Body.Close(); err1 != nil {
err = errors.Join(err, fmt.Errorf("failed to close response body: %v", err1))
}
}()
responseData, err := io.ReadAll(response.Body)
if err != nil {
return false, err
}
if err := json.Unmarshal(responseData, &health); err != nil {
return false, err
}
return health.HealthStatus, nil
}