mirror of https://github.com/perkeep/perkeep.git
510 lines
15 KiB
Go
510 lines
15 KiB
Go
/*
|
|
Copyright 2011 The Perkeep Authors
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// The perkeepd binary is the Perkeep server.
|
|
package main // import "perkeep.org/server/perkeepd"
|
|
|
|
import (
|
|
"context"
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"path/filepath"
|
|
"runtime"
|
|
"strconv"
|
|
"strings"
|
|
"syscall"
|
|
"time"
|
|
|
|
"perkeep.org/internal/geocode"
|
|
"perkeep.org/internal/httputil"
|
|
"perkeep.org/internal/netutil"
|
|
"perkeep.org/internal/osutil"
|
|
"perkeep.org/internal/osutil/gce"
|
|
"perkeep.org/pkg/buildinfo"
|
|
"perkeep.org/pkg/env"
|
|
"perkeep.org/pkg/serverinit"
|
|
"perkeep.org/pkg/webserver"
|
|
|
|
// VM environments:
|
|
// for init side-effects + LogWriter
|
|
|
|
// Storage options:
|
|
_ "perkeep.org/pkg/blobserver/azure"
|
|
"perkeep.org/pkg/blobserver/blobpacked"
|
|
_ "perkeep.org/pkg/blobserver/cond"
|
|
_ "perkeep.org/pkg/blobserver/diskpacked"
|
|
_ "perkeep.org/pkg/blobserver/encrypt"
|
|
_ "perkeep.org/pkg/blobserver/google/cloudstorage"
|
|
_ "perkeep.org/pkg/blobserver/google/drive"
|
|
_ "perkeep.org/pkg/blobserver/localdisk"
|
|
_ "perkeep.org/pkg/blobserver/mongo"
|
|
_ "perkeep.org/pkg/blobserver/overlay"
|
|
_ "perkeep.org/pkg/blobserver/proxycache"
|
|
_ "perkeep.org/pkg/blobserver/remote"
|
|
_ "perkeep.org/pkg/blobserver/replica"
|
|
_ "perkeep.org/pkg/blobserver/s3"
|
|
_ "perkeep.org/pkg/blobserver/shard"
|
|
_ "perkeep.org/pkg/blobserver/union"
|
|
|
|
// Indexers: (also present themselves as storage targets)
|
|
// KeyValue implementations:
|
|
_ "perkeep.org/pkg/sorted/kvfile"
|
|
_ "perkeep.org/pkg/sorted/leveldb"
|
|
_ "perkeep.org/pkg/sorted/mongo"
|
|
_ "perkeep.org/pkg/sorted/mysql"
|
|
_ "perkeep.org/pkg/sorted/postgres"
|
|
|
|
// Handlers:
|
|
_ "perkeep.org/pkg/search"
|
|
_ "perkeep.org/pkg/server" // UI, publish, etc
|
|
|
|
// Importers:
|
|
_ "perkeep.org/pkg/importer/allimporters"
|
|
|
|
// Licence:
|
|
_ "perkeep.org/pkg/camlegal"
|
|
|
|
"go4.org/legal"
|
|
"go4.org/wkfs"
|
|
|
|
"golang.org/x/crypto/acme/autocert"
|
|
)
|
|
|
|
var (
|
|
flagVersion = flag.Bool("version", false, "show version")
|
|
flagHelp = flag.Bool("help", false, "show usage")
|
|
flagLegal = flag.Bool("legal", false, "show licenses")
|
|
flagConfigFile = flag.String("configfile", "",
|
|
"Config file to use, relative to the Perkeep configuration directory root. "+
|
|
"If blank, the default is used or auto-generated. "+
|
|
"If it starts with 'http:' or 'https:', it is fetched from the network.")
|
|
flagListen = flag.String("listen", "", "host:port to listen on, or :0 to auto-select. If blank, the value in the config will be used instead.")
|
|
flagOpenBrowser = flag.Bool("openbrowser", true, "Launches the UI on startup")
|
|
flagReindex = flag.Bool("reindex", false, "Reindex all blobs on startup")
|
|
flagRecovery = flag.Int("recovery", 0, "Recovery mode: it corresponds for now to the recovery modes of the blobpacked package. Which means: 0 does nothing, 1 rebuilds the blobpacked index without erasing it, and 2 wipes the blobpacked index before rebuilding it.")
|
|
flagSyslog = flag.Bool("syslog", false, "Log everything only to syslog. It is an error to use this flag on windows.")
|
|
flagKeepGoing = flag.Bool("keep-going", false, "Continue after reindex or blobpacked recovery errors")
|
|
flagPollParent bool
|
|
)
|
|
|
|
func init() {
|
|
if debug, _ := strconv.ParseBool(os.Getenv("CAMLI_MORE_FLAGS")); debug {
|
|
flag.BoolVar(&flagPollParent, "pollparent", false, "Perkeepd regularly polls its parent process to detect if it has been orphaned, and terminates in that case. Mainly useful for tests.")
|
|
}
|
|
}
|
|
|
|
func exitf(pattern string, args ...interface{}) {
|
|
if !strings.HasSuffix(pattern, "\n") {
|
|
pattern = pattern + "\n"
|
|
}
|
|
fmt.Fprintf(os.Stderr, pattern, args...)
|
|
osExit(1)
|
|
}
|
|
|
|
func slurpURL(urls string, limit int64) ([]byte, error) {
|
|
res, err := http.Get(urls)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
return ioutil.ReadAll(io.LimitReader(res.Body, limit))
|
|
}
|
|
|
|
// loadConfig returns the server's parsed config file, locating it using the provided arg.
|
|
//
|
|
// The arg may be of the form:
|
|
// - empty, to mean automatic (will write a default high-level config if
|
|
// no cloud config is available)
|
|
// - a filepath absolute or relative to the user's configuration directory,
|
|
// - a URL
|
|
func loadConfig(arg string) (*serverinit.Config, error) {
|
|
if strings.HasPrefix(arg, "http://") || strings.HasPrefix(arg, "https://") {
|
|
contents, err := slurpURL(arg, 256<<10)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return serverinit.Load(contents)
|
|
}
|
|
var absPath string
|
|
switch {
|
|
case arg == "":
|
|
absPath = osutil.UserServerConfigPath()
|
|
_, err := wkfs.Stat(absPath)
|
|
if err == nil {
|
|
break
|
|
}
|
|
if !os.IsNotExist(err) {
|
|
return nil, err
|
|
}
|
|
conf, err := serverinit.DefaultEnvConfig()
|
|
if err != nil || conf != nil {
|
|
return conf, err
|
|
}
|
|
configDir, err := osutil.PerkeepConfigDir()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if err := wkfs.MkdirAll(configDir, 0700); err != nil {
|
|
return nil, err
|
|
}
|
|
log.Printf("Generating template config file %s", absPath)
|
|
if err := serverinit.WriteDefaultConfigFile(absPath); err != nil {
|
|
return nil, err
|
|
}
|
|
case filepath.IsAbs(arg):
|
|
absPath = arg
|
|
default:
|
|
configDir, err := osutil.PerkeepConfigDir()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
absPath = filepath.Join(configDir, arg)
|
|
}
|
|
return serverinit.LoadFile(absPath)
|
|
}
|
|
|
|
// If cert/key files are specified, and found, use them.
|
|
// If cert/key files are specified, not found, and the default values, generate
|
|
// them (self-signed CA used as a cert), and use them.
|
|
// If cert/key files are not specified, use Let's Encrypt.
|
|
func setupTLS(ws *webserver.Server, config *serverinit.Config, hostname string) {
|
|
cert, key := config.HTTPSCert(), config.HTTPSKey()
|
|
if !config.HTTPS() {
|
|
return
|
|
}
|
|
if (cert != "") != (key != "") {
|
|
exitf("httpsCert and httpsKey must both be either present or absent")
|
|
}
|
|
|
|
defCert := osutil.DefaultTLSCert()
|
|
defKey := osutil.DefaultTLSKey()
|
|
const hint = "You must add this certificate's fingerprint to your client's trusted certs list to use it. Like so:\n\"trustedCerts\": [\"%s\"],"
|
|
if cert == defCert && key == defKey {
|
|
_, err1 := wkfs.Stat(cert)
|
|
_, err2 := wkfs.Stat(key)
|
|
if err1 != nil || err2 != nil {
|
|
if os.IsNotExist(err1) || os.IsNotExist(err2) {
|
|
sig, err := httputil.GenSelfTLSFiles(hostname, defCert, defKey)
|
|
if err != nil {
|
|
exitf("Could not generate self-signed TLS cert: %q", err)
|
|
}
|
|
log.Printf(hint, sig)
|
|
} else {
|
|
exitf("Could not stat cert or key: %q, %q", err1, err2)
|
|
}
|
|
}
|
|
}
|
|
if cert == "" && key == "" {
|
|
// Use Let's Encrypt if no files are specified, and we have a usable hostname.
|
|
if netutil.IsFQDN(hostname) {
|
|
m := autocert.Manager{
|
|
Prompt: autocert.AcceptTOS,
|
|
HostPolicy: autocert.HostWhitelist(hostname),
|
|
Cache: autocert.DirCache(osutil.DefaultLetsEncryptCache()),
|
|
}
|
|
ws.SetTLS(webserver.TLSSetup{
|
|
CertManager: m.GetCertificate,
|
|
})
|
|
log.Printf("Using Let's Encrypt tls-alpn-01 for %v", hostname)
|
|
return
|
|
}
|
|
// Otherwise generate new certificates
|
|
sig, err := httputil.GenSelfTLSFiles(hostname, defCert, defKey)
|
|
if err != nil {
|
|
exitf("Could not generate self signed creds: %q", err)
|
|
}
|
|
log.Printf(hint, sig)
|
|
cert = defCert
|
|
key = defKey
|
|
}
|
|
data, err := wkfs.ReadFile(cert)
|
|
if err != nil {
|
|
exitf("Failed to read pem certificate: %s", err)
|
|
}
|
|
sig, err := httputil.CertFingerprint(data)
|
|
if err != nil {
|
|
exitf("certificate error: %v", err)
|
|
}
|
|
log.Printf("TLS enabled, with SHA-256 certificate fingerprint: %v", sig)
|
|
ws.SetTLS(webserver.TLSSetup{
|
|
CertFile: cert,
|
|
KeyFile: key,
|
|
})
|
|
}
|
|
|
|
type testHook func()
|
|
|
|
func (fn testHook) call() bool {
|
|
if fn != nil {
|
|
fn()
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Test hooks:
|
|
var (
|
|
osExit = os.Exit
|
|
testHookServerUp testHook
|
|
testHookWaitToShutdown testHook
|
|
)
|
|
|
|
func handleSignals(shutdownc <-chan io.Closer) {
|
|
c := make(chan os.Signal, 1)
|
|
signal.Notify(c, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
|
|
for {
|
|
sig := <-c
|
|
sysSig, ok := sig.(syscall.Signal)
|
|
if !ok {
|
|
log.Fatal("Not a unix signal")
|
|
}
|
|
switch sysSig {
|
|
case syscall.SIGHUP:
|
|
log.Printf(`Got "%v" signal: restarting camli`, sig)
|
|
err := osutil.RestartProcess()
|
|
if err != nil {
|
|
log.Fatal("Failed to restart: " + err.Error())
|
|
}
|
|
case syscall.SIGINT, syscall.SIGTERM:
|
|
log.Printf(`Got "%v" signal: shutting down`, sig)
|
|
donec := make(chan bool)
|
|
go func() {
|
|
cl := <-shutdownc
|
|
if err := cl.Close(); err != nil {
|
|
exitf("Error shutting down: %v", err)
|
|
}
|
|
donec <- true
|
|
}()
|
|
select {
|
|
case <-donec:
|
|
log.Printf("Shut down.")
|
|
osExit(0)
|
|
case <-time.After(2 * time.Second):
|
|
exitf("Timeout shutting down. Exiting uncleanly.")
|
|
}
|
|
default:
|
|
log.Fatal("Received another signal, should not happen.")
|
|
}
|
|
}
|
|
}
|
|
|
|
// listen discovers the listen address, base URL, and hostname that the ws is
|
|
// going to use, sets up the TLS configuration, and starts listening.
|
|
//
|
|
// If camliNetIP is configured, it also prepares for the GPG
|
|
// challenge, to register/acquire a name in the camlistore.net domain.
|
|
func listen(ws *webserver.Server, config *serverinit.Config) (baseURL string, err error) {
|
|
camliNetIP := config.CamliNetIP()
|
|
if camliNetIP != "" {
|
|
return listenForCamliNet(ws, config)
|
|
}
|
|
|
|
baseURL = config.BaseURL()
|
|
|
|
// Prefer the --listen flag value. Otherwise use the config value.
|
|
listen := *flagListen
|
|
if listen == "" {
|
|
listen = config.ListenAddr()
|
|
}
|
|
if listen == "" {
|
|
exitf("\"listen\" needs to be specified either in the config or on the command line")
|
|
}
|
|
|
|
hostname, err := certHostname(listen, baseURL)
|
|
if err != nil {
|
|
return "", fmt.Errorf("Bad baseURL or listen address: %v", err)
|
|
}
|
|
setupTLS(ws, config, hostname)
|
|
|
|
err = ws.Listen(listen)
|
|
if err != nil {
|
|
return "", fmt.Errorf("Listen: %v", err)
|
|
}
|
|
if baseURL == "" {
|
|
baseURL = ws.ListenURL()
|
|
}
|
|
return baseURL, nil
|
|
}
|
|
|
|
// certHostname figures out the name to use for the TLS certificates, using baseURL
|
|
// and falling back to the listen address if baseURL is empty or invalid.
|
|
func certHostname(listen, baseURL string) (string, error) {
|
|
hostPort, err := netutil.HostPort(baseURL)
|
|
if err != nil {
|
|
hostPort = listen
|
|
}
|
|
hostname, _, err := net.SplitHostPort(hostPort)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to find hostname for cert from address %q: %v", hostPort, err)
|
|
}
|
|
return hostname, nil
|
|
}
|
|
|
|
func setBlobpackedRecovery() {
|
|
if *flagRecovery == 0 && env.OnGCE() {
|
|
*flagRecovery = gce.BlobpackedRecoveryValue()
|
|
}
|
|
if blobpacked.RecoveryMode(*flagRecovery) > blobpacked.NoRecovery {
|
|
blobpacked.SetRecovery(blobpacked.RecoveryMode(*flagRecovery))
|
|
}
|
|
}
|
|
|
|
// checkGeoKey returns nil if we have a Google Geocoding API key file stored
|
|
// in the config dir. Otherwise it returns instruction about it as the error.
|
|
func checkGeoKey() error {
|
|
if _, err := geocode.GetAPIKey(); err == nil {
|
|
return nil
|
|
}
|
|
keyPath, err := geocode.GetAPIKeyPath()
|
|
if err != nil {
|
|
return fmt.Errorf("error getting Geocoding API key path: %v", err)
|
|
}
|
|
if env.OnGCE() {
|
|
keyPath = strings.TrimPrefix(keyPath, "/gcs/")
|
|
return fmt.Errorf("using OpenStreetMap for location related requests. To use the Google Geocoding API, create a key (see https://developers.google.com/maps/documentation/geocoding/get-api-key ) and save it in your VM's configuration bucket as: %v", keyPath)
|
|
}
|
|
return fmt.Errorf("using OpenStreetMap for location related requests. To use the Google Geocoding API, create a key (see https://developers.google.com/maps/documentation/geocoding/get-api-key ) and save it in Perkeep's configuration directory as: %v", keyPath)
|
|
}
|
|
|
|
// main wraps Main so tests (which generate their own func main) can still run Main.
|
|
func main() { Main() }
|
|
|
|
func Main() {
|
|
flag.Parse()
|
|
|
|
if *flagVersion {
|
|
fmt.Fprintf(os.Stderr, "perkeepd version: %s\nGo version: %s (%s/%s)\n",
|
|
buildinfo.Summary(), runtime.Version(), runtime.GOOS, runtime.GOARCH)
|
|
return
|
|
}
|
|
if *flagHelp {
|
|
flag.Usage()
|
|
os.Exit(0)
|
|
}
|
|
if *flagLegal {
|
|
for _, l := range legal.Licenses() {
|
|
fmt.Fprintln(os.Stderr, l)
|
|
}
|
|
return
|
|
}
|
|
setBlobpackedRecovery()
|
|
|
|
// In case we're running in a Docker container with no
|
|
// filesystem from which to load the root CAs, this
|
|
// conditionally installs a static set if necessary. We do
|
|
// this before we load the config file, which might come from
|
|
// an https URL. And also before setting up the logging,
|
|
// as it uses an http Client.
|
|
httputil.InstallCerts()
|
|
|
|
logCloser := setupLogging()
|
|
defer func() {
|
|
if err := logCloser.Close(); err != nil {
|
|
log.SetOutput(os.Stderr)
|
|
log.Printf("Error closing logger: %v", err)
|
|
}
|
|
}()
|
|
|
|
log.Printf("Starting perkeepd version %s; Go %s (%s/%s)", buildinfo.Summary(), runtime.Version(),
|
|
runtime.GOOS, runtime.GOARCH)
|
|
|
|
shutdownc := make(chan io.Closer, 1) // receives io.Closer to cleanly shut down
|
|
go handleSignals(shutdownc)
|
|
|
|
config, err := loadConfig(*flagConfigFile)
|
|
if err != nil {
|
|
exitf("Error loading config file: %v", err)
|
|
}
|
|
|
|
ws := webserver.New()
|
|
baseURL, err := listen(ws, config)
|
|
if err != nil {
|
|
exitf("Error starting webserver: %v", err)
|
|
}
|
|
|
|
challengeClient, err := registerDNSChallengeHandler(ws, config)
|
|
if err != nil {
|
|
exitf("Error registering challenge client with Perkeep muxer: %v", err)
|
|
}
|
|
|
|
config.SetReindex(*flagReindex)
|
|
config.SetKeepGoing(*flagKeepGoing)
|
|
|
|
// Finally, install the handlers. This also does the final config validation.
|
|
shutdownCloser, err := config.InstallHandlers(ws, baseURL)
|
|
if err != nil {
|
|
exitf("Error parsing config: %v", err)
|
|
}
|
|
shutdownc <- shutdownCloser
|
|
|
|
go ws.Serve()
|
|
|
|
if challengeClient != nil {
|
|
if err := requestHostName(challengeClient); err != nil {
|
|
exitf("Could not register on camlistore.net: %v", err)
|
|
}
|
|
}
|
|
if env.OnGCE() {
|
|
gce.FixUserDataForPerkeepRename()
|
|
}
|
|
|
|
if err := checkGeoKey(); err != nil {
|
|
log.Printf("perkeepd: %v", err)
|
|
}
|
|
|
|
urlToOpen := baseURL + config.UIPath()
|
|
|
|
if *flagOpenBrowser {
|
|
go osutil.OpenURL(urlToOpen)
|
|
}
|
|
|
|
if flagPollParent {
|
|
osutil.DieOnParentDeath()
|
|
}
|
|
|
|
ctx := context.Background()
|
|
if err := config.UploadPublicKey(ctx); err != nil {
|
|
exitf("Error uploading public key on startup: %v", err)
|
|
}
|
|
|
|
if err := config.StartApps(); err != nil {
|
|
exitf("StartApps: %v", err)
|
|
}
|
|
|
|
for appName, appURL := range config.AppURL() {
|
|
addr, err := netutil.HostPort(appURL)
|
|
if err != nil {
|
|
log.Printf("Could not get app %v address: %v", appName, err)
|
|
continue
|
|
}
|
|
if err := netutil.AwaitReachable(addr, 5*time.Second); err != nil {
|
|
log.Printf("Could not reach app %v: %v", appName, err)
|
|
}
|
|
}
|
|
log.Printf("server: available at %s", urlToOpen)
|
|
|
|
if testHookServerUp.call(); !testHookWaitToShutdown.call() {
|
|
select {}
|
|
}
|
|
}
|