Repository: trafficserver Updated Branches: refs/heads/master e5eedf128 -> fddd7c743
[TS-3364]: Add command line config validation support to traffic_server Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/245d6152 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/245d6152 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/245d6152 Branch: refs/heads/master Commit: 245d615210352768ee6efe4e56641223c074dfaf Parents: e5eedf1 Author: Sudheer Vinukonda <[email protected]> Authored: Mon Feb 9 23:13:21 2015 +0000 Committer: Sudheer Vinukonda <[email protected]> Committed: Mon Feb 9 23:13:50 2015 +0000 ---------------------------------------------------------------------- iocore/net/P_SSLConfig.h | 4 +-- iocore/net/SSLConfig.cc | 10 ++++-- iocore/net/SSLNetProcessor.cc | 2 +- proxy/Main.cc | 68 ++++++++++++++++++++++++++++++++++++-- proxy/Plugin.cc | 26 ++++++++++----- proxy/Plugin.h | 2 +- proxy/ReverseProxy.cc | 6 ++-- proxy/ReverseProxy.h | 2 +- 8 files changed, 99 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/iocore/net/P_SSLConfig.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index 5388346..cda2dcb 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -125,8 +125,8 @@ private: struct SSLCertificateConfig { - static void startup(); - static void reconfigure(); + static bool startup(); + static bool reconfigure(); static SSLCertLookup * acquire(); static void release(SSLCertLookup * params); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/iocore/net/SSLConfig.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 6d6e1ec..98214d2 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -332,7 +332,7 @@ SSLConfig::release(SSLConfigParams * params) configProcessor.release(configid, params); } -void +bool SSLCertificateConfig::startup() { sslCertUpdate = new ConfigUpdateHandler<SSLCertificateConfig>(); @@ -342,12 +342,13 @@ SSLCertificateConfig::startup() sslCertUpdate->attach("proxy.config.ssl.server.private_key.path"); sslCertUpdate->attach("proxy.config.ssl.server.cert_chain.filename"); - reconfigure(); + return reconfigure(); } -void +bool SSLCertificateConfig::reconfigure() { + bool retStatus = true; SSLConfig::scoped_config params; SSLCertLookup * lookup = new SSLCertLookup(); @@ -362,8 +363,11 @@ SSLCertificateConfig::reconfigure() if (SSLParseCertificateConfiguration(params, lookup)) { configid = configProcessor.set(configid, lookup); } else { + retStatus = false; delete lookup; } + + return retStatus; } SSLCertLookup * http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/iocore/net/SSLNetProcessor.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc index 06b2cfc..9547617 100644 --- a/iocore/net/SSLNetProcessor.cc +++ b/iocore/net/SSLNetProcessor.cc @@ -68,7 +68,7 @@ SSLNetProcessor::start(int number_of_ssl_threads, size_t stacksize) SSLInitializeLibrary(); SSLConfig::startup(); - SSLCertificateConfig::startup(); + (void) SSLCertificateConfig::startup(); // Acquire a SSLConfigParams instance *after* we start SSL up. SSLConfig::scoped_config params; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/proxy/Main.cc ---------------------------------------------------------------------- diff --git a/proxy/Main.cc b/proxy/Main.cc index e03925f..7e9a433 100644 --- a/proxy/Main.cc +++ b/proxy/Main.cc @@ -696,6 +696,58 @@ cmd_clear(char *cmd) return CMD_OK; } +static int +cmd_verify(char * /* cmd ATS_UNUSED */) +{ + int exitStatus = 0; + + fprintf(stderr, "NOTE: VERIFY\n\n"); + if (!reloadUrlRewrite()) { + exitStatus |= (1 << 0); + fprintf(stderr, "ERROR: Failed to load remap.config, exitStatus %d\n\n", exitStatus); + } else { + fprintf(stderr, "INFO:Successfully loaded remap.config\n\n"); + } + + if (RecReadConfigFile(false) != REC_ERR_OKAY) { + exitStatus |= (1 << 1); + fprintf(stderr, "ERROR: Failed to load records.config, exitStatus %d\n\n", exitStatus); + } else { + fprintf(stderr, "INFO: Successfully loaded records.config\n\n"); + } + + if (!plugin_init(true)) { + exitStatus |= (1 << 2); + fprintf(stderr, "ERROR: Failed to load plugin.config, exitStatus %d\n\n", exitStatus); + } else { + fprintf(stderr, "INFO: Successfully loaded plugin.config\n\n"); + } + + SSLInitializeLibrary(); + SSLConfig::startup(); + if (!SSLCertificateConfig::startup()) { + exitStatus |= (1 << 3); + fprintf(stderr, "ERROR: Failed to load ssl multicert.config, exitStatus %d\n\n", exitStatus); + } else { + fprintf(stderr, "INFO: Successfully loaded ssl multicert.config\n\n"); + } + + SSLConfig::scoped_config params; + if (!SSLInitClientContext(params) ) { + exitStatus |= (1 << 4); + fprintf(stderr, "Can't initialize the SSL client, HTTPS in remap rules will not function %d\n\n", exitStatus); + } else { + fprintf(stderr, "INFO: Successfully initialized SSL client context\n\n"); + } + + //TODO: Add more config validation.. + + _exit(exitStatus); + + return 0; +} + + static int cmd_help(char *cmd); static const struct CMD @@ -748,6 +800,12 @@ commands[] = { "\n" "FORMAT: clear_hostdb\n" "\n" "Clear the entire hostdb cache. All host name resolution\n" "information is lost.\n", cmd_clear}, { + "verify_config", + "Verify the config", + "\n" + "\n" + "FORMAT: verify_config\n" + "\n" "Load the config and verify traffic_server comes up correctly. \n", cmd_verify}, { "help", "Obtain a short description of a command (e.g. 'help clear')", "HELP\n" @@ -1391,8 +1449,12 @@ main(int /* argc ATS_UNUSED */, char **argv) // Local process manager initialize_process_manager(); - // Ensure only one copy of traffic server is running - check_lockfile(); + if ((*command_string) && (cmd_index(command_string) == cmd_index((char*)"verify_config"))) { + fprintf (stderr, "\n\n skip lock check for %s \n\n", command_string); + } else { + // Ensure only one copy of traffic server is running + check_lockfile(); + } // Set the core limit for the process init_core_size(); @@ -1632,7 +1694,7 @@ main(int /* argc ATS_UNUSED */, char **argv) Log::init(remote_management_flag ? 0 : Log::NO_REMOTE_MANAGEMENT); // Init plugins as soon as logging is ready. - plugin_init(); // plugin.config + (void) plugin_init(); // plugin.config SSLConfigParams::init_ssl_ctx_cb = init_ssl_ctx_callback; sslNetProcessor.start(getNumSSLThreads(), stacksize); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/proxy/Plugin.cc ---------------------------------------------------------------------- diff --git a/proxy/Plugin.cc b/proxy/Plugin.cc index 44f3bd9..60a9527 100644 --- a/proxy/Plugin.cc +++ b/proxy/Plugin.cc @@ -69,15 +69,15 @@ PluginRegInfo::~PluginRegInfo() ats_free(this->support_email); } -static void -plugin_load(int argc, char *argv[]) +static bool +plugin_load(int argc, char *argv[], bool validateOnly) { char path[PATH_NAME_MAX + 1]; void *handle; init_func_t init; if (argc < 1) { - return; + return true; } ink_filepath_make(path, sizeof(path), plugin_dir, argv[0]); @@ -103,6 +103,9 @@ plugin_load(int argc, char *argv[]) handle = dlopen(path, RTLD_NOW); if (!handle) { + if (validateOnly) { + return false; + } Fatal("unable to load '%s': %s", path, dlerror()); } @@ -114,8 +117,11 @@ plugin_load(int argc, char *argv[]) init = (init_func_t) dlsym(handle, "TSPluginInit"); if (!init) { + if (validateOnly) { + return false; + } Fatal("unable to find TSPluginInit function in '%s': %s", path, dlerror()); - return; // this line won't get called since Fatal brings down ATS + return false; // this line won't get called since Fatal brings down ATS } init(argc, argv); @@ -128,6 +134,8 @@ plugin_load(int argc, char *argv[]) } plugin_reg_current = NULL; + + return true; } static char * @@ -200,8 +208,8 @@ not_found: return NULL; } -void -plugin_init(void) +bool +plugin_init(bool validateOnly) { ats_scoped_str path; char line[1024], *p; @@ -210,6 +218,7 @@ plugin_init(void) int argc; int fd; int i; + bool retVal = true; static bool INIT_ONCE = true; if (INIT_ONCE) { @@ -223,7 +232,7 @@ plugin_init(void) fd = open(path, O_RDONLY); if (fd < 0) { Warning("unable to open plugin config file '%s': %d, %s", (const char *)path, errno, strerror(errno)); - return; + return false; } while (ink_file_fd_readline(fd, sizeof(line) - 1, line) > 0) { @@ -275,12 +284,13 @@ plugin_init(void) } } - plugin_load(argc, argv); + retVal = plugin_load(argc, argv, validateOnly); for (i = 0; i < argc; i++) ats_free(vars[i]); } close(fd); + return retVal; } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/proxy/Plugin.h ---------------------------------------------------------------------- diff --git a/proxy/Plugin.h b/proxy/Plugin.h index 91d9904..ad924e6 100644 --- a/proxy/Plugin.h +++ b/proxy/Plugin.h @@ -45,7 +45,7 @@ struct PluginRegInfo extern DLL<PluginRegInfo> plugin_reg_list; extern PluginRegInfo *plugin_reg_current; -void plugin_init(void); +bool plugin_init(bool validateOnly=false); /** Abstract interface class for plugin based continuations. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/proxy/ReverseProxy.cc ---------------------------------------------------------------------- diff --git a/proxy/ReverseProxy.cc b/proxy/ReverseProxy.cc index a2ae22d..3b56905 100644 --- a/proxy/ReverseProxy.cc +++ b/proxy/ReverseProxy.cc @@ -135,7 +135,7 @@ struct UR_UpdateContinuation: public Continuation { int file_update_handler(int /* etype ATS_UNUSED */, void * /* data ATS_UNUSED */) { - reloadUrlRewrite(); + (void) reloadUrlRewrite(); delete this; return EVENT_DONE; } @@ -152,7 +152,7 @@ struct UR_UpdateContinuation: public Continuation blocking. */ -void +bool reloadUrlRewrite() { UrlRewrite *newTable; @@ -163,11 +163,13 @@ reloadUrlRewrite() new_Deleter(rewrite_table, URL_REWRITE_TIMEOUT); Debug("url_rewrite", "remap.config done reloading!"); ink_atomic_swap(&rewrite_table, newTable); + return true; } else { static const char* msg = "failed to reload remap.config, not replacing!"; delete newTable; Debug("url_rewrite", "%s", msg); Warning("%s", msg); + return false; } } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/245d6152/proxy/ReverseProxy.h ---------------------------------------------------------------------- diff --git a/proxy/ReverseProxy.h b/proxy/ReverseProxy.h index 5019ba8..a98098b 100644 --- a/proxy/ReverseProxy.h +++ b/proxy/ReverseProxy.h @@ -65,7 +65,7 @@ mapping_type request_url_remap_redirect(HTTPHdr *request_header, URL *redirect_u bool response_url_remap(HTTPHdr *response_header); // Reload Functions -void reloadUrlRewrite(); +bool reloadUrlRewrite(); int url_rewrite_CB(const char *name, RecDataT data_type, RecData data, void *cookie);
