2
0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-17 21:23:18 +00:00

280 Commits

Author SHA1 Message Date
Jarrod Johnson
d3bda4217c Add paramiko to the requirements 2016-04-11 11:51:11 -04:00
Jarrod Johnson
22509946c0 Reduce verbosity of audit log
There are a number of pretty innocuous requests that
need not be individually tracked.  For such requests,
we'll abstain from putting it into the log.
2016-04-08 16:51:32 -04:00
Jarrod Johnson
f8b878b5f4 Unhook attribute watch on dead sessions
When a session is dead, it need not be told about
changes to config.  Save time and sanity by reaping
when discarding a dead session.
2016-04-05 13:57:47 -04:00
Jarrod Johnson
91a1c0ef7d Fix key registration to happen on success
Key registration was attempted either way, causing bad targets
to fail to return timely error data.
2016-04-05 11:34:23 -04:00
Jarrod Johnson
419fcf1577 Defer key registration until login
Part of key registration is giving the OEM handler
a crack at it.  For that reason, defer the registration
until after login process has occurred.
2016-04-05 10:59:20 -04:00
Jarrod Johnson
06e767e70e Fix handling of error messages in async
ConfluentNodeError branch of messages were not recognized.  Correct the oversight.
2016-03-28 08:54:33 -04:00
Jarrod Johnson
2ea7ee0dcb Add thread traces to USR1 handler
When receiving a USR1 signal, it did usefully provide
'the' current stack, useful for diagnosing really hard
hangs.  However, it's frequently informative to see all
the thread stack traces, so add that data to the diagnostic
feature.
2016-03-26 13:34:21 -04:00
Jarrod Johnson
417e70e5c1 Tolerate terminal closure
When a terminal closes and notifies server, it was
pulling the rug out from asyncsession consoles.
Make asyncsession aware that the console may be gone
and discard tracking it rather than give a 500.
2016-03-26 10:45:47 -04:00
Jarrod Johnson
03b2cdab5a Assure console sessions get reaped
When an error (to be fixed) happened while updating expiry,
an asyncsession failed to have a reaper scheduled for cleanup.
Correct this by putting the reaper schedule right after the
cancellation.

Further, an async being destroyed did not reap related console
sessions.  Add code to reap related console sessions when
the async session gets destroyed.
2016-03-26 10:26:17 -04:00
Jarrod Johnson
50aefee728 Correct a number of issues
There were a number of careless mistakes in the feature, correct
the bad usage and typos.
2016-03-26 09:34:46 -04:00
Jarrod Johnson
44a5c2b464 Merge branch 'master' into multiplex 2016-03-25 16:47:23 -04:00
Jarrod Johnson
2dd6c31513 Fix deleted logs breaking partial buffer rebuild
When the read_recent_text ran off a cliff looking for buffer data,
it left the current textfile handle in a bad state.  This caused
the buffer rebuild to fail completely in a scenario where all the
current logs put together don't have enough data to satisfy the
buffer.  Fix this by making the handle more obviously broken, and
repairing while seeking out data.
2016-03-25 16:44:28 -04:00
Jarrod Johnson
d753ac2833 Add terminal sessions to async http
This functionality enables a browser to hold more terminals open
than their max connection rating would normally allow.
2016-03-25 14:50:47 -04:00
Jarrod Johnson
3cd96a4f59 Force asyncresponse http to be JSON array
Rather than let it be ambiguous, force it to provide a JSON array.
2016-03-21 10:22:41 -04:00
Jarrod Johnson
2b3d5f7b62 Have async sessions detect logout 2016-03-21 10:22:41 -04:00
Jarrod Johnson
75a747a6a2 Amend structure of AsyncMessage
This is an easier structure to traverse for a client.
2016-03-21 10:22:41 -04:00
Jarrod Johnson
8fac1ce5da Fix up the async http to actually function
Still need to review the return data to determine best format
2016-03-21 10:22:41 -04:00
Jarrod Johnson
7d67ea0685 Refine asyncsupport
Asyncsupport progress continues.  Renaming from 'multiplex'
as 'async' seems to describe the pattern better.
2016-03-21 10:22:41 -04:00
Jarrod Johnson
bcb9c2660f Implement a multiplex facility (WIP)
Allow an arbitrary number of HTTP requests using a
small pool of connections, as is likely in a
common web browser.
2016-03-21 10:22:41 -04:00
Jarrod Johnson
6504acecad Change default log retention to be indefinite
Users have noted and complained that log data was lost, and didn't have old data.  This changes
the default behavior to be indefinite retention.  Users noting a lot of logs using space have a nice
intuitive indication of old files to delete, and the option remains for those to request a log expiration.
2016-03-21 09:57:23 -04:00
Jarrod Johnson
d1247cfb37 Restore disconnect notification to ssh plugin
The disconnect notification was erroneously removed in
the previous checkin, this restores it.
2016-03-16 11:20:14 -04:00
Jarrod Johnson
c5e19fe474 Have ssh plugin report on connection error
Before the connection would fail and log to trace without anything
particularly informative for the client (they just saw 'unexpected error'.
Provide a more informative behavior for the client.
2016-03-16 09:50:46 -04:00
Jarrod Johnson
58bf72d5aa Do not remove databuffer on close
If exiting from a shell session, the databuffer will contain needed info for the client
to work properly.  Preserve databuffer existence.  Responsibility for deleting the
object should be in the hands of the caller.
2016-03-16 09:09:24 -04:00
Jarrod Johnson
f15cf014e9 Avoid changing hash size during loop
Coerce iterator into a list so that for loop does not
raise an exception.
2016-03-16 08:40:39 -04:00
Jarrod Johnson
fb1e20906e Do not worry over non-existant debug socket
If the socket was not created, do not error on exit because it isn't there to be cleaned up.
2016-03-15 11:15:15 -04:00
Jarrod Johnson
1bf124494e Add location attributes
Provide data that may be used to track system
locations.
2016-03-14 09:16:46 -04:00
Jarrod Johnson
9d40c67974 Support walking back through multiple logs
The rollback support and replaydid not follow more than one log back.  Do the work to recurse
into older and older files, until big enough buffer or run out of files.
2016-03-13 19:50:02 -04:00
Jarrod Johnson
f75f2cae51 Correct sockapi behavior when user authorize returns None
If a user can connect, but gets removed mid session, traces were
being generated.  Correct by recognizing the circumstance and returning
the appropriate error to the client.
2016-03-13 18:57:27 -04:00
Jarrod Johnson
5ae0f37f97 Do not generate trace on request to delete non-existant session 2016-03-13 18:51:18 -04:00
Jarrod Johnson
0e42e83c50 Restore intended per-user ssh sessions
Each user should have their own ssh sessions, as originally
intended.
2016-03-13 18:43:57 -04:00
Jarrod Johnson
378df2966f Clean up the debug socket
Also limit permissions of the socket.
2016-03-13 17:29:10 -04:00
Jarrod Johnson
b6546f923b Fix security key initialization race condition
When initializing security key, a background thread may occur.  Sometimes,
the system would go to daemonize while that thread was still running, and
the whole system could exit.  Leading to incomplete write to globals as well
as leaving the daemon looking at the data copied over from pre-fork and
seeing the last state of that thread forever frozen.  Make sure the background
threads are fully done prior to exiting.
2016-03-08 11:34:25 -05:00
Jarrod Johnson
40007a6a07 Enable debug socket for sufficiently new eventlet
Newer versions of eventlet address the bug in backdoor when used with
unix domain sockets.  Detect and take advantage of that circumstance.
2016-03-07 16:44:11 -05:00
Jarrod Johnson
b98889b54a Ensure correct inflight thread id is discarded
It seems it is possible in some circumstance for the thread id to become stale,
perhaps due to a different threadid executing the code for some reason.
Just in case, ensure the same exact value that was added is later discarded.
2016-03-05 15:47:49 -05:00
Jarrod Johnson
8bf7a55b68 Prevent double firing of event in consolesession
There is a timing scenario where an event could be double fired.
Prevent by clearing the event when sent.
2016-03-05 15:42:17 -05:00
Jarrod Johnson
e9f2d7eb63 Improve logout return to browsers
A browser may choke on non-JSON if promised JSON.
Fix this by passing down JSON for now (API explorer
users can deal with seeing JSON for error data)
2016-02-29 09:15:21 -05:00
Jarrod Johnson
5ab6a9e7b7 Provide client hook to get session info
Web client may come in without knowing the session info.
Provide it additional data to populate UI elements.
2016-02-28 18:48:18 -05:00
Jarrod Johnson
64751bccee Add closesession request to term sessions
This provides a method for client to request session be closed down.  This provides more
immediate responsiveness to the client count when closing such a terminal.  With this
both closing a single window and doing a 'logout' immediately impacts clientcount.
2016-02-28 14:15:08 -05:00
Jarrod Johnson
244f655055 Suppress browser cache for API requests
Browser caching can interfere with our goal of delivering fresh data.
Suppress the cache behavior for our API.
2016-02-27 18:40:05 -05:00
Jarrod Johnson
1b26b2cf3d Reap session immediately on logout
When a logout happens in httpapi, immediately reap related console sessions that are in flight.
2016-02-27 14:04:19 -05:00
Jarrod Johnson
029c06cc66 Have polling consoleserver sessions more robustly clean up
If anything goes wrong or a session was exited, no destruction of the
session would be scheduled.  Always have a reaper scheduled for that.
2016-02-27 13:37:10 -05:00
Jarrod Johnson
1df60ceb73 Rename '/session/logout' to '/sessions/current/logout'
Have room for a future where a user may list and disconnect
other sessions.
2016-02-27 13:23:02 -05:00
Jarrod Johnson
875cda00ff Implement immediate logout
If something triggers a logout of session, immediately cut into long polling
console sessions that are relevant.  This results in web client being able to
immediately detect a logout externally originated.
2016-02-27 13:20:08 -05:00
Jarrod Johnson
f20cdfe49a Add '/session/logout' to http api
Provide a means for an http request to erase
it's own session's validity.  Always return 200
to allow a client to send bogus credentials and
think they got success to forget the auth data in
the browser.
2016-02-27 11:40:26 -05:00
Jarrod Johnson
ba6b7cf517 Give client method to suppress auth header
A javascript client running in browser may want
the standard authorization header suppressed.
This allows a client to block the default browser
authentication prompt.
2016-02-26 08:35:51 -05:00
Jarrod Johnson
76ff9fd759 Reduce long poll console to 25 seconds
A common proxy timeout is 30 seconds.  Adjust the
polling length to accomodate such a limitation.
2016-02-23 10:35:58 -05:00
Jarrod Johnson
44103b31f8 Extend key error data
Clients can now more consistently tell the difference between
a new key and a mismatch.
2016-02-21 14:44:31 -05:00
Jarrod Johnson
774d592eb4 Fix more usage mistakes 2016-02-11 12:08:18 -05:00
Jarrod Johnson
824253ae8c Hook the custom keyhandler policy
This actually uses the previously commited class, with one fix for
the structure of the key as passed into the callback.
2016-02-11 11:35:20 -05:00
Jarrod Johnson
a574c69535 Implement SSH host key management
Like self-signed TLS certificates, SSH host keys
warrant a similar security policy.  This implementations
follows the lead of the TLS management and uses the same
policy name and interpretation, just storing the value
in 'pubkeys.ssh' for the node rather than an extensible
set of entry points (for now).
2016-02-11 09:13:21 -05:00