Documentation
¶
Index ¶
- Constants
- Variables
- type AppConfig
- type ConsulConfig
- type Hooks
- type KeyringAuth
- type LogDestination
- type ManifestPair
- type ManifestVerification
- type Pod
- type PodStatusStore
- type Preparer
- func (p *Preparer) BuildRealityAtLaunch() error
- func (p *Preparer) Close()
- func (p *Preparer) InstallHooks() error
- func (p *Preparer) ProceedPodWhitelist(preparerConfig *PreparerConfig) (map[types.PodID]bool, error)
- func (p *Preparer) WatchForPodManifestsForNode(quitAndAck chan struct{})
- func (p *Preparer) ZipResultSets(intent []consul.ManifestResult, reality []consul.ManifestResult) []ManifestPair
- type PreparerConfig
- type StatusServer
- type Store
- type UserAuth
Constants ¶
View Source
const ( DefaultConsulAddress = "127.0.0.1:8500" // Can be provided in place of the hook manifest in config to instruct // the preparer to start without hooks. NoHooksSentinelValue = "no_hooks" )
DefaultConsulAddress is the default location for Consul when none is configured. TODO: IPv6
Variables ¶
View Source
var NoServerConfigured = fmt.Errorf("No status server was configured")
Functions ¶
This section is empty.
Types ¶
type AppConfig ¶
type AppConfig struct {
P2PreparerConfig PreparerConfig `yaml:"preparer"`
}
type ConsulConfig ¶
type ConsulConfig struct {
// WaitTime specifies the timeout length for HTTP watches on consul. Longer
// values mean longer lived requests and therefore lower QPS and bandwidth
// usage when there are infrequent changes to the watched data
WatchWaitTime time.Duration `yaml:"watch_wait_time"`
}
ConsulConfig encapsulates config options related to how p2-preparer interacts with consul. TODO: move ConsulAddress, ConsulHttps, ConsulTokenPath here.
type KeyringAuth ¶
type KeyringAuth struct {
Type string
KeyringPath string `yaml:"keyring,omitempty"`
AuthorizedDeployers []string `yaml:"authorized_deployers,omitempty"`
}
Configuration fields for the "keyring" auth type
type LogDestination ¶
type ManifestPair ¶
type ManifestPair struct {
// save the ID in a separate field, so that the user of this object doesn't
// have to check both manifests
ID types.PodID
Intent manifest.Manifest
Reality manifest.Manifest
// Used to determine where reality came from (and should be written to). If nil,
// reality should be written to the /reality tree. If non-nil, status should be
// written to the pod status store
PodUniqueKey types.PodUniqueKey
}
type ManifestVerification ¶
type ManifestVerification struct {
Type string
KeyringPath string `yaml:"keyring,omitempty"`
AllowedSigners []string `yaml:"allowed_signers"`
}
--- Artifact verification strategies ---
The type matches one of the auth.Verify* constants
"type: none" - no artifact verification is done "type: build" - checks that builds have a corresponding signature "type: manifest" - checks that builds have corresponding digest manifest and
manifest signature files.
"type: either" - checks that one of "build" or "manifest" strategies pass.
type Pod ¶
type Pod interface {
hooks.Pod
Launch(manifest.Manifest) (bool, error)
Install(manifest.Manifest, auth.ArtifactVerifier, artifact.Registry, string, []string) error
Uninstall() error
Verify(manifest.Manifest, auth.Policy) error
Halt(man manifest.Manifest, force bool) (bool, error)
Prune(size.ByteCount, manifest.Manifest)
}
type PodStatusStore ¶
type Preparer ¶
type Preparer struct {
Logger logging.Logger
// Exported so it can be checked for nil (it only runs if configured)
// and quit channel conditially created
PodProcessReporter *podprocess.Reporter
// contains filtered or unexported fields
}
func (*Preparer) BuildRealityAtLaunch ¶
func (*Preparer) Close ¶
func (p *Preparer) Close()
Close() releases any resources held by a Preparer.
func (*Preparer) InstallHooks ¶
func (*Preparer) ProceedPodWhitelist ¶
func (*Preparer) WatchForPodManifestsForNode ¶
func (p *Preparer) WatchForPodManifestsForNode(quitAndAck chan struct{})
func (*Preparer) ZipResultSets ¶
func (p *Preparer) ZipResultSets(intent []consul.ManifestResult, reality []consul.ManifestResult) []ManifestPair
A ManifestResult may have either a non-nil Manifest OR a non-nil *PodUniqueKey. This function assumes that there will not be duplicate PodIDs (i.e. Manifest.ID()) or PodUniqueKeys in the same slice, and the behavior is undefined if this were to occur.
type PreparerConfig ¶
type PreparerConfig struct {
NodeName types.NodeName `yaml:"node_name"`
ConsulAddress string `yaml:"consul_address"`
ConsulHttps bool `yaml:"consul_https,omitempty"`
ConsulTokenPath string `yaml:"consul_token_path,omitempty"`
HTTP2 bool `yaml:"http2,omitempty"`
HooksDirectory string `yaml:"hooks_directory"`
CAFile string `yaml:"ca_file,omitempty"`
CertFile string `yaml:"cert_file,omitempty"`
KeyFile string `yaml:"key_file,omitempty"`
PodRoot string `yaml:"pod_root,omitempty"`
RequireFile string `yaml:"require_file,omitempty"`
PodWhitelistFile string `yaml:"pod_whitelist_file,omitempty"`
StatusPort int `yaml:"status_port"`
StatusSocket string `yaml:"status_socket"`
Auth map[string]interface{} `yaml:"auth,omitempty"`
ArtifactAuth map[string]interface{} `yaml:"artifact_auth,omitempty"`
ExtraLogDestinations []LogDestination `yaml:"extra_log_destinations,omitempty"`
LogLevel string `yaml:"log_level,omitempty"`
MaxLaunchableDiskUsage string `yaml:"max_launchable_disk_usage"`
LogExec []string `yaml:"log_exec,omitempty"`
LogBridgeBlacklist []string `yaml:"log_bridge_blacklist,omitempty"`
ArtifactRegistryURL string `yaml:"artifact_registry_url,omitempty"`
DockerHost string `yaml:"docker_host,omitempty"`
ContainerRegistryJsonKeyFile string `yaml:"container_json_key_file,omitempty"`
// UnixSocketPathEnvVar is a path to a unix socket that, when set, will be
// dialed by the http client used for Consul communication
UnixSocketPathEnvVar string `yaml:"unix_socket_path_env_var,omitempty"`
// ConsulHost will be set as the http.Request.Host for all Consul
// requests when the preparer is configured to dial a unix socket for
// communication with Consul
ConsulHost string `yaml:"consul_host_header,omitempty"`
// AdditionalConsulHeaders will all be set as headers for Consul requests
// when the preparer is configured to dial a unix socket for Consul
// communication
AdditionalConsulHeaders map[string]string `yaml:"additional_consul_headers"`
// Directories that are allowed to be launched by this preparer
DockerImageDirectoryWhitelist []string `yaml:"docker_image_directory_whitelist,omitempty"`
ConsulConfig ConsulConfig `yaml:"consul_config,omitempty"`
OSVersionFile string `yaml:"os_version_file,omitempty"`
ReadOnlyDeploys bool `yaml:"read_only_deploys"`
ReadOnlyWhitelist []types.PodID `yaml:"read_only_whitelist"`
ReadOnlyBlacklist []types.PodID `yaml:"read_only_blacklist"`
// The pod manifest to use for hooks. If no hooks are desired, use the
// NoHooksSentinelValue constant to indicate that there aren't any
HooksManifest string `yaml:"hooks_manifest,omitempty"`
// List of required hooks. Otherwise a deploy should retry.
HooksRequired []string `yaml:"hooks_required"`
// Configures reporting the exit status of processes started by a pod to Consul
PodProcessReporterConfig podprocess.ReporterConfig `yaml:"process_result_reporter_config"`
// Params defines a collection of miscellaneous runtime parameters defined throughout the
// source files.
Params param.Values `yaml:"params"`
// HTTPTimeout is the timeout that will be set on the preparer's HTTP
// client. This is pretty coarse grained at the moment, it's possibly
// desirable to be able to set a different HTTP timeout for different
// clients, e.g. consul client vs artifact downloader
HTTPTimeout time.Duration `yaml:"http_timeout"`
// IdleConnTimeout will be set on the preparer's HTTP client transport.
IdleConnTimeout time.Duration `yaml:"idle_conn_timeout"`
// contains filtered or unexported fields
}
func LoadConfig ¶
func LoadConfig(configPath string) (*PreparerConfig, error)
LoadConfig reads the preparer's configuration from a file.
func UnmarshalConfig ¶
func UnmarshalConfig(config []byte) (*PreparerConfig, error)
UnmarshalConfig reads the preparer's configuration from its bytes.
func (*PreparerConfig) GetConsulClient ¶
func (c *PreparerConfig) GetConsulClient() (consulutil.ConsulClient, error)
func (*PreparerConfig) GetInsecureClient ¶
type StatusServer ¶
type StatusServer struct {
Exit chan error
// contains filtered or unexported fields
}
StatusServer exposes a unix socket server that can be queried for the health of the preparer. This is useful because the preparer typically runs as root so it's preferable to expose a unix socket rather than a tcp port.
func NewStatusServer ¶
func (*StatusServer) Close ¶
func (s *StatusServer) Close() error
func (*StatusServer) Serve ¶
func (s *StatusServer) Serve()
type Store ¶
type Store interface {
ListPods(podPrefix consul.PodPrefix, nodeName types.NodeName) ([]consul.ManifestResult, time.Duration, error)
SetPod(podPrefix consul.PodPrefix, nodeName types.NodeName, podManifest manifest.Manifest) (time.Duration, error)
Pod(podPrefix consul.PodPrefix, nodeName types.NodeName, podId types.PodID) (manifest.Manifest, time.Duration, error)
DeletePod(podPrefix consul.PodPrefix, nodeName types.NodeName, podId types.PodID) (time.Duration, error)
WatchPods(
podPrefix consul.PodPrefix,
nodeName types.NodeName,
quitChan <-chan struct{},
errorChan chan<- error,
podChan chan<- []consul.ManifestResult,
)
}
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
This package provides a Reporter which scans a sqlite database for process exit information, writing it to the consul datastore.
|
This package provides a Reporter which scans a sqlite database for process exit information, writing it to the consul datastore. |
Click to show internal directories.
Click to hide internal directories.