diff options
Diffstat (limited to 'weed/command')
| -rw-r--r-- | weed/command/filer.go | 74 | ||||
| -rw-r--r-- | weed/command/master.go | 15 | ||||
| -rw-r--r-- | weed/command/server.go | 77 | ||||
| -rw-r--r-- | weed/command/volume.go | 16 |
4 files changed, 17 insertions, 165 deletions
diff --git a/weed/command/filer.go b/weed/command/filer.go index f58e38403..0bd508e0b 100644 --- a/weed/command/filer.go +++ b/weed/command/filer.go @@ -9,7 +9,6 @@ import ( "github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/server" "github.com/chrislusf/seaweedfs/weed/util" - "strings" ) var ( @@ -32,31 +31,6 @@ type FilerOptions struct { redis_server *string redis_password *string redis_database *int - get_ip_whitelist_option *string - get_root_whitelist_option *string - head_ip_whitelist_option *string - head_root_whitelist_option *string - delete_ip_whitelist_option *string - delete_root_whitelist_option *string - put_ip_whitelist_option *string - put_root_whitelist_option *string - post_ip_whitelist_option *string - post_root_whitelist_option *string - get_secure_key *string - head_secure_key *string - delete_secure_key *string - put_secure_key *string - post_secure_key *string - get_ip_whitelist []string - get_root_whitelist []string - head_ip_whitelist []string - head_root_whitelist []string - delete_ip_whitelist []string - delete_root_whitelist []string - put_ip_whitelist []string - put_root_whitelist []string - post_ip_whitelist []string - post_root_whitelist []string } func init() { @@ -76,21 +50,6 @@ func init() { f.redis_password = cmdFiler.Flag.String("redis.password", "", "password in clear text") f.redis_database = cmdFiler.Flag.Int("redis.database", 0, "the database on the redis server") f.secretKey = cmdFiler.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)") - f.get_ip_whitelist_option = cmdFiler.Flag.String("whitelist.ip.get", "", "comma separated Ip addresses having get permission. No limit if empty.") - f.get_root_whitelist_option = cmdFiler.Flag.String("whitelist.root.get", "", "comma separated root paths having get permission. No limit if empty.") - f.head_ip_whitelist_option = cmdFiler.Flag.String("whitelist.ip.head", "", "comma separated Ip addresses having head permission. No limit if empty.") - f.head_root_whitelist_option = cmdFiler.Flag.String("whitelist.root.head", "", "comma separated root paths having head permission. No limit if empty.") - f.delete_ip_whitelist_option = cmdFiler.Flag.String("whitelist.ip.delete", "", "comma separated Ip addresses having delete permission. No limit if empty.") - f.delete_root_whitelist_option = cmdFiler.Flag.String("whitelist.root.delete", "", "comma separated root paths having delete permission. No limit if empty.") - f.put_ip_whitelist_option = cmdFiler.Flag.String("whitelist.ip.put", "", "comma separated Ip addresses having put permission. No limit if empty.") - f.put_root_whitelist_option = cmdFiler.Flag.String("whitelist.root.put", "", "comma separated root paths having put permission. No limit if empty.") - f.post_ip_whitelist_option = cmdFiler.Flag.String("whitelist.ip.post", "", "comma separated Ip addresses having post permission. No limit if empty.") - f.post_root_whitelist_option = cmdFiler.Flag.String("whitelist.root.post", "", "comma separated root paths having post permission. No limit if empty.") - f.get_secure_key = cmdFiler.Flag.String("secure.secret.get", "", "secret to encrypt Json Web Token(JWT)") - f.head_secure_key = cmdFiler.Flag.String("secure.secret.head", "", "secret to encrypt Json Web Token(JWT)") - f.delete_secure_key = cmdFiler.Flag.String("secure.secret.delete", "", "secret to encrypt Json Web Token(JWT)") - f.put_secure_key = cmdFiler.Flag.String("secure.secret.put", "", "secret to encrypt Json Web Token(JWT)") - f.post_secure_key = cmdFiler.Flag.String("secure.secret.post", "", "secret to encrypt Json Web Token(JWT)") } @@ -122,36 +81,6 @@ func runFiler(cmd *Command, args []string) bool { glog.Fatalf("Check Meta Folder (-dir) Writable %s : %s", *f.dir, err) } - if *f.get_ip_whitelist_option != "" { - f.get_ip_whitelist = strings.Split(*f.get_ip_whitelist_option, ",") - } - if *f.get_root_whitelist_option != "" { - f.get_root_whitelist = strings.Split(*f.get_root_whitelist_option, ",") - } - if *f.head_ip_whitelist_option != "" { - f.head_ip_whitelist = strings.Split(*f.head_ip_whitelist_option, ",") - } - if *f.head_root_whitelist_option != "" { - f.head_root_whitelist = strings.Split(*f.head_root_whitelist_option, ",") - } - if *f.delete_ip_whitelist_option != "" { - f.delete_ip_whitelist = strings.Split(*f.delete_ip_whitelist_option, ",") - } - if *f.delete_root_whitelist_option != "" { - f.delete_root_whitelist = strings.Split(*f.delete_root_whitelist_option, ",") - } - if *f.put_ip_whitelist_option != "" { - f.put_ip_whitelist = strings.Split(*f.put_ip_whitelist_option, ",") - } - if *f.put_root_whitelist_option != "" { - f.put_root_whitelist = strings.Split(*f.put_root_whitelist_option, ",") - } - if *f.post_ip_whitelist_option != "" { - f.post_ip_whitelist = strings.Split(*f.post_ip_whitelist_option, ",") - } - if *f.post_root_whitelist_option != "" { - f.post_root_whitelist = strings.Split(*f.post_root_whitelist_option, ",") - } r := http.NewServeMux() _, nfs_err := weed_server.NewFilerServer(r, *f.ip, *f.port, *f.master, *f.dir, *f.collection, *f.defaultReplicaPlacement, *f.redirectOnRead, *f.disableDirListing, @@ -159,9 +88,6 @@ func runFiler(cmd *Command, args []string) bool { *f.secretKey, *f.cassandra_server, *f.cassandra_keyspace, *f.redis_server, *f.redis_password, *f.redis_database, - f.get_ip_whitelist, f.head_ip_whitelist, f.delete_ip_whitelist, f.put_ip_whitelist, f.post_ip_whitelist, - f.get_root_whitelist, f.head_root_whitelist, f.delete_root_whitelist, f.put_root_whitelist, f.post_root_whitelist, - *f.get_secure_key, *f.head_secure_key, *f.delete_secure_key, *f.put_secure_key, *f.post_secure_key, ) if nfs_err != nil { glog.Fatalf("Filer startup error: %v", nfs_err) diff --git a/weed/command/master.go b/weed/command/master.go index f140750ea..cd15defce 100644 --- a/weed/command/master.go +++ b/weed/command/master.go @@ -41,13 +41,11 @@ var ( mTimeout = cmdMaster.Flag.Int("idleTimeout", 10, "connection idle seconds") mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") garbageThreshold = cmdMaster.Flag.String("garbageThreshold", "0.3", "threshold to vacuum and reclaim spaces") - masterReadWhiteListOption = cmdMaster.Flag.String("readWhiteList", "", "comma separated Ip addresses having read permission. No limit if empty.") - masterWriteWhiteListOption = cmdMaster.Flag.String("writeWhiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") + masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") masterSecureKey = cmdMaster.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)") masterCpuProfile = cmdMaster.Flag.String("cpuprofile", "", "cpu profile output file") - masterReadWhiteList []string - masterWriteWhiteList []string + masterWhiteList []string ) func runMaster(cmd *Command, args []string) bool { @@ -69,17 +67,14 @@ func runMaster(cmd *Command, args []string) bool { if err := util.TestFolderWritable(*metaFolder); err != nil { glog.Fatalf("Check Meta Folder (-mdir) Writable %s : %s", *metaFolder, err) } - if *masterReadWhiteListOption != "" { - masterReadWhiteList = strings.Split(*masterReadWhiteListOption, ",") - } - if *masterWriteWhiteListOption != "" { - masterWriteWhiteList = strings.Split(*masterWriteWhiteListOption, ",") + if *masterWhiteListOption != "" { + masterWhiteList = strings.Split(*masterWhiteListOption, ",") } r := mux.NewRouter() ms := weed_server.NewMasterServer(r, *mport, *metaFolder, *volumeSizeLimitMB, *mpulse, *confFile, *defaultReplicaPlacement, *garbageThreshold, - masterReadWhiteList, masterWriteWhiteList, nil, *masterSecureKey, + masterWhiteList, *masterSecureKey, ) listeningAddress := *masterBindIp + ":" + strconv.Itoa(*mport) diff --git a/weed/command/server.go b/weed/command/server.go index 9a19ef2af..7a6677a65 100644 --- a/weed/command/server.go +++ b/weed/command/server.go @@ -54,8 +54,7 @@ var ( serverTimeout = cmdServer.Flag.Int("idleTimeout", 10, "connection idle seconds") serverDataCenter = cmdServer.Flag.String("dataCenter", "", "current volume server's data center name") serverRack = cmdServer.Flag.String("rack", "", "current volume server's rack name") - serverReadWhiteListOption = cmdServer.Flag.String("read.whitelist", "", "comma separated Ip addresses having read permission. No limit if empty.") - serverWriteWhiteListOption = cmdServer.Flag.String("write.whitelist", "", "comma separated Ip addresses having write permission. No limit if empty.") + serverWhiteListOption = cmdServer.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") serverPeers = cmdServer.Flag.String("master.peers", "", "other master nodes in comma separated ip:masterPort list") serverSecureKey = cmdServer.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)") serverGarbageThreshold = cmdServer.Flag.String("garbageThreshold", "0.3", "threshold to vacuum and reclaim spaces") @@ -75,8 +74,7 @@ var ( volumeServerPublicUrl = cmdServer.Flag.String("volume.publicUrl", "", "publicly accessible address") isStartingFiler = cmdServer.Flag.Bool("filer", false, "whether to start filer") - serverReadWhiteList []string - serverWriteWhiteList []string + serverWhiteList []string ) func init() { @@ -84,7 +82,7 @@ func init() { filerOptions.master = cmdServer.Flag.String("filer.master", "", "default to current master server") filerOptions.collection = cmdServer.Flag.String("filer.collection", "", "all data will be stored in this collection") filerOptions.port = cmdServer.Flag.Int("filer.port", 8888, "filer server http listen port") - filerOptions.dir = cmdServer.Flag.String("filer.dir", "", "directory to store meta data, default to a 'filer' sub directory of what -mdir is specified") + filerOptions.dir = cmdServer.Flag.String("filer.dir", "", "directory to store meta data, default to a 'filer' sub directory of what -dir is specified") filerOptions.defaultReplicaPlacement = cmdServer.Flag.String("filer.defaultReplicaPlacement", "", "Default replication type if not specified during runtime.") filerOptions.redirectOnRead = cmdServer.Flag.Bool("filer.redirectOnRead", false, "whether proxy or redirect to volume server during file GET request") filerOptions.disableDirListing = cmdServer.Flag.Bool("filer.disableDirListing", false, "turn off directory listing") @@ -94,21 +92,6 @@ func init() { filerOptions.redis_server = cmdServer.Flag.String("filer.redis.server", "", "host:port of the redis server, e.g., 127.0.0.1:6379") filerOptions.redis_password = cmdServer.Flag.String("filer.redis.password", "", "redis password in clear text") filerOptions.redis_database = cmdServer.Flag.Int("filer.redis.database", 0, "the database on the redis server") - filerOptions.get_ip_whitelist_option = cmdServer.Flag.String("filer.whitelist.ip.get", "", "comma separated Ip addresses having filer GET permission. No limit if empty.") - filerOptions.get_root_whitelist_option = cmdServer.Flag.String("filer.whitelist.root.get", "", "comma separated root paths having filer GET permission. No limit if empty.") - filerOptions.head_ip_whitelist_option = cmdServer.Flag.String("filer.whitelist.ip.head", "", "comma separated Ip addresses having filer HEAD permission. No limit if empty.") - filerOptions.head_root_whitelist_option = cmdServer.Flag.String("filer.whitelist.root.head", "", "comma separated root paths having filer HEAD permission. No limit if empty.") - filerOptions.delete_ip_whitelist_option = cmdServer.Flag.String("filer.whitelist.ip.delete", "", "comma separated Ip addresses having filer DELETE permission. No limit if empty.") - filerOptions.delete_root_whitelist_option = cmdServer.Flag.String("filer.whitelist.root.delete", "", "comma separated root paths having filer DELETE permission. No limit if empty.") - filerOptions.put_ip_whitelist_option = cmdServer.Flag.String("filer.whitelist.ip.put", "", "comma separated Ip addresses having filer PUT permission. No limit if empty.") - filerOptions.put_root_whitelist_option = cmdServer.Flag.String("filer.whitelist.root.put", "", "comma separated root paths having filer PUT permission. No limit if empty.") - filerOptions.post_ip_whitelist_option = cmdServer.Flag.String("filer.whitelist.ip.post", "", "comma separated Ip addresses having filer POST permission. No limit if empty.") - filerOptions.post_root_whitelist_option = cmdServer.Flag.String("filer.whitelist.root.post", "", "comma separated root paths having filer POST permission. No limit if empty.") - filerOptions.get_secure_key = cmdServer.Flag.String("filer.secure.secret.get", "", "secret to encrypt Json Web Token(JWT)") - filerOptions.head_secure_key = cmdServer.Flag.String("filer.secure.secret.head", "", "secret to encrypt Json Web Token(JWT)") - filerOptions.delete_secure_key = cmdServer.Flag.String("filer.secure.secret.delete", "", "secret to encrypt Json Web Token(JWT)") - filerOptions.put_secure_key = cmdServer.Flag.String("filer.secure.secret.put", "", "secret to encrypt Json Web Token(JWT)") - filerOptions.post_secure_key = cmdServer.Flag.String("filer.secure.secret.post", "", "secret to encrypt Json Web Token(JWT)") } func runServer(cmd *Command, args []string) bool { @@ -171,56 +154,13 @@ func runServer(cmd *Command, args []string) bool { if err := util.TestFolderWritable(*filerOptions.dir); err != nil { glog.Fatalf("Check Mapping Meta Folder (-filer.dir=\"%s\") Writable: %s", *filerOptions.dir, err) } - if *filerOptions.get_ip_whitelist_option != "" { - glog.V(0).Infof("Filer GET IP whitelist: %s", *filerOptions.get_ip_whitelist_option) - filerOptions.get_ip_whitelist = strings.Split(*filerOptions.get_ip_whitelist_option, ",") - } - if *filerOptions.get_root_whitelist_option != "" { - glog.V(0).Infof("Filer GET root whitelist: %s", *filerOptions.get_root_whitelist_option) - filerOptions.get_root_whitelist = strings.Split(*filerOptions.get_root_whitelist_option, ",") - } - if *filerOptions.head_ip_whitelist_option != "" { - glog.V(0).Infof("Filer HEAD IP whitelist: %s", *filerOptions.head_ip_whitelist_option) - filerOptions.head_ip_whitelist = strings.Split(*filerOptions.head_ip_whitelist_option, ",") - } - if *filerOptions.head_root_whitelist_option != "" { - glog.V(0).Infof("Filer HEAD root whitelist: %s", *filerOptions.head_root_whitelist_option) - filerOptions.head_root_whitelist = strings.Split(*filerOptions.head_root_whitelist_option, ",") - } - if *filerOptions.delete_ip_whitelist_option != "" { - glog.V(0).Infof("Filer DELETE IP whitelist: %s", *filerOptions.delete_ip_whitelist_option) - filerOptions.delete_ip_whitelist = strings.Split(*filerOptions.delete_ip_whitelist_option, ",") - } - if *filerOptions.delete_root_whitelist_option != "" { - glog.V(0).Infof("Filer DELETE root whitelist: %s", *filerOptions.delete_root_whitelist_option) - filerOptions.delete_root_whitelist = strings.Split(*filerOptions.delete_root_whitelist_option, ",") - } - if *filerOptions.put_ip_whitelist_option != "" { - glog.V(0).Infof("Filer PUT IP whitelist: %s", *filerOptions.put_ip_whitelist_option) - filerOptions.put_ip_whitelist = strings.Split(*filerOptions.put_ip_whitelist_option, ",") - } - if *filerOptions.put_root_whitelist_option != "" { - glog.V(0).Infof("Filer PUT root whitelist: %s", *filerOptions.put_root_whitelist_option) - filerOptions.put_root_whitelist = strings.Split(*filerOptions.put_root_whitelist_option, ",") - } - if *filerOptions.post_ip_whitelist_option != "" { - glog.V(0).Infof("Filer POST IP whitelist: %s", *filerOptions.post_ip_whitelist_option) - filerOptions.post_ip_whitelist = strings.Split(*filerOptions.post_ip_whitelist_option, ",") - } - if *filerOptions.post_root_whitelist_option != "" { - glog.V(0).Infof("Filer POST root whitelist: %s", *filerOptions.post_root_whitelist_option) - filerOptions.post_root_whitelist = strings.Split(*filerOptions.post_root_whitelist_option, ",") - } } if err := util.TestFolderWritable(*masterMetaFolder); err != nil { glog.Fatalf("Check Meta Folder (-mdir=\"%s\") Writable: %s", *masterMetaFolder, err) } - if *serverReadWhiteListOption != "" { - serverReadWhiteList = strings.Split(*serverReadWhiteListOption, ",") - } - if *serverWriteWhiteListOption != "" { - serverWriteWhiteList = strings.Split(*serverWriteWhiteListOption, ",") + if *serverWhiteListOption != "" { + serverWhiteList = strings.Split(*serverWhiteListOption, ",") } if *isStartingFiler { @@ -234,9 +174,6 @@ func runServer(cmd *Command, args []string) bool { *filerOptions.secretKey, *filerOptions.cassandra_server, *filerOptions.cassandra_keyspace, *filerOptions.redis_server, *filerOptions.redis_password, *filerOptions.redis_database, - filerOptions.get_ip_whitelist, filerOptions.head_ip_whitelist, filerOptions.delete_ip_whitelist, filerOptions.put_ip_whitelist, filerOptions.post_ip_whitelist, - filerOptions.get_root_whitelist, filerOptions.head_root_whitelist, filerOptions.delete_root_whitelist, filerOptions.put_root_whitelist, filerOptions.post_root_whitelist, - *f.get_secure_key, *f.head_secure_key, *f.delete_secure_key, *f.put_secure_key, *f.post_secure_key, ) if nfs_err != nil { glog.Fatalf("Filer startup error: %v", nfs_err) @@ -265,7 +202,7 @@ func runServer(cmd *Command, args []string) bool { r := mux.NewRouter() ms := weed_server.NewMasterServer(r, *masterPort, *masterMetaFolder, *masterVolumeSizeLimitMB, *volumePulse, *masterConfFile, *masterDefaultReplicaPlacement, *serverGarbageThreshold, - serverReadWhiteList, serverWriteWhiteList, nil, *serverSecureKey, + serverWhiteList, *serverSecureKey, ) glog.V(0).Infoln("Start Seaweed Master", util.VERSION, "at", *serverIp+":"+strconv.Itoa(*masterPort)) @@ -319,7 +256,7 @@ func runServer(cmd *Command, args []string) bool { folders, maxCounts, volumeNeedleMapKind, *serverIp+":"+strconv.Itoa(*masterPort), *volumePulse, *serverDataCenter, *serverRack, - serverReadWhiteList, serverWriteWhiteList, nil, *volumeFixJpgOrientation, *volumeReadRedirect, + serverWhiteList, *volumeFixJpgOrientation, *volumeReadRedirect, ) glog.V(0).Infoln("Start Seaweed volume server", util.VERSION, "at", *serverIp+":"+strconv.Itoa(*volumePort)) diff --git a/weed/command/volume.go b/weed/command/volume.go index 68f5edd9e..21369cbe9 100644 --- a/weed/command/volume.go +++ b/weed/command/volume.go @@ -2,7 +2,6 @@ package command import ( "net/http" - _ "net/http/pprof" "os" "runtime" "strconv" @@ -33,8 +32,7 @@ type VolumeServerOptions struct { maxCpu *int dataCenter *string rack *string - readWhitelist []string - writeWhitelist []string + whiteList []string indexType *string fixJpgOrientation *bool readRedirect *bool @@ -69,8 +67,7 @@ var cmdVolume = &Command{ var ( volumeFolders = cmdVolume.Flag.String("dir", os.TempDir(), "directories to store data files. dir[,dir]...") maxVolumeCounts = cmdVolume.Flag.String("max", "7", "maximum numbers of volumes, count[,count]...") - volumeReadWhiteListOption = cmdVolume.Flag.String("read.whitelist", "", "comma separated Ip addresses having read permission. No limit if empty.") - volumeWriteWhiteListOption = cmdVolume.Flag.String("write.whitelist", "", "comma separated Ip addresses having write permission. No limit if empty.") + volumeWhiteListOption = cmdVolume.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") ) func runVolume(cmd *Command, args []string) bool { @@ -99,11 +96,8 @@ func runVolume(cmd *Command, args []string) bool { } //security related white list configuration - if *volumeReadWhiteListOption != "" { - v.readWhitelist = strings.Split(*volumeReadWhiteListOption, ",") - } - if *volumeWriteWhiteListOption != "" { - v.writeWhitelist = strings.Split(*volumeWriteWhiteListOption, ",") + if *volumeWhiteListOption != "" { + v.whiteList = strings.Split(*volumeWhiteListOption, ",") } if *v.ip == "" { @@ -136,7 +130,7 @@ func runVolume(cmd *Command, args []string) bool { v.folders, v.folderMaxLimits, volumeNeedleMapKind, *v.master, *v.pulseSeconds, *v.dataCenter, *v.rack, - v.readWhitelist, v.writeWhitelist, nil, + v.whiteList, *v.fixJpgOrientation, *v.readRedirect, ) |