mirror of
https://github.com/ctripcorp/zeus.git
synced 2024-09-22 00:26:05 +08:00
update bastion and white list
This commit is contained in:
parent
0939b5db56
commit
30cce14967
|
@ -18,10 +18,14 @@ public class LocalClient {
|
||||||
private static final String LOCALHOST = "http://127.0.0.1";
|
private static final String LOCALHOST = "http://127.0.0.1";
|
||||||
private static final DynamicIntProperty nginxDyupsPort = DynamicPropertyFactory.getInstance().getIntProperty("dyups.port", 8081);
|
private static final DynamicIntProperty nginxDyupsPort = DynamicPropertyFactory.getInstance().getIntProperty("dyups.port", 8081);
|
||||||
private static final DynamicIntProperty nginxStatusPort = DynamicPropertyFactory.getInstance().getIntProperty("slb.nginx.status-port", 10001);
|
private static final DynamicIntProperty nginxStatusPort = DynamicPropertyFactory.getInstance().getIntProperty("slb.nginx.status-port", 10001);
|
||||||
|
private static final DynamicIntProperty upstreamStatusInterval = DynamicPropertyFactory.getInstance().getIntProperty("slb.upstream.status.interval", 1000);
|
||||||
|
|
||||||
private static final LocalClient localClient = new LocalClient();
|
private static final LocalClient localClient = new LocalClient();
|
||||||
|
|
||||||
private final NginxDyupsClient dyupsClient;
|
private final NginxDyupsClient dyupsClient;
|
||||||
private final NginxStatusClient statusClient;
|
private final NginxStatusClient statusClient;
|
||||||
|
private UpstreamStatus upstreamStatus = null;
|
||||||
|
private Long upstreamStatusDate = 0L;
|
||||||
|
|
||||||
public LocalClient() {
|
public LocalClient() {
|
||||||
dyupsClient = new NginxDyupsClient();
|
dyupsClient = new NginxDyupsClient();
|
||||||
|
@ -49,9 +53,14 @@ public class LocalClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public UpstreamStatus getUpstreamStatus() throws IOException {
|
public UpstreamStatus getUpstreamStatus() throws IOException {
|
||||||
String result = statusClient.getTarget().path("/status.json").request().get(String.class);
|
Long now = System.currentTimeMillis();
|
||||||
System.out.println(result);
|
if (now - upstreamStatusDate > upstreamStatusInterval.get() || upstreamStatus == null)
|
||||||
return DefaultJsonParser.parse(UpstreamStatus.class, result);
|
{
|
||||||
|
String result = statusClient.getTarget().path("/status.json").request().get(String.class);
|
||||||
|
upstreamStatus = DefaultJsonParser.parse(UpstreamStatus.class, result);
|
||||||
|
upstreamStatusDate = now;
|
||||||
|
}
|
||||||
|
return upstreamStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getStubStatus() {
|
public String getStubStatus() {
|
||||||
|
|
|
@ -215,25 +215,6 @@ public class ServerResource {
|
||||||
|
|
||||||
private Response memberOps(HttpHeaders hh,Long groupId,List<String> ips)throws Exception{
|
private Response memberOps(HttpHeaders hh,Long groupId,List<String> ips)throws Exception{
|
||||||
|
|
||||||
if(!activateService.isGroupActivated(groupId)){
|
|
||||||
Group gp = groupRepository.getById(groupId);
|
|
||||||
AssertUtils.assertNotNull(gp,"groupId not found!");
|
|
||||||
Long slbId = gp.getGroupSlbs().get(0).getSlbId();
|
|
||||||
|
|
||||||
GroupStatus groupStatusList = new GroupStatus().setGroupId(groupId).setSlbName("").setSlbId(slbId);
|
|
||||||
for (GroupServer groupServer : gp.getGroupServers()){
|
|
||||||
groupStatusList.getGroupServerStatuses().add(new GroupServerStatus().setIp(groupServer.getIp())
|
|
||||||
.setMember(statusService.getGroupServerStatus(slbId,gp.getId(),groupServer.getIp()))
|
|
||||||
.setServer(statusService.getServerStatus(groupServer.getIp()))
|
|
||||||
.setPort(groupServer.getPort())
|
|
||||||
.setUp(false));
|
|
||||||
}
|
|
||||||
if (MediaType.APPLICATION_XML_TYPE.equals(hh.getMediaType())) {
|
|
||||||
return Response.status(200).entity(String.format(GroupStatus.XML, groupStatusList)).type(MediaType.APPLICATION_XML).build();
|
|
||||||
} else {
|
|
||||||
return Response.status(200).entity(String.format(GroupStatus.JSON, groupStatusList)).type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
//get slb by groupId and ip
|
//get slb by groupId and ip
|
||||||
Set<Slb> slbList = new HashSet<>();
|
Set<Slb> slbList = new HashSet<>();
|
||||||
List<Slb> tmp ;
|
List<Slb> tmp ;
|
||||||
|
@ -245,43 +226,46 @@ public class ServerResource {
|
||||||
}
|
}
|
||||||
AssertUtils.assertNotEquals(0,slbList.size(),"Group or ips is not correct!");
|
AssertUtils.assertNotEquals(0,slbList.size(),"Group or ips is not correct!");
|
||||||
|
|
||||||
for (Slb slb : slbList) {
|
if (activateService.isGroupActivated(groupId))
|
||||||
Long slbId = slb.getId();
|
{
|
||||||
//get ticket
|
for (Slb slb : slbList) {
|
||||||
int ticket = buildInfoService.getTicket(slbId);
|
Long slbId = slb.getId();
|
||||||
|
//get ticket
|
||||||
|
int ticket = buildInfoService.getTicket(slbId);
|
||||||
|
|
||||||
boolean buildFlag = false;
|
boolean buildFlag = false;
|
||||||
boolean dyopsFlag = false;
|
boolean dyopsFlag = false;
|
||||||
List<DyUpstreamOpsData> dyUpstreamOpsDataList = null;
|
List<DyUpstreamOpsData> dyUpstreamOpsDataList = null;
|
||||||
DistLock buildLock = dbLockFactory.newLock("build_"+slbId);
|
DistLock buildLock = dbLockFactory.newLock("build_"+slbId);
|
||||||
try{
|
|
||||||
buildLock.lock(lockTimeout.get());
|
|
||||||
buildFlag =buildService.build(slbId,ticket);
|
|
||||||
}finally {
|
|
||||||
buildLock.unlock();
|
|
||||||
}
|
|
||||||
if (buildFlag) {
|
|
||||||
DistLock writeLock = dbLockFactory.newLock("writeAndReload_" + slbId);
|
|
||||||
try {
|
|
||||||
writeLock.lock(lockTimeout.get());
|
|
||||||
//push
|
|
||||||
dyopsFlag=nginxAgentService.writeALLToDisk(slbId);
|
|
||||||
if (!dyopsFlag)
|
|
||||||
{
|
|
||||||
throw new Exception("write all to disk failed!");
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
writeLock.unlock();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (dyopsFlag){
|
|
||||||
DistLock dyopsLock = dbLockFactory.newLock(slbId + "_" + groupId + "_dyops");
|
|
||||||
try{
|
try{
|
||||||
dyopsLock.lock(lockTimeout.get());
|
buildLock.lock(lockTimeout.get());
|
||||||
dyUpstreamOpsDataList = nginxConfService.buildUpstream(slb, groupId);
|
buildFlag =buildService.build(slbId,ticket);
|
||||||
nginxAgentService.dyops(slbId, dyUpstreamOpsDataList);
|
|
||||||
}finally {
|
}finally {
|
||||||
dyopsLock.unlock();
|
buildLock.unlock();
|
||||||
|
}
|
||||||
|
if (buildFlag) {
|
||||||
|
DistLock writeLock = dbLockFactory.newLock("writeAndReload_" + slbId);
|
||||||
|
try {
|
||||||
|
writeLock.lock(lockTimeout.get());
|
||||||
|
//push
|
||||||
|
dyopsFlag=nginxAgentService.writeALLToDisk(slbId);
|
||||||
|
if (!dyopsFlag)
|
||||||
|
{
|
||||||
|
throw new Exception("write all to disk failed!");
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
writeLock.unlock();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (dyopsFlag){
|
||||||
|
DistLock dyopsLock = dbLockFactory.newLock(slbId + "_" + groupId + "_dyops");
|
||||||
|
try{
|
||||||
|
dyopsLock.lock(lockTimeout.get());
|
||||||
|
dyUpstreamOpsDataList = nginxConfService.buildUpstream(slb, groupId);
|
||||||
|
nginxAgentService.dyops(slbId, dyUpstreamOpsDataList);
|
||||||
|
}finally {
|
||||||
|
dyopsLock.unlock();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,8 @@ import com.ctrip.zeus.model.entity.Slb;
|
||||||
import com.ctrip.zeus.model.entity.VirtualServer;
|
import com.ctrip.zeus.model.entity.VirtualServer;
|
||||||
import com.ctrip.zeus.service.model.PathRewriteParser;
|
import com.ctrip.zeus.service.model.PathRewriteParser;
|
||||||
import com.ctrip.zeus.util.AssertUtils;
|
import com.ctrip.zeus.util.AssertUtils;
|
||||||
|
import com.netflix.config.DynamicPropertyFactory;
|
||||||
|
import com.netflix.config.DynamicStringProperty;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -14,6 +16,8 @@ import java.util.List;
|
||||||
* @date: 3/8/2015.
|
* @date: 3/8/2015.
|
||||||
*/
|
*/
|
||||||
public class LocationConf {
|
public class LocationConf {
|
||||||
|
private static DynamicStringProperty whiteList = DynamicPropertyFactory.getInstance().getStringProperty("bastion.white.list", null);
|
||||||
|
|
||||||
public static String generate(Slb slb, VirtualServer vs, Group group, String upstreamName)throws Exception {
|
public static String generate(Slb slb, VirtualServer vs, Group group, String upstreamName)throws Exception {
|
||||||
StringBuilder b = new StringBuilder(1024);
|
StringBuilder b = new StringBuilder(1024);
|
||||||
|
|
||||||
|
@ -23,6 +27,7 @@ public class LocationConf {
|
||||||
b.append("proxy_set_header X-Real-IP $remote_addr;");
|
b.append("proxy_set_header X-Real-IP $remote_addr;");
|
||||||
|
|
||||||
b.append("set $upstream ").append(upstreamName).append(";\n");
|
b.append("set $upstream ").append(upstreamName).append(";\n");
|
||||||
|
addBastionCommand(b,upstreamName);
|
||||||
//rewrite should after set $upstream
|
//rewrite should after set $upstream
|
||||||
addRewriteCommand(b,slb,vs,group);
|
addRewriteCommand(b,slb,vs,group);
|
||||||
if (group.getSsl())
|
if (group.getSsl())
|
||||||
|
@ -77,4 +82,16 @@ public class LocationConf {
|
||||||
// }
|
// }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
private static void addBastionCommand(StringBuilder sb,String upstreamName){
|
||||||
|
sb.append("if ( $cookie_bastion != \"\" )\n")
|
||||||
|
.append("{\nset $upstream $cookie_bastion;\n}")
|
||||||
|
.append("if ( $upstream = \"\"){")
|
||||||
|
.append("{\nset $upstream ").append(upstreamName).append(";\n}");
|
||||||
|
String wl = whiteList.get();
|
||||||
|
if (null != wl && !wl.trim().equals("")&&!wl.contains("\""))
|
||||||
|
{
|
||||||
|
sb.append("if ( $remote_addr !~* \"").append(wl).append("\"){\n")
|
||||||
|
.append("{\nset $upstream ").append(upstreamName).append(";\n}");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue