mirror of
https://github.com/ctripcorp/zeus.git
synced 2024-09-22 00:26:05 +08:00
update bastion and white list
This commit is contained in:
parent
0939b5db56
commit
30cce14967
|
@ -18,10 +18,14 @@ public class LocalClient {
|
|||
private static final String LOCALHOST = "http://127.0.0.1";
|
||||
private static final DynamicIntProperty nginxDyupsPort = DynamicPropertyFactory.getInstance().getIntProperty("dyups.port", 8081);
|
||||
private static final DynamicIntProperty nginxStatusPort = DynamicPropertyFactory.getInstance().getIntProperty("slb.nginx.status-port", 10001);
|
||||
private static final DynamicIntProperty upstreamStatusInterval = DynamicPropertyFactory.getInstance().getIntProperty("slb.upstream.status.interval", 1000);
|
||||
|
||||
private static final LocalClient localClient = new LocalClient();
|
||||
|
||||
private final NginxDyupsClient dyupsClient;
|
||||
private final NginxStatusClient statusClient;
|
||||
private UpstreamStatus upstreamStatus = null;
|
||||
private Long upstreamStatusDate = 0L;
|
||||
|
||||
public LocalClient() {
|
||||
dyupsClient = new NginxDyupsClient();
|
||||
|
@ -49,9 +53,14 @@ public class LocalClient {
|
|||
}
|
||||
|
||||
public UpstreamStatus getUpstreamStatus() throws IOException {
|
||||
String result = statusClient.getTarget().path("/status.json").request().get(String.class);
|
||||
System.out.println(result);
|
||||
return DefaultJsonParser.parse(UpstreamStatus.class, result);
|
||||
Long now = System.currentTimeMillis();
|
||||
if (now - upstreamStatusDate > upstreamStatusInterval.get() || upstreamStatus == null)
|
||||
{
|
||||
String result = statusClient.getTarget().path("/status.json").request().get(String.class);
|
||||
upstreamStatus = DefaultJsonParser.parse(UpstreamStatus.class, result);
|
||||
upstreamStatusDate = now;
|
||||
}
|
||||
return upstreamStatus;
|
||||
}
|
||||
|
||||
public String getStubStatus() {
|
||||
|
|
|
@ -215,25 +215,6 @@ public class ServerResource {
|
|||
|
||||
private Response memberOps(HttpHeaders hh,Long groupId,List<String> ips)throws Exception{
|
||||
|
||||
if(!activateService.isGroupActivated(groupId)){
|
||||
Group gp = groupRepository.getById(groupId);
|
||||
AssertUtils.assertNotNull(gp,"groupId not found!");
|
||||
Long slbId = gp.getGroupSlbs().get(0).getSlbId();
|
||||
|
||||
GroupStatus groupStatusList = new GroupStatus().setGroupId(groupId).setSlbName("").setSlbId(slbId);
|
||||
for (GroupServer groupServer : gp.getGroupServers()){
|
||||
groupStatusList.getGroupServerStatuses().add(new GroupServerStatus().setIp(groupServer.getIp())
|
||||
.setMember(statusService.getGroupServerStatus(slbId,gp.getId(),groupServer.getIp()))
|
||||
.setServer(statusService.getServerStatus(groupServer.getIp()))
|
||||
.setPort(groupServer.getPort())
|
||||
.setUp(false));
|
||||
}
|
||||
if (MediaType.APPLICATION_XML_TYPE.equals(hh.getMediaType())) {
|
||||
return Response.status(200).entity(String.format(GroupStatus.XML, groupStatusList)).type(MediaType.APPLICATION_XML).build();
|
||||
} else {
|
||||
return Response.status(200).entity(String.format(GroupStatus.JSON, groupStatusList)).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
//get slb by groupId and ip
|
||||
Set<Slb> slbList = new HashSet<>();
|
||||
List<Slb> tmp ;
|
||||
|
@ -245,43 +226,46 @@ public class ServerResource {
|
|||
}
|
||||
AssertUtils.assertNotEquals(0,slbList.size(),"Group or ips is not correct!");
|
||||
|
||||
for (Slb slb : slbList) {
|
||||
Long slbId = slb.getId();
|
||||
//get ticket
|
||||
int ticket = buildInfoService.getTicket(slbId);
|
||||
if (activateService.isGroupActivated(groupId))
|
||||
{
|
||||
for (Slb slb : slbList) {
|
||||
Long slbId = slb.getId();
|
||||
//get ticket
|
||||
int ticket = buildInfoService.getTicket(slbId);
|
||||
|
||||
boolean buildFlag = false;
|
||||
boolean dyopsFlag = false;
|
||||
List<DyUpstreamOpsData> dyUpstreamOpsDataList = null;
|
||||
DistLock buildLock = dbLockFactory.newLock("build_"+slbId);
|
||||
try{
|
||||
buildLock.lock(lockTimeout.get());
|
||||
buildFlag =buildService.build(slbId,ticket);
|
||||
}finally {
|
||||
buildLock.unlock();
|
||||
}
|
||||
if (buildFlag) {
|
||||
DistLock writeLock = dbLockFactory.newLock("writeAndReload_" + slbId);
|
||||
try {
|
||||
writeLock.lock(lockTimeout.get());
|
||||
//push
|
||||
dyopsFlag=nginxAgentService.writeALLToDisk(slbId);
|
||||
if (!dyopsFlag)
|
||||
{
|
||||
throw new Exception("write all to disk failed!");
|
||||
}
|
||||
} finally {
|
||||
writeLock.unlock();
|
||||
}
|
||||
}
|
||||
if (dyopsFlag){
|
||||
DistLock dyopsLock = dbLockFactory.newLock(slbId + "_" + groupId + "_dyops");
|
||||
boolean buildFlag = false;
|
||||
boolean dyopsFlag = false;
|
||||
List<DyUpstreamOpsData> dyUpstreamOpsDataList = null;
|
||||
DistLock buildLock = dbLockFactory.newLock("build_"+slbId);
|
||||
try{
|
||||
dyopsLock.lock(lockTimeout.get());
|
||||
dyUpstreamOpsDataList = nginxConfService.buildUpstream(slb, groupId);
|
||||
nginxAgentService.dyops(slbId, dyUpstreamOpsDataList);
|
||||
buildLock.lock(lockTimeout.get());
|
||||
buildFlag =buildService.build(slbId,ticket);
|
||||
}finally {
|
||||
dyopsLock.unlock();
|
||||
buildLock.unlock();
|
||||
}
|
||||
if (buildFlag) {
|
||||
DistLock writeLock = dbLockFactory.newLock("writeAndReload_" + slbId);
|
||||
try {
|
||||
writeLock.lock(lockTimeout.get());
|
||||
//push
|
||||
dyopsFlag=nginxAgentService.writeALLToDisk(slbId);
|
||||
if (!dyopsFlag)
|
||||
{
|
||||
throw new Exception("write all to disk failed!");
|
||||
}
|
||||
} finally {
|
||||
writeLock.unlock();
|
||||
}
|
||||
}
|
||||
if (dyopsFlag){
|
||||
DistLock dyopsLock = dbLockFactory.newLock(slbId + "_" + groupId + "_dyops");
|
||||
try{
|
||||
dyopsLock.lock(lockTimeout.get());
|
||||
dyUpstreamOpsDataList = nginxConfService.buildUpstream(slb, groupId);
|
||||
nginxAgentService.dyops(slbId, dyUpstreamOpsDataList);
|
||||
}finally {
|
||||
dyopsLock.unlock();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,6 +6,8 @@ import com.ctrip.zeus.model.entity.Slb;
|
|||
import com.ctrip.zeus.model.entity.VirtualServer;
|
||||
import com.ctrip.zeus.service.model.PathRewriteParser;
|
||||
import com.ctrip.zeus.util.AssertUtils;
|
||||
import com.netflix.config.DynamicPropertyFactory;
|
||||
import com.netflix.config.DynamicStringProperty;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
@ -14,6 +16,8 @@ import java.util.List;
|
|||
* @date: 3/8/2015.
|
||||
*/
|
||||
public class LocationConf {
|
||||
private static DynamicStringProperty whiteList = DynamicPropertyFactory.getInstance().getStringProperty("bastion.white.list", null);
|
||||
|
||||
public static String generate(Slb slb, VirtualServer vs, Group group, String upstreamName)throws Exception {
|
||||
StringBuilder b = new StringBuilder(1024);
|
||||
|
||||
|
@ -23,6 +27,7 @@ public class LocationConf {
|
|||
b.append("proxy_set_header X-Real-IP $remote_addr;");
|
||||
|
||||
b.append("set $upstream ").append(upstreamName).append(";\n");
|
||||
addBastionCommand(b,upstreamName);
|
||||
//rewrite should after set $upstream
|
||||
addRewriteCommand(b,slb,vs,group);
|
||||
if (group.getSsl())
|
||||
|
@ -77,4 +82,16 @@ public class LocationConf {
|
|||
// }
|
||||
}
|
||||
}
|
||||
private static void addBastionCommand(StringBuilder sb,String upstreamName){
|
||||
sb.append("if ( $cookie_bastion != \"\" )\n")
|
||||
.append("{\nset $upstream $cookie_bastion;\n}")
|
||||
.append("if ( $upstream = \"\"){")
|
||||
.append("{\nset $upstream ").append(upstreamName).append(";\n}");
|
||||
String wl = whiteList.get();
|
||||
if (null != wl && !wl.trim().equals("")&&!wl.contains("\""))
|
||||
{
|
||||
sb.append("if ( $remote_addr !~* \"").append(wl).append("\"){\n")
|
||||
.append("{\nset $upstream ").append(upstreamName).append(";\n}");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue