clusterlabs / hawk-apiserver Goto Github PK

View Code? Open in Web Editor NEW

12.0 16.0 11.0 1.26 MB

Next generation HA cluster interface

License: GNU General Public License v3.0

Go 92.09% Shell 7.18% Makefile 0.73%

hawk-apiserver's Introduction

Hawk API Server

HTTPS API server / minimalist web proxy for Hawk.

Table of content

Rationale
Devel
Usage
Features

Rationale

This project currently provides a minimalistic web server which handles SSL certificate termination, proxying and static file serving for HAWK

The primary goal for this project is to provide the minimal web server needed by Hawk while consuming as few system resources as possible. Second, it provides the /monitor API endpoint which handles long-lived connections from the frontend to enable instant updates of the interface on cluster events, leveraged by go-pacemaker

The API server is still under its basic development phase.

Devel

Dependencies:

following pkgs: libqb-devel libpacemaker-devel.

Use make to interact with the standards dev lifecycle.

Generating an SSL certificates:

SSLGEN_KEY=hawk.key SSLGEN_CERT=hawk.pem ./tools/generate-ssl-cert

Usage:

The hawk-api-server is used currently mainly for hawk usage purposes, and in future as API-server.

Configuration

Pass -config <config> as an argument to give the server a configuration file. The format is a json dictionary with key / value pairs.

The available configuration values are described below. If a value is set both in the configuration file and in a command line argument, the command line argument takes precedence.

key: Path to SSL key. (argument: -key)
cert: Path to SSL certificate. (argument: -cert)
port: TCP port to listen to for connections. (argument: -port)
route: List of json maps that configure the routing table.

The route format is very limited and adapted to serving hawk, but enable reconfiguration of the exact paths to certificates, files and sockets.

Example:

{
  "key": "/etc/hawk/hawk.key",
  "cert": "/etc/hawk/hawk.pem",
  "port": 7630,
  "route": [
    {
      "handler": "monitor",
      "path": "/monitor"
    },
    {
      "handler": "file",
      "path": "/",
      "target": "/usr/share/hawk/public"
    },
    {
      "handler": "proxy",
      "path": "/",
      "target": "unix:///var/run/hawk/app.sock"
    }
  ]
}

Features:

HTTPS server
reverse proxy
/monitor API endpoint which handles long-lived connections from the frontend to enable instant updates of the interface on cluster events.

Authentication

Basic auth: Get user:password from HTTP headers. Map to system user. Verify that system user is a member of the haclient group.
Cookie auth (cookie created by hawk rails app): If a valid cookie is found in the HTTP headers, this is accepted as authentication. Session cookie is stored in attrd.

hawk-apiserver's People

Contributors

Stargazers

Watchers

Forkers

disence liangxin1300 ayoub-belarbi krig fdsmax diegoakechi mallozup igamemedia zht750808 aleksei-burlakov petrpavlu

hawk-apiserver's Issues

Replace travis with github actions

unify the hawk-apiserver with github action and introduce the test .

After release

[Discussion] Keep url path for short

About PR #5
From my opinion, "/configuration/" prefix is not necessary.
I think keep the url path short and simple is fine.

"Method Path" like these is easy to remeber:

GET/POST/PUT/DELETE  api/v1/nodes
GET/POST/PUT/DELETE  api/v1/resources

Instead of:

GET/POST/PUT/DELETE  api/v1/configuration/nodes
GET/POST/PUT/DELETE  api/v1/configuration/resources

If we do not have some necessary reason like short path will have namespace or name conflict problem,
I suggest keep it for short

How to authenticate using hawk rest api?

Can anyone tell me how to authenticate to hawk using the rest apis

The duplicate warning/error will output for every 5 seconds.

Will output "Failed to connect to Pacemaker: -107: ENOTCONN Transport endpoint is not connected" for every 5 secs if pacemaker is stopped. Similar issues like "Failed to query CIB" and "Failed to subscribe"

Unnecessary to output the duplicate warning, or have a threshold for the numbers.

go get fails

Maybe some problems with the submodule config?

$ go get github.com/ClusterLabs/hawk-apiserver/
# cd /home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver; git submodule update --init --recursive
Submodule 'vendor/github.com/krig/go-pacemaker' ([email protected]:krig/go-pacemaker) registered for path 'vendor/github.com/krig/go-pacemaker'
Submodule 'vendor/github.com/sirupsen/logrus' ([email protected]:sirupsen/logrus) registered for path 'vendor/github.com/sirupsen/logrus'
Submodule 'vendor/golang.org/x/crypto' ([email protected]:golang/crypto) registered for path 'vendor/golang.org/x/crypto'
Submodule 'vendor/golang.org/x/net' ([email protected]:golang/net) registered for path 'vendor/golang.org/x/net'
Submodule 'vendor/golang.org/x/sys' ([email protected]:golang/sys) registered for path 'vendor/golang.org/x/sys'
Submodule 'vendor/gopkg.in/xmlpath.v2' ([email protected]:go-xmlpath/xmlpath.git) registered for path 'vendor/gopkg.in/xmlpath.v2'
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/krig/go-pacemaker'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:krig/go-pacemaker' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/krig/go-pacemaker' failed
Failed to clone 'vendor/github.com/krig/go-pacemaker'. Retry scheduled
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/sirupsen/logrus'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:sirupsen/logrus' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/sirupsen/logrus' failed
Failed to clone 'vendor/github.com/sirupsen/logrus'. Retry scheduled
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/sys'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:golang/sys' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/sys' failed
Failed to clone 'vendor/golang.org/x/sys'. Retry scheduled
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/crypto'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:golang/crypto' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/crypto' failed
Failed to clone 'vendor/golang.org/x/crypto'. Retry scheduled
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/net'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:golang/net' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/net' failed
Failed to clone 'vendor/golang.org/x/net'. Retry scheduled
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/net'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:golang/net' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/net' failed
Failed to clone 'vendor/golang.org/x/net' a second time, aborting
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/gopkg.in/xmlpath.v2'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:go-xmlpath/xmlpath.git' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/gopkg.in/xmlpath.v2' failed
Failed to clone 'vendor/gopkg.in/xmlpath.v2'. Retry scheduled
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/sirupsen/logrus'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:sirupsen/logrus' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/sirupsen/logrus' failed
Failed to clone 'vendor/github.com/sirupsen/logrus' a second time, aborting
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/krig/go-pacemaker'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:krig/go-pacemaker' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/github.com/krig/go-pacemaker' failed
Failed to clone 'vendor/github.com/krig/go-pacemaker' a second time, aborting
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/sys'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:golang/sys' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/sys' failed
Failed to clone 'vendor/golang.org/x/sys' a second time, aborting
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/crypto'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:golang/crypto' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/golang.org/x/crypto' failed
Failed to clone 'vendor/golang.org/x/crypto' a second time, aborting
Cloning into '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/gopkg.in/xmlpath.v2'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:go-xmlpath/xmlpath.git' into submodule path '/home/vvidic/go/src/github.com/ClusterLabs/hawk-apiserver/vendor/gopkg.in/xmlpath.v2' failed
Failed to clone 'vendor/gopkg.in/xmlpath.v2' a second time, aborting
package github.com/ClusterLabs/hawk-apiserver: exit status 1

feature: Unix socket reverse proxy support

this was originatelly from Readme.md

@krig maybe you could add more inside infos here.

( I plan to remove the todos from readme.md)

move external python script into tools directory

We should not depends from custom tools for generating the xml structs.

We should import the python script into this repo and tools directory, so we don't have external dependency to repos.

https://github.com/ClusterLabs/hawk-apiserver#generating-the-api-structures

Event subscription

There should be some way to subscribe to CIB events via the API.

Exactly what form this should take (WebSockets, long polling, etc.)
remains to be decided.

remove non-upstream project dep

Description:

currently we use this

https://github.com/ClusterLabs/hawk-apiserver/blob/master/cib/asynccib.go#L5

and also in vendor.

We should switch in codebase and vendor to official pkgs upstream ClusterLabs

setup ci

Setting up CI for Hawk-apiserver and Hawk ci when possible

Missing 'HttpOnly' Cookie Attribute (HTTP) for hawk-apiserver

hawk-apiserver running on port 7630 is showing security warning Missing 'HttpOnly' Cookie Attribute (HTTP). Is there a way to enable httponly cookie on this configuration.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.