Retry connection in import-export daemon

[ganeti-local] / daemons / import-export

#!/usr/bin/python
#

# Copyright (C) 2010 Google Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.


"""Import/export daemon.

"""

# pylint: disable-msg=C0103
# C0103: Invalid name import-export

import errno
import logging
import optparse
import os
import re
import select
import signal
import socket
import subprocess
import sys
import time
from cStringIO import StringIO

from ganeti import constants
from ganeti import cli
from ganeti import utils
from ganeti import serializer
from ganeti import objects
from ganeti import locking


#: Used to recognize point at which socat(1) starts to listen on its socket.
#: The local address is required for the remote peer to connect (in particular
#: the port number).
LISTENING_RE = re.compile(r"^listening on\s+"
                          r"AF=(?P<family>\d+)\s+"
                          r"(?P<address>.+):(?P<port>\d+)$", re.I)

#: Used to recognize point at which socat(1) is sending data over the wire
TRANSFER_LOOP_RE = re.compile(r"^starting data transfer loop with FDs\s+.*$",
                              re.I)

SOCAT_LOG_DEBUG = "D"
SOCAT_LOG_INFO = "I"
SOCAT_LOG_NOTICE = "N"
SOCAT_LOG_WARNING = "W"
SOCAT_LOG_ERROR = "E"
SOCAT_LOG_FATAL = "F"

SOCAT_LOG_IGNORE = frozenset([
  SOCAT_LOG_DEBUG,
  SOCAT_LOG_INFO,
  SOCAT_LOG_NOTICE,
  ])

#: Socat buffer size: at most this many bytes are transferred per step
SOCAT_BUFSIZE = 1024 * 1024

#: How many lines to keep in the status file
MAX_RECENT_OUTPUT_LINES = 20

#: Don't update status file more than once every 5 seconds (unless forced)
MIN_UPDATE_INTERVAL = 5.0

#: Give child process up to 5 seconds to exit after sending a signal
CHILD_LINGER_TIMEOUT = 5.0

#: How long to wait for a connection to be established
DEFAULT_CONNECT_TIMEOUT = 60

# Common options for socat
SOCAT_TCP_OPTS = ["keepalive", "keepidle=60", "keepintvl=10", "keepcnt=5"]
SOCAT_OPENSSL_OPTS = ["verify=1", "cipher=HIGH", "method=TLSv1"]


# Global variable for options
options = None


class Error(Exception):
  """Generic exception"""


def SetupLogging():
  """Configures the logging module.

  """
  formatter = logging.Formatter("%(asctime)s: %(message)s")

  stderr_handler = logging.StreamHandler()
  stderr_handler.setFormatter(formatter)
  stderr_handler.setLevel(logging.NOTSET)

  root_logger = logging.getLogger("")
  root_logger.addHandler(stderr_handler)

  if options.debug:
    root_logger.setLevel(logging.NOTSET)
  elif options.verbose:
    root_logger.setLevel(logging.INFO)
  else:
    root_logger.setLevel(logging.ERROR)

  # Create special logger for child process output
  child_logger = logging.Logger("child output")
  child_logger.addHandler(stderr_handler)
  child_logger.setLevel(logging.NOTSET)

  return child_logger


def _VerifyListening(family, address, port):
  """Verify address given as listening address by socat.

  """
  # TODO: Implement IPv6 support
  if family != socket.AF_INET:
    raise Error("Address family %r not supported" % family)

  try:
    packed_address = socket.inet_pton(family, address)
  except socket.error:
    raise Error("Invalid address %r for family %s" % (address, family))

  return (socket.inet_ntop(family, packed_address), port)


class StatusFile:
  """Status file manager.

  """
  def __init__(self, path):
    """Initializes class.

    """
    self._path = path
    self._data = objects.ImportExportStatus(ctime=time.time(),
                                            mtime=None,
                                            recent_output=[])

  def AddRecentOutput(self, line):
    """Adds a new line of recent output.

    """
    self._data.recent_output.append(line)

    # Remove old lines
    del self._data.recent_output[:-MAX_RECENT_OUTPUT_LINES]

  def SetListenPort(self, port):
    """Sets the port the daemon is listening on.

    @type port: int
    @param port: TCP/UDP port

    """
    assert isinstance(port, (int, long)) and 0 < port < 2**16
    self._data.listen_port = port

  def GetListenPort(self):
    """Returns the port the daemon is listening on.

    """
    return self._data.listen_port

  def SetConnected(self):
    """Sets the connected flag.

    """
    self._data.connected = True

  def GetConnected(self):
    """Determines whether the daemon is connected.

    """
    return self._data.connected

  def SetExitStatus(self, exit_status, error_message):
    """Sets the exit status and an error message.

    """
    # Require error message when status isn't 0
    assert exit_status == 0 or error_message

    self._data.exit_status = exit_status
    self._data.error_message = error_message

  def ExitStatusIsSuccess(self):
    """Returns whether the exit status means "success".

    """
    return not bool(self._data.error_message)

  def Update(self, force):
    """Updates the status file.

    @type force: bool
    @param force: Write status file in any case, not only when minimum interval
                  is expired

    """
    if not (force or
            self._data.mtime is None or
            time.time() > (self._data.mtime + MIN_UPDATE_INTERVAL)):
      return

    logging.debug("Updating status file %s", self._path)

    self._data.mtime = time.time()
    utils.WriteFile(self._path,
                    data=serializer.DumpJson(self._data.ToDict(), indent=True),
                    mode=0400)


def _ProcessSocatOutput(status_file, level, msg):
  """Interprets socat log output.

  """
  if level == SOCAT_LOG_NOTICE:
    if status_file.GetListenPort() is None:
      # TODO: Maybe implement timeout to not listen forever
      m = LISTENING_RE.match(msg)
      if m:
        (_, port) = _VerifyListening(int(m.group("family")), m.group("address"),
                                     int(m.group("port")))

        status_file.SetListenPort(port)
        return True

    if not status_file.GetConnected():
      m = TRANSFER_LOOP_RE.match(msg)
      if m:
        status_file.SetConnected()
        return True

  return False


def ProcessOutput(line, status_file, logger, socat):
  """Takes care of child process output.

  @param status_file: Status file manager
  @param logger: Child output logger
  @type socat: bool
  @param socat: Whether it's a socat output line
  @type line: string
  @param line: Child output line

  """
  force_update = False
  forward_line = line

  if socat:
    level = None
    parts = line.split(None, 4)

    if len(parts) == 5:
      (_, _, _, level, msg) = parts

      force_update = _ProcessSocatOutput(status_file, level, msg)

      if options.debug or (level and level not in SOCAT_LOG_IGNORE):
        forward_line = "socat: %s %s" % (level, msg)
      else:
        forward_line = None
    else:
      forward_line = "socat: %s" % line

  if forward_line:
    logger.info(forward_line)
    status_file.AddRecentOutput(forward_line)

  status_file.Update(force_update)


def GetBashCommand(cmd):
  """Prepares a command to be run in Bash.

  """
  return ["bash", "-o", "errexit", "-o", "pipefail", "-c", cmd]


def GetSocatCommand(mode):
  """Returns the socat command.

  """
  common_addr_opts = SOCAT_TCP_OPTS + SOCAT_OPENSSL_OPTS + [
    "key=%s" % options.key,
    "cert=%s" % options.cert,
    "cafile=%s" % options.ca,
    ]

  if options.bind is not None:
    common_addr_opts.append("bind=%s" % options.bind)

  if mode == constants.IEM_IMPORT:
    if options.port is None:
      port = 0
    else:
      port = options.port

    addr1 = [
      "OPENSSL-LISTEN:%s" % port,
      "reuseaddr",

      # Retry to listen if connection wasn't established successfully, up to
      # 100 times a second. Note that this still leaves room for DoS attacks.
      "forever",
      "intervall=0.01",
      ] + common_addr_opts
    addr2 = ["stdout"]

  elif mode == constants.IEM_EXPORT:
    addr1 = ["stdin"]
    addr2 = [
      "OPENSSL:%s:%s" % (options.host, options.port),

      # How long to wait per connection attempt
      "connect-timeout=%s" % options.connect_timeout,

      # Retry a few times before giving up to connect (once per second)
      "retry=%s" % options.connect_retries,
      "intervall=1",
      ] + common_addr_opts

  else:
    raise Error("Invalid mode")

  for i in [addr1, addr2]:
    for value in i:
      if "," in value:
        raise Error("Comma not allowed in socat option value: %r" % value)

  return [
    constants.SOCAT_PATH,

    # Log to stderr
    "-ls",

    # Log level
    "-d", "-d",

    # Buffer size
    "-b%s" % SOCAT_BUFSIZE,

    # Unidirectional mode, the first address is only used for reading, and the
    # second address is only used for writing
    "-u",

    ",".join(addr1), ",".join(addr2)
    ]


def GetTransportCommand(mode, socat_stderr_fd):
  """Returns the command for the transport part of the daemon.

  @param mode: Daemon mode (import or export)
  @type socat_stderr_fd: int
  @param socat_stderr_fd: File descriptor socat should write its stderr to

  """
  socat_cmd = ("%s 2>&%d" %
               (utils.ShellQuoteArgs(GetSocatCommand(mode)),
                socat_stderr_fd))

  # TODO: Make compression configurable

  if mode == constants.IEM_IMPORT:
    transport_cmd = "%s | gunzip -c" % socat_cmd
  elif mode == constants.IEM_EXPORT:
    transport_cmd = "gzip -c | %s" % socat_cmd
  else:
    raise Error("Invalid mode")

  # TODO: Use "dd" to measure processed data (allows to give an ETA)

  # TODO: Run transport as separate user
  # The transport uses its own shell to simplify running it as a separate user
  # in the future.
  return GetBashCommand(transport_cmd)


def GetCommand(mode, socat_stderr_fd):
  """Returns the complete child process command.

  """
  buf = StringIO()

  if options.cmd_prefix:
    buf.write(options.cmd_prefix)
    buf.write(" ")

  buf.write(utils.ShellQuoteArgs(GetTransportCommand(mode, socat_stderr_fd)))

  if options.cmd_suffix:
    buf.write(" ")
    buf.write(options.cmd_suffix)

  return GetBashCommand(buf.getvalue())


def ProcessChildIO(child, socat_stderr_read_fd, status_file, child_logger,
                   signal_notify, signal_handler, mode):
  """Handles the child processes' output.

  """
  assert not (signal_handler.signum - set([signal.SIGTERM, signal.SIGINT])), \
         "Other signals are not handled in this function"

  # Buffer size 0 is important, otherwise .read() with a specified length
  # might buffer data while poll(2) won't mark its file descriptor as
  # readable again.
  socat_stderr_read = os.fdopen(socat_stderr_read_fd, "r", 0)

  script_stderr_lines = utils.LineSplitter(ProcessOutput, status_file,
                                           child_logger, False)
  try:
    socat_stderr_lines = utils.LineSplitter(ProcessOutput, status_file,
                                            child_logger, True)
    try:
      fdmap = {
        child.stderr.fileno(): (child.stderr, script_stderr_lines),
        socat_stderr_read.fileno(): (socat_stderr_read, socat_stderr_lines),
        signal_notify.fileno(): (signal_notify, None),
        }

      poller = select.poll()
      for fd in fdmap:
        utils.SetNonblockFlag(fd, True)
        poller.register(fd, select.POLLIN)

      if options.connect_timeout and mode == constants.IEM_IMPORT:
        listen_timeout = locking.RunningTimeout(options.connect_timeout, True)
      else:
        listen_timeout = None

      exit_timeout = None

      while True:
        # Break out of loop if only signal notify FD is left
        if len(fdmap) == 1 and signal_notify.fileno() in fdmap:
          break

        timeout = None

        if listen_timeout and not exit_timeout:
          if status_file.GetConnected():
            listen_timeout = None
          elif listen_timeout.Remaining() < 0:
            logging.info("Child process didn't establish connection in time")
            child.Kill(signal.SIGTERM)
            exit_timeout = \
              locking.RunningTimeout(CHILD_LINGER_TIMEOUT, True)
            # Next block will calculate timeout
          else:
            # Not yet connected, check again in a second
            timeout = 1000

        if exit_timeout:
          timeout = exit_timeout.Remaining() * 1000
          if timeout < 0:
            logging.info("Child process didn't exit in time")
            break

        for fd, event in utils.RetryOnSignal(poller.poll, timeout):
          if event & (select.POLLIN | event & select.POLLPRI):
            (from_, to) = fdmap[fd]

            # Read up to 1 KB of data
            data = from_.read(1024)
            if data:
              if to:
                to.write(data)
              elif fd == signal_notify.fileno():
                # Signal handling
                if signal_handler.called:
                  signal_handler.Clear()
                  if exit_timeout:
                    logging.info("Child process still has about %0.2f seconds"
                                 " to exit", exit_timeout.Remaining())
                  else:
                    logging.info("Giving child process %0.2f seconds to exit",
                                 CHILD_LINGER_TIMEOUT)
                    exit_timeout = \
                      locking.RunningTimeout(CHILD_LINGER_TIMEOUT, True)
            else:
              poller.unregister(fd)
              del fdmap[fd]

          elif event & (select.POLLNVAL | select.POLLHUP |
                        select.POLLERR):
            poller.unregister(fd)
            del fdmap[fd]

        script_stderr_lines.flush()
        socat_stderr_lines.flush()

      # If there was a timeout calculator, we were waiting for the child to
      # finish, e.g. due to a signal
      return not bool(exit_timeout)
    finally:
      socat_stderr_lines.close()
  finally:
    script_stderr_lines.close()


def ParseOptions():
  """Parses the options passed to the program.

  @return: Arguments to program

  """
  global options # pylint: disable-msg=W0603

  parser = optparse.OptionParser(usage=("%%prog <status-file> {%s|%s}" %
                                        (constants.IEM_IMPORT,
                                         constants.IEM_EXPORT)))
  parser.add_option(cli.DEBUG_OPT)
  parser.add_option(cli.VERBOSE_OPT)
  parser.add_option("--key", dest="key", action="store", type="string",
                    help="RSA key file")
  parser.add_option("--cert", dest="cert", action="store", type="string",
                    help="X509 certificate file")
  parser.add_option("--ca", dest="ca", action="store", type="string",
                    help="X509 CA file")
  parser.add_option("--bind", dest="bind", action="store", type="string",
                    help="Bind address")
  parser.add_option("--host", dest="host", action="store", type="string",
                    help="Remote hostname")
  parser.add_option("--port", dest="port", action="store", type="int",
                    help="Remote port")
  parser.add_option("--connect-retries", dest="connect_retries", action="store",
                    type="int", default=0,
                    help=("How many times the connection should be retried"
                          " (export only)"))
  parser.add_option("--connect-timeout", dest="connect_timeout", action="store",
                    type="int", default=DEFAULT_CONNECT_TIMEOUT,
                    help="Timeout for connection to be established (seconds)")
  parser.add_option("--cmd-prefix", dest="cmd_prefix", action="store",
                    type="string", help="Command prefix")
  parser.add_option("--cmd-suffix", dest="cmd_suffix", action="store",
                    type="string", help="Command suffix")

  (options, args) = parser.parse_args()

  if len(args) != 2:
    # Won't return
    parser.error("Expected exactly two arguments")

  (status_file_path, mode) = args

  if mode not in (constants.IEM_IMPORT,
                  constants.IEM_EXPORT):
    # Won't return
    parser.error("Invalid mode: %s" % mode)

  return (status_file_path, mode)


class ChildProcess(subprocess.Popen):
  def __init__(self, cmd, noclose_fds):
    """Initializes this class.

    """
    self._noclose_fds = noclose_fds

    # Not using close_fds because doing so would also close the socat stderr
    # pipe, which we still need.
    subprocess.Popen.__init__(self, cmd, shell=False, close_fds=False,
                              stderr=subprocess.PIPE, stdout=None, stdin=None,
                              preexec_fn=self._ChildPreexec)
    self._SetProcessGroup()

  def _ChildPreexec(self):
    """Called before child executable is execve'd.

    """
    # Move to separate process group. By sending a signal to its process group
    # we can kill the child process and all grandchildren.
    os.setpgid(0, 0)

    # Close almost all file descriptors
    utils.CloseFDs(noclose_fds=self._noclose_fds)

  def _SetProcessGroup(self):
    """Sets the child's process group.

    """
    assert self.pid, "Can't be called in child process"

    # Avoid race condition by setting child's process group (as good as
    # possible in Python) before sending signals to child. For an
    # explanation, see preexec function for child.
    try:
      os.setpgid(self.pid, self.pid)
    except EnvironmentError, err:
      # If the child process was faster we receive EPERM or EACCES
      if err.errno not in (errno.EPERM, errno.EACCES):
        raise

  def Kill(self, signum):
    """Sends signal to child process.

    """
    logging.info("Sending signal %s to child process", signum)
    os.killpg(self.pid, signum)

  def ForceQuit(self):
    """Ensure child process is no longer running.

    """
    # Final check if child process is still alive
    if utils.RetryOnSignal(self.poll) is None:
      logging.error("Child process still alive, sending SIGKILL")
      self.Kill(signal.SIGKILL)
      utils.RetryOnSignal(self.wait)


def main():
  """Main function.

  """
  # Option parsing
  (status_file_path, mode) = ParseOptions()

  # Configure logging
  child_logger = SetupLogging()

  status_file = StatusFile(status_file_path)
  try:
    try:
      # Pipe to receive socat's stderr output
      (socat_stderr_read_fd, socat_stderr_write_fd) = os.pipe()

      # Get child process command
      cmd = GetCommand(mode, socat_stderr_write_fd)

      logging.debug("Starting command %r", cmd)

      # Start child process
      child = ChildProcess(cmd, [socat_stderr_write_fd])
      try:
        def _ForwardSignal(signum, _):
          """Forwards signals to child process.

          """
          child.Kill(signum)

        signal_wakeup = utils.SignalWakeupFd()
        try:
          # TODO: There is a race condition between starting the child and
          # handling the signals here. While there might be a way to work around
          # it by registering the handlers before starting the child and
          # deferring sent signals until the child is available, doing so can be
          # complicated.
          signal_handler = utils.SignalHandler([signal.SIGTERM, signal.SIGINT],
                                               handler_fn=_ForwardSignal,
                                               wakeup=signal_wakeup)
          try:
            # Close child's side
            utils.RetryOnSignal(os.close, socat_stderr_write_fd)

            if ProcessChildIO(child, socat_stderr_read_fd, status_file,
                              child_logger, signal_wakeup, signal_handler,
                              mode):
              # The child closed all its file descriptors and there was no
              # signal
              # TODO: Implement timeout instead of waiting indefinitely
              utils.RetryOnSignal(child.wait)
          finally:
            signal_handler.Reset()
        finally:
          signal_wakeup.Reset()
      finally:
        child.ForceQuit()

      if child.returncode == 0:
        errmsg = None
      elif child.returncode < 0:
        errmsg = "Exited due to signal %s" % (-child.returncode, )
      else:
        errmsg = "Exited with status %s" % (child.returncode, )

      status_file.SetExitStatus(child.returncode, errmsg)
    except Exception, err: # pylint: disable-msg=W0703
      logging.exception("Unhandled error occurred")
      status_file.SetExitStatus(constants.EXIT_FAILURE,
                                "Unhandled error occurred: %s" % (err, ))

    if status_file.ExitStatusIsSuccess():
      sys.exit(constants.EXIT_SUCCESS)

    sys.exit(constants.EXIT_FAILURE)
  finally:
    status_file.Update(True)


if __name__ == "__main__":
  main()