--- /dev/null
+=========================================
+Design for replacing Ganeti's HTTP server
+=========================================
+
+.. contents:: :depth: 4
+
+.. _http-srv-shortcomings:
+
+Current state and shortcomings
+------------------------------
+
+The :doc:`new design for import/export <design-impexp2>` depends on an
+HTTP server. Ganeti includes a home-grown HTTP server based on Python's
+``BaseHTTPServer``. While it served us well so far, it only implements
+the very basics of the HTTP protocol. It is, for example, not structured
+well enough to support chunked transfers (:rfc:`2616`, section 3.6.1),
+which would have some advantages. In addition, it has not been designed
+for sending large responses.
+
+In the case of the node daemon the HTTP server can not easily be
+separated from the actual backend code and therefore must run as "root".
+The RAPI daemon does request parsing in the same process as talking to
+the master daemon via LUXI.
+
+
+Proposed changes
+----------------
+
+The proposal is to start using a full-fledged HTTP server in Ganeti and
+to run Ganeti's code as `FastCGI <http://www.fastcgi.com/>`_
+applications. Reasons:
+
+- Simplify Ganeti's code by delegating the details of HTTP and SSL to
+ another piece of software
+- Run HTTP frontend and handler backend as separate processes and users
+ (esp. useful for node daemon, but also import/export and Remote API)
+- Allows implementation of :ref:`rpc-feedback`
+
+
+Software choice
++++++++++++++++
+
+Theoretically any server able of speaking FastCGI to a backend process
+could be used. However, to keep the number of steps required for setting
+up a new cluster at roughly the same level, the implementation will be
+geared for one specific HTTP server at the beginning. Support for other
+HTTP servers can still be implemented.
+
+After a rough selection of available HTTP servers `lighttpd
+<http://www.lighttpd.net/>`_ and `nginx <http://www.nginx.org/>`_ were
+the most likely candidates. Both are `widely used`_ and tested.
+
+.. _widely used: http://news.netcraft.com/archives/2011/01/12/
+ january-2011-web-server-survey-4.html
+
+Nginx' `original documentation <http://sysoev.ru/nginx/docs/>`_ is in
+Russian, translations are `available in a Wiki
+<http://wiki.nginx.org/>`_. Nginx does not support old-style CGI
+programs.
+
+The author found `lighttpd's documentation
+<http://redmine.lighttpd.net/wiki/lighttpd>`_ easier to understand and
+was able to configure a test server quickly. This, together with the
+support for more technologies, made deciding easier.
+
+With its use as a public-facing web server on a large number of websites
+(and possibly more behind proxies), lighttpd should be a safe choice.
+Unlike other webservers, such as the Apache HTTP Server, lighttpd's
+codebase is of manageable size.
+
+Initially the HTTP server would only be used for import/export
+transfers, but its use can be expanded to the Remote API and node
+daemon (see :ref:`rpc-feedback`).
+
+To reduce the attack surface, an option will be provided to configure
+services (e.g. import/export) to only listen on certain network
+interfaces.
+
+
+.. _rpc-feedback:
+
+RPC feedback
+++++++++++++
+
+HTTP/1.1 supports chunked transfers (:rfc:`2616`, section 3.6.1). They
+could be used to provide feedback from node daemons to the master,
+similar to the feedback from jobs. A good use would be to provide
+feedback to the user during long-running operations, e.g. downloading an
+instance's data from another cluster.
+
+.. _requirement: http://www.python.org/dev/peps/pep-0333/
+ #buffering-and-streaming
+
+WSGI 1.0 (:pep:`333`) includes the following `requirement`_:
+
+ WSGI servers, gateways, and middleware **must not** delay the
+ transmission of any block; they **must** either fully transmit the
+ block to the client, or guarantee that they will continue transmission
+ even while the application is producing its next block
+
+This behaviour was confirmed to work with lighttpd and the
+:ref:`flup <http-software-req>` library. FastCGI by itself has no such
+guarantee; webservers with buffering might require artificial padding to
+force the message to be transmitted.
+
+The node daemon can send JSON-encoded messages back to the master daemon
+by separating them using a predefined character (see :ref:`LUXI
+<luxi>`). The final message contains the method's result. pycURL passes
+each received chunk to the callback set as ``CURLOPT_WRITEFUNCTION``.
+Once a message is complete, the master daemon can pass it to a callback
+function inside the job, which then decides on what to do (e.g. forward
+it as job feedback to the user).
+
+A more detailed design may have to be written before deciding whether to
+implement RPC feedback.
+
+
+.. _http-software-req:
+
+Software requirements
++++++++++++++++++++++
+
+- lighttpd 1.4.24 or above built with OpenSSL support (earlier versions
+ `don't support SSL client certificates
+ <http://redmine.lighttpd.net/issues/1288>`_)
+- `flup <http://trac.saddi.com/flup>`_ for FastCGI
+
+
+Lighttpd SSL configuration
+++++++++++++++++++++++++++
+
+.. highlight:: lighttpd
+
+The following sample shows how to configure SSL with client certificates
+in Lighttpd::
+
+ $SERVER["socket"] == ":443" {
+ ssl.engine = "enable"
+ ssl.pemfile = "server.pem"
+ ssl.ca-file = "ca.pem"
+ ssl.use-sslv2 = "disable"
+ ssl.cipher-list = "HIGH:-DES:-3DES:-EXPORT:-ADH"
+ ssl.verifyclient.activate = "enable"
+ ssl.verifyclient.enforce = "enable"
+ ssl.verifyclient.exportcert = "enable"
+ ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
+ }
+
+
+.. vim: set textwidth=72 :
+.. Local Variables:
+.. mode: rst
+.. fill-column: 72
+.. End:
projects / ganeti-local / commitdiff