root / doc / design-http-server.rst @ 333bd799
History | View | Annotate | Download (5.4 kB)
1 | 278ddaa9 | Michael Hanselmann | ========================================= |
---|---|---|---|
2 | 278ddaa9 | Michael Hanselmann | Design for replacing Ganeti's HTTP server |
3 | 278ddaa9 | Michael Hanselmann | ========================================= |
4 | 278ddaa9 | Michael Hanselmann | |
5 | 278ddaa9 | Michael Hanselmann | .. contents:: :depth: 4 |
6 | 278ddaa9 | Michael Hanselmann | |
7 | 278ddaa9 | Michael Hanselmann | .. _http-srv-shortcomings: |
8 | 278ddaa9 | Michael Hanselmann | |
9 | 278ddaa9 | Michael Hanselmann | Current state and shortcomings |
10 | 278ddaa9 | Michael Hanselmann | ------------------------------ |
11 | 278ddaa9 | Michael Hanselmann | |
12 | 278ddaa9 | Michael Hanselmann | The :doc:`new design for import/export <design-impexp2>` depends on an |
13 | 278ddaa9 | Michael Hanselmann | HTTP server. Ganeti includes a home-grown HTTP server based on Python's |
14 | 278ddaa9 | Michael Hanselmann | ``BaseHTTPServer``. While it served us well so far, it only implements |
15 | 278ddaa9 | Michael Hanselmann | the very basics of the HTTP protocol. It is, for example, not structured |
16 | 278ddaa9 | Michael Hanselmann | well enough to support chunked transfers (:rfc:`2616`, section 3.6.1), |
17 | 278ddaa9 | Michael Hanselmann | which would have some advantages. In addition, it has not been designed |
18 | 278ddaa9 | Michael Hanselmann | for sending large responses. |
19 | 278ddaa9 | Michael Hanselmann | |
20 | 278ddaa9 | Michael Hanselmann | In the case of the node daemon the HTTP server can not easily be |
21 | 278ddaa9 | Michael Hanselmann | separated from the actual backend code and therefore must run as "root". |
22 | 278ddaa9 | Michael Hanselmann | The RAPI daemon does request parsing in the same process as talking to |
23 | 278ddaa9 | Michael Hanselmann | the master daemon via LUXI. |
24 | 278ddaa9 | Michael Hanselmann | |
25 | 278ddaa9 | Michael Hanselmann | |
26 | 278ddaa9 | Michael Hanselmann | Proposed changes |
27 | 278ddaa9 | Michael Hanselmann | ---------------- |
28 | 278ddaa9 | Michael Hanselmann | |
29 | 278ddaa9 | Michael Hanselmann | The proposal is to start using a full-fledged HTTP server in Ganeti and |
30 | 278ddaa9 | Michael Hanselmann | to run Ganeti's code as `FastCGI <http://www.fastcgi.com/>`_ |
31 | 278ddaa9 | Michael Hanselmann | applications. Reasons: |
32 | 278ddaa9 | Michael Hanselmann | |
33 | 278ddaa9 | Michael Hanselmann | - Simplify Ganeti's code by delegating the details of HTTP and SSL to |
34 | 278ddaa9 | Michael Hanselmann | another piece of software |
35 | 278ddaa9 | Michael Hanselmann | - Run HTTP frontend and handler backend as separate processes and users |
36 | 278ddaa9 | Michael Hanselmann | (esp. useful for node daemon, but also import/export and Remote API) |
37 | 278ddaa9 | Michael Hanselmann | - Allows implementation of :ref:`rpc-feedback` |
38 | 278ddaa9 | Michael Hanselmann | |
39 | 278ddaa9 | Michael Hanselmann | |
40 | 278ddaa9 | Michael Hanselmann | Software choice |
41 | 278ddaa9 | Michael Hanselmann | +++++++++++++++ |
42 | 278ddaa9 | Michael Hanselmann | |
43 | 278ddaa9 | Michael Hanselmann | Theoretically any server able of speaking FastCGI to a backend process |
44 | 278ddaa9 | Michael Hanselmann | could be used. However, to keep the number of steps required for setting |
45 | 278ddaa9 | Michael Hanselmann | up a new cluster at roughly the same level, the implementation will be |
46 | 278ddaa9 | Michael Hanselmann | geared for one specific HTTP server at the beginning. Support for other |
47 | 278ddaa9 | Michael Hanselmann | HTTP servers can still be implemented. |
48 | 278ddaa9 | Michael Hanselmann | |
49 | 278ddaa9 | Michael Hanselmann | After a rough selection of available HTTP servers `lighttpd |
50 | 278ddaa9 | Michael Hanselmann | <http://www.lighttpd.net/>`_ and `nginx <http://www.nginx.org/>`_ were |
51 | 278ddaa9 | Michael Hanselmann | the most likely candidates. Both are `widely used`_ and tested. |
52 | 278ddaa9 | Michael Hanselmann | |
53 | 278ddaa9 | Michael Hanselmann | .. _widely used: http://news.netcraft.com/archives/2011/01/12/ |
54 | 278ddaa9 | Michael Hanselmann | january-2011-web-server-survey-4.html |
55 | 278ddaa9 | Michael Hanselmann | |
56 | 278ddaa9 | Michael Hanselmann | Nginx' `original documentation <http://sysoev.ru/nginx/docs/>`_ is in |
57 | 278ddaa9 | Michael Hanselmann | Russian, translations are `available in a Wiki |
58 | 278ddaa9 | Michael Hanselmann | <http://wiki.nginx.org/>`_. Nginx does not support old-style CGI |
59 | 278ddaa9 | Michael Hanselmann | programs. |
60 | 278ddaa9 | Michael Hanselmann | |
61 | 278ddaa9 | Michael Hanselmann | The author found `lighttpd's documentation |
62 | 278ddaa9 | Michael Hanselmann | <http://redmine.lighttpd.net/wiki/lighttpd>`_ easier to understand and |
63 | 278ddaa9 | Michael Hanselmann | was able to configure a test server quickly. This, together with the |
64 | 278ddaa9 | Michael Hanselmann | support for more technologies, made deciding easier. |
65 | 278ddaa9 | Michael Hanselmann | |
66 | 278ddaa9 | Michael Hanselmann | With its use as a public-facing web server on a large number of websites |
67 | 278ddaa9 | Michael Hanselmann | (and possibly more behind proxies), lighttpd should be a safe choice. |
68 | 278ddaa9 | Michael Hanselmann | Unlike other webservers, such as the Apache HTTP Server, lighttpd's |
69 | 278ddaa9 | Michael Hanselmann | codebase is of manageable size. |
70 | 278ddaa9 | Michael Hanselmann | |
71 | 278ddaa9 | Michael Hanselmann | Initially the HTTP server would only be used for import/export |
72 | 278ddaa9 | Michael Hanselmann | transfers, but its use can be expanded to the Remote API and node |
73 | 278ddaa9 | Michael Hanselmann | daemon (see :ref:`rpc-feedback`). |
74 | 278ddaa9 | Michael Hanselmann | |
75 | 278ddaa9 | Michael Hanselmann | To reduce the attack surface, an option will be provided to configure |
76 | 278ddaa9 | Michael Hanselmann | services (e.g. import/export) to only listen on certain network |
77 | 278ddaa9 | Michael Hanselmann | interfaces. |
78 | 278ddaa9 | Michael Hanselmann | |
79 | 278ddaa9 | Michael Hanselmann | |
80 | 278ddaa9 | Michael Hanselmann | .. _rpc-feedback: |
81 | 278ddaa9 | Michael Hanselmann | |
82 | 278ddaa9 | Michael Hanselmann | RPC feedback |
83 | 278ddaa9 | Michael Hanselmann | ++++++++++++ |
84 | 278ddaa9 | Michael Hanselmann | |
85 | 278ddaa9 | Michael Hanselmann | HTTP/1.1 supports chunked transfers (:rfc:`2616`, section 3.6.1). They |
86 | 278ddaa9 | Michael Hanselmann | could be used to provide feedback from node daemons to the master, |
87 | 278ddaa9 | Michael Hanselmann | similar to the feedback from jobs. A good use would be to provide |
88 | 278ddaa9 | Michael Hanselmann | feedback to the user during long-running operations, e.g. downloading an |
89 | 278ddaa9 | Michael Hanselmann | instance's data from another cluster. |
90 | 278ddaa9 | Michael Hanselmann | |
91 | 278ddaa9 | Michael Hanselmann | .. _requirement: http://www.python.org/dev/peps/pep-0333/ |
92 | 278ddaa9 | Michael Hanselmann | #buffering-and-streaming |
93 | 278ddaa9 | Michael Hanselmann | |
94 | 278ddaa9 | Michael Hanselmann | WSGI 1.0 (:pep:`333`) includes the following `requirement`_: |
95 | 278ddaa9 | Michael Hanselmann | |
96 | 278ddaa9 | Michael Hanselmann | WSGI servers, gateways, and middleware **must not** delay the |
97 | 278ddaa9 | Michael Hanselmann | transmission of any block; they **must** either fully transmit the |
98 | 278ddaa9 | Michael Hanselmann | block to the client, or guarantee that they will continue transmission |
99 | 278ddaa9 | Michael Hanselmann | even while the application is producing its next block |
100 | 278ddaa9 | Michael Hanselmann | |
101 | 278ddaa9 | Michael Hanselmann | This behaviour was confirmed to work with lighttpd and the |
102 | 278ddaa9 | Michael Hanselmann | :ref:`flup <http-software-req>` library. FastCGI by itself has no such |
103 | 278ddaa9 | Michael Hanselmann | guarantee; webservers with buffering might require artificial padding to |
104 | 278ddaa9 | Michael Hanselmann | force the message to be transmitted. |
105 | 278ddaa9 | Michael Hanselmann | |
106 | 278ddaa9 | Michael Hanselmann | The node daemon can send JSON-encoded messages back to the master daemon |
107 | 278ddaa9 | Michael Hanselmann | by separating them using a predefined character (see :ref:`LUXI |
108 | 278ddaa9 | Michael Hanselmann | <luxi>`). The final message contains the method's result. pycURL passes |
109 | 278ddaa9 | Michael Hanselmann | each received chunk to the callback set as ``CURLOPT_WRITEFUNCTION``. |
110 | 278ddaa9 | Michael Hanselmann | Once a message is complete, the master daemon can pass it to a callback |
111 | 278ddaa9 | Michael Hanselmann | function inside the job, which then decides on what to do (e.g. forward |
112 | 278ddaa9 | Michael Hanselmann | it as job feedback to the user). |
113 | 278ddaa9 | Michael Hanselmann | |
114 | 278ddaa9 | Michael Hanselmann | A more detailed design may have to be written before deciding whether to |
115 | 278ddaa9 | Michael Hanselmann | implement RPC feedback. |
116 | 278ddaa9 | Michael Hanselmann | |
117 | 278ddaa9 | Michael Hanselmann | |
118 | 278ddaa9 | Michael Hanselmann | .. _http-software-req: |
119 | 278ddaa9 | Michael Hanselmann | |
120 | 278ddaa9 | Michael Hanselmann | Software requirements |
121 | 278ddaa9 | Michael Hanselmann | +++++++++++++++++++++ |
122 | 278ddaa9 | Michael Hanselmann | |
123 | 278ddaa9 | Michael Hanselmann | - lighttpd 1.4.24 or above built with OpenSSL support (earlier versions |
124 | 278ddaa9 | Michael Hanselmann | `don't support SSL client certificates |
125 | 278ddaa9 | Michael Hanselmann | <http://redmine.lighttpd.net/issues/1288>`_) |
126 | 278ddaa9 | Michael Hanselmann | - `flup <http://trac.saddi.com/flup>`_ for FastCGI |
127 | 278ddaa9 | Michael Hanselmann | |
128 | 278ddaa9 | Michael Hanselmann | |
129 | 278ddaa9 | Michael Hanselmann | Lighttpd SSL configuration |
130 | 278ddaa9 | Michael Hanselmann | ++++++++++++++++++++++++++ |
131 | 278ddaa9 | Michael Hanselmann | |
132 | 278ddaa9 | Michael Hanselmann | .. highlight:: lighttpd |
133 | 278ddaa9 | Michael Hanselmann | |
134 | 278ddaa9 | Michael Hanselmann | The following sample shows how to configure SSL with client certificates |
135 | 278ddaa9 | Michael Hanselmann | in Lighttpd:: |
136 | 278ddaa9 | Michael Hanselmann | |
137 | 278ddaa9 | Michael Hanselmann | $SERVER["socket"] == ":443" { |
138 | 278ddaa9 | Michael Hanselmann | ssl.engine = "enable" |
139 | 278ddaa9 | Michael Hanselmann | ssl.pemfile = "server.pem" |
140 | 278ddaa9 | Michael Hanselmann | ssl.ca-file = "ca.pem" |
141 | 278ddaa9 | Michael Hanselmann | ssl.use-sslv2 = "disable" |
142 | 278ddaa9 | Michael Hanselmann | ssl.cipher-list = "HIGH:-DES:-3DES:-EXPORT:-ADH" |
143 | 278ddaa9 | Michael Hanselmann | ssl.verifyclient.activate = "enable" |
144 | 278ddaa9 | Michael Hanselmann | ssl.verifyclient.enforce = "enable" |
145 | 278ddaa9 | Michael Hanselmann | ssl.verifyclient.exportcert = "enable" |
146 | 278ddaa9 | Michael Hanselmann | ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN" |
147 | 278ddaa9 | Michael Hanselmann | } |
148 | 278ddaa9 | Michael Hanselmann | |
149 | 278ddaa9 | Michael Hanselmann | |
150 | 278ddaa9 | Michael Hanselmann | .. vim: set textwidth=72 : |
151 | 278ddaa9 | Michael Hanselmann | .. Local Variables: |
152 | 278ddaa9 | Michael Hanselmann | .. mode: rst |
153 | 278ddaa9 | Michael Hanselmann | .. fill-column: 72 |
154 | 278ddaa9 | Michael Hanselmann | .. End: |