From 6f976631746578ca8b1f129951bead94753c6207 Mon Sep 17 00:00:00 2001 From: Anis Eleuch Date: Fri, 8 Dec 2023 12:04:54 -0800 Subject: [PATCH] yml-config: Add support of rootUser and rootPassword (#18615) Users can define the root user and password in the yaml configuration file; Root credentials defined in the environment variable still take precedence --- .github/workflows/replication.yaml | 6 + Makefile | 3 + cmd/common-main.go | 11 +- cmd/globals.go | 2 + cmd/server-main.go | 13 ++- docs/distributed/CONFIG.md | 2 + .../distributed-from-config-file.sh | 105 ++++++++++++++++++ internal/config/server.go | 2 + 8 files changed, 136 insertions(+), 8 deletions(-) create mode 100644 docs/distributed/distributed-from-config-file.sh diff --git a/.github/workflows/replication.yaml b/.github/workflows/replication.yaml index 97fbade60..46b5434b6 100644 --- a/.github/workflows/replication.yaml +++ b/.github/workflows/replication.yaml @@ -36,6 +36,12 @@ jobs: sudo sysctl net.ipv6.conf.default.disable_ipv6=0 make test-decom + - name: Test Config File + run: | + sudo sysctl net.ipv6.conf.all.disable_ipv6=0 + sudo sysctl net.ipv6.conf.default.disable_ipv6=0 + make test-configfile + - name: Test Replication run: | sudo sysctl net.ipv6.conf.all.disable_ipv6=0 diff --git a/Makefile b/Makefile index 3f190887a..22a05d488 100644 --- a/Makefile +++ b/Makefile @@ -59,6 +59,9 @@ test-decom: install-race @env bash $(PWD)/docs/distributed/decom-encrypted-sse-s3.sh @env bash $(PWD)/docs/distributed/decom-compressed-sse-s3.sh +test-configfile: install-race + @env bash $(PWD)/docs/distributed/distributed-from-config-file.sh + test-upgrade: install-race @echo "Running minio upgrade tests" @(env bash $(PWD)/buildscripts/minio-upgrade.sh) diff --git a/cmd/common-main.go b/cmd/common-main.go index 5d0ac0594..2b52a2df4 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -658,7 +658,7 @@ func loadEnvVarsFromFiles() { } } -func handleCommonEnvVars() { +func serverHandleEnvVars() { var err error globalBrowserEnabled, err = config.ParseBool(env.Get(config.EnvBrowser, config.EnableOn)) if err != nil { @@ -786,6 +786,10 @@ func handleCommonEnvVars() { } } + globalDisableFreezeOnBoot = env.Get("_MINIO_DISABLE_API_FREEZE_ON_BOOT", "") == "true" || serverDebugLog +} + +func loadRootCredentials() { // At this point, either both environment variables // are defined or both are not defined. // Check both cases and authenticate them if correctly defined @@ -800,6 +804,9 @@ func handleCommonEnvVars() { user = env.Get(config.EnvAccessKey, "") password = env.Get(config.EnvSecretKey, "") hasCredentials = true + } else if globalServerCtxt.RootUser != "" && globalServerCtxt.RootPwd != "" { + user, password = globalServerCtxt.RootUser, globalServerCtxt.RootPwd + hasCredentials = true } if hasCredentials { cred, err := auth.CreateCredentials(user, password) @@ -819,8 +826,6 @@ func handleCommonEnvVars() { } else { globalActiveCred = auth.DefaultCredentials } - - globalDisableFreezeOnBoot = env.Get("_MINIO_DISABLE_API_FREEZE_ON_BOOT", "") == "true" || serverDebugLog } // Initialize KMS global variable after valiadating and loading the configuration. diff --git a/cmd/globals.go b/cmd/globals.go index 387df2136..c2ac6e74d 100644 --- a/cmd/globals.go +++ b/cmd/globals.go @@ -146,6 +146,8 @@ type serverCtxt struct { configDirSet, certsDirSet bool Interface string + RootUser, RootPwd string + FTP []string SFTP []string diff --git a/cmd/server-main.go b/cmd/server-main.go index 96f185549..c9bd20493 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -248,6 +248,10 @@ func mergeServerCtxtFromConfigFile(configFile string, ctxt *serverCtxt) error { if cf.Version != "v1" { return fmt.Errorf("unexpected version: %s", cf.Version) } + + ctxt.RootUser = cf.RootUser + ctxt.RootPwd = cf.RootPwd + if cf.Addr != "" { ctxt.Addr = cf.Addr } @@ -353,11 +357,6 @@ func serverHandleCmdArgs(ctxt serverCtxt) { globalConnWriteDeadline = ctxt.ConnWriteDeadline } -func serverHandleEnvVars() { - // Handle common environment variables. - handleCommonEnvVars() -} - var globalHealStateLK sync.RWMutex func initAllSubsystems(ctx context.Context) { @@ -654,6 +653,10 @@ func serverMain(ctx *cli.Context) { // Handle all server environment vars. serverHandleEnvVars() + // Load the root credentials from the shell environment or from + // the config file if not defined, set the default one. + loadRootCredentials() + // Initialize globalConsoleSys system bootstrapTrace("newConsoleLogger", func() { globalConsoleSys = NewConsoleLogger(GlobalContext) diff --git a/docs/distributed/CONFIG.md b/docs/distributed/CONFIG.md index cbc1f7687..97294c489 100644 --- a/docs/distributed/CONFIG.md +++ b/docs/distributed/CONFIG.md @@ -18,6 +18,8 @@ Following is an example YAML configuration structure. ``` version: v1 address: ':9000' +rootUser: 'minioadmin' +rootPassword: 'pBU94AGAY85e' console-address: ':9001' certs-dir: '/home/user/.minio/certs/' pools: # Specify the nodes and drives with pools diff --git a/docs/distributed/distributed-from-config-file.sh b/docs/distributed/distributed-from-config-file.sh new file mode 100644 index 000000000..846f323aa --- /dev/null +++ b/docs/distributed/distributed-from-config-file.sh @@ -0,0 +1,105 @@ +#!/usr/bin/env bash + +set -e + +cleanup() { + echo "Cleaning up instances of MinIO" + pkill minio || true + pkill -9 minio || true + rm -rf /tmp/xl/ || true + rm -rf /tmp/minio.configfile.{1,2,3,4} || true +} + +cleanup + +unset MINIO_KMS_KES_CERT_FILE +unset MINIO_KMS_KES_KEY_FILE +unset MINIO_KMS_KES_ENDPOINT +unset MINIO_KMS_KES_KEY_NAME + +export MINIO_CI_CD=1 + +if [ ! -f ./mc ]; then + os="$(uname -s)" + arch="$(uname -m)" + wget -O mc https://dl.minio.io/client/mc/release/${os,,}-${arch,,}/mc && + chmod +x mc +fi + +for i in $(seq 1 4); do + s3Port="$((9000 + i))" + consolePort="$((s3Port + 1000))" + + cat </tmp/minio.configfile.$i +version: v1 +address: ':${s3Port}' +console-address: ':${consolePort}' +rootUser: 'minr0otUS2r' +rootPassword: 'pBU94AGAY85e' +pools: # Specify the nodes and drives with pools + - + - 'http://localhost:9001/tmp/xl/node9001/mnt/disk{1...4}/' + - 'http://localhost:9002/tmp/xl/node9002/mnt/disk{1,2,3,4}/' + - + - 'http://localhost:9003/tmp/xl/node9003/mnt/disk{1...4}/' + - 'http://localhost:9004/tmp/xl/node9004/mnt/disk1/' + - 'http://localhost:9004/tmp/xl/node9004/mnt/disk2/' + - 'http://localhost:9004/tmp/xl/node9004/mnt/disk3/' + - 'http://localhost:9004/tmp/xl/node9004/mnt/disk4/' +EOF +done + +minio server --config /tmp/minio.configfile.1 >/tmp/minio1_1.log 2>&1 & +site1_pid=$! +minio server --config /tmp/minio.configfile.2 >/tmp/minio2_1.log 2>&1 & +site2_pid=$! +minio server --config /tmp/minio.configfile.3 >/tmp/minio3_1.log 2>&1 & +site3_pid=$! +minio server --config /tmp/minio.configfile.4 >/tmp/minio4_1.log 2>&1 & +site4_pid=$! + +sleep 5 + +export MC_HOST_minio1=http://minr0otUS2r:pBU94AGAY85e@localhost:9001 +export MC_HOST_minio3=http://minr0otUS2r:pBU94AGAY85e@localhost:9003 + +./mc ready minio1 +./mc ready minio3 + +./mc mb minio1/testbucket +# copy large upload to newbucket on minio1 +truncate -s 17M lrgfile +expected_checksum=$(cat ./lrgfile | md5sum) + +./mc cp ./lrgfile minio1/testbucket + +actual_checksum=$(./mc cat minio3/testbucket/lrgfile | md5sum) + +if [ "${expected_checksum}" != "${actual_checksum}" ]; then + echo "unexpected object checksum, expected: ${expected_checksum} got: ${actual_checksum}" + exit +fi + +# Compare the difference of the list of disks and their location, with the below exected output +diff <(./mc admin info minio1 --json | jq -r '.info.servers[].drives[] | "\(.pool_index),\(.set_index),\(.disk_index) \(.endpoint)"' | sort) <( + cat <