Add config to store subnet license (#13194)

Command to set subnet license:

`mc admin config set {alias} subnet license={token}`

Signed-off-by: Shireesh Anjal <shireesh@minio.io>
Co-authored-by: Harshavardhana <harsha@minio.io>
This commit is contained in:
Shireesh Anjal 2021-09-15 10:24:25 +05:30 committed by GitHub
parent bcc6359dec
commit b4364723ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 94 additions and 6 deletions

View File

@ -155,8 +155,8 @@ func minioConfigToConsoleFeatures() {
} }
os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion) os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion)
os.Setenv("CONSOLE_CERT_PASSWD", env.Get("MINIO_CERT_PASSWD", "")) os.Setenv("CONSOLE_CERT_PASSWD", env.Get("MINIO_CERT_PASSWD", ""))
if globalSubnetLicense != "" { if globalSubnetConfig.License != "" {
os.Setenv("CONSOLE_SUBNET_LICENSE", globalSubnetLicense) os.Setenv("CONSOLE_SUBNET_LICENSE", globalSubnetConfig.License)
} }
} }
@ -602,8 +602,6 @@ func handleCommonEnvVars() {
if tiers := env.Get("_MINIO_DEBUG_REMOTE_TIERS_IMMEDIATELY", ""); tiers != "" { if tiers := env.Get("_MINIO_DEBUG_REMOTE_TIERS_IMMEDIATELY", ""); tiers != "" {
globalDebugRemoteTiersImmediately = strings.Split(tiers, ",") globalDebugRemoteTiersImmediately = strings.Split(tiers, ",")
} }
globalSubnetLicense = env.Get(config.EnvMinIOSubnetLicense, "")
} }
func logStartupMessage(msg string) { func logStartupMessage(msg string) {

View File

@ -39,6 +39,7 @@ import (
"github.com/minio/minio/internal/config/policy/opa" "github.com/minio/minio/internal/config/policy/opa"
"github.com/minio/minio/internal/config/scanner" "github.com/minio/minio/internal/config/scanner"
"github.com/minio/minio/internal/config/storageclass" "github.com/minio/minio/internal/config/storageclass"
"github.com/minio/minio/internal/config/subnet"
"github.com/minio/minio/internal/crypto" "github.com/minio/minio/internal/crypto"
xhttp "github.com/minio/minio/internal/http" xhttp "github.com/minio/minio/internal/http"
"github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/kms"
@ -65,6 +66,7 @@ func initHelp() {
config.AuditKafkaSubSys: logger.DefaultAuditKafkaKVS, config.AuditKafkaSubSys: logger.DefaultAuditKafkaKVS,
config.HealSubSys: heal.DefaultKVS, config.HealSubSys: heal.DefaultKVS,
config.ScannerSubSys: scanner.DefaultKVS, config.ScannerSubSys: scanner.DefaultKVS,
config.SubnetSubSys: subnet.DefaultKVS,
} }
for k, v := range notify.DefaultNotificationKVS { for k, v := range notify.DefaultNotificationKVS {
kvs[k] = v kvs[k] = v
@ -185,6 +187,12 @@ func initHelp() {
Description: "publish bucket notifications to Redis datastores", Description: "publish bucket notifications to Redis datastores",
MultipleTargets: true, MultipleTargets: true,
}, },
config.HelpKV{
Key: config.SubnetSubSys,
Type: "string",
Description: "set subnet config for the cluster e.g. license token",
Optional: true,
},
} }
if globalIsErasure { if globalIsErasure {
@ -223,6 +231,7 @@ func initHelp() {
config.NotifyRedisSubSys: notify.HelpRedis, config.NotifyRedisSubSys: notify.HelpRedis,
config.NotifyWebhookSubSys: notify.HelpWebhook, config.NotifyWebhookSubSys: notify.HelpWebhook,
config.NotifyESSubSys: notify.HelpES, config.NotifyESSubSys: notify.HelpES,
config.SubnetSubSys: subnet.HelpLicense,
} }
config.RegisterHelpSubSys(helpMap) config.RegisterHelpSubSys(helpMap)
@ -508,6 +517,11 @@ func lookupConfigs(s config.Config, objAPI ObjectLayer) {
logger.LogIf(ctx, fmt.Errorf("Unable to parse LDAP configuration: %w", err)) logger.LogIf(ctx, fmt.Errorf("Unable to parse LDAP configuration: %w", err))
} }
globalSubnetConfig, err = subnet.LookupConfig(s[config.SubnetSubSys][config.Default])
if err != nil {
logger.LogIf(ctx, fmt.Errorf("Unable to parse subnet configuration: %w", err))
}
// Load logger targets based on user's configuration // Load logger targets based on user's configuration
loggerUserAgent := getUserAgent(getMinioMode()) loggerUserAgent := getUserAgent(getMinioMode())

View File

@ -41,6 +41,7 @@ import (
xtls "github.com/minio/minio/internal/config/identity/tls" xtls "github.com/minio/minio/internal/config/identity/tls"
"github.com/minio/minio/internal/config/policy/opa" "github.com/minio/minio/internal/config/policy/opa"
"github.com/minio/minio/internal/config/storageclass" "github.com/minio/minio/internal/config/storageclass"
"github.com/minio/minio/internal/config/subnet"
xhttp "github.com/minio/minio/internal/http" xhttp "github.com/minio/minio/internal/http"
etcd "go.etcd.io/etcd/client/v3" etcd "go.etcd.io/etcd/client/v3"
@ -219,8 +220,8 @@ var (
// The name of this local node, fetched from arguments // The name of this local node, fetched from arguments
globalLocalNodeName string globalLocalNodeName string
// The global subnet license // The global subnet config
globalSubnetLicense string globalSubnetConfig subnet.Config
globalRemoteEndpoints map[string]Endpoint globalRemoteEndpoints map[string]Endpoint

View File

@ -58,6 +58,7 @@ const (
RegionName = "name" RegionName = "name"
AccessKey = "access_key" AccessKey = "access_key"
SecretKey = "secret_key" SecretKey = "secret_key"
License = "license"
) )
// Top level config constants. // Top level config constants.
@ -79,6 +80,7 @@ const (
HealSubSys = "heal" HealSubSys = "heal"
ScannerSubSys = "scanner" ScannerSubSys = "scanner"
CrawlerSubSys = "crawler" CrawlerSubSys = "crawler"
SubnetSubSys = "subnet"
// Add new constants here if you add new fields to config. // Add new constants here if you add new fields to config.
) )
@ -127,6 +129,7 @@ var SubSystems = set.CreateStringSet(
NotifyPostgresSubSys, NotifyPostgresSubSys,
NotifyRedisSubSys, NotifyRedisSubSys,
NotifyWebhookSubSys, NotifyWebhookSubSys,
SubnetSubSys,
) )
// SubSystemsDynamic - all sub-systems that have dynamic config. // SubSystemsDynamic - all sub-systems that have dynamic config.
@ -135,6 +138,7 @@ var SubSystemsDynamic = set.CreateStringSet(
CompressionSubSys, CompressionSubSys,
ScannerSubSys, ScannerSubSys,
HealSubSys, HealSubSys,
SubnetSubSys,
) )
// SubSystemsSingleTargets - subsystems which only support single target. // SubSystemsSingleTargets - subsystems which only support single target.

View File

@ -0,0 +1,71 @@
// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package subnet
import (
jwtgo "github.com/golang-jwt/jwt"
"github.com/minio/minio/internal/config"
"github.com/minio/pkg/env"
)
var (
// DefaultKVS - default KV config for subnet settings
DefaultKVS = config.KVS{
config.KV{
Key: config.License,
Value: "",
},
}
// HelpLicense - provides help for license config
HelpLicense = config.HelpKVS{
config.HelpKV{
Key: config.License,
Type: "string",
Description: "Subnet license token for the cluster",
Optional: true,
},
}
)
// Config represents the subnet related configuration
type Config struct {
// The subnet license token
License string `json:"license"`
}
func validateLicenseFormat(lic string) error {
if len(lic) == 0 {
return nil
}
// Only verifying that the string is a parseable JWT token as of now
_, _, err := new(jwtgo.Parser).ParseUnverified(lic, jwtgo.MapClaims{})
return err
}
// LookupConfig - lookup config and override with valid environment settings if any.
func LookupConfig(kvs config.KVS) (cfg Config, err error) {
if err = config.CheckValidKeys(config.SubnetSubSys, kvs, DefaultKVS); err != nil {
return cfg, err
}
cfg.License = env.Get(config.EnvMinIOSubnetLicense, kvs.Get(config.License))
return cfg, validateLicenseFormat(cfg.License)
}