mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
5f78691fcf
This change uses the updated ldap library in minio/pkg (bumped up to v3). A new config parameter is added for LDAP configuration to specify extra user attributes to load from the LDAP server and to store them as additional claims for the user. A test is added in sts_handlers.go that shows how to access the LDAP attributes as a claim. This is in preparation for adding SSH pubkey authentication to MinIO's SFTP integration.
104 lines
2.8 KiB
Go
104 lines
2.8 KiB
Go
// Copyright (c) 2015-2021 MinIO, Inc.
|
|
//
|
|
// This file is part of MinIO Object Storage stack
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"runtime"
|
|
"runtime/debug"
|
|
|
|
"github.com/dustin/go-humanize"
|
|
"github.com/minio/cli"
|
|
"github.com/minio/madmin-go/v3/kernel"
|
|
"github.com/minio/minio/internal/logger"
|
|
"github.com/minio/pkg/v3/sys"
|
|
)
|
|
|
|
func oldLinux() bool {
|
|
currentKernel, err := kernel.CurrentVersion()
|
|
if err != nil {
|
|
// Could not probe the kernel version
|
|
return false
|
|
}
|
|
|
|
if currentKernel == 0 {
|
|
// We could not get any valid value return false
|
|
return false
|
|
}
|
|
|
|
// legacy linux indicator for printing warnings
|
|
// about older Linux kernels and Go runtime.
|
|
return currentKernel < kernel.Version(4, 0, 0)
|
|
}
|
|
|
|
func setMaxResources(ctx *cli.Context) (err error) {
|
|
// Set the Go runtime max threads threshold to 90% of kernel setting.
|
|
sysMaxThreads, err := sys.GetMaxThreads()
|
|
if err == nil {
|
|
minioMaxThreads := (sysMaxThreads * 90) / 100
|
|
// Only set max threads if it is greater than the default one
|
|
if minioMaxThreads > 10000 {
|
|
debug.SetMaxThreads(minioMaxThreads)
|
|
}
|
|
}
|
|
|
|
var maxLimit uint64
|
|
|
|
// Set open files limit to maximum.
|
|
if _, maxLimit, err = sys.GetMaxOpenFileLimit(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if maxLimit < 4096 && runtime.GOOS != globalWindowsOSName {
|
|
logger.Info("WARNING: maximum file descriptor limit %d is too low for production servers. At least 4096 is recommended. Fix with \"ulimit -n 4096\"",
|
|
maxLimit)
|
|
}
|
|
|
|
if err = sys.SetMaxOpenFileLimit(maxLimit, maxLimit); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Set max memory limit as current memory limit.
|
|
if _, maxLimit, err = sys.GetMaxMemoryLimit(); err != nil {
|
|
return err
|
|
}
|
|
|
|
// set debug memory limit instead of GOMEMLIMIT env
|
|
_ = setDebugMemoryLimit(ctx)
|
|
|
|
err = sys.SetMaxMemoryLimit(maxLimit, maxLimit)
|
|
return err
|
|
}
|
|
|
|
func setDebugMemoryLimit(ctx *cli.Context) error {
|
|
if ctx == nil {
|
|
return nil
|
|
}
|
|
if ctx.IsSet("memlimit") {
|
|
memlimit := ctx.String("memlimit")
|
|
if memlimit == "" {
|
|
memlimit = ctx.GlobalString("memlimit")
|
|
}
|
|
mlimit, err := humanize.ParseBytes(memlimit)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
debug.SetMemoryLimit(int64(mlimit))
|
|
}
|
|
return nil
|
|
}
|