1 /******************************************************************************
3 * Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
5 * This program is free software; you can redistribute it and/or *
6 * modify it under the terms of the GNU General Public License *
7 * as published by the Free Software Foundation; either version 2 *
8 * of the License, or (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the Free Software Foundation *
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
18 ******************************************************************************/
20 #include "remote/apilistener.hpp"
21 #include "remote/apiclient.hpp"
22 #include "remote/endpoint.hpp"
23 #include "base/convert.hpp"
24 #include "base/netstring.hpp"
25 #include "base/dynamictype.hpp"
26 #include "base/logger_fwd.hpp"
27 #include "base/objectlock.hpp"
28 #include "base/stdiostream.hpp"
29 #include "base/application.hpp"
30 #include "base/context.hpp"
31 #include "base/statsfunction.hpp"
34 using namespace icinga;
36 REGISTER_TYPE(ApiListener);
38 boost::signals2::signal<void(bool)> ApiListener::OnMasterChanged;
40 REGISTER_STATSFUNCTION(ApiListenerStats, &ApiListener::StatsFunc);
42 void ApiListener::OnConfigLoaded(void)
44 /* set up SSL context */
45 shared_ptr<X509> cert = make_shared<X509>();
47 cert = GetX509Certificate(GetCertPath());
48 } catch (std::exception&) {
49 Log(LogCritical, "ApiListener", "Cannot get certificate from cert path: '" + GetCertPath() + "'.");
54 SetIdentity(GetCertificateCN(cert));
55 } catch (std::exception&) {
56 Log(LogCritical, "ApiListener", "Cannot get certificate common name from cert path: '" + GetCertPath() + "'.");
60 Log(LogInformation, "ApiListener", "My API identity: " + GetIdentity());
63 m_SSLContext = MakeSSLContext(GetCertPath(), GetKeyPath(), GetCaPath());
64 } catch (std::exception&) {
65 Log(LogCritical, "ApiListener", "Cannot make SSL context for cert path: '" + GetCertPath() + "' key path: '" + GetKeyPath() + "' ca path: '" + GetCaPath() + "'.");
69 if (!GetCrlPath().IsEmpty()) {
71 AddCRLToSSLContext(m_SSLContext, GetCrlPath());
72 } catch (std::exception&) {
73 Log(LogCritical, "ApiListener", "Cannot add certificate revocation list to SSL context for crl path: '" + GetCrlPath() + "'.");
78 if (!Endpoint::GetByName(GetIdentity())) {
79 Log(LogCritical, "ApiListener", "Endpoint object for '" + GetIdentity() + "' is missing.");
87 * Starts the component.
89 void ApiListener::Start(void)
91 if (std::distance(DynamicType::GetObjects<ApiListener>().first, DynamicType::GetObjects<ApiListener>().second) > 1) {
92 Log(LogCritical, "ApiListener", "Only one ApiListener object is allowed.");
96 DynamicObject::Start();
99 boost::mutex::scoped_lock(m_LogLock);
104 /* create the primary JSON-RPC listener */
105 AddListener(GetBindPort());
107 m_Timer = make_shared<Timer>();
108 m_Timer->OnTimerExpired.connect(boost::bind(&ApiListener::ApiTimerHandler, this));
109 m_Timer->SetInterval(5);
111 m_Timer->Reschedule(0);
113 OnMasterChanged(true);
116 ApiListener::Ptr ApiListener::GetInstance(void)
118 BOOST_FOREACH(const ApiListener::Ptr& listener, DynamicType::GetObjects<ApiListener>())
121 return ApiListener::Ptr();
124 shared_ptr<SSL_CTX> ApiListener::GetSSLContext(void) const
129 Endpoint::Ptr ApiListener::GetMaster(void) const
131 Zone::Ptr zone = Zone::GetLocalZone();
132 std::vector<String> names;
134 BOOST_FOREACH(const Endpoint::Ptr& endpoint, zone->GetEndpoints())
135 if (endpoint->IsConnected() || endpoint->GetName() == GetIdentity())
136 names.push_back(endpoint->GetName());
138 std::sort(names.begin(), names.end());
140 return Endpoint::GetByName(*names.begin());
143 bool ApiListener::IsMaster(void) const
145 return GetMaster()->GetName() == GetIdentity();
149 * Creates a new JSON-RPC listener on the specified port.
151 * @param service The port to listen on.
153 void ApiListener::AddListener(const String& service)
155 ObjectLock olock(this);
157 shared_ptr<SSL_CTX> sslContext = m_SSLContext;
160 Log(LogCritical, "ApiListener", "SSL context is required for AddListener()");
164 std::ostringstream s;
165 s << "Adding new listener: port " << service;
166 Log(LogInformation, "ApiListener", s.str());
168 TcpSocket::Ptr server = make_shared<TcpSocket>();
171 server->Bind(service, AF_UNSPEC);
172 } catch(std::exception&) {
173 Log(LogCritical, "ApiListener", "Cannot bind tcp socket on '" + service + "'.");
177 boost::thread thread(boost::bind(&ApiListener::ListenerThreadProc, this, server));
180 m_Servers.insert(server);
183 void ApiListener::ListenerThreadProc(const Socket::Ptr& server)
185 Utility::SetThreadName("API Listener");
191 Socket::Ptr client = server->Accept();
192 Utility::QueueAsyncCallback(boost::bind(&ApiListener::NewClientHandler, this, client, RoleServer));
193 } catch (std::exception&) {
194 Log(LogCritical, "ApiListener", "Cannot accept new connection.");
200 * Creates a new JSON-RPC client and connects to the specified host and port.
202 * @param node The remote host.
203 * @param service The remote port.
205 void ApiListener::AddConnection(const String& node, const String& service)
208 ObjectLock olock(this);
210 shared_ptr<SSL_CTX> sslContext = m_SSLContext;
213 Log(LogCritical, "ApiListener", "SSL context is required for AddListener()");
218 TcpSocket::Ptr client = make_shared<TcpSocket>();
221 client->Connect(node, service);
222 Utility::QueueAsyncCallback(boost::bind(&ApiListener::NewClientHandler, this, client, RoleClient));
223 } catch (const std::exception& ex) {
224 std::ostringstream info, debug;
225 info << "Cannot connect to host '" << node << "' on port '" << service << "'";
226 debug << info.str() << std::endl << DiagnosticInformation(ex);
227 Log(LogCritical, "ApiListener", info.str());
228 Log(LogDebug, "ApiListener", debug.str());
233 * Processes a new client connection.
235 * @param client The new client.
237 void ApiListener::NewClientHandler(const Socket::Ptr& client, ConnectionRole role)
239 CONTEXT("Handling new API client connection");
241 TlsStream::Ptr tlsStream;
244 ObjectLock olock(this);
246 tlsStream = make_shared<TlsStream>(client, role, m_SSLContext);
247 } catch (std::exception&) {
248 Log(LogCritical, "ApiListener", "Cannot create tls stream from client connection.");
254 tlsStream->Handshake();
255 } catch (std::exception) {
256 Log(LogCritical, "ApiListener", "Client TLS handshake failed.");
260 shared_ptr<X509> cert = tlsStream->GetPeerCertificate();
264 identity = GetCertificateCN(cert);
265 } catch (std::exception&) {
266 Log(LogCritical, "ApiListener", "Cannot get certificate common name from cert path: '" + GetCertPath() + "'.");
270 Log(LogInformation, "ApiListener", "New client connection for identity '" + identity + "'");
272 Endpoint::Ptr endpoint = Endpoint::GetByName(identity);
274 bool need_sync = false;
277 need_sync = !endpoint->IsConnected();
279 ApiClient::Ptr aclient = make_shared<ApiClient>(identity, tlsStream, role);
285 ObjectLock olock(endpoint);
287 endpoint->SetSyncing(true);
293 SendConfigUpdate(aclient);
295 endpoint->AddClient(aclient);
297 AddAnonymousClient(aclient);
300 void ApiListener::ApiTimerHandler(void)
302 double now = Utility::GetTime();
304 std::vector<int> files;
305 Utility::Glob(GetApiDir() + "log/*", boost::bind(&ApiListener::LogGlobHandler, boost::ref(files), _1), GlobFile);
306 std::sort(files.begin(), files.end());
308 BOOST_FOREACH(int ts, files) {
311 BOOST_FOREACH(const Endpoint::Ptr& endpoint, DynamicType::GetObjects<Endpoint>()) {
312 if (endpoint->GetName() == GetIdentity())
315 if (endpoint->GetLogDuration() >= 0 && ts < now - endpoint->GetLogDuration())
318 if (ts > endpoint->GetLocalLogPosition()) {
325 String path = GetApiDir() + "log/" + Convert::ToString(ts);
326 Log(LogNotice, "ApiListener", "Removing old log file: " + path);
327 (void)unlink(path.CStr());
332 Zone::Ptr my_zone = Zone::GetLocalZone();
334 BOOST_FOREACH(const Zone::Ptr& zone, DynamicType::GetObjects<Zone>()) {
335 /* only connect to endpoints in a) the same zone b) our parent zone c) immediate child zones */
336 if (my_zone != zone && my_zone != zone->GetParent() && zone != my_zone->GetParent())
339 bool connected = false;
341 BOOST_FOREACH(const Endpoint::Ptr& endpoint, zone->GetEndpoints()) {
342 if (endpoint->IsConnected()) {
348 /* don't connect to an endpoint if we already have a connection to the zone */
352 BOOST_FOREACH(const Endpoint::Ptr& endpoint, zone->GetEndpoints()) {
353 /* don't connect to ourselves */
354 if (endpoint->GetName() == GetIdentity())
357 /* don't try to connect to endpoints which don't have a host and port */
358 if (endpoint->GetHost().IsEmpty() || endpoint->GetPort().IsEmpty())
361 AddConnection(endpoint->GetHost(), endpoint->GetPort());
366 BOOST_FOREACH(const Endpoint::Ptr& endpoint, DynamicType::GetObjects<Endpoint>()) {
367 if (!endpoint->IsConnected())
370 double ts = endpoint->GetRemoteLogPosition();
375 Dictionary::Ptr lparams = make_shared<Dictionary>();
376 lparams->Set("log_position", ts);
378 Dictionary::Ptr lmessage = make_shared<Dictionary>();
379 lmessage->Set("jsonrpc", "2.0");
380 lmessage->Set("method", "log::SetLogPosition");
381 lmessage->Set("params", lparams);
383 BOOST_FOREACH(const ApiClient::Ptr& client, endpoint->GetClients())
384 client->SendMessage(lmessage);
386 Log(LogNotice, "ApiListener", "Setting log position for identity '" + endpoint->GetName() + "': " +
387 Utility::FormatDateTime("%Y/%m/%d %H:%M:%S", ts));
390 Log(LogNotice, "ApiListener", "Current zone master: " + GetMaster()->GetName());
392 std::vector<String> names;
393 BOOST_FOREACH(const Endpoint::Ptr& endpoint, DynamicType::GetObjects<Endpoint>())
394 if (endpoint->IsConnected())
395 names.push_back(endpoint->GetName() + " (" + Convert::ToString(endpoint->GetClients().size()) + ")");
397 Log(LogNotice, "ApiListener", "Connected endpoints: " + Utility::NaturalJoin(names));
400 void ApiListener::RelayMessage(const MessageOrigin& origin, const DynamicObject::Ptr& secobj, const Dictionary::Ptr& message, bool log)
402 m_RelayQueue.Enqueue(boost::bind(&ApiListener::SyncRelayMessage, this, origin, secobj, message, log));
405 void ApiListener::PersistMessage(const Dictionary::Ptr& message)
407 double ts = message->Get("ts");
411 Dictionary::Ptr pmessage = make_shared<Dictionary>();
412 pmessage->Set("timestamp", ts);
414 pmessage->Set("message", JsonSerialize(message));
416 boost::mutex::scoped_lock lock(m_LogLock);
418 NetString::WriteStringToStream(m_LogFile, JsonSerialize(pmessage));
420 SetLogMessageTimestamp(ts);
422 if (m_LogMessageCount > 50000) {
430 void ApiListener::SyncRelayMessage(const MessageOrigin& origin, const DynamicObject::Ptr& secobj, const Dictionary::Ptr& message, bool log)
432 double ts = Utility::GetTime();
433 message->Set("ts", ts);
435 Log(LogNotice, "ApiListener", "Relaying '" + message->Get("method") + "' message");
438 m_LogQueue.Enqueue(boost::bind(&ApiListener::PersistMessage, this, message));
441 message->Set("originZone", origin.FromZone->GetName());
443 bool is_master = IsMaster();
444 Endpoint::Ptr master = GetMaster();
445 Zone::Ptr my_zone = Zone::GetLocalZone();
447 std::vector<Endpoint::Ptr> skippedEndpoints;
448 std::set<Zone::Ptr> finishedZones;
450 BOOST_FOREACH(const Endpoint::Ptr& endpoint, DynamicType::GetObjects<Endpoint>()) {
451 /* don't relay messages to ourselves or disconnected endpoints */
452 if (endpoint->GetName() == GetIdentity() || !endpoint->IsConnected())
455 Zone::Ptr target_zone = endpoint->GetZone();
457 /* don't relay the message to the zone through more than one endpoint */
458 if (finishedZones.find(target_zone) != finishedZones.end()) {
459 skippedEndpoints.push_back(endpoint);
463 /* don't relay messages back to the endpoint which we got the message from */
464 if (origin.FromClient && endpoint == origin.FromClient->GetEndpoint()) {
465 skippedEndpoints.push_back(endpoint);
469 /* don't relay messages back to the zone which we got the message from */
470 if (origin.FromZone && target_zone == origin.FromZone) {
471 skippedEndpoints.push_back(endpoint);
475 /* only relay message to the master if we're not currently the master */
476 if (!is_master && master != endpoint) {
477 skippedEndpoints.push_back(endpoint);
481 /* only relay the message to a) the same zone, b) the parent zone and c) direct child zones */
482 if (target_zone != my_zone && target_zone != my_zone->GetParent() &&
483 secobj->GetZone() != target_zone->GetName()) {
484 skippedEndpoints.push_back(endpoint);
488 /* only relay messages to zones which have access to the object */
489 if (!target_zone->CanAccessObject(secobj))
492 finishedZones.insert(target_zone);
495 ObjectLock olock(endpoint);
497 if (!endpoint->GetSyncing()) {
498 Log(LogNotice, "ApiListener", "Sending message to '" + endpoint->GetName() + "'");
500 BOOST_FOREACH(const ApiClient::Ptr& client, endpoint->GetClients())
501 client->SendMessage(message);
506 BOOST_FOREACH(const Endpoint::Ptr& endpoint, skippedEndpoints)
507 endpoint->SetLocalLogPosition(ts);
510 String ApiListener::GetApiDir(void)
512 return Application::GetLocalStateDir() + "/lib/icinga2/api/";
515 /* must hold m_LogLock */
516 void ApiListener::OpenLogFile(void)
518 String path = GetApiDir() + "log/current";
520 std::fstream *fp = new std::fstream(path.CStr(), std::fstream::out | std::ofstream::app);
523 Log(LogWarning, "ApiListener", "Could not open spool file: " + path);
527 m_LogFile = make_shared<StdioStream>(fp, true);
528 m_LogMessageCount = 0;
529 SetLogMessageTimestamp(Utility::GetTime());
532 /* must hold m_LogLock */
533 void ApiListener::CloseLogFile(void)
542 /* must hold m_LogLock */
543 void ApiListener::RotateLogFile(void)
545 double ts = GetLogMessageTimestamp();
548 ts = Utility::GetTime();
550 String oldpath = GetApiDir() + "log/current";
551 String newpath = GetApiDir() + "log/" + Convert::ToString(static_cast<int>(ts)+1);
552 (void) rename(oldpath.CStr(), newpath.CStr());
555 void ApiListener::LogGlobHandler(std::vector<int>& files, const String& file)
557 String name = Utility::BaseName(file);
562 ts = Convert::ToLong(name);
564 catch (const std::exception&) {
571 void ApiListener::ReplayLog(const ApiClient::Ptr& client)
573 Endpoint::Ptr endpoint = client->GetEndpoint();
575 CONTEXT("Replaying log for Endpoint '" + endpoint->GetName() + "'");
578 double peer_ts = endpoint->GetLocalLogPosition();
579 bool last_sync = false;
582 boost::mutex::scoped_lock lock(m_LogLock);
587 if (count == -1 || count > 50000) {
596 std::vector<int> files;
597 Utility::Glob(GetApiDir() + "log/*", boost::bind(&ApiListener::LogGlobHandler, boost::ref(files), _1), GlobFile);
598 std::sort(files.begin(), files.end());
600 BOOST_FOREACH(int ts, files) {
601 String path = GetApiDir() + "log/" + Convert::ToString(ts);
606 Log(LogNotice, "ApiListener", "Replaying log: " + path);
608 std::fstream *fp = new std::fstream(path.CStr(), std::fstream::in);
609 StdioStream::Ptr logStream = make_shared<StdioStream>(fp, true);
613 Dictionary::Ptr pmessage;
616 if (!NetString::ReadStringFromStream(logStream, &message))
619 pmessage = JsonDeserialize(message);
620 } catch (const std::exception&) {
621 Log(LogWarning, "ApiListener", "Unexpected end-of-file for cluster log: " + path);
623 /* Log files may be incomplete or corrupted. This is perfectly OK. */
627 if (pmessage->Get("timestamp") <= peer_ts)
630 NetString::WriteStringToStream(client->GetStream(), pmessage->Get("message"));
633 peer_ts = pmessage->Get("timestamp");
639 Log(LogNotice, "ApiListener", "Replayed " + Convert::ToString(count) + " messages.");
643 ObjectLock olock2(endpoint);
644 endpoint->SetSyncing(false);
654 Value ApiListener::StatsFunc(Dictionary::Ptr& status, Dictionary::Ptr& perfdata)
656 Dictionary::Ptr nodes = make_shared<Dictionary>();
657 std::pair<Dictionary::Ptr, Dictionary::Ptr> stats;
659 ApiListener::Ptr listener = ApiListener::GetInstance();
664 stats = listener->GetStatus();
666 BOOST_FOREACH(Dictionary::Pair const& kv, stats.second)
667 perfdata->Set("api_" + kv.first, kv.second);
669 status->Set("api", stats.first);
674 std::pair<Dictionary::Ptr, Dictionary::Ptr> ApiListener::GetStatus(void)
676 Dictionary::Ptr status = make_shared<Dictionary>();
677 Dictionary::Ptr perfdata = make_shared<Dictionary>();
680 status->Set("identity", GetIdentity());
682 double count_endpoints = 0;
683 Array::Ptr not_connected_endpoints = make_shared<Array>();
684 Array::Ptr connected_endpoints = make_shared<Array>();
686 BOOST_FOREACH(const Endpoint::Ptr& endpoint, DynamicType::GetObjects<Endpoint>()) {
687 if (endpoint->GetName() == GetIdentity())
692 if (!endpoint->IsConnected())
693 not_connected_endpoints->Add(endpoint->GetName());
695 connected_endpoints->Add(endpoint->GetName());
698 status->Set("num_endpoints", count_endpoints);
699 status->Set("num_conn_endpoints", connected_endpoints->GetLength());
700 status->Set("num_not_conn_endpoints", not_connected_endpoints->GetLength());
701 status->Set("conn_endpoints", connected_endpoints);
702 status->Set("not_conn_endpoints", not_connected_endpoints);
704 perfdata->Set("num_endpoints", count_endpoints);
705 perfdata->Set("num_conn_endpoints", Convert::ToDouble(connected_endpoints->GetLength()));
706 perfdata->Set("num_not_conn_endpoints", Convert::ToDouble(not_connected_endpoints->GetLength()));
708 return std::make_pair(status, perfdata);
711 void ApiListener::AddAnonymousClient(const ApiClient::Ptr& aclient)
713 ObjectLock olock(this);
714 m_AnonymousClients.insert(aclient);
717 void ApiListener::RemoveAnonymousClient(const ApiClient::Ptr& aclient)
719 ObjectLock olock(this);
720 m_AnonymousClients.erase(aclient);
723 std::set<ApiClient::Ptr> ApiListener::GetAnonymousClients(void) const
725 ObjectLock olock(this);
726 return m_AnonymousClients;