You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by da...@apache.org on 2017/07/26 19:08:14 UTC
[1/2] kudu git commit: Add security dashboard to web UI
Repository: kudu
Updated Branches:
refs/heads/master cb9a6b84d -> 9285f2b44
Add security dashboard to web UI
Adds a new "Configuration" page to the web UI
that displays a list of security configuration
options, their current values, whether or not
they're the most secure settings, and
explanations of what flags control them.
Change-Id: I632c3b757386e0282000bcb9562b6dc3622dde93
Reviewed-on: http://gerrit.cloudera.org:8080/7505
Reviewed-by: Dan Burkert <da...@apache.org>
Tested-by: Kudu Jenkins
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/634e1cc6
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/634e1cc6
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/634e1cc6
Branch: refs/heads/master
Commit: 634e1cc673e5cd5fd563ba526a0a655c5718e4e3
Parents: cb9a6b8
Author: Sam Okrent <sa...@cloudera.com>
Authored: Mon Jul 24 11:10:29 2017 -0700
Committer: Dan Burkert <da...@apache.org>
Committed: Wed Jul 26 19:07:11 2017 +0000
----------------------------------------------------------------------
src/kudu/server/default-path-handlers.cc | 44 +++++++++++++++++++++++++++
www/config.mustache | 37 ++++++++++++++++++++++
www/kudu.css | 4 +++
3 files changed, 85 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/src/kudu/server/default-path-handlers.cc
----------------------------------------------------------------------
diff --git a/src/kudu/server/default-path-handlers.cc b/src/kudu/server/default-path-handlers.cc
index 8b4e995..645b362 100644
--- a/src/kudu/server/default-path-handlers.cc
+++ b/src/kudu/server/default-path-handlers.cc
@@ -26,6 +26,7 @@
#include <vector>
#include <boost/algorithm/string.hpp>
+#include <boost/algorithm/string/predicate.hpp>
#include <boost/bind.hpp>
#include <gperftools/malloc_extension.h>
@@ -54,6 +55,12 @@ DEFINE_int64(web_log_bytes, 1024 * 1024,
TAG_FLAG(web_log_bytes, advanced);
TAG_FLAG(web_log_bytes, runtime);
+// For configuration dashboard
+DECLARE_string(redact);
+DECLARE_string(rpc_encryption);
+DECLARE_string(rpc_authentication);
+DECLARE_string(webserver_certificate_file);
+
namespace kudu {
using std::shared_ptr;
@@ -185,6 +192,41 @@ static void MemTrackersHandler(const Webserver::WebRequest& /*req*/, std::ostrin
*output << "</tbody></table>\n";
}
+static void ConfigurationHandler(const Webserver::WebRequest& /* req */, EasyJson* output) {
+ EasyJson security_configs = output->Set("security_configs", EasyJson::kArray);
+
+ EasyJson rpc_encryption = security_configs.PushBack(EasyJson::kObject);
+ rpc_encryption["name"] = "RPC Encryption";
+ rpc_encryption["value"] = FLAGS_rpc_encryption;
+ rpc_encryption["secure"] = boost::iequals(FLAGS_rpc_encryption, "required");
+ rpc_encryption["id"] = "rpc_encryption";
+ rpc_encryption["explanation"] = "Configure with --rpc_encryption. Most secure value is "
+ "'required'.";
+
+ EasyJson rpc_authentication = security_configs.PushBack(EasyJson::kObject);
+ rpc_authentication["name"] = "RPC Authentication";
+ rpc_authentication["value"] = FLAGS_rpc_authentication;
+ rpc_authentication["secure"] = boost::iequals(FLAGS_rpc_authentication, "required");
+ rpc_authentication["id"] = "rpc_authentication";
+ rpc_authentication["explanation"] = "Configure with --rpc_authentication. Most secure value is "
+ "'required'.";
+
+ EasyJson webserver_encryption = security_configs.PushBack(EasyJson::kObject);
+ webserver_encryption["name"] = "Webserver Encryption";
+ webserver_encryption["value"] = FLAGS_webserver_certificate_file.empty() ? "off" : "on";
+ webserver_encryption["secure"] = !FLAGS_webserver_certificate_file.empty();
+ webserver_encryption["id"] = "webserver_encryption";
+ webserver_encryption["explanation"] = "Configure with --webserver_certificate_file and "
+ "webserver_private_key_file.";
+
+ EasyJson webserver_redaction = security_configs.PushBack(EasyJson::kObject);
+ webserver_redaction["name"] = "Webserver Redaction";
+ webserver_redaction["value"] = FLAGS_redact;
+ webserver_redaction["secure"] = boost::iequals(FLAGS_redact, "all");
+ webserver_redaction["id"] = "webserver_redaction";
+ webserver_redaction["explanation"] = "Configure with --redact. Most secure value is 'all'.";
+}
+
void AddDefaultPathHandlers(Webserver* webserver) {
bool styled = true;
bool on_nav_bar = true;
@@ -194,6 +236,8 @@ void AddDefaultPathHandlers(Webserver* webserver) {
styled, on_nav_bar);
webserver->RegisterPrerenderedPathHandler("/mem-trackers", "Memory (detail)", MemTrackersHandler,
styled, on_nav_bar);
+ webserver->RegisterPathHandler("/config", "Configuration", ConfigurationHandler,
+ styled, on_nav_bar);
AddPprofPathHandlers(webserver);
}
http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/www/config.mustache
----------------------------------------------------------------------
diff --git a/www/config.mustache b/www/config.mustache
new file mode 100644
index 0000000..7d80c12
--- /dev/null
+++ b/www/config.mustache
@@ -0,0 +1,37 @@
+{{!
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+}}
+
+<h2>Configuration</h2>
+
+<div class="panel panel-default">
+ <div class="panel-heading">
+ <h3 class="panel-title">Security</h3>
+ </div>
+ <ul class="list-group">
+ {{#security_configs}}
+ <li class="list-group-item">
+ <span class="glyphicon glyphicon-lock text-success
+ {{^secure}}glyphicon-hide{{/secure}}"></span>
+ {{name}}: {{value}}
+ <small>(<a href="#{{id}}" data-toggle="collapse">?</a>)</small>
+ <div id="{{id}}" class="collapse text-muted">{{explanation}}</div>
+ </li>
+ {{/security_configs}}
+ </ul>
+</div>
http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/www/kudu.css
----------------------------------------------------------------------
diff --git a/www/kudu.css b/www/kudu.css
index d08ac62..d44905f 100644
--- a/www/kudu.css
+++ b/www/kudu.css
@@ -49,3 +49,7 @@ body {
.footer pre {
border: none;
}
+
+.glyphicon-hide {
+ color: transparent;
+}
[2/2] kudu git commit: Switch tables page to template
Posted by da...@apache.org.
Switch tables page to template
Converts the /tables page of the master web UI
to use a mustache template.
Change-Id: I2750448bb5c96b8837bc045dca41d4a4113b0c6b
Reviewed-on: http://gerrit.cloudera.org:8080/7506
Reviewed-by: Dan Burkert <da...@apache.org>
Tested-by: Dan Burkert <da...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/9285f2b4
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/9285f2b4
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/9285f2b4
Branch: refs/heads/master
Commit: 9285f2b44edb23a906cc3a697d9289ee3b3c5673
Parents: 634e1cc
Author: Sam Okrent <sa...@cloudera.com>
Authored: Tue Jul 25 14:28:58 2017 -0700
Committer: Dan Burkert <da...@apache.org>
Committed: Wed Jul 26 19:07:55 2017 +0000
----------------------------------------------------------------------
src/kudu/master/master-path-handlers.cc | 34 +++++++---------------
src/kudu/master/master-path-handlers.h | 3 +-
www/tables.mustache | 43 ++++++++++++++++++++++++++++
3 files changed, 56 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/9285f2b4/src/kudu/master/master-path-handlers.cc
----------------------------------------------------------------------
diff --git a/src/kudu/master/master-path-handlers.cc b/src/kudu/master/master-path-handlers.cc
index d1855f7..80668b1 100644
--- a/src/kudu/master/master-path-handlers.cc
+++ b/src/kudu/master/master-path-handlers.cc
@@ -44,6 +44,7 @@
#include "kudu/master/sys_catalog.h"
#include "kudu/master/ts_descriptor.h"
#include "kudu/master/ts_manager.h"
+#include "kudu/util/easy_json.h"
#include "kudu/util/pb_util.h"
#include "kudu/util/string_case.h"
#include "kudu/util/url-coding.h"
@@ -126,24 +127,18 @@ void MasterPathHandlers::HandleTabletServers(const Webserver::WebRequest& req,
}
void MasterPathHandlers::HandleCatalogManager(const Webserver::WebRequest& req,
- ostringstream* output) {
+ EasyJson* output) {
CatalogManager::ScopedLeaderSharedLock l(master_->catalog_manager());
if (!l.first_failed_status().ok()) {
- *output << "Master is not ready: " << l.first_failed_status().ToString();
+ (*output)["error"] = Substitute("Master is not ready: $0", l.first_failed_status().ToString());
return;
}
- *output << "<h1>Tables</h1>\n";
-
std::vector<scoped_refptr<TableInfo>> tables;
master_->catalog_manager()->GetAllTables(&tables);
+ (*output).Set<int64_t>("num_tables", tables.size());
- *output << Substitute("There are $0 tables\n", tables.size());
- *output << "<table class='table table-striped'>\n";
- *output << " <thead><tr><th>Table Name</th><th>Table Id</th>" <<
- "<th>State</th><th>State Message</th></tr></thead>\n";
- typedef std::map<string, string> StringMap;
- StringMap ordered_tables;
+ EasyJson tables_json = output->Set("tables", EasyJson::kArray);
for (const scoped_refptr<TableInfo>& table : tables) {
TableMetadataLock l(table.get(), TableMetadataLock::READ);
if (!l.data().is_running()) {
@@ -151,19 +146,12 @@ void MasterPathHandlers::HandleCatalogManager(const Webserver::WebRequest& req,
}
string state = SysTablesEntryPB_State_Name(l.data().pb.state());
Capitalize(&state);
- ordered_tables[l.data().name()] = Substitute(
- "<tr><th>$0</th><td><a href=\"/table?id=$1\">$1</a></td>"
- "<td>$2</td><td>$3</td></tr>\n",
- EscapeForHtmlToString(l.data().name()),
- EscapeForHtmlToString(table->id()),
- state,
- EscapeForHtmlToString(l.data().pb.state_msg()));
+ EasyJson table_json = tables_json.PushBack(EasyJson::kObject);
+ table_json["name"] = EscapeForHtmlToString(l.data().name());
+ table_json["id"] = EscapeForHtmlToString(table->id());
+ table_json["state"] = state;
+ table_json["message"] = EscapeForHtmlToString(l.data().pb.state_msg());
}
- *output << "<tbody>\n";
- for (const StringMap::value_type& table : ordered_tables) {
- *output << table.second;
- }
- *output << "</tbody></table>\n";
}
namespace {
@@ -593,7 +581,7 @@ Status MasterPathHandlers::Register(Webserver* server) {
"/tablet-servers", "Tablet Servers",
boost::bind(&MasterPathHandlers::HandleTabletServers, this, _1, _2),
is_styled, is_on_nav_bar);
- server->RegisterPrerenderedPathHandler(
+ server->RegisterPathHandler(
"/tables", "Tables",
boost::bind(&MasterPathHandlers::HandleCatalogManager, this, _1, _2),
is_styled, is_on_nav_bar);
http://git-wip-us.apache.org/repos/asf/kudu/blob/9285f2b4/src/kudu/master/master-path-handlers.h
----------------------------------------------------------------------
diff --git a/src/kudu/master/master-path-handlers.h b/src/kudu/master/master-path-handlers.h
index 0850edb..73a7a8e 100644
--- a/src/kudu/master/master-path-handlers.h
+++ b/src/kudu/master/master-path-handlers.h
@@ -23,6 +23,7 @@
#include "kudu/gutil/macros.h"
#include "kudu/server/webserver.h"
+#include "kudu/util/easy_json.h"
namespace kudu {
class Schema;
@@ -49,7 +50,7 @@ class MasterPathHandlers {
void HandleTabletServers(const Webserver::WebRequest& req,
std::ostringstream* output);
void HandleCatalogManager(const Webserver::WebRequest& req,
- std::ostringstream* output);
+ EasyJson* output);
void HandleTablePage(const Webserver::WebRequest& req,
std::ostringstream *output);
void HandleMasters(const Webserver::WebRequest& req,
http://git-wip-us.apache.org/repos/asf/kudu/blob/9285f2b4/www/tables.mustache
----------------------------------------------------------------------
diff --git a/www/tables.mustache b/www/tables.mustache
new file mode 100644
index 0000000..6abe133
--- /dev/null
+++ b/www/tables.mustache
@@ -0,0 +1,43 @@
+{{!
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+}}
+<h1>Tables</h1>
+{{#error}}
+ <div class="text-error">{{{.}}}</div>
+{{/error}}
+{{^error}}
+There are {{num_tables}} tables
+<table class="table table-striped">
+ <thead><tr>
+ <th>Table Name</th>
+ <th>Table Id</th>
+ <th>State</th>
+ <th>State Message</th>
+ </tr></thead>
+ <tbody>
+ {{#tables}}
+ <tr>
+ <th>{{name}}</th>
+ <td><a href="/table?id={{id}}">{{id}}</a></td>
+ <td>{{state}}</td>
+ <td>{{message}}</td>
+ </tr>
+ {{/tables}}
+ </tbody>
+</table>
+{{/error}}