-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose new Admin endpoint on orderer for the channel participation API #1939
Conversation
sampleconfig/orderer.yaml
Outdated
# - This configures the admin server endpoint for the orderer | ||
# | ||
################################################################################ | ||
Operations: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm confused, why do you have another operations endpoint, exactly like the existing one?
Aren't both endpoints supposed to be used by users possessing local admin credentials? Why do you need a separate port, isn't it possible to use the existing one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My understanding is that the role using this admin endpoint to join/leave channels and the role using the operations endpoint to access metrics, change log levels. etc. are distinct and should be configurable separately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the key here is that the identity performing operations is not a Fabric admin, it's a system admin. We would not want the identity used to perform health check, pull metrics, or modify log level to be the same identity responsible for joining/leaving channels. This is something that @sykesm brought up during the RFC review process and a new port is the simplest option going forward. In the future, the plan is to bring some non-MTLS authentication mechanism in, but that it outside the scope of the channel participation effort.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the key here is that the identity performing operations is not a Fabric admin, it's a system admin. We would not want the identity used to perform health check, pull metrics, or modify log level to be the same identity responsible for joining/leaving channels.
You can still accomplish this with a single port. You can allow both types of connections and then classify the client by its certificate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a new port is the simplest option going forward.
I agree. It is much simpler this way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, thanks for clarifying, Yoav. Definitely overlooked this. Fixed.
common/system/system.go
Outdated
TLS TLS | ||
} | ||
|
||
type System struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This name stutters, and I'm generally a little confused by the choice of package name. As a reader I would struggle to know what a system.System
logically represents. I'd invite feedback for a better name... the more natural one would be http.Server
or similar, but there is the obvious mental conflict with the stdlib. Maybe something like fabhttp.Server
or mtlshttp.Server
or... hopefully someone else has a better thought, but I really don't love system.System
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Of those options, fabhttp.Server seems more obvious to me in terms of describing what it is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renamed to fabhttp.Server for now.
common/system/system.go
Outdated
func NewSystem(o Options) *System { | ||
logger := o.Logger | ||
if logger == nil { | ||
logger = flogging.MustGetLogger("system.runner") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this system.runner
instead of simply the package name? What value does runner
add?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was following what's there in the operations system code. I'm not opposed to renaming this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renamed.
orderer/common/admin/system.go
Outdated
Version string | ||
} | ||
|
||
type System struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wasn't the whole point of factoring the operations.System out into system.System so that you could re-use it? This seems like entirely duplicated code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm, I'm honestly not sure what happened with the code here. It looks like I messed things up when I split things into two commits. I'll get this back to what I intended and push an update...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh right, this was my first pass making sure I understood the common code that was needed before splitting it out into a separate package. I'll remove this dead code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed.
sampleconfig/orderer.yaml
Outdated
# - This configures the admin server endpoint for the orderer | ||
# | ||
################################################################################ | ||
Operations: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the key here is that the identity performing operations is not a Fabric admin, it's a system admin. We would not want the identity used to perform health check, pull metrics, or modify log level to be the same identity responsible for joining/leaving channels. This is something that @sykesm brought up during the RFC review process and a new port is the simplest option going forward. In the future, the plan is to bring some non-MTLS authentication mechanism in, but that it outside the scope of the channel participation effort.
orderer/common/server/main.go
Outdated
func newAdminServer(ops localconfig.Admin) *fabhttp.Server { | ||
return fabhttp.NewServer(fabhttp.Options{ | ||
Logger: flogging.MustGetLogger("orderer.admin"), | ||
ListenAddress: ops.ListenAddress, | ||
TLS: fabhttp.TLS{ | ||
Enabled: ops.TLS.Enabled, | ||
CertFile: ops.TLS.Certificate, | ||
KeyFile: ops.TLS.PrivateKey, | ||
ClientCertRequired: ops.TLS.ClientAuthRequired, | ||
ClientCACertFiles: ops.TLS.ClientRootCAs, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ops
is not the right name for this argument... copy & paste error I assume.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
sampleconfig/orderer.yaml
Outdated
# - This configures the admin server endpoint for the orderer | ||
# | ||
################################################################################ | ||
Operations: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a new port is the simplest option going forward.
I agree. It is much simpler this way.
sampleconfig/orderer.yaml
Outdated
################################################################################ | ||
# | ||
# Admin Configuration | ||
# | ||
# - This configures the admin server endpoint for the orderer | ||
# | ||
################################################################################ | ||
Operations: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This field should be called Admin:
, we already have Operations:
above.
This probably means we're missing a unit tests that loads an updated orderer.yaml
.
sampleconfig/orderer.yaml
Outdated
# - This configures the admin server endpoint for the orderer | ||
# | ||
################################################################################ | ||
Operations: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TLS: | ||
Enabled: {{ .TLSEnabled }} | ||
PrivateKey: {{ $w.OrdererLocalTLSDir Orderer }}/server.key | ||
Certificate: {{ $w.OrdererLocalTLSDir Orderer }}/server.crt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this (using OrdererLocalTLSDir
) mean that in all the tests we share the crypto material of the Operations and Admin endpoints?
Is this what we want?
Is there a testing benefit for separating OrdererLocalTLSDir
from say, OrdererAdminTLSDir
?
Update commit message to reflect package names after last commit. |
Thanks for catching this. Noticed it last week but forgot to get back to updating it. |
Looks good to me. |
fedb578
to
73b136f
Compare
Move the common logic for http server/handler and TLS authentication used by the operations.System into a separate fabhttp.Server and refactor the operations.System to embed the server. This is being done to allow reuse of the common code for the orderer Admin endpoint, which will host the Channel Participation API. FAB-18246 Signed-off-by: Will Lahti <wtlahti@us.ibm.com>
Move the channel participation API to use this endpoint. FAB-18246 #done Signed-off-by: Will Lahti <wtlahti@us.ibm.com>
Just a rebase on master since this has been sitting around a while. |
return server | ||
} | ||
|
||
func (s *Server) Run(signals <-chan os.Signal, ready chan<- struct{}) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be missed that, but where do you use this method? It's seems unused.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This allows us to run as an ifrit.Runner. It's currently used in tests via ifrit.Invoke. I preserved this functionality as it was added by Matt when he implemented the operations service.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, thanks for the clarification.
Type of change
Description
First commit
Second commit
Related issues
FAB-18246