func initializeSQLDB(logger lager.Logger, sqlConn *sql.DB) *sqldb.SQLDB { key, keys, err := encryptionFlags.Parse() if err != nil { logger.Fatal("cannot-setup-encryption", err) } keyManager, err := encryption.NewKeyManager(key, keys) if err != nil { logger.Fatal("cannot-setup-encryption", err) } cryptor := encryption.NewCryptor(keyManager, rand.Reader) return sqldb.NewSQLDB(sqlConn, 1000, 1000, format.ENCODED_PROTO, cryptor, guidprovider.DefaultGuidProvider, clock.NewClock(), databaseDriver) }
Expect(err).NotTo(HaveOccurred()) queryStr = ` INSERT INTO desired_lrps (process_guid, domain, log_guid, instances, run_info, memory_mb, disk_mb, rootfs, routes, volume_placement, modification_tag_epoch) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)` if test_helpers.UsePostgres() { queryStr = test_helpers.ReplaceQuestionMarks(queryStr) } _, err = db.Exec(queryStr, processGuid, "fake-domain", "some-log-guid", 1, encodedRunInfo, 10, 10, "some-root-fs", encodedRoutes, encodedVolumePlacement, 10) Expect(err).NotTo(HaveOccurred()) cryptor = makeCryptor("new", "old") sqlDB := sqldb.NewSQLDB(db, 5, 5, format.ENCRYPTED_PROTO, cryptor, fakeGUIDProvider, fakeClock, dbFlavor) err = sqlDB.PerformEncryption(logger) Expect(err).NotTo(HaveOccurred()) cryptor = makeCryptor("new") encoder = format.NewEncoder(cryptor) var result []byte queryStr = "SELECT task_definition FROM tasks WHERE guid = ?" if test_helpers.UsePostgres() { queryStr = test_helpers.ReplaceQuestionMarks(queryStr) } row := db.QueryRow(queryStr, taskGuid) err = row.Scan(&result) Expect(err).NotTo(HaveOccurred()) decryptedTaskDef, err := encoder.Decode(result)
func main() { debugserver.AddFlags(flag.CommandLine) lagerflags.AddFlags(flag.CommandLine) etcdFlags := AddETCDFlags(flag.CommandLine) encryptionFlags := encryption.AddEncryptionFlags(flag.CommandLine) flag.Parse() cfhttp.Initialize(*communicationTimeout) logger, reconfigurableSink := lagerflags.New("bbs") logger.Info("starting") initializeDropsonde(logger) clock := clock.NewClock() consulClient, err := consuladapter.NewClientFromUrl(*consulCluster) if err != nil { logger.Fatal("new-consul-client-failed", err) } serviceClient := bbs.NewServiceClient(consulClient, clock) maintainer := initializeLockMaintainer(logger, serviceClient) _, portString, err := net.SplitHostPort(*listenAddress) if err != nil { logger.Fatal("failed-invalid-listen-address", err) } portNum, err := net.LookupPort("tcp", portString) if err != nil { logger.Fatal("failed-invalid-listen-port", err) } _, portString, err = net.SplitHostPort(*healthAddress) if err != nil { logger.Fatal("failed-invalid-health-address", err) } _, err = net.LookupPort("tcp", portString) if err != nil { logger.Fatal("failed-invalid-health-port", err) } registrationRunner := initializeRegistrationRunner(logger, consulClient, portNum, clock) var activeDB db.DB var sqlDB *sqldb.SQLDB var sqlConn *sql.DB var storeClient etcddb.StoreClient var etcdDB *etcddb.ETCDDB key, keys, err := encryptionFlags.Parse() if err != nil { logger.Fatal("cannot-setup-encryption", err) } keyManager, err := encryption.NewKeyManager(key, keys) if err != nil { logger.Fatal("cannot-setup-encryption", err) } cryptor := encryption.NewCryptor(keyManager, rand.Reader) etcdOptions, err := etcdFlags.Validate() if err != nil { logger.Fatal("etcd-validation-failed", err) } if etcdOptions.IsConfigured { storeClient = initializeEtcdStoreClient(logger, etcdOptions) etcdDB = initializeEtcdDB(logger, cryptor, storeClient, serviceClient, *desiredLRPCreationTimeout) activeDB = etcdDB } // If SQL database info is passed in, use SQL instead of ETCD if *databaseDriver != "" && *databaseConnectionString != "" { var err error connectionString := appendSSLConnectionStringParam(logger, *databaseDriver, *databaseConnectionString, *sqlCACertFile) sqlConn, err = sql.Open(*databaseDriver, connectionString) if err != nil { logger.Fatal("failed-to-open-sql", err) } defer sqlConn.Close() sqlConn.SetMaxOpenConns(*maxDatabaseConnections) sqlConn.SetMaxIdleConns(*maxDatabaseConnections) err = sqlConn.Ping() if err != nil { logger.Fatal("sql-failed-to-connect", err) } sqlDB = sqldb.NewSQLDB(sqlConn, *convergenceWorkers, *updateWorkers, format.ENCRYPTED_PROTO, cryptor, guidprovider.DefaultGuidProvider, clock, *databaseDriver) err = sqlDB.SetIsolationLevel(logger, sqldb.IsolationLevelReadCommitted) if err != nil { logger.Fatal("sql-failed-to-set-isolation-level", err) } err = sqlDB.CreateConfigurationsTable(logger) if err != nil { logger.Fatal("sql-failed-create-configurations-table", err) } activeDB = sqlDB } if activeDB == nil { logger.Fatal("no-database-configured", errors.New("no database configured")) } encryptor := encryptor.New(logger, activeDB, keyManager, cryptor, clock) migrationsDone := make(chan struct{}) migrationManager := migration.NewManager( logger, etcdDB, storeClient, sqlDB, sqlConn, cryptor, migrations.Migrations, migrationsDone, clock, *databaseDriver, ) desiredHub := events.NewHub() actualHub := events.NewHub() repTLSConfig := &rep.TLSConfig{ RequireTLS: *repRequireTLS, CaCertFile: *repCACert, CertFile: *repClientCert, KeyFile: *repClientKey, ClientCacheSize: *repClientSessionCacheSize, } httpClient := cfhttp.NewClient() repClientFactory, err := rep.NewClientFactory(httpClient, httpClient, repTLSConfig) if err != nil { logger.Fatal("new-rep-client-factory-failed", err) } auctioneerClient := initializeAuctioneerClient(logger) exitChan := make(chan struct{}) var accessLogger lager.Logger if *accessLogPath != "" { accessLogger = lager.NewLogger("bbs-access") file, err := os.OpenFile(*accessLogPath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666) if err != nil { logger.Error("invalid-access-log-path", err, lager.Data{"access-log-path": *accessLogPath}) os.Exit(1) } accessLogger.RegisterSink(lager.NewWriterSink(file, lager.INFO)) } var tlsConfig *tls.Config if *requireSSL { tlsConfig, err = cfhttp.NewTLSConfig(*certFile, *keyFile, *caFile) if err != nil { logger.Fatal("tls-configuration-failed", err) } } cbWorkPool := taskworkpool.New(logger, *taskCallBackWorkers, taskworkpool.HandleCompletedTask, tlsConfig) handler := handlers.New( logger, accessLogger, *updateWorkers, *convergenceWorkers, activeDB, desiredHub, actualHub, cbWorkPool, serviceClient, auctioneerClient, repClientFactory, migrationsDone, exitChan, ) metricsNotifier := metrics.NewPeriodicMetronNotifier(logger) retirer := controllers.NewActualLRPRetirer(activeDB, actualHub, repClientFactory, serviceClient) lrpConvergenceController := controllers.NewLRPConvergenceController(logger, activeDB, actualHub, auctioneerClient, serviceClient, retirer, *convergenceWorkers) taskController := controllers.NewTaskController(activeDB, cbWorkPool, auctioneerClient, serviceClient, repClientFactory) convergerProcess := converger.New( logger, clock, lrpConvergenceController, taskController, serviceClient, *convergeRepeatInterval, *kickTaskDuration, *expirePendingTaskDuration, *expireCompletedTaskDuration) var server ifrit.Runner if tlsConfig != nil { server = http_server.NewTLSServer(*listenAddress, handler, tlsConfig) } else { server = http_server.New(*listenAddress, handler) } healthcheckServer := http_server.New(*healthAddress, http.HandlerFunc(healthCheckHandler)) members := grouper.Members{ {"healthcheck", healthcheckServer}, {"lock-maintainer", maintainer}, {"workpool", cbWorkPool}, {"server", server}, {"migration-manager", migrationManager}, {"encryptor", encryptor}, {"hub-maintainer", hubMaintainer(logger, desiredHub, actualHub)}, {"metrics", *metricsNotifier}, {"converger", convergerProcess}, {"registration-runner", registrationRunner}, } if dbgAddr := debugserver.DebugAddress(flag.CommandLine); dbgAddr != "" { members = append(grouper.Members{ {"debug-server", debugserver.Runner(dbgAddr, reconfigurableSink)}, }, members...) } group := grouper.NewOrdered(os.Interrupt, members) monitor := ifrit.Invoke(sigmon.New(group)) go func() { // If a handler writes to this channel, we've hit an unrecoverable error // and should shut down (cleanly) <-exitChan monitor.Signal(os.Interrupt) }() logger.Info("started") err = <-monitor.Wait() if sqlConn != nil { sqlConn.Close() } if err != nil { logger.Error("exited-with-failure", err) os.Exit(1) } logger.Info("exited") }
) var _ = Describe("Isolation Level", func() { var ( dbSession *sql.DB sqlDBIsolation *sqldb.SQLDB ) BeforeEach(func() { var err error // We need a different db session to prevent test pollution dbSession, err = sql.Open(dbDriverName, dbBaseConnectionString) Expect(err).NotTo(HaveOccurred()) Expect(dbSession.Ping()).NotTo(HaveOccurred()) sqlDBIsolation = sqldb.NewSQLDB(dbSession, 5, 5, format.ENCRYPTED_PROTO, cryptor, fakeGUIDProvider, fakeClock, dbFlavor) }) It("sets the transaction isolation level", func() { levels := []string{ sqldb.IsolationLevelReadUncommitted, sqldb.IsolationLevelReadCommitted, sqldb.IsolationLevelSerializable, sqldb.IsolationLevelRepeatableRead, } for _, level := range levels { err := sqlDBIsolation.SetIsolationLevel(logger, level) Expect(err).NotTo(HaveOccurred()) var isolationLevel, isolationVariable string
logger = lagertest.NewTestLogger("sql-db") fakeDriver = &fakesqldriverfakes.FakeDriver{} fakeConn = &fakesqldriverfakes.FakeConn{} fakeTx = &fakesqldriverfakes.FakeTx{} fakeDriver.OpenReturns(fakeConn, nil) fakeConn.BeginReturns(fakeTx, nil) guid, err := uuid.NewV4() Expect(err).NotTo(HaveOccurred()) driverName := fmt.Sprintf("fake-%s", guid) sql.Register(driverName, fakeDriver) db, err = sql.Open(driverName, "") Expect(err).NotTo(HaveOccurred()) db.SetMaxIdleConns(0) Expect(db.Ping()).NotTo(HaveOccurred()) encryptionKey, err := encryption.NewKey("label", "passphrase") Expect(err).NotTo(HaveOccurred()) keyManager, err := encryption.NewKeyManager(encryptionKey, nil) Expect(err).NotTo(HaveOccurred()) cryptor = encryption.NewCryptor(keyManager, rand.Reader) serializer = format.NewSerializer(cryptor) sqlDB = sqldb.NewSQLDB(db, 5, 5, format.ENCRYPTED_PROTO, cryptor, fakeGUIDProvider, fakeClock, sqldb.MySQL) })