summaryrefslogtreecommitdiffstats
path: root/node-admin/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'node-admin/src/main')
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/cgroup/IoController.java3
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java37
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/FileAttributes.java38
3 files changed, 11 insertions, 67 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/cgroup/IoController.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/cgroup/IoController.java
index d3b8c445520..5bbdd5c3b70 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/cgroup/IoController.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/cgroup/IoController.java
@@ -37,9 +37,6 @@ public class IoController {
String[] parts = device.split(":");
return new Device(parseInt(parts[0]), parseInt(parts[1]));
}
- public static Device fromDeviceNumber(int deviceNumber) {
- return new Device(deviceNumber >>> 8, deviceNumber & 0xFF);
- }
@Override
public int compareTo(Device o) {
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
index b6ec0ebbd94..830b7f4ed33 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
@@ -80,7 +80,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
private final String certificateDnsSuffix;
private final ServiceIdentityProvider hostIdentityProvider;
private final IdentityDocumentClient identityDocumentClient;
- private final BooleanFlag tenantServiceIdentityFlag;
// Used as an optimization to ensure ZTS is not DDoS'ed on continuously failing refresh attempts
private final Map<ContainerName, Instant> lastRefreshAttempt = new ConcurrentHashMap<>();
@@ -89,7 +88,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
ConfigServerInfo configServerInfo,
String certificateDnsSuffix,
ServiceIdentityProvider hostIdentityProvider,
- FlagSource flagSource,
Timer timer) {
this.ztsTrustStorePath = ztsTrustStorePath;
this.certificateDnsSuffix = certificateDnsSuffix;
@@ -99,7 +97,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
hostIdentityProvider,
new AthenzIdentityVerifier(Set.of(configServerInfo.getConfigServerIdentity())));
this.timer = timer;
- this.tenantServiceIdentityFlag = Flags.NODE_ADMIN_TENANT_SERVICE_REGISTRY.bindTo(flagSource);
}
public boolean converge(NodeAgentContext context) {
@@ -109,11 +106,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
if (context.zone().getSystemName().isPublic())
return modified;
- if (shouldWriteTenantServiceIdentity(context)) {
- modified |= maintain(context, TENANT);
- } else {
- modified |= deleteTenantCredentials(context);
- }
+ modified |= maintain(context, TENANT);
return modified;
}
@@ -268,24 +261,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
return "node-certificate";
}
- private boolean deleteTenantCredentials(NodeAgentContext context) {
- var siaDirectory = context.paths().of(CONTAINER_SIA_DIRECTORY, context.users().vespa());
- var identityDocumentFile = siaDirectory.resolve(TENANT.getIdentityDocument());
- if (!Files.exists(identityDocumentFile)) return false;
- return getAthenzIdentity(context, TENANT, identityDocumentFile).map(athenzIdentity -> {
- var privateKeyFile = (ContainerPath) SiaUtils.getPrivateKeyFile(siaDirectory, athenzIdentity);
- var certificateFile = (ContainerPath) SiaUtils.getCertificateFile(siaDirectory, athenzIdentity);
- try {
- var modified = Files.deleteIfExists(identityDocumentFile);
- modified |= Files.deleteIfExists(privateKeyFile);
- modified |= Files.deleteIfExists(certificateFile);
- return modified;
- } catch (IOException e) {
- throw new UncheckedIOException(e);
- }
- }).orElse(false);
- }
-
private boolean shouldRefreshCredentials(Duration age) {
return age.compareTo(REFRESH_PERIOD) >= 0;
}
@@ -399,16 +374,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
}
}
- private boolean shouldWriteTenantServiceIdentity(NodeAgentContext context) {
- var version = context.node().currentVespaVersion()
- .orElse(context.node().wantedVespaVersion().orElse(Version.emptyVersion));
- var appId = context.node().owner().orElse(ApplicationId.defaultId());
- return tenantServiceIdentityFlag
- .with(FetchVector.Dimension.VESPA_VERSION, version.toFullString())
- .with(FetchVector.Dimension.APPLICATION_ID, appId.serializedForm())
- .value();
- }
-
private void copyCredsToLegacyPath(NodeAgentContext context, ContainerPath privateKeyFile, ContainerPath certificateFile) throws IOException {
var legacySiaDirectory = context.paths().of(LEGACY_SIA_DIRECTORY, context.users().vespa());
var keysDirectory = legacySiaDirectory.resolve("keys");
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/FileAttributes.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/FileAttributes.java
index 332b4e61dc1..c638fe98cdf 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/FileAttributes.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/FileAttributes.java
@@ -13,36 +13,13 @@ import java.util.Set;
*
* @author hakonhall
*/
-public class FileAttributes {
-
- private final Instant lastModifiedTime;
- private final int ownerId;
- private final int groupId;
- private final String permissions;
- private final boolean isRegularFile;
- private final boolean isDirectory;
- private final long size;
-
- public FileAttributes(Instant lastModifiedTime, int ownerId, int groupId, String permissions, boolean isRegularFile, boolean isDirectory, long size) {
- this.lastModifiedTime = lastModifiedTime;
- this.ownerId = ownerId;
- this.groupId = groupId;
- this.permissions = permissions;
- this.isRegularFile = isRegularFile;
- this.isDirectory = isDirectory;
- this.size = size;
- }
-
- public Instant lastModifiedTime() { return lastModifiedTime; }
- public int ownerId() { return ownerId; }
- public int groupId() { return groupId; }
- public String permissions() { return permissions; }
- public boolean isRegularFile() { return isRegularFile; }
- public boolean isDirectory() { return isDirectory; }
- public long size() { return size; }
+public record FileAttributes(Instant lastModifiedTime, int ownerId, int groupId, String permissions,
+ boolean isRegularFile, boolean isDirectory, long size, int deviceMajor, int deviceMinor) {
@SuppressWarnings("unchecked")
static FileAttributes fromAttributes(Map<String, Object> attributes) {
+ long dev_t = (long) attributes.get("dev");
+
return new FileAttributes(
((FileTime) attributes.get("lastModifiedTime")).toInstant(),
(int) attributes.get("uid"),
@@ -50,6 +27,11 @@ public class FileAttributes {
PosixFilePermissions.toString(((Set<PosixFilePermission>) attributes.get("permissions"))),
(boolean) attributes.get("isRegularFile"),
(boolean) attributes.get("isDirectory"),
- (long) attributes.get("size"));
+ (long) attributes.get("size"),
+ deviceMajor(dev_t), deviceMinor(dev_t));
}
+
+ // Encoded as MMMM Mmmm mmmM MMmm, where M is a hex digit of the major number and m is a hex digit of the minor number.
+ static int deviceMajor(long dev_t) { return (int) (((dev_t & 0xFFFFF00000000000L) >> 32) | ((dev_t & 0xFFF00) >> 8)); }
+ static int deviceMinor(long dev_t) { return (int) (((dev_t & 0x00000FFFFFF00000L) >> 12) | (dev_t & 0x000FF)); }
}