1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
|
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller;
import com.yahoo.component.AbstractComponent;
import com.yahoo.component.Version;
import com.yahoo.component.Vtag;
import com.yahoo.component.annotation.Inject;
import com.yahoo.concurrent.maintenance.JobControl;
import com.yahoo.config.provision.CloudName;
import com.yahoo.config.provision.HostName;
import com.yahoo.config.provision.SystemName;
import com.yahoo.config.provision.zone.ZoneApi;
import com.yahoo.container.jdisc.secretstore.SecretStore;
import com.yahoo.jdisc.Metric;
import com.yahoo.transaction.Mutex;
import com.yahoo.vespa.flags.FlagSource;
import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry;
import com.yahoo.vespa.hosted.controller.api.integration.maven.MavenRepository;
import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry;
import com.yahoo.vespa.hosted.controller.application.MailVerifier;
import com.yahoo.vespa.hosted.controller.archive.CuratorArchiveBucketDb;
import com.yahoo.vespa.hosted.controller.auditlog.AuditLogger;
import com.yahoo.vespa.hosted.controller.config.ControllerConfig;
import com.yahoo.vespa.hosted.controller.deployment.JobController;
import com.yahoo.vespa.hosted.controller.dns.NameServiceForwarder;
import com.yahoo.vespa.hosted.controller.notification.NotificationsDb;
import com.yahoo.vespa.hosted.controller.notification.Notifier;
import com.yahoo.vespa.hosted.controller.persistence.CuratorDb;
import com.yahoo.vespa.hosted.controller.persistence.JobControlFlags;
import com.yahoo.vespa.hosted.controller.restapi.dataplanetoken.DataplaneTokenService;
import com.yahoo.vespa.hosted.controller.security.AccessControl;
import com.yahoo.vespa.hosted.controller.support.access.SupportAccessControl;
import com.yahoo.vespa.hosted.controller.versions.VersionStatus;
import com.yahoo.vespa.hosted.controller.versions.VespaVersion;
import com.yahoo.vespa.hosted.rotation.config.RotationsConfig;
import com.yahoo.yolean.concurrent.Sleeper;
import java.security.SecureRandom;
import java.time.Clock;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Random;
import java.util.Set;
import java.util.function.Predicate;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import static java.util.stream.Collectors.toSet;
/**
* API to the controller. This contains the object model of everything the controller cares about, mainly tenants and
* applications. The object model is persisted to curator.
*
* All the individual model objects reachable from the Controller are immutable.
*
* Access to the controller is multi-thread safe, provided the locking methods are
* used when accessing, modifying and storing objects provided by the controller.
*
* @author bratseth
*/
public class Controller extends AbstractComponent {
private static final Logger log = Logger.getLogger(Controller.class.getName());
private final CuratorDb curator;
private final JobControl jobControl;
private final ApplicationController applicationController;
private final TenantController tenantController;
private final JobController jobController;
private final Clock clock;
private final Sleeper sleeper;
private final ZoneRegistry zoneRegistry;
private final ServiceRegistry serviceRegistry;
private final AuditLogger auditLogger;
private final FlagSource flagSource;
private final NameServiceForwarder nameServiceForwarder;
private final MavenRepository mavenRepository;
private final Metric metric;
private final RoutingController routingController;
private final OsController osController;
private final ControllerConfig controllerConfig;
private final SecretStore secretStore;
private final CuratorArchiveBucketDb archiveBucketDb;
private final NotificationsDb notificationsDb;
private final SupportAccessControl supportAccessControl;
private final Notifier notifier;
private final MailVerifier mailVerifier;
private final DataplaneTokenService dataplaneTokenService;
private final Random random;
private final Random secureRandom; // Type is Random to allow for test determinism
/**
* Creates a controller
*
* @param curator the curator instance storing the persistent state of the controller.
*/
@Inject
public Controller(CuratorDb curator, RotationsConfig rotationsConfig, AccessControl accessControl, FlagSource flagSource,
MavenRepository mavenRepository, ServiceRegistry serviceRegistry, Metric metric, SecretStore secretStore,
ControllerConfig controllerConfig) {
this(curator, rotationsConfig, accessControl, flagSource,
mavenRepository, serviceRegistry, metric, secretStore, controllerConfig, Sleeper.DEFAULT, new Random(),
new SecureRandom());
}
public Controller(CuratorDb curator, RotationsConfig rotationsConfig, AccessControl accessControl,
FlagSource flagSource, MavenRepository mavenRepository,
ServiceRegistry serviceRegistry, Metric metric, SecretStore secretStore,
ControllerConfig controllerConfig, Sleeper sleeper, Random random, Random secureRandom) {
this.curator = Objects.requireNonNull(curator, "Curator cannot be null");
this.serviceRegistry = Objects.requireNonNull(serviceRegistry, "ServiceRegistry cannot be null");
this.zoneRegistry = Objects.requireNonNull(serviceRegistry.zoneRegistry(), "ZoneRegistry cannot be null");
this.clock = Objects.requireNonNull(serviceRegistry.clock(), "Clock cannot be null");
this.sleeper = Objects.requireNonNull(sleeper, "Sleeper cannot be null");
this.flagSource = Objects.requireNonNull(flagSource, "FlagSource cannot be null");
this.mavenRepository = Objects.requireNonNull(mavenRepository, "MavenRepository cannot be null");
this.metric = Objects.requireNonNull(metric, "Metric cannot be null");
this.controllerConfig = Objects.requireNonNull(controllerConfig, "ControllerConfig cannot be null");
this.secretStore = Objects.requireNonNull(secretStore, "SecretStore cannot be null");
this.random = Objects.requireNonNull(random, "Random cannot be null");
this.secureRandom = Objects.requireNonNull(secureRandom, "SecureRandom cannot be null");
nameServiceForwarder = new NameServiceForwarder(curator);
jobController = new JobController(this);
applicationController = new ApplicationController(this, curator, accessControl, clock, flagSource, serviceRegistry.billingController());
tenantController = new TenantController(this, curator, accessControl);
routingController = new RoutingController(this, rotationsConfig);
osController = new OsController(this);
auditLogger = new AuditLogger(curator, clock);
jobControl = new JobControl(new JobControlFlags(curator, flagSource));
archiveBucketDb = new CuratorArchiveBucketDb(this);
notifier = new Notifier(curator, serviceRegistry.consoleUrls(), serviceRegistry.mailer(), flagSource);
notificationsDb = new NotificationsDb(this);
supportAccessControl = new SupportAccessControl(this);
mailVerifier = new MailVerifier(serviceRegistry.consoleUrls(), tenantController, serviceRegistry.mailer(), curator, clock);
dataplaneTokenService = new DataplaneTokenService(this);
// Record the version of this controller
curator().writeControllerVersion(this.hostname(), serviceRegistry.controllerVersion());
jobController.updateStorage();
}
/** Returns the instance controlling tenants */
public TenantController tenants() { return tenantController; }
/** Returns the instance controlling applications */
public ApplicationController applications() { return applicationController; }
/** Returns the instance controlling deployment jobs. */
public JobController jobController() { return jobController; }
/** Returns the instance controlling routing */
public RoutingController routing() {
return routingController;
}
/** Returns the instance controlling OS upgrades */
public OsController os() {
return osController;
}
/** Returns the service registry of this */
public ServiceRegistry serviceRegistry() {
return serviceRegistry;
}
/** Provides access to the feature flags of this */
public FlagSource flagSource() {
return flagSource;
}
public Clock clock() { return clock; }
public Sleeper sleeper() { return sleeper; }
public ZoneRegistry zoneRegistry() { return zoneRegistry; }
public NameServiceForwarder nameServiceForwarder() { return nameServiceForwarder; }
public MavenRepository mavenRepository() { return mavenRepository; }
public ControllerConfig controllerConfig() { return controllerConfig; }
/** Replace the current version status by a new one */
public void updateVersionStatus(VersionStatus newStatus) {
VersionStatus currentStatus = readVersionStatus();
if (newStatus.systemVersion().isPresent() &&
! newStatus.systemVersion().equals(currentStatus.systemVersion())) {
log.info("Changing system version from " + printableVersion(currentStatus.systemVersion()) +
" to " + printableVersion(newStatus.systemVersion()));
}
Set<Version> obsoleteVersions = currentStatus.versions().stream().map(VespaVersion::versionNumber).collect(toSet());
for (VespaVersion version : newStatus.versions()) {
obsoleteVersions.remove(version.versionNumber());
VespaVersion current = currentStatus.version(version.versionNumber());
if (current == null)
log.info("New version " + version.versionNumber().toFullString() + " added");
else if ( ! current.confidence().equals(version.confidence()))
log.info("Confidence for version " + version.versionNumber().toFullString() +
" changed from " + current.confidence() + " to " + version.confidence());
}
for (Version version : obsoleteVersions)
log.info("Version " + version.toFullString() + " is obsolete, and will be forgotten");
curator.writeVersionStatus(newStatus);
removeConfidenceOverride(obsoleteVersions::contains);
}
/** Returns the latest known version status. Calling this is free but the status may be slightly out of date. */
public VersionStatus readVersionStatus() { return curator.readVersionStatus(); }
/** Remove confidence override for versions matching given filter */
public void removeConfidenceOverride(Predicate<Version> filter) {
try (Mutex lock = curator.lockConfidenceOverrides()) {
Map<Version, VespaVersion.Confidence> overrides = new LinkedHashMap<>(curator.readConfidenceOverrides());
overrides.keySet().removeIf(filter);
curator.writeConfidenceOverrides(overrides);
}
}
/** Returns the current system version: The controller should drive towards running all applications on this version */
public Version readSystemVersion() {
return systemVersion(readVersionStatus());
}
/** Returns the current system version from given status: The controller should drive towards running all applications on this version */
public Version systemVersion(VersionStatus versionStatus) {
return versionStatus.systemVersion()
.map(VespaVersion::versionNumber)
.orElse(Vtag.currentVersion);
}
/** Returns the hostname of this controller */
public HostName hostname() {
return serviceRegistry.getHostname();
}
public SystemName system() {
return zoneRegistry.system();
}
public CuratorDb curator() {
return curator;
}
public AuditLogger auditLogger() {
return auditLogger;
}
public Metric metric() {
return metric;
}
public SecretStore secretStore() {
return secretStore;
}
/** Clouds present in this system */
public Set<CloudName> clouds() {
return zoneRegistry.zones().all().zones().stream()
.map(ZoneApi::getCloudName)
.collect(Collectors.toUnmodifiableSet());
}
private static String printableVersion(Optional<VespaVersion> vespaVersion) {
return vespaVersion.map(v -> v.versionNumber().toFullString()).orElse("unknown");
}
public JobControl jobControl() {
return jobControl;
}
public CuratorArchiveBucketDb archiveBucketDb() {
return archiveBucketDb;
}
public NotificationsDb notificationsDb() {
return notificationsDb;
}
public SupportAccessControl supportAccess() {
return supportAccessControl;
}
public Notifier notifier() {
return notifier;
}
public MailVerifier mailVerifier() {
return mailVerifier;
}
public DataplaneTokenService dataplaneTokenService() {
return dataplaneTokenService;
}
/** Returns a random number generator. If secure is true, this returns a {@link SecureRandom} suitable for
* cryptographic purposes */
public Random random(boolean secure) {
return secure ? secureRandom : random;
}
}
|
