vor 4 Jahren · c60bdcdaef
--- a/common/dllserver/thorplugin.cpp
+++ b/common/dllserver/thorplugin.cpp
@@ -752,6 +752,9 @@ extern DLLSERVER_API void getAdditionalPluginsPath(StringBuffer &pluginsPath, co
 
				     defaultLocation.append(PATHSEPSTR "plugins");
			
 
				     StringArray paths;
			
 
				     paths.appendList(pluginsPath, ENVSEPSTR);
			
 
				+#ifdef _CONTAINERIZED
			
 
				+    //MORE: No place to provide additional plugins...
			
 
				+#else
			
 
				     if (paths.contains(defaultLocation))
			
 
				     {
			
 
				         const char *additional = queryEnvironmentConf().queryProp("additionalPlugins");
			
@@ -769,6 +772,7 @@ extern DLLSERVER_API void getAdditionalPluginsPath(StringBuffer &pluginsPath, co
 
				             }
			
 
				         }
			
 
				     }
			
 
				+#endif
			
 
				 }
			
 
				 
			
 
				 bool SafePluginMap::addPlugin(const char *path, const char *dllname)
			
--- a/dali/server/daserver.cpp
+++ b/dali/server/daserver.cpp
@@ -665,6 +665,7 @@ int main(int argc, const char* argv[])
 
				 // Audit logging
			
 
				         StringBuffer auditDir;
			
 
				         {
			
 
				+            //MORE: Does this need to change in CONTAINERIZED mode?
			
 
				             Owned<IComponentLogFileCreator> lf = createComponentLogFileCreator(serverConfig, "dali");
			
 
				             lf->setLogDirSubdir("audit");//add to tail of config log dir
			
 
				             lf->setName("DaAudit");//override default filename
			
--- a/fs/dafsclient/rmtclient.cpp
+++ b/fs/dafsclient/rmtclient.cpp
@@ -91,11 +91,15 @@ static unsigned dafsConnectFailRetryTimeMs = defaultDafsConnectFailRetrySeconds
 
				 
			
 
				 MODULE_INIT(INIT_PRIORITY_DAFSCLIENT)
			
 
				 {
			
 
				+#ifdef _CONTAINERIZED
			
 
				+    //MORE: This function is called too soon to read them from the configuration file.
			
 
				+#else
			
 
				     const IProperties &confProps = queryEnvironmentConf();
			
 
				     dafsConnectTimeoutMs = confProps.getPropInt("dafsConnectTimeoutSeconds", defaultDafsConnectTimeoutSeconds) * 1000;
			
 
				     dafsConnectRetries = confProps.getPropInt("dafsConnectRetries", defaultDafsConnectRetries);
			
 
				     dafsMaxReceiveTimeMs = confProps.getPropInt("dafsMaxReceiveTimeSeconds", defaultDafsMaxRecieveTimeSeconds);
			
 
				     dafsConnectFailRetryTimeMs = confProps.getPropInt("daFsConnectFailRetrySeconds", defaultDafsConnectFailRetrySeconds) * 1000;
			
 
				+#endif
			
 
				     return true;
			
 
				 }
			
 
				 
			
@@ -104,17 +108,35 @@ MODULE_INIT(INIT_PRIORITY_DAFSCLIENT)
 
				 static class _securitySettings
			
 
				 {
			
 
				 public:
			
 
				+    DAFSConnectCfg  queryConnectMethod() { ensureReady(); return connectMethod; }
			
 
				+    unsigned short  queryDaFileSrvPort() { ensureReady(); return daFileSrvPort; }
			
 
				+    unsigned short  queryDaFileSrvSSLPort() { ensureReady(); return daFileSrvSSLPort; }
			
 
				+    const char *    queryCertificate() { ensureReady(); return certificate; }
			
 
				+    const char *    queryPrivateKey() { ensureReady(); return privateKey; }
			
 
				+    const char *    queryPassPhrase() { ensureReady(); return passPhrase; }
			
 
				+
			
 
				+    void ensureReady()
			
 
				+    {
			
 
				+        if (!init)
			
 
				+        {
			
 
				+            CriticalBlock block(cs);
			
 
				+            if (!init)
			
 
				+            {
			
 
				+                queryDafsSecSettings(&connectMethod, &daFileSrvPort, &daFileSrvSSLPort, &certificate, &privateKey, &passPhrase);
			
 
				+                init = true;
			
 
				+            }
			
 
				+        }
			
 
				+    }
			
 
				+
			
 
				+protected:
			
 
				     DAFSConnectCfg  connectMethod;
			
 
				     unsigned short  daFileSrvPort;
			
 
				     unsigned short  daFileSrvSSLPort;
			
 
				     const char *    certificate;
			
 
				     const char *    privateKey;
			
 
				     const char *    passPhrase;
			
 
				-
			
 
				-    _securitySettings()
			
 
				-    {
			
 
				-        queryDafsSecSettings(&connectMethod, &daFileSrvPort, &daFileSrvSSLPort, &certificate, &privateKey, &passPhrase);
			
 
				-    }
			
 
				+    std::atomic<bool> init{false};
			
 
				+    CriticalSection cs;
			
 
				 } securitySettings;
			
 
				 
			
 
				 
			
@@ -130,7 +152,7 @@ static ISecureSocket *createSecureSocket(ISocket *sock, SecureSocketType type)
 
				         if (type == ServerSocket)
			
 
				         {
			
 
				             if (!secureContextServer)
			
 
				-                secureContextServer.setown(createSecureSocketContextEx(securitySettings.certificate, securitySettings.privateKey, securitySettings.passPhrase, type));
			
 
				+                secureContextServer.setown(createSecureSocketContextEx(securitySettings.queryCertificate(), securitySettings.queryPrivateKey(), securitySettings.queryPassPhrase(), type));
			
 
				         }
			
 
				         else if (!secureContextClient)
			
 
				             secureContextClient.setown(createSecureSocketContext(type));
			
@@ -318,10 +340,10 @@ void setDafsEndpointPort(SocketEndpoint &ep)
 
				     }
			
 
				     if (ep.port==0)
			
 
				     {
			
 
				-        if ( (securitySettings.connectMethod == SSLNone) || (securitySettings.connectMethod == UnsecureFirst) )
			
 
				-            ep.port = securitySettings.daFileSrvPort;
			
 
				+        if ( (securitySettings.queryConnectMethod() == SSLNone) || (securitySettings.queryConnectMethod() == UnsecureFirst) )
			
 
				+            ep.port = securitySettings.queryDaFileSrvPort();
			
 
				         else
			
 
				-            ep.port = securitySettings.daFileSrvSSLPort;
			
 
				+            ep.port = securitySettings.queryDaFileSrvSSLPort();
			
 
				     }
			
 
				 }
			
 
				 
			
@@ -662,7 +684,7 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u
 
				         if (TF_TRACE_CLIENT_CONN)
			
 
				         {
			
 
				             ep.getUrlStr(eps);
			
 
				-            if (ep.port == securitySettings.daFileSrvSSLPort)
			
 
				+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
			
 
				                 PROGLOG("Connecting SECURE to %s", eps.str());
			
 
				             else
			
 
				                 PROGLOG("Connecting to %s", eps.str());
			
@@ -680,7 +702,7 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u
 
				             }
			
 
				             else
			
 
				                 socket.setown(ISocket::connect(ep));
			
 
				-            if (ep.port == securitySettings.daFileSrvSSLPort)
			
 
				+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
			
 
				             {
			
 
				 #ifdef _USE_OPENSSL
			
 
				                 Owned<ISecureSocket> ssock;
			
@@ -753,7 +775,7 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u
 
				         if (!timeExpired)
			
 
				         {
			
 
				             Sleep(sleeptime);       // prevent multiple retries beating
			
 
				-            if (ep.port == securitySettings.daFileSrvSSLPort)
			
 
				+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
			
 
				                 PROGLOG("Retrying SECURE connect");
			
 
				             else
			
 
				                 PROGLOG("Retrying connect");
			
@@ -860,10 +882,10 @@ void CRemoteBase::sendRemoteCommand(MemoryBuffer & src, MemoryBuffer & reply, bo
 
				                     if (e->errorCode() == DAFSERR_connection_failed)
			
 
				                     {
			
 
				                         unsigned prevPort = tep.port;
			
 
				-                        if (prevPort == securitySettings.daFileSrvSSLPort)
			
 
				-                            tep.port = securitySettings.daFileSrvPort;
			
 
				+                        if (prevPort == securitySettings.queryDaFileSrvSSLPort())
			
 
				+                            tep.port = securitySettings.queryDaFileSrvPort();
			
 
				                         else
			
 
				-                            tep.port = securitySettings.daFileSrvSSLPort;
			
 
				+                            tep.port = securitySettings.queryDaFileSrvSSLPort();
			
 
				                         WARNLOG("Connect failed on port %d, retrying on port %d", prevPort, tep.port);
			
 
				                         doConnect = true;
			
 
				                         e->Release();
			
@@ -935,7 +957,7 @@ CRemoteBase::CRemoteBase(const SocketEndpoint &_ep, const char * _filename)
 
				     : filename(_filename)
			
 
				 {
			
 
				     ep = _ep;
			
 
				-    connectMethod = securitySettings.connectMethod;
			
 
				+    connectMethod = securitySettings.queryConnectMethod();
			
 
				 }
			
 
				 
			
 
				 CRemoteBase::CRemoteBase(const SocketEndpoint &_ep, DAFSConnectCfg _connectMethod, const char * _filename)
			
@@ -1042,14 +1064,14 @@ IDaFsConnection *createDaFsConnection(const SocketEndpoint &ep, DAFSConnectCfg c
 
				 
			
 
				 ISocket *checkSocketSecure(ISocket *socket)
			
 
				 {
			
 
				-    if (securitySettings.connectMethod == SSLNone)
			
 
				+    if (securitySettings.queryConnectMethod() == SSLNone)
			
 
				         return LINK(socket);
			
 
				 
			
 
				     char pname[256];
			
 
				     pname[0] = 0;
			
 
				     int pport = socket->peer_name(pname, sizeof(pname)-1);
			
 
				 
			
 
				-    if ( (pport == securitySettings.daFileSrvSSLPort) && (!socket->isSecure()) )
			
 
				+    if ( (pport == securitySettings.queryDaFileSrvSSLPort()) && (!socket->isSecure()) )
			
 
				     {
			
 
				 #ifdef _USE_OPENSSL
			
 
				         Owned<ISecureSocket> ssock;
			
@@ -1083,7 +1105,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
 
				 {
			
 
				     Owned<ISocket> socket;
			
 
				 
			
 
				-    if ( (securitySettings.connectMethod == SSLNone) || (securitySettings.connectMethod == SSLOnly) )
			
 
				+    if ( (securitySettings.queryConnectMethod() == SSLNone) || (securitySettings.queryConnectMethod() == SSLOnly) )
			
 
				     {
			
 
				         socket.setown(ISocket::connect_timeout(ep, timeoutms));
			
 
				         return checkSocketSecure(socket);
			
@@ -1111,10 +1133,10 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
 
				             if (e->errorCode() == JSOCKERR_connection_failed)
			
 
				             {
			
 
				                 e->Release();
			
 
				-                if (ep.port == securitySettings.daFileSrvSSLPort)
			
 
				-                    ep.port = securitySettings.daFileSrvPort;
			
 
				+                if (ep.port == securitySettings.queryDaFileSrvSSLPort())
			
 
				+                    ep.port = securitySettings.queryDaFileSrvPort();
			
 
				                 else
			
 
				-                    ep.port = securitySettings.daFileSrvSSLPort;
			
 
				+                    ep.port = securitySettings.queryDaFileSrvSSLPort();
			
 
				                 if (!conAttempts)
			
 
				                     throw;
			
 
				             }
			
@@ -1124,7 +1146,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
 
				 
			
 
				         if (connected)
			
 
				         {
			
 
				-            if (ep.port == securitySettings.daFileSrvSSLPort)
			
 
				+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
			
 
				             {
			
 
				                 try
			
 
				                 {
			
@@ -1140,7 +1162,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
 
				                         e->errorMessage(errmsg);
			
 
				                         WARNLOG("%s", errmsg.str());
			
 
				                         e->Release();
			
 
				-                        ep.port = securitySettings.daFileSrvPort;
			
 
				+                        ep.port = securitySettings.queryDaFileSrvPort();
			
 
				                         if (!conAttempts)
			
 
				                             throw;
			
 
				                     }
			
--- a/fs/dafsclient/rmtfile.cpp
+++ b/fs/dafsclient/rmtfile.cpp
@@ -55,22 +55,21 @@
 
				 
			
 
				 //#define TEST_DAFILESRV_FOR_UNIX_PATHS     // probably not needed
			
 
				 
			
 
				-static class CSecuritySettings
			
 
				+static std::atomic<unsigned> dafilesrvPort{(unsigned)-1};
			
 
				+static CriticalSection dafilesrvCs;
			
 
				+unsigned short getDaliServixPort()
			
 
				 {
			
 
				-    unsigned short daliServixPort;
			
 
				-public:
			
 
				-    CSecuritySettings()
			
 
				+    if (dafilesrvPort == (unsigned)-1)
			
 
				     {
			
 
				-        querySecuritySettings(nullptr, &daliServixPort, nullptr, nullptr, nullptr);
			
 
				+        CriticalBlock block(dafilesrvCs);
			
 
				+        if (dafilesrvPort == (unsigned) -1)
			
 
				+        {
			
 
				+            unsigned short daliServixPort;
			
 
				+            querySecuritySettings(nullptr, &daliServixPort, nullptr, nullptr, nullptr);
			
 
				+            dafilesrvPort = daliServixPort;
			
 
				+        }
			
 
				     }
			
 
				-
			
 
				-    unsigned short queryDaliServixPort() { return daliServixPort; }
			
 
				-} securitySettings;
			
 
				-
			
 
				-
			
 
				-unsigned short getDaliServixPort()
			
 
				-{
			
 
				-    return securitySettings.queryDaliServixPort();
			
 
				+    return dafilesrvPort;
			
 
				 }
			
 
				 
			
 
				 
			
--- a/roxie/ccd/ccdmain.cpp
+++ b/roxie/ccd/ccdmain.cpp
@@ -771,12 +771,14 @@ int CCD_API roxie_main(int argc, const char *argv[], const char * defaultYaml)
 
				         miscDebugTraceLevel = topology->getPropInt("@miscDebugTraceLevel", 0);
			
 
				 
			
 
				         Linked<IPropertyTree> directoryTree = topology->queryPropTree("Directories");
			
 
				+#ifndef _CONTAINERIZED
			
 
				         if (!directoryTree)
			
 
				         {
			
 
				             Owned<IPropertyTree> envFile = getHPCCEnvironment();
			
 
				             if (envFile)
			
 
				                 directoryTree.set(envFile->queryPropTree("Software/Directories"));
			
 
				         }
			
 
				+#endif
			
 
				         if (directoryTree)
			
 
				         {
			
 
				             getConfigurationDirectory(directoryTree, "query", "roxie", roxieName, queryDirectory);
			
--- a/system/jlib/jlog.cpp
+++ b/system/jlib/jlog.cpp
@@ -3108,7 +3108,11 @@ private:
 
				         rolling = true;
			
 
				         append = true;
			
 
				         flushes = true;
			
 
				+#ifdef _CONTAINERIZED
			
 
				+        const char *logFields = nullptr;
			
 
				+#else
			
 
				         const char *logFields = queryEnvironmentConf().queryProp("logfields");
			
 
				+#endif
			
 
				         if (!isEmptyString(logFields))
			
 
				             msgFields = logMsgFieldsFromAbbrevs(logFields);
			
 
				         else
			
--- a/system/jlib/jsocket.cpp
+++ b/system/jlib/jsocket.cpp
@@ -3009,6 +3009,9 @@ const char * GetCachedHostName()
 
				     if (!cachehostname.get())
			
 
				     {
			
 
				 #ifndef _WIN32
			
 
				+#ifdef _CONTAINERIZED
			
 
				+        //MORE: Does this need to be implemented a different way?
			
 
				+#else
			
 
				         IpAddress ip;
			
 
				         const char *ifs = queryEnvironmentConf().queryProp("interface");
			
 
				         if (getInterfaceIp(ip, ifs))
			
@@ -3023,6 +3026,7 @@ const char * GetCachedHostName()
 
				             }
			
 
				         }
			
 
				 #endif
			
 
				+#endif
			
 
				         char temp[1024];
			
 
				         if (gethostname(temp, sizeof(temp))==0)
			
 
				             cachehostname.set(temp);                
			
@@ -5380,6 +5384,11 @@ void check_epoll_cfg()
 
				     // DBGLOG("check_epoll_cfg(): epoll_method = %d",epoll_method);
			
 
				     if (epoll_method == EPOLL_INIT)
			
 
				     {
			
 
				+#ifdef _CONTAINERIZED
			
 
				+//Does this need to be implemented a different way?
			
 
				+        epoll_method = EPOLL_ENABLED;
			
 
				+        epoll_hdlPerThrd = UINT_MAX;
			
 
				+#else
			
 
				         if (queryEnvironmentConf().getPropBool("use_epoll", true))
			
 
				             epoll_method = EPOLL_ENABLED;
			
 
				         else
			
@@ -5389,6 +5398,7 @@ void check_epoll_cfg()
 
				         if (epoll_hdlPerThrd == 0)
			
 
				             epoll_hdlPerThrd = UINT_MAX;
			
 
				         // DBGLOG("check_epoll_cfg(): after reading conf file, epoll_hdlPerThrd = %u",epoll_hdlPerThrd);
			
 
				+#endif
			
 
				     }
			
 
				 }
			
 
				 #endif // _HAS_EPOLL_SUPPORT
			
--- a/system/jlib/jutil.cpp
+++ b/system/jlib/jutil.cpp
@@ -2453,7 +2453,10 @@ static CriticalSection envConfCrit;
 
				 jlib_decl const IProperties &queryEnvironmentConf()
			
 
				 {
			
 
				 #if defined(_CONTAINERIZED) && defined(_DEBUG)
			
 
				-    throwUnexpectedX("queryEnvironmentConf() callled from container system");
			
 
				+    //The following line is currently hit by too many examples.  Re-enable the exception when more
			
 
				+    //work has been done removing calls to getConfigurationDirectory() and other related functions.
			
 
				+    //throwUnexpectedX("queryEnvironmentConf() callled from container system");
			
 
				+    IERRLOG("queryEnvironmentConf() callled from container system");
			
 
				 #endif
			
 
				     CriticalBlock b(envConfCrit);
			
 
				     if (!envConfFile)
			
@@ -2480,6 +2483,15 @@ jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
 
				     // TLS TODO: could share mtls setting and cert/config for secure dafilesrv
			
 
				     //           but note remote cluster configs should then match this one
			
 
				 
			
 
				+#ifdef _CONTAINERIZED
			
 
				+    //MORE: If these come from the component configuration they will need to clone the strings
			
 
				+    if (_certificate)
			
 
				+        *_certificate = nullptr;
			
 
				+    if (_privateKey)
			
 
				+        *_privateKey = nullptr;
			
 
				+    if (_passPhrase)
			
 
				+        *_passPhrase = nullptr;
			
 
				+#else
			
 
				     const IProperties & conf = queryEnvironmentConf();
			
 
				     StringAttr sslMethod;
			
 
				     sslMethod.set(conf.queryProp("dfsUseSSL"));
			
@@ -2556,6 +2568,7 @@ jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
 
				             *_passPhrase = DAFSpassPhraseDec.str();//return decrypted password. Note the preferred queryHPCCPKIKeyFiles() method returns it encrypted
			
 
				         }
			
 
				     }
			
 
				+#endif
			
 
				 
			
 
				     return true;
			
 
				 }
			
@@ -2613,6 +2626,10 @@ jlib_decl bool queryMtlsBareMetalConfig()
 
				 
			
 
				 static IPropertyTree *getOSSdirTree()
			
 
				 {
			
 
				+#ifdef _CONTAINERIZED
			
 
				+    IERRLOG("getOSSdirTree() called from container system");
			
 
				+    return nullptr;
			
 
				+#endif
			
 
				     Owned<IPropertyTree> envtree = getHPCCEnvironment();
			
 
				     if (envtree) {
			
 
				         IPropertyTree *ret = envtree->queryPropTree("Software/Directories");