HPCC-25972 Fix initial set of dependencies on queryEnvironmentConf()

Signed-off-by: Gavin Halliday <gavin.halliday@lexisnexis.com>

common/dllserver/thorplugin.cpp

@@ -752,6 +752,9 @@ extern DLLSERVER_API void getAdditionalPluginsPath(StringBuffer &pluginsPath, co
     defaultLocation.append(PATHSEPSTR "plugins");
     StringArray paths;
     paths.appendList(pluginsPath, ENVSEPSTR);
+#ifdef _CONTAINERIZED
+    //MORE: No place to provide additional plugins...
+#else
     if (paths.contains(defaultLocation))
     {
         const char *additional = queryEnvironmentConf().queryProp("additionalPlugins");
@@ -769,6 +772,7 @@ extern DLLSERVER_API void getAdditionalPluginsPath(StringBuffer &pluginsPath, co
             }
         }
     }
+#endif
 }
 
 bool SafePluginMap::addPlugin(const char *path, const char *dllname)

dali/server/daserver.cpp

@@ -665,6 +665,7 @@ int main(int argc, const char* argv[])
 // Audit logging
         StringBuffer auditDir;
         {
+            //MORE: Does this need to change in CONTAINERIZED mode?
             Owned<IComponentLogFileCreator> lf = createComponentLogFileCreator(serverConfig, "dali");
             lf->setLogDirSubdir("audit");//add to tail of config log dir
             lf->setName("DaAudit");//override default filename

fs/dafsclient/rmtclient.cpp

@@ -91,11 +91,15 @@ static unsigned dafsConnectFailRetryTimeMs = defaultDafsConnectFailRetrySeconds
 
 MODULE_INIT(INIT_PRIORITY_DAFSCLIENT)
 {
+#ifdef _CONTAINERIZED
+    //MORE: This function is called too soon to read them from the configuration file.
+#else
     const IProperties &confProps = queryEnvironmentConf();
     dafsConnectTimeoutMs = confProps.getPropInt("dafsConnectTimeoutSeconds", defaultDafsConnectTimeoutSeconds) * 1000;
     dafsConnectRetries = confProps.getPropInt("dafsConnectRetries", defaultDafsConnectRetries);
     dafsMaxReceiveTimeMs = confProps.getPropInt("dafsMaxReceiveTimeSeconds", defaultDafsMaxRecieveTimeSeconds);
     dafsConnectFailRetryTimeMs = confProps.getPropInt("daFsConnectFailRetrySeconds", defaultDafsConnectFailRetrySeconds) * 1000;
+#endif
     return true;
 }
 
@@ -104,17 +108,35 @@ MODULE_INIT(INIT_PRIORITY_DAFSCLIENT)
 static class _securitySettings
 {
 public:
+    DAFSConnectCfg  queryConnectMethod() { ensureReady(); return connectMethod; }
+    unsigned short  queryDaFileSrvPort() { ensureReady(); return daFileSrvPort; }
+    unsigned short  queryDaFileSrvSSLPort() { ensureReady(); return daFileSrvSSLPort; }
+    const char *    queryCertificate() { ensureReady(); return certificate; }
+    const char *    queryPrivateKey() { ensureReady(); return privateKey; }
+    const char *    queryPassPhrase() { ensureReady(); return passPhrase; }
+
+    void ensureReady()
+    {
+        if (!init)
+        {
+            CriticalBlock block(cs);
+            if (!init)
+            {
+                queryDafsSecSettings(&connectMethod, &daFileSrvPort, &daFileSrvSSLPort, &certificate, &privateKey, &passPhrase);
+                init = true;
+            }
+        }
+    }
+
+protected:
     DAFSConnectCfg  connectMethod;
     unsigned short  daFileSrvPort;
     unsigned short  daFileSrvSSLPort;
     const char *    certificate;
     const char *    privateKey;
     const char *    passPhrase;
-
-    _securitySettings()
-    {
-        queryDafsSecSettings(&connectMethod, &daFileSrvPort, &daFileSrvSSLPort, &certificate, &privateKey, &passPhrase);
-    }
+    std::atomic<bool> init{false};
+    CriticalSection cs;
 } securitySettings;
 
 
@@ -130,7 +152,7 @@ static ISecureSocket *createSecureSocket(ISocket *sock, SecureSocketType type)
         if (type == ServerSocket)
         {
             if (!secureContextServer)
-                secureContextServer.setown(createSecureSocketContextEx(securitySettings.certificate, securitySettings.privateKey, securitySettings.passPhrase, type));
+                secureContextServer.setown(createSecureSocketContextEx(securitySettings.queryCertificate(), securitySettings.queryPrivateKey(), securitySettings.queryPassPhrase(), type));
         }
         else if (!secureContextClient)
             secureContextClient.setown(createSecureSocketContext(type));
@@ -318,10 +340,10 @@ void setDafsEndpointPort(SocketEndpoint &ep)
     }
     if (ep.port==0)
     {
-        if ( (securitySettings.connectMethod == SSLNone) || (securitySettings.connectMethod == UnsecureFirst) )
-            ep.port = securitySettings.daFileSrvPort;
+        if ( (securitySettings.queryConnectMethod() == SSLNone) || (securitySettings.queryConnectMethod() == UnsecureFirst) )
+            ep.port = securitySettings.queryDaFileSrvPort();
         else
-            ep.port = securitySettings.daFileSrvSSLPort;
+            ep.port = securitySettings.queryDaFileSrvSSLPort();
     }
 }
 
@@ -662,7 +684,7 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u
         if (TF_TRACE_CLIENT_CONN)
         {
             ep.getUrlStr(eps);
-            if (ep.port == securitySettings.daFileSrvSSLPort)
+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
                 PROGLOG("Connecting SECURE to %s", eps.str());
             else
                 PROGLOG("Connecting to %s", eps.str());
@@ -680,7 +702,7 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u
             }
             else
                 socket.setown(ISocket::connect(ep));
-            if (ep.port == securitySettings.daFileSrvSSLPort)
+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
             {
 #ifdef _USE_OPENSSL
                 Owned<ISecureSocket> ssock;
@@ -753,7 +775,7 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u
         if (!timeExpired)
         {
             Sleep(sleeptime);       // prevent multiple retries beating
-            if (ep.port == securitySettings.daFileSrvSSLPort)
+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
                 PROGLOG("Retrying SECURE connect");
             else
                 PROGLOG("Retrying connect");
@@ -860,10 +882,10 @@ void CRemoteBase::sendRemoteCommand(MemoryBuffer & src, MemoryBuffer & reply, bo
                     if (e->errorCode() == DAFSERR_connection_failed)
                     {
                         unsigned prevPort = tep.port;
-                        if (prevPort == securitySettings.daFileSrvSSLPort)
-                            tep.port = securitySettings.daFileSrvPort;
+                        if (prevPort == securitySettings.queryDaFileSrvSSLPort())
+                            tep.port = securitySettings.queryDaFileSrvPort();
                         else
-                            tep.port = securitySettings.daFileSrvSSLPort;
+                            tep.port = securitySettings.queryDaFileSrvSSLPort();
                         WARNLOG("Connect failed on port %d, retrying on port %d", prevPort, tep.port);
                         doConnect = true;
                         e->Release();
@@ -935,7 +957,7 @@ CRemoteBase::CRemoteBase(const SocketEndpoint &_ep, const char * _filename)
     : filename(_filename)
 {
     ep = _ep;
-    connectMethod = securitySettings.connectMethod;
+    connectMethod = securitySettings.queryConnectMethod();
 }
 
 CRemoteBase::CRemoteBase(const SocketEndpoint &_ep, DAFSConnectCfg _connectMethod, const char * _filename)
@@ -1042,14 +1064,14 @@ IDaFsConnection *createDaFsConnection(const SocketEndpoint &ep, DAFSConnectCfg c
 
 ISocket *checkSocketSecure(ISocket *socket)
 {
-    if (securitySettings.connectMethod == SSLNone)
+    if (securitySettings.queryConnectMethod() == SSLNone)
         return LINK(socket);
 
     char pname[256];
     pname[0] = 0;
     int pport = socket->peer_name(pname, sizeof(pname)-1);
 
-    if ( (pport == securitySettings.daFileSrvSSLPort) && (!socket->isSecure()) )
+    if ( (pport == securitySettings.queryDaFileSrvSSLPort()) && (!socket->isSecure()) )
     {
 #ifdef _USE_OPENSSL
         Owned<ISecureSocket> ssock;
@@ -1083,7 +1105,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
 {
     Owned<ISocket> socket;
 
-    if ( (securitySettings.connectMethod == SSLNone) || (securitySettings.connectMethod == SSLOnly) )
+    if ( (securitySettings.queryConnectMethod() == SSLNone) || (securitySettings.queryConnectMethod() == SSLOnly) )
     {
         socket.setown(ISocket::connect_timeout(ep, timeoutms));
         return checkSocketSecure(socket);
@@ -1111,10 +1133,10 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
             if (e->errorCode() == JSOCKERR_connection_failed)
             {
                 e->Release();
-                if (ep.port == securitySettings.daFileSrvSSLPort)
-                    ep.port = securitySettings.daFileSrvPort;
+                if (ep.port == securitySettings.queryDaFileSrvSSLPort())
+                    ep.port = securitySettings.queryDaFileSrvPort();
                 else
-                    ep.port = securitySettings.daFileSrvSSLPort;
+                    ep.port = securitySettings.queryDaFileSrvSSLPort();
                 if (!conAttempts)
                     throw;
             }
@@ -1124,7 +1146,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
 
         if (connected)
         {
-            if (ep.port == securitySettings.daFileSrvSSLPort)
+            if (ep.port == securitySettings.queryDaFileSrvSSLPort())
             {
                 try
                 {
@@ -1140,7 +1162,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms)
                         e->errorMessage(errmsg);
                         WARNLOG("%s", errmsg.str());
                         e->Release();
-                        ep.port = securitySettings.daFileSrvPort;
+                        ep.port = securitySettings.queryDaFileSrvPort();
                         if (!conAttempts)
                             throw;
                     }

fs/dafsclient/rmtfile.cpp

@@ -55,22 +55,21 @@
 
 //#define TEST_DAFILESRV_FOR_UNIX_PATHS     // probably not needed
 
-static class CSecuritySettings
+static std::atomic<unsigned> dafilesrvPort{(unsigned)-1};
+static CriticalSection dafilesrvCs;
+unsigned short getDaliServixPort()
 {
-    unsigned short daliServixPort;
-public:
-    CSecuritySettings()
+    if (dafilesrvPort == (unsigned)-1)
     {
-        querySecuritySettings(nullptr, &daliServixPort, nullptr, nullptr, nullptr);
+        CriticalBlock block(dafilesrvCs);
+        if (dafilesrvPort == (unsigned) -1)
+        {
+            unsigned short daliServixPort;
+            querySecuritySettings(nullptr, &daliServixPort, nullptr, nullptr, nullptr);
+            dafilesrvPort = daliServixPort;
+        }
     }
-
-    unsigned short queryDaliServixPort() { return daliServixPort; }
-} securitySettings;
-
-
-unsigned short getDaliServixPort()
-{
-    return securitySettings.queryDaliServixPort();
+    return dafilesrvPort;
 }
 
 

roxie/ccd/ccdmain.cpp

@@ -771,12 +771,14 @@ int CCD_API roxie_main(int argc, const char *argv[], const char * defaultYaml)
         miscDebugTraceLevel = topology->getPropInt("@miscDebugTraceLevel", 0);
 
         Linked<IPropertyTree> directoryTree = topology->queryPropTree("Directories");
+#ifndef _CONTAINERIZED
         if (!directoryTree)
         {
             Owned<IPropertyTree> envFile = getHPCCEnvironment();
             if (envFile)
                 directoryTree.set(envFile->queryPropTree("Software/Directories"));
         }
+#endif
         if (directoryTree)
         {
             getConfigurationDirectory(directoryTree, "query", "roxie", roxieName, queryDirectory);

system/jlib/jlog.cpp

@@ -3108,7 +3108,11 @@ private:
         rolling = true;
         append = true;
         flushes = true;
+#ifdef _CONTAINERIZED
+        const char *logFields = nullptr;
+#else
         const char *logFields = queryEnvironmentConf().queryProp("logfields");
+#endif
         if (!isEmptyString(logFields))
             msgFields = logMsgFieldsFromAbbrevs(logFields);
         else

system/jlib/jsocket.cpp

@@ -3009,6 +3009,9 @@ const char * GetCachedHostName()
     if (!cachehostname.get())
     {
 #ifndef _WIN32
+#ifdef _CONTAINERIZED
+        //MORE: Does this need to be implemented a different way?
+#else
         IpAddress ip;
         const char *ifs = queryEnvironmentConf().queryProp("interface");
         if (getInterfaceIp(ip, ifs))
@@ -3023,6 +3026,7 @@ const char * GetCachedHostName()
             }
         }
 #endif
+#endif
         char temp[1024];
         if (gethostname(temp, sizeof(temp))==0)
             cachehostname.set(temp);                
@@ -5380,6 +5384,11 @@ void check_epoll_cfg()
     // DBGLOG("check_epoll_cfg(): epoll_method = %d",epoll_method);
     if (epoll_method == EPOLL_INIT)
     {
+#ifdef _CONTAINERIZED
+//Does this need to be implemented a different way?
+        epoll_method = EPOLL_ENABLED;
+        epoll_hdlPerThrd = UINT_MAX;
+#else
         if (queryEnvironmentConf().getPropBool("use_epoll", true))
             epoll_method = EPOLL_ENABLED;
         else
@@ -5389,6 +5398,7 @@ void check_epoll_cfg()
         if (epoll_hdlPerThrd == 0)
             epoll_hdlPerThrd = UINT_MAX;
         // DBGLOG("check_epoll_cfg(): after reading conf file, epoll_hdlPerThrd = %u",epoll_hdlPerThrd);
+#endif
     }
 }
 #endif // _HAS_EPOLL_SUPPORT

system/jlib/jutil.cpp

@@ -2453,7 +2453,10 @@ static CriticalSection envConfCrit;
 jlib_decl const IProperties &queryEnvironmentConf()
 {
 #if defined(_CONTAINERIZED) && defined(_DEBUG)
-    throwUnexpectedX("queryEnvironmentConf() callled from container system");
+    //The following line is currently hit by too many examples.  Re-enable the exception when more
+    //work has been done removing calls to getConfigurationDirectory() and other related functions.
+    //throwUnexpectedX("queryEnvironmentConf() callled from container system");
+    IERRLOG("queryEnvironmentConf() callled from container system");
 #endif
     CriticalBlock b(envConfCrit);
     if (!envConfFile)
@@ -2480,6 +2483,15 @@ jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
     // TLS TODO: could share mtls setting and cert/config for secure dafilesrv
     //           but note remote cluster configs should then match this one
 
+#ifdef _CONTAINERIZED
+    //MORE: If these come from the component configuration they will need to clone the strings
+    if (_certificate)
+        *_certificate = nullptr;
+    if (_privateKey)
+        *_privateKey = nullptr;
+    if (_passPhrase)
+        *_passPhrase = nullptr;
+#else
     const IProperties & conf = queryEnvironmentConf();
     StringAttr sslMethod;
     sslMethod.set(conf.queryProp("dfsUseSSL"));
@@ -2556,6 +2568,7 @@ jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
             *_passPhrase = DAFSpassPhraseDec.str();//return decrypted password. Note the preferred queryHPCCPKIKeyFiles() method returns it encrypted
         }
     }
+#endif
 
     return true;
 }
@@ -2613,6 +2626,10 @@ jlib_decl bool queryMtlsBareMetalConfig()
 
 static IPropertyTree *getOSSdirTree()
 {
+#ifdef _CONTAINERIZED
+    IERRLOG("getOSSdirTree() called from container system");
+    return nullptr;
+#endif
     Owned<IPropertyTree> envtree = getHPCCEnvironment();
     if (envtree) {
         IPropertyTree *ret = envtree->queryPropTree("Software/Directories");