pth_05

Functionality

pth_05 receives requests for OBJ-01 access via S3 protocol. Requests are authenticated using credentials.json gathered by tool provided in the HDP-01 package. Requested object path is then processed to determine host and tag parts of the object. Host and tag is used to resolve index by searching the CFE-12 lookup files. Request proceeds to authorization stage if index is found from the lookups. Requests are authorized using authorize.json (generated by pth_05 provided generate_index_mapping.py tool) which contains index to unix group mappings. Intersection is calculated by using the two sets of groups, one which are member of the index and the other which the identity is member of. Request is accepted if any groups intersect within the two sets.

Usage

pth_05 is a micro-service which can be deployed via RPM or a container. Only RPM instructions are provided currently. However the Dockerfile shows what is to be configured in order to get the container up and running as well.

Installation

pth_05 can be installed via the rpm package as follows:

yum install pth_05.rpm

Configuration

Data files

pth_05 requires following data available:

• lookup-files

• authorize.json

• credentials.json

Lookup-files are sourced from CFE-12. Authorize.json-file can be generated with the provided generate_index_mapping.py which ingests CFE-04 related authorize.conf format. Credentials.json-file is produced by HDP-01 version 1.2.0 or greater.

All of the files can be hand crafted and examples are provided within the RPM.

Execution

Properties file configures the execution of pth_05 and is located at path: /opt/teragrep/pth_05/etc/pth_05.properties

pth_05.endpoint=http://127.0.0.1:8080
pth_05.credentials.file=/opt/teragrep/pth_05/etc/credentials.json
pth_05.authorize.file=/opt/teragrep/pth_05/etc/authorize.json
pth_05.lookup.path=/opt/teragrep/pth_05/etc/lookup
jclouds.provider=s3
jclouds.identity=xxxxxxxxxxxxxxxxxxxx
jclouds.credential=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
jclouds.endpoint=https://s3.domain.tld

Information about the variables

pth_05 specific:

• pth_05.endpoint configures the address which the pth_05 listens at.

• pth_05.credentials.file is a path to the credentials.json-file.

• pth_05.authorize.file is a path to the authorize.json-file.

• pth_05.lookup.path is a path to the lookup directory.

JClouds common:

• jclouds.provider configures which type of a service is proxied to. Use "s3".

• jclouds.identity configures the identity to the proxied target.

• jclouds.credential configures the credential to the proxied target.

• jclouds.endpoint configures the location to the proxied target.

Memory settings

Run systemctl edit --full pth_05 to edit the memory settings. Currently the default values are:

-Xms512m

-Xmx1024m

JMX

Run systemctl edit --full pth_05 and add the following to enable JMX:

    -Dcom.sun.management.jmxremote \
    -Dcom.sun.management.jmxremote.port=9996 \
    -Dcom.sun.management.jmxremote.authenticate=false \
    -Dcom.sun.management.jmxremote.ssl=false \

Logging

pth_05 uses Logback to configure logging. Log configuration is at path: /opt/teragrep/pth_05/etc/logback.xml

Running

pth_05 is shipped with systemd service descriptor file and therefore is available as a systemd-unit.

systemctl enable pth_05.service
systemctl start pth_05.service

Adding extra jars to classpath

Simply drop extra jars that might be required by logback configuration to /opt/teragrep/pth_05/share/

Build Artifacts

JAR RPM Container