datasrc_clients_mgr.h 21.4 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
// Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.

#ifndef DATASRC_CLIENTS_MGR_H
#define DATASRC_CLIENTS_MGR_H 1

18
#include <util/threads/thread.h>
19
#include <util/threads/sync.h>
20

21
22
23
#include <log/logger_support.h>
#include <log/log_dbglevels.h>

24
25
#include <dns/rrclass.h>

26
#include <cc/data.h>
27
28

#include <datasrc/data_source.h>
29
#include <datasrc/client_list.h>
30

31
#include <auth/auth_log.h>
32
#include <auth/datasrc_config.h>
33

34
#include <boost/array.hpp>
35
#include <boost/bind.hpp>
36
#include <boost/shared_ptr.hpp>
37
#include <boost/noncopyable.hpp>
38

39
#include <exception>
40
#include <cassert>
41
42
43
44
45
46
#include <list>
#include <utility>

namespace isc {
namespace auth {

47
namespace datasrc_clientmgr_internal {
48
49
50
51
52
53
// This namespace is essentially private for DataSrcClientsMgr(Base) and
// DataSrcClientsBuilder(Base).  This is exposed in the public header
// only because these classes are templated (for testing purposes) and
// class internal has to be defined here.

/// \brief ID of commands from the DataSrcClientsMgr to DataSrcClientsBuilder.
54
enum CommandID {
55
    NOOP,         ///< Do nothing.  Only useful for tests; no argument
Jelte Jansen's avatar
Jelte Jansen committed
56
57
58
    RECONFIGURE,  ///< Reconfigure the datasource client lists,
                  ///  the argument to the command is the full new
                  ///  datasources configuration.
59
60
61
    LOADZONE,     ///< Load a new version of zone into a memory,
                  ///  the argument to the command is a map containing 'class'
                  ///  and 'origin' elements, both should have been validated.
62
63
    SHUTDOWN,     ///< Shutdown the builder; no argument
    NUM_COMMANDS
64
};
65
66
67
68
69
70
71

/// \brief The data type passed from DataSrcClientsMgr to
/// DataSrcClientsBuilder.
///
/// The first element of the pair is the command ID, and the second element
/// is its argument.  If the command doesn't take an argument it should be
/// a null pointer.
72
typedef std::pair<CommandID, data::ConstElementPtr> Command;
73
} // namespace datasrc_clientmgr_internal
74

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/// \brief Frontend to the manager object for data source clients.
///
/// This class provides interfaces for configuring and updating a set of
/// data source clients "in the background".  The user of this class can
/// assume any operation on this class can be done effectively non-blocking,
/// not suspending any delay-sensitive operations such as DNS query
/// processing.  The only exception is the time when this class object
/// is destroyed (normally as a result of an implicit call to the destructor);
/// in the current implementation it can take time depending on what is
/// running "in the background" at the time of the call.
///
/// Internally, an object of this class invokes a separate thread to perform
/// time consuming operations such as loading large zone data into memory,
/// but such details are completely hidden from the user of this class.
///
/// This class is templated only so that we can test the class without
/// involving actual threads or mutex.  Normal applications will only
/// need one specific specialization that has a typedef of
/// \c DataSrcClientsMgr.
94
95
template <typename ThreadType, typename BuilderType, typename MutexType,
          typename CondVarType>
96
class DataSrcClientsMgrBase : boost::noncopyable {
97
98
99
100
101
private:
    typedef std::map<dns::RRClass,
                     boost::shared_ptr<datasrc::ConfigurableClientList> >
    ClientListsMap;

102
public:
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
    /// \brief Thread-safe accessor to the data source client lists.
    ///
    /// This class provides a simple wrapper for searching the client lists
    /// stored in the DataSrcClientsMgr in a thread-safe manner.
    /// It ensures the result of \c getClientList() can be used without
    /// causing a race condition with other threads that can possibly use
    /// the same manager throughout the lifetime of the holder object.
    ///
    /// This also means the holder object is expected to have a short lifetime.
    /// The application shouldn't try to keep it unnecessarily long.
    /// It's normally expected to create the holder object on the stack
    /// of a small scope and automatically let it be destroyed at the end
    /// of the scope.
    class Holder {
    public:
        Holder(DataSrcClientsMgrBase& mgr) :
            mgr_(mgr), locker_(mgr_.map_mutex_)
        {}

        /// \brief Find a data source client list of a specified RR class.
        ///
        /// It returns a pointer to the list stored in the manager if found,
        /// otherwise it returns NULL.  The manager keeps the ownership of
        /// the pointed object.  Also, it's not safe to get access to the
        /// object beyond the scope of the holder object.
128
129
130
131
132
133
134
135
136
        ///
        /// \note Since the ownership isn't transferred the return value
        /// could be a bare pointer (and it's probably better in several
        /// points).  Unfortunately, some unit tests currently don't work
        /// unless this method effectively shares the ownership with the
        /// tests.  That's the only reason why we return a shared pointer
        /// for now.  We should eventually fix it and change the return value
        /// type (see Trac ticket #2395).  Other applications must not
        /// assume the ownership is actually shared.
137
        boost::shared_ptr<datasrc::ConfigurableClientList> findClientList(
138
139
140
141
142
            const dns::RRClass& rrclass)
        {
            const ClientListsMap::const_iterator
                it = mgr_.clients_map_->find(rrclass);
            if (it == mgr_.clients_map_->end()) {
143
                return (boost::shared_ptr<datasrc::ConfigurableClientList>());
144
            } else {
145
                return (it->second);
146
147
148
149
150
151
152
            }
        }
    private:
        DataSrcClientsMgrBase& mgr_;
        typename MutexType::Locker locker_;
    };

153
154
155
156
157
158
159
160
161
162
163
164
    /// \brief Constructor.
    ///
    /// It internally invokes a separate thread and waits for further
    /// operations from the user application.
    ///
    /// This method is basically exception free except in case of really
    /// rare system-level errors.  When that happens the only reasonable
    /// action that the application can take would be to terminate the program
    /// in practice.
    ///
    /// \throw std::bad_alloc internal memory allocation failure.
    /// \throw isc::Unexpected general unexpected system errors.
165
    DataSrcClientsMgrBase() :
166
        clients_map_(new ClientListsMap),
Jelte Jansen's avatar
Jelte Jansen committed
167
168
        builder_(&command_queue_, &cond_, &queue_mutex_, &clients_map_,
                 &map_mutex_),
169
        builder_thread_(boost::bind(&BuilderType::run, &builder_))
170
    {}
171
172
173
174
175
176
177
178
179
180
181
182

    /// \brief The destructor.
    ///
    /// It tells the internal thread to stop and waits for it completion.
    /// In the current implementation, it can block for some unpredictably
    /// long period depending on what the thread is doing at that time
    /// (in future we may want to implement a rapid way of killing the thread
    /// and/or provide a separate interface for waiting so that the application
    /// can choose the timing).
    ///
    /// The waiting operation can result in an exception, but this method
    /// catches any of them so this method itself is exception free.
183
    ~DataSrcClientsMgrBase() {
184
185
186
        // We share class member variables with the builder, which will be
        // invalidated after the call to the destructor, so we need to make
        // sure the builder thread is terminated.  Depending on the timing
187
188
189
        // this could take a long time; if we don't want that to happen in
        // this context, we may want to introduce a separate 'shutdown()'
        // method.
190
191
192
193
        // Also, since we don't want to propagate exceptions from a destructor,
        // we catch any possible ones.  In fact the only really expected one
        // is Thread::UncaughtException when the builder thread died due to
        // an exception.  We specifically log it and just ignore others.
194
        try {
195
196
            sendCommand(datasrc_clientmgr_internal::SHUTDOWN,
                        data::ConstElementPtr());
197
            builder_thread_.wait();
198
        } catch (const util::thread::Thread::UncaughtException& ex) {
199
200
201
            // technically, logging this could throw, which will be propagated.
            // But such an exception would be a fatal one anyway, so we
            // simply let it go through.
202
203
            LOG_ERROR(auth_logger, AUTH_DATASRC_CLIENTS_SHUTDOWN_ERROR).
                arg(ex.what());
204
205
206
207
        } catch (...) {
            LOG_ERROR(auth_logger,
                      AUTH_DATASRC_CLIENTS_SHUTDOWN_UNEXPECTED_ERROR);
        }
208
209

        cleanup();              // see below
210
211
    }

212
213
214
215
    /// \brief Handle new full configuration for data source clients.
    ///
    /// This method simply passes the new configuration to the builder
    /// and immediately returns.  This method is basically exception free
216
217
    /// as long as the caller passes a non NULL value for \c config_arg;
    /// it doesn't validate the argument further.
218
219
220
221
222
223
224
225
226
227
    ///
    /// \brief isc::InvalidParameter config_arg is NULL.
    /// \brief std::bad_alloc
    ///
    /// \param config_arg The new data source configuration.  Must not be NULL.
    void reconfigure(data::ConstElementPtr config_arg) {
        if (!config_arg) {
            isc_throw(InvalidParameter, "Invalid null config argument");
        }
        sendCommand(datasrc_clientmgr_internal::RECONFIGURE, config_arg);
228
        reconfigureHook();      // for test's customization
229
230
    }

231
    /// \brief Set the underlying data source client lists to new lists.
232
233
234
235
    ///
    /// This is provided only for some existing tests until we support a
    /// cleaner way to use faked data source clients.  Non test code or
    /// newer tests must not use this.
236
    void setDataSrcClientLists(datasrc::ClientListMapPtr new_lists) {
237
        typename MutexType::Locker locker(map_mutex_);
238
        clients_map_ = new_lists;
239
240
    }

241
private:
242
243
244
245
246
247
    // This is expected to be called at the end of the destructor.  It
    // actually does nothing, but provides a customization point for
    // specialized class for tests so that the tests can inspect the last
    // state of the class.
    void cleanup() {}

248
249
250
    // same as cleanup(), for reconfigure().
    void reconfigureHook() {}

251
    void sendCommand(datasrc_clientmgr_internal::CommandID command,
252
253
                     data::ConstElementPtr arg)
    {
254
255
256
257
258
259
        // The lock will be held until the end of this method.  Only
        // push_back has to be protected, but we can avoid having an extra
        // block this way.
        typename MutexType::Locker locker(queue_mutex_);
        command_queue_.push_back(
            datasrc_clientmgr_internal::Command(command, arg));
260
        cond_.signal();
261
    }
262

263
264
265
266
    //
    // The following are shared with the builder.
    //
    // The list is used as a one-way queue: back-in, front-out
267
    std::list<datasrc_clientmgr_internal::Command> command_queue_;
268
269
    CondVarType cond_;          // condition variable for queue operations
    MutexType queue_mutex_;     // mutex to protect the queue
270
    datasrc::ClientListMapPtr clients_map_;
Jelte Jansen's avatar
Jelte Jansen committed
271
272
                                // map of actual data source client objects
    MutexType map_mutex_;       // mutex to protect the clients map
273

274
    BuilderType builder_;
275
    ThreadType builder_thread_; // for safety this should be placed last
276
277
};

278
namespace datasrc_clientmgr_internal {
279
280
281
282
283

/// \brief A class that maintains a set of data source clients.
///
/// An object of this class is supposed to run on a dedicated thread, whose
/// main function is a call to its \c run() method.  It runs in a loop
284
/// waiting for commands from the manager and handles each command (including
285
/// reloading a new version of zone data into memory or fully reconfiguration
286
/// of specific set of data source clients).  When it receives a SHUTDOWN
287
288
/// command, it exits from the loop, which will terminate the thread.
///
289
290
291
/// While this class is defined in a publicly visible namespace, it's
/// essentially private to \c DataSrcClientsMgr.  Except for tests,
/// applications should not directly access this class.
292
293
294
///
/// This class is templated so that we can test it without involving actual
/// threads or locks.
295
template <typename MutexType, typename CondVarType>
296
class DataSrcClientsBuilderBase : boost::noncopyable {
297
298
299
300
301
private:
    typedef std::map<dns::RRClass,
                     boost::shared_ptr<datasrc::ConfigurableClientList> >
    ClientListsMap;

302
public:
303
    /// \brief Internal errors in handling commands.
304
305
306
307
    ///
    /// This exception is expected to be caught within the
    /// \c DataSrcClientsBuilder implementation, but is defined as public
    /// so tests can be checked it.
308
    class InternalCommandError : public isc::Exception {
309
    public:
310
        InternalCommandError(const char* file, size_t line, const char* what) :
311
312
313
            isc::Exception(file, line, what) {}
    };

314
315
316
317
318
319
320
321
    /// \brief Constructor.
    ///
    /// It simply sets up a local copy of shared data with the manager.
    ///
    /// Note: this will take actual set (map) of data source clients and
    /// a mutex object for it in #2210 or #2212.
    ///
    /// \throw None
322
    DataSrcClientsBuilderBase(std::list<Command>* command_queue,
323
                              CondVarType* cond, MutexType* queue_mutex,
324
                              datasrc::ClientListMapPtr* clients_map,
325
                              MutexType* map_mutex
326
        ) :
327
328
        command_queue_(command_queue), cond_(cond), queue_mutex_(queue_mutex),
        clients_map_(clients_map), map_mutex_(map_mutex)
329
330
    {}

331
    /// \brief The main loop.
332
333
    void run();

334
335
336
337
338
339
    /// \brief Handle one command from the manager.
    ///
    /// This is a dedicated subroutine of run() and is essentially private,
    /// but is defined as a separate public method so we can test each
    /// command test individually.  In any case, this class itself is
    /// generally considered private.
340
    ///
341
    /// \return true if the builder should keep running; false otherwise.
342
343
344
    bool handleCommand(const Command& command);

private:
345
346
    // NOOP command handler.  We use this so tests can override it; the default
    // implementation really does nothing.
347
348
    void doNoop() {}

Jelte Jansen's avatar
Jelte Jansen committed
349
    void doReconfigure(const data::ConstElementPtr& config) {
350
        if (config) {
Jelte Jansen's avatar
Jelte Jansen committed
351
352
            LOG_INFO(auth_logger,
                     AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_STARTED);
353
            try {
Jelte Jansen's avatar
Jelte Jansen committed
354
355
356
357
358
                // Define new_clients_map outside of the block that
                // has the lock scope; this way, after the swap,
                // the lock is guaranteed to be released before
                // the old data is destroyed, minimizing the lock
                // duration.
359
                datasrc::ClientListMapPtr new_clients_map =
360
                    configureDataSource(config);
Jelte Jansen's avatar
Jelte Jansen committed
361
362
363
364
365
366
367
368
                {
                    typename MutexType::Locker locker(*map_mutex_);
                    new_clients_map.swap(*clients_map_);
                } // lock is released by leaving scope
                LOG_INFO(auth_logger,
                         AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_SUCCESS);
            } catch (const datasrc::ConfigurableClientList::ConfigurationError&
                     config_error) {
Jelte Jansen's avatar
Jelte Jansen committed
369
370
                LOG_ERROR(auth_logger,
                    AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_CONFIG_ERROR).
Jelte Jansen's avatar
Jelte Jansen committed
371
                    arg(config_error.what());
372
            } catch (const datasrc::DataSourceError& ds_error) {
Jelte Jansen's avatar
Jelte Jansen committed
373
                LOG_ERROR(auth_logger,
374
375
376
                    AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_DATASRC_ERROR).
                    arg(ds_error.what());
            } catch (const isc::Exception& isc_error) {
Jelte Jansen's avatar
Jelte Jansen committed
377
378
                LOG_ERROR(auth_logger,
                    AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_ERROR).
379
                    arg(isc_error.what());
380
            }
381
382
383
            // other exceptions are propagated, see
            // http://bind10.isc.org/ticket/2210#comment:13

Jelte Jansen's avatar
Jelte Jansen committed
384
            // old clients_map_ data is released by leaving scope
385
386
387
        }
    }

388
389
    void doLoadZone(const isc::data::ConstElementPtr& arg);

390
    // The following are shared with the manager
391
392
393
    std::list<Command>* command_queue_;
    CondVarType* cond_;
    MutexType* queue_mutex_;
394
    datasrc::ClientListMapPtr* clients_map_;
395
    MutexType* map_mutex_;
396
397
398
399
400
401
};

// Shortcut typedef for normal use
typedef DataSrcClientsBuilderBase<util::thread::Mutex, util::thread::CondVar>
DataSrcClientsBuilder;

402
403
404
template <typename MutexType, typename CondVarType>
void
DataSrcClientsBuilderBase<MutexType, CondVarType>::run() {
405
    LOG_INFO(auth_logger, AUTH_DATASRC_CLIENTS_BUILDER_STARTED);
406

407
408
409
410
411
412
    try {
        bool keep_running = true;
        while (keep_running) {
            std::list<Command> current_commands;
            {
                // Move all new commands to local queue under the protection of
413
                // queue_mutex_.
414
415
416
417
                typename MutexType::Locker locker(*queue_mutex_);
                while (command_queue_->empty()) {
                    cond_->wait(*queue_mutex_);
                }
418
                current_commands.swap(*command_queue_);
Jelte Jansen's avatar
Jelte Jansen committed
419
            } // the lock is released here.
420
421
422
423

            while (keep_running && !current_commands.empty()) {
                keep_running = handleCommand(current_commands.front());
                current_commands.pop_front();
424
425
            }
        }
426

427
428
429
        LOG_INFO(auth_logger, AUTH_DATASRC_CLIENTS_BUILDER_STOPPED);
    } catch (const std::exception& ex) {
        // We explicitly catch exceptions so we can log it as soon as possible.
430
        LOG_FATAL(auth_logger, AUTH_DATASRC_CLIENTS_BUILDER_FAILED).
431
            arg(ex.what());
432
        std::terminate();
433
    } catch (...) {
434
        LOG_FATAL(auth_logger, AUTH_DATASRC_CLIENTS_BUILDER_FAILED_UNEXPECTED);
435
        std::terminate();
436
    }
437
438
439
440
441
442
443
}

template <typename MutexType, typename CondVarType>
bool
DataSrcClientsBuilderBase<MutexType, CondVarType>::handleCommand(
    const Command& command)
{
444
445
446
447
448
    const CommandID cid = command.first;
    if (cid >= NUM_COMMANDS) {
        // This shouldn't happen except for a bug within this file.
        isc_throw(Unexpected, "internal bug: invalid command, ID: " << cid);
    }
449

450
    const boost::array<const char*, NUM_COMMANDS> command_desc = {
451
        {"NOOP", "RECONFIGURE", "LOADZONE", "SHUTDOWN"}
452
453
454
    };
    LOG_DEBUG(auth_logger, DBGLVL_TRACE_BASIC,
              AUTH_DATASRC_CLIENTS_BUILDER_COMMAND).arg(command_desc.at(cid));
455
    switch (command.first) {
456
457
458
    case RECONFIGURE:
        doReconfigure(command.second);
        break;
459
460
461
    case LOADZONE:
        doLoadZone(command.second);
        break;
462
463
464
465
    case SHUTDOWN:
        return (false);
    case NOOP:
        doNoop();
466
467
468
        break;
    case NUM_COMMANDS:
        assert(false);          // we rejected this case above
469
470
471
    }
    return (true);
}
472
473
474
475
476
477
478
479
480
481
482

template <typename MutexType, typename CondVarType>
void
DataSrcClientsBuilderBase<MutexType, CondVarType>::doLoadZone(
    const isc::data::ConstElementPtr& arg)
{
    // TODO: test bogus class and name
    const dns::RRClass rrclass(arg->get("class")->stringValue());
    const dns::Name origin(arg->get("origin")->stringValue());
    ClientListsMap::iterator found = (*clients_map_)->find(rrclass);
    if (found == (*clients_map_)->end()) {
483
484
        isc_throw(InternalCommandError, "failed to load a zone " << origin <<
                  "/" << rrclass << ": not configured for the class");
485
486
487
488
489
490
491
492
        return;
    }

    boost::shared_ptr<datasrc::ConfigurableClientList> client_list =
        found->second;
    assert(client_list);

    datasrc::ConfigurableClientList::ReloadResult result;
493
    try {
494
495
        typename MutexType::Locker locker(*map_mutex_);
        result = client_list->reload(origin);
496
497
498
499
500
501
502
    } catch (const isc::Exception& ex) {
        // We catch our internal exceptions (which will be just ignored) and
        // propagated others (which should generally be considered fatal and
        // will make the thread terminate)
        isc_throw(InternalCommandError, "failed to load a zone " << origin <<
                  "/" << rrclass << ": error occurred in reload: " <<
                  ex.what());
503
    }
504
505
506
507
508
509
510
511
512
513
514
515
516
    switch (result) {
    case datasrc::ConfigurableClientList::ZONE_RELOADED:
        // Everything worked fine.
        //LOG_DEBUG(auth_logger, DBG_AUTH_OPS, AUTH_LOAD_ZONE)
        //  .arg(zone_class).arg(origin);
        break;
    case datasrc::ConfigurableClientList::ZONE_NOT_FOUND:
        isc_throw(InternalCommandError, "failed to load zone " << origin
                  << "/" << rrclass << ": not found in any configured "
                  "data source.");
    default:
        assert(false);
    }
517
}
518
} // namespace datasrc_clientmgr_internal
519
520
521
522
523

/// \brief Shortcut type for normal data source clients manager.
///
/// In fact, for non test applications this is the only type of this kind
/// to be considered.
524
525
526
527
typedef DataSrcClientsMgrBase<
    util::thread::Thread,
    datasrc_clientmgr_internal::DataSrcClientsBuilder,
    util::thread::Mutex, util::thread::CondVar> DataSrcClientsMgr;
528
529
530
531
532
533
534
535
} // namespace auth
} // namespace isc

#endif  // DATASRC_CLIENTS_MGR_H

// Local Variables:
// mode: c++
// End: