96d2ac4112
1. refactor kubesphere dependency service client creation, we can disable dependency by config 2. dependencies can be configured by configuration file 3. refactor cmd package using cobra.Command, so we can use hypersphere to invoke command sepearately. Later we only need to build one image to contains all kubesphere core components. One command to rule them all! 4. live reloading configuration currently not implemented
295 lines
8.5 KiB
Go
295 lines
8.5 KiB
Go
// Copyright 2018 The Kubesphere Authors.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
// the code is mainly from:
|
|
// https://github.com/kubernetes/dashboard/blob/master/src/app/backend/handler/terminal.go
|
|
// thanks to the related developer
|
|
|
|
package terminal
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"fmt"
|
|
"github.com/golang/glog"
|
|
"gopkg.in/igm/sockjs-go.v2/sockjs"
|
|
"io"
|
|
"k8s.io/api/core/v1"
|
|
"k8s.io/client-go/kubernetes/scheme"
|
|
"k8s.io/client-go/tools/remotecommand"
|
|
"kubesphere.io/kubesphere/pkg/simple/client"
|
|
)
|
|
|
|
// PtyHandler is what remotecommand expects from a pty
|
|
type PtyHandler interface {
|
|
io.Reader
|
|
io.Writer
|
|
remotecommand.TerminalSizeQueue
|
|
}
|
|
|
|
// TerminalSession implements PtyHandler (using a SockJS connection)
|
|
type TerminalSession struct {
|
|
id string
|
|
bound chan error
|
|
sockJSSession sockjs.Session
|
|
sizeChan chan remotecommand.TerminalSize
|
|
}
|
|
|
|
// TerminalMessage is the messaging protocol between ShellController and TerminalSession.
|
|
//
|
|
// OP DIRECTION FIELD(S) USED DESCRIPTION
|
|
// ---------------------------------------------------------------------
|
|
// bind fe->be SessionID Id sent back from TerminalResponse
|
|
// stdin fe->be Data Keystrokes/paste buffer
|
|
// resize fe->be Rows, Cols New terminal size
|
|
// stdout be->fe Data Output from the process
|
|
// toast be->fe Data OOB message to be shown to the user
|
|
type TerminalMessage struct {
|
|
Op, Data, SessionID string
|
|
Rows, Cols uint16
|
|
}
|
|
|
|
// TerminalSize handles pty->process resize events
|
|
// Called in a loop from remotecommand as long as the process is running
|
|
func (t TerminalSession) Next() *remotecommand.TerminalSize {
|
|
select {
|
|
case size := <-t.sizeChan:
|
|
return &size
|
|
}
|
|
}
|
|
|
|
// Read handles pty->process messages (stdin, resize)
|
|
// Called in a loop from remotecommand as long as the process is running
|
|
func (t TerminalSession) Read(p []byte) (int, error) {
|
|
m, err := t.sockJSSession.Recv()
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
|
|
var msg TerminalMessage
|
|
if err := json.Unmarshal([]byte(m), &msg); err != nil {
|
|
return 0, err
|
|
}
|
|
|
|
switch msg.Op {
|
|
case "stdin":
|
|
return copy(p, msg.Data), nil
|
|
case "resize":
|
|
t.sizeChan <- remotecommand.TerminalSize{Width: msg.Cols, Height: msg.Rows}
|
|
return 0, nil
|
|
default:
|
|
return 0, fmt.Errorf("unknown message type '%s'", msg.Op)
|
|
}
|
|
}
|
|
|
|
// Write handles process->pty stdout
|
|
// Called from remotecommand whenever there is any output
|
|
func (t TerminalSession) Write(p []byte) (int, error) {
|
|
msg, err := json.Marshal(TerminalMessage{
|
|
Op: "stdout",
|
|
Data: string(p),
|
|
})
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
|
|
if err = t.sockJSSession.Send(string(msg)); err != nil {
|
|
return 0, err
|
|
}
|
|
return len(p), nil
|
|
}
|
|
|
|
// Toast can be used to send the user any OOB messages
|
|
// hterm puts these in the center of the terminal
|
|
func (t TerminalSession) Toast(p string) error {
|
|
msg, err := json.Marshal(TerminalMessage{
|
|
Op: "toast",
|
|
Data: p,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err = t.sockJSSession.Send(string(msg)); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Close shuts down the SockJS connection and sends the status code and reason to the client
|
|
// Can happen if the process exits or if there is an error starting up the process
|
|
// For now the status code is unused and reason is shown to the user (unless "")
|
|
func (t TerminalSession) Close(status uint32, reason string) {
|
|
t.sockJSSession.Close(status, reason)
|
|
}
|
|
|
|
// terminalSessions stores a map of all TerminalSession objects
|
|
// FIXME: this structure needs locking
|
|
var terminalSessions = make(map[string]TerminalSession)
|
|
|
|
// handleTerminalSession is Called by net/http for any new /api/sockjs connections
|
|
func HandleTerminalSession(session sockjs.Session) {
|
|
glog.Infof("handleTerminalSession, ID:%s", session.ID())
|
|
var (
|
|
buf string
|
|
err error
|
|
msg TerminalMessage
|
|
terminalSession TerminalSession
|
|
ok bool
|
|
)
|
|
|
|
if buf, err = session.Recv(); err != nil {
|
|
glog.Errorf("handleTerminalSession: can't Recv: %v", err)
|
|
return
|
|
}
|
|
|
|
if err = json.Unmarshal([]byte(buf), &msg); err != nil {
|
|
glog.Errorf("handleTerminalSession: can't UnMarshal (%v): %s", err, buf)
|
|
return
|
|
}
|
|
|
|
if msg.Op != "bind" {
|
|
glog.Errorf("handleTerminalSession: expected 'bind' message, got: %s", buf)
|
|
return
|
|
}
|
|
|
|
if terminalSession, ok = terminalSessions[msg.SessionID]; !ok {
|
|
glog.Errorf("handleTerminalSession: can't find session '%s'", msg.SessionID)
|
|
return
|
|
}
|
|
|
|
terminalSession.sockJSSession = session
|
|
terminalSessions[msg.SessionID] = terminalSession
|
|
terminalSession.bound <- nil
|
|
}
|
|
|
|
// startProcess is called by handleAttach
|
|
// Executed cmd in the container specified in request and connects it up with the ptyHandler (a session)
|
|
func startProcess(namespace, podName, containerName string, cmd []string, ptyHandler PtyHandler) error {
|
|
|
|
k8sClient := client.ClientSets().K8s().Kubernetes()
|
|
|
|
cfg := client.ClientSets().K8s().Config()
|
|
|
|
req := k8sClient.CoreV1().RESTClient().Post().
|
|
Resource("pods").
|
|
Name(podName).
|
|
Namespace(namespace).
|
|
SubResource("exec")
|
|
req.VersionedParams(&v1.PodExecOptions{
|
|
Container: containerName,
|
|
Command: cmd,
|
|
Stdin: true,
|
|
Stdout: true,
|
|
Stderr: true,
|
|
TTY: true,
|
|
}, scheme.ParameterCodec)
|
|
|
|
exec, err := remotecommand.NewSPDYExecutor(cfg, "POST", req.URL())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = exec.Stream(remotecommand.StreamOptions{
|
|
Stdin: ptyHandler,
|
|
Stdout: ptyHandler,
|
|
Stderr: ptyHandler,
|
|
TerminalSizeQueue: ptyHandler,
|
|
Tty: true,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// genTerminalSessionId generates a random session ID string. The format is not really interesting.
|
|
// This ID is used to identify the session when the client opens the SockJS connection.
|
|
// Not the same as the SockJS session id! We can't use that as that is generated
|
|
// on the client side and we don't have it yet at this point.
|
|
func genTerminalSessionId() (string, error) {
|
|
|
|
bytes := make([]byte, 16)
|
|
if _, err := rand.Read(bytes); err != nil {
|
|
return "", err
|
|
}
|
|
id := make([]byte, hex.EncodedLen(len(bytes)))
|
|
hex.Encode(id, bytes)
|
|
glog.Infof("genTerminalSessionId, id:" + string(id))
|
|
return string(id), nil
|
|
}
|
|
|
|
// isValidShell checks if the shell is an allowed one
|
|
func isValidShell(validShells []string, shell string) bool {
|
|
for _, validShell := range validShells {
|
|
if validShell == shell {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// WaitingForConnection is called from apihandler.handleAttach as a goroutine
|
|
// Waits for the SockJS connection to be opened by the client the session to be bound in handleTerminalSession
|
|
func WaitingForConnection(shell string, namespace, podName, containerName string, sessionId string) {
|
|
glog.Infof("WaitingForConnection, ID:%s", sessionId)
|
|
select {
|
|
case <-terminalSessions[sessionId].bound:
|
|
close(terminalSessions[sessionId].bound)
|
|
defer delete(terminalSessions, sessionId)
|
|
var err error
|
|
validShells := []string{"sh", "bash"}
|
|
|
|
if isValidShell(validShells, shell) {
|
|
cmd := []string{shell}
|
|
err = startProcess(namespace, podName, containerName, cmd, terminalSessions[sessionId])
|
|
} else {
|
|
// No shell given or it was not valid: try some shells until one succeeds or all fail
|
|
// FIXME: if the first shell fails then the first keyboard event is lost
|
|
for _, testShell := range validShells {
|
|
cmd := []string{testShell}
|
|
if err = startProcess(namespace, podName, containerName, cmd, terminalSessions[sessionId]); err == nil {
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if err != nil {
|
|
terminalSessions[sessionId].Close(2, err.Error())
|
|
return
|
|
}
|
|
|
|
terminalSessions[sessionId].Close(1, "Process exited")
|
|
}
|
|
}
|
|
|
|
func NewSession(shell, namespace, podName, containerName string) (string, error) {
|
|
sessionId, err := genTerminalSessionId()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
terminalSessions[sessionId] = TerminalSession{
|
|
id: sessionId,
|
|
bound: make(chan error),
|
|
sizeChan: make(chan remotecommand.TerminalSize),
|
|
}
|
|
|
|
go WaitingForConnection(shell, namespace, podName, containerName, sessionId)
|
|
|
|
return sessionId, nil
|
|
}
|