zhouyuhuan
/
Cloudpods


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
							// Copyright 2019 Yunion
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package service

import (
	"context"
	"os"
	"time"

	"yunion.io/x/jsonutils"
	"yunion.io/x/log"
	_ "yunion.io/x/sqlchemy/backends"

	api "yunion.io/x/onecloud/pkg/apis/identity"
	"yunion.io/x/onecloud/pkg/cloudcommon"
	common_app "yunion.io/x/onecloud/pkg/cloudcommon/app"
	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
	"yunion.io/x/onecloud/pkg/cloudcommon/cronman"
	"yunion.io/x/onecloud/pkg/cloudcommon/db"
	"yunion.io/x/onecloud/pkg/cloudcommon/db/taskman"
	"yunion.io/x/onecloud/pkg/cloudcommon/notifyclient"
	common_options "yunion.io/x/onecloud/pkg/cloudcommon/options"
	"yunion.io/x/onecloud/pkg/cloudcommon/policy"
	"yunion.io/x/onecloud/pkg/keystone/cache"
	"yunion.io/x/onecloud/pkg/keystone/cronjobs"
	"yunion.io/x/onecloud/pkg/keystone/models"
	"yunion.io/x/onecloud/pkg/keystone/options"
	kpolicy "yunion.io/x/onecloud/pkg/keystone/policy"
	"yunion.io/x/onecloud/pkg/keystone/saml"
	_ "yunion.io/x/onecloud/pkg/keystone/tasks"
	"yunion.io/x/onecloud/pkg/keystone/tokens"
	"yunion.io/x/onecloud/pkg/keystone/util"
	"yunion.io/x/onecloud/pkg/mcclient/auth"
	"yunion.io/x/onecloud/pkg/util/logclient"
)

func StartService() {
	auth.DefaultTokenVerifier = tokens.FernetTokenVerifier
	db.DefaultUUIDGenerator = keystoneUUIDGenerator
	db.DefaultProjectFetcher = keystoneProjectFetcher
	db.DefaultDomainFetcher = keystoneDomainFetcher
	db.DefaultUserFetcher = keystoneUserFetcher
	db.DefaultDomainQuery = keystoneDomainQuery
	db.DefaultProjectQuery = keystoneProjectQuery
	db.DefaultProjectsFetcher = keystoneProjectsFetcher
	policy.DefaultPolicyFetcher = localPolicyFetcher
	logclient.DefaultSessionGenerator = models.GetDefaultClientSession
	cronman.DefaultAdminSessionGenerator = tokens.GetDefaultAdminCredToken
	notifyclient.AdminSessionGenerator = util.GetDefaulAdminSession
	notifyclient.UserLangFetcher = models.GetUserLangForKeyStone

	models.InitSyncWorkers()

	opts := &options.Options
	common_options.ParseOptions(opts, os.Args, "keystone.conf", api.SERVICE_TYPE)
	kpolicy.Init()

	if opts.Port == 0 {
		opts.Port = 5000 // keystone well-known port
	}

	/* err := keys.Init(opts.FernetKeyRepository, opts.SetupCredentialKey)
	if err != nil {
		log.Fatalf("init fernet keys fail %s", err)
	}
	*/

	app := common_app.InitApp(&opts.BaseOptions, true).
		OnException(func(method, path string, body jsonutils.JSONObject, err error) {
			ctx := context.Background()
			token := tokens.GetDefaultAdminCredToken()
			notifyclient.EventNotifyServiceAbnormal(ctx, token, consts.GetServiceType(), method, path, body, err)
		})

	cloudcommon.InitDB(&opts.DBOptions)

	InitHandlers(app, opts.IsSlaveNode)

	db.EnsureAppSyncDB(app, &opts.DBOptions, models.InitDB)

	common_app.InitBaseAuth(&opts.BaseOptions)

	common_options.StartOptionManagerWithSessionDriver(opts, opts.ConfigSyncPeriodSeconds, api.SERVICE_TYPE, "", options.OnOptionsChange, models.NewServiceConfigSession())

	if !opts.IsSlaveNode {
		err := models.UserManager.EnforceUserMfa(context.Background())
		if err != nil {
			log.Errorf("EnforceUserMfa fail %s", err)
		}
	}

	cache.Init(opts.TokenExpirationSeconds)

	if !opts.IsSlaveNode {
		err := taskman.TaskManager.InitializeData()
		if err != nil {
			log.Fatalf("TaskManager.InitializeData fail %s", err)
		}

		cron := cronman.InitCronJobManager(true, opts.CronJobWorkerCount, options.Options.TimeZone)

		cron.AddJobAtIntervalsWithStartRun("AutoSyncIdentityProviderTask", time.Duration(opts.AutoSyncIntervalSeconds)*time.Second, models.AutoSyncIdentityProviderTask, true)
		cron.AddJobAtIntervalsWithStartRun("FetchScopeResourceCount", time.Duration(opts.FetchScopeResourceCountIntervalSeconds)*time.Second, cronjobs.FetchScopeResourceCount, false)
		cron.AddJobAtIntervalsWithStartRun("CalculateIdentityQuotaUsages", time.Duration(opts.CalculateQuotaUsageIntervalSeconds)*time.Second, models.IdentityQuotaManager.CalculateQuotaUsages, true)

		cron.AddJobEveryFewHour("AutoPurgeSplitable", 4, 30, 0, db.AutoPurgeSplitable, false)
		cron.AddJobEveryFewDays("CheckAllUserPasswordIsExpired", 1, 8, 0, 0, models.CheckAllUserPasswordIsExpired, true)

		cron.AddJobEveryFewHour("RemoveObsoleteInvalidTokens", 6, 0, 0, models.RemoveObsoleteInvalidTokens, true)

		cron.AddJobAtIntervalsWithStartRun("TaskCleanupJob", time.Duration(options.Options.TaskArchiveIntervalMinutes)*time.Minute, taskman.TaskManager.TaskCleanupJob, true)

		cron.AddJobEveryFewHour("CleanPasswordsJob", 4, 8, 0, models.PasswordManager.CleanPasswordsJob, true)

		cron.Start()
		defer cron.Stop()
	}

	if options.Options.EnableSsl {
		// enable SAML support only if ssl is enabled
		err := saml.InitSAMLInstance()
		if err != nil {
			panic(err)
		}
	}

	go func() {
		common_app.ServeForeverExtended(app, &opts.BaseOptions, options.Options.AdminPort, nil, false)
	}()

	common_app.ServeForeverWithCleanup(app, &opts.BaseOptions, func() {
		cloudcommon.CloseDB()
		// cron.Stop()
	})
}