Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server/ui: fix crash caused by race in server initialization #30746

Merged
merged 3 commits into from
Oct 1, 2018
Merged

server/ui: fix crash caused by race in server initialization #30746

merged 3 commits into from
Oct 1, 2018

Conversation

vilterp
Copy link
Contributor

@vilterp vilterp commented Sep 27, 2018
edited
Loading

Fixes #25771

See commits for details.

@vilterp vilterp requested review from couchand, benesch and a team September 27, 2018 22:27
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@vilterp vilterp mentioned this pull request Sep 27, 2018
Closed
@vilterp vilterp mentioned this pull request Sep 27, 2018
Closed
@vilterp vilterp requested a review from tbg September 27, 2018 23:04
benesch
benesch approved these changes Sep 29, 2018
View reviewed changes
Copy link
Contributor

@benesch benesch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commits you wrote :lgtm_strong:. The commit I wrote was LGTM'd by Peter in #30735. So I think we're good to go here, modulo one stray println I called out below. Thanks for indulging me on this approach.

Reviewed 1 of 1 files at r1, 4 of 4 files at r2, 3 of 3 files at r3.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained

pkg/server/server.go, line 1583 at r3 (raw file):

	// Serve UI assets. This needs to be before the gRPC handlers are registered, otherwise
	// the `s.mux.Handle("/", ...)` would cover all URLs, allowing anonymous access.

I know you're just copy/pasting, but I don't understand what this paragraph is saying. And whatever it's saying I'm not sure is true? I don't see why the order in which the routes are installed would matter.

pkg/ui/ui.go, line 127 at r3 (raw file):

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Println("hello from ")

stray

couchand
couchand approved these changes Oct 1, 2018
View reviewed changes
Copy link
Contributor

@couchand couchand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for getting to the bottom of this.

Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained

couchand
couchand approved these changes Oct 1, 2018
View reviewed changes
Copy link
Contributor

@couchand couchand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 4 files at r2, 3 of 3 files at r3.
Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained

Pete Vilter and others added 3 commits October 1, 2018 12:11
server/ui: move UI endpoint registration below SQL initialization
b351cf5 
HTTP requests are passed through an authentication mux, which checks
that the user is authenticated based on the cookies on the request. To
check authentication, the mux runs SQL to look up a session in the
system.web_sessions table.

Prior to this change, it was possible to hit the cluster with an HTTP
request which would cause the SQL to be run, before the SQL system was
fully initialized -- specifically before the cluster version setting was
initialized. This would crash the node.

This change delays installation of the authentication mux until after
the SQL system has been initialized, removing the possibility of this
crash.

Release note: None
@benesch
roachtest: teach cluster-init to reproduce startup crash
857ba8b 
Teach the cluster-init test to reproduce the crash during bootup
described in issue cockroachdb#25771. The trick is to send requests with a session
cookie, as the admin UI would, while the cluster is waiting for init.

Note that the crash was caused by the authenticationMux, which is used
to protect secure clusters, but this test uses an insecure cluster. This
is relying on a wart: an authenticationMux is installed for UI assets
whether or not the cluster is secure. This could change in the future. A
better test would use a secure cluster, however roachprod/roachtest do
not easily support that at this time, nor is it easy to write a unit
test that exercises the crash more robustly.

Release note: None
server: clean up authentication handler code a bit
b617f1c 
Including
- more comments
- rename `maybeAuthMux` to `authenticatedUIHandler`
- move `authHandler` down near where it's initialized

Release note: None
vilterp
vilterp commented Oct 1, 2018
View reviewed changes
Copy link
Contributor Author

@vilterp vilterp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained

pkg/server/server.go, line 1583 at r3 (raw file):

Previously, benesch (Nikhil Benesch) wrote…

I know you're just copy/pasting, but I don't understand what this paragraph is saying. And whatever it's saying I'm not sure is true? I don't see why the order in which the routes are installed would matter.

Removed. The order can matter when there is some time between registrations (as there used to be in this method) but that's not really what the comment is explaining. Not quite sure what I was thinking when I wrote it.

pkg/ui/ui.go, line 127 at r3 (raw file):

Previously, benesch (Nikhil Benesch) wrote…

stray

Done.

@vilterp
Copy link
Contributor Author

vilterp commented Oct 1, 2018
edited
Loading

TFTRs!

bors r+

craig bot pushed a commit that referenced this pull request Oct 1, 2018
@benesch
Merge #30746
ed94538 
30746: server/ui: fix crash caused by race in server initialization r=vilterp a=vilterp

Fixes #25771

See commits for details.

Co-authored-by: Pete Vilter <[email protected]>
Co-authored-by: Nikhil Benesch <[email protected]>
@craig
Copy link
Contributor

craig bot commented Oct 1, 2018

Build succeeded

@craig craig bot merged commit b617f1c into cockroachdb:master Oct 1, 2018
@vilterp vilterp mentioned this pull request Oct 1, 2018
Merged
@vilterp vilterp deleted the fix-ui-auth-mux-race branch October 1, 2018 16:40
couchand
couchand reviewed Oct 1, 2018
View reviewed changes
pkg/server/server.go
// assets are served up whether or not there is a session. If there is a session, the mux
// adds it to the context, and it is templated into index.html so that the UI can show
// the username of the currently-logged-in user.
authenticatedUIHandler := newAuthenticationMuxAllowAnonymous(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I think mux is more accurate than handler for this, since it's not handling any requests itself.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a handler wrapped in an auth mux (which fulfills the http.Handler) interface, which is passed to s.mux.Handle(path, http.Handler)… so ¯\_(ツ)_/¯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@couchand couchand couchand approved these changes

@benesch benesch benesch approved these changes

@tbg tbg Awaiting requested review from tbg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vilterp @cockroach-teamcity @couchand @benesch