From 17b85cc015e66a98443197e141b948eee121f170 Mon Sep 17 00:00:00 2001 From: Dmitry Litvintsev Date: Mon, 28 Oct 2024 10:11:11 -0500 Subject: [PATCH] xroot: handle haproxy and checksum command Motivation: ---------- When using xrootd doors behind an HAProxy w/ `xrootd.enable.proxy-protocol=true` it has been discovered that ``` xrdcp --cksum adler32: ``` hangs after upload has completed and then eventually fails after a timeout. This is due to xrootd door repoting actual door address to the client. Modification: ------------- Return destination address (that is haproxy address) if `xrootd.enable.proxy-protocol=true` is set. Result: ------- ``` xrdcp --cksum adler32: ``` works as expected (and likely many other similar commands) Target: trunk Request: 10.* Request: 9.2 Patch: https://rb.dcache.org/r/14338/ Acked-by: Tigran Require-book: no Require-notes: yes Signed-off-by: Dmitry Litvintsev (cherry picked from commit e98ab942648f5b9e1eda4e1c08c3b7fe4588b08c) --- .../org/dcache/xrootd/door/NettyXrootdServer.java | 4 +++- .../dcache/xrootd/door/XrootdRedirectHandler.java | 15 +++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/NettyXrootdServer.java b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/NettyXrootdServer.java index d0be41298ad..5bace62290a 100644 --- a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/NettyXrootdServer.java +++ b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/NettyXrootdServer.java @@ -1,3 +1,4 @@ + package org.dcache.xrootd.door; import static org.dcache.xrootd.plugins.tls.SSLHandlerFactory.SERVER_TLS; @@ -286,7 +287,8 @@ protected void initChannel(Channel ch) throws Exception { } XrootdRedirectHandler handler = new XrootdRedirectHandler(_door, _rootPath, - _requestExecutor, _queryConfig, _appIoQueues); + _requestExecutor, _queryConfig, + _appIoQueues, _expectProxyProtocol); handler.setSigningPolicy(_signingPolicy); handler.setTlsSessionInfo(tlsSessionInfo); pipeline.addLast("redirector", handler); diff --git a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java index 3ad10d5aa14..5a3e6ca4ada 100644 --- a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java +++ b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java @@ -234,6 +234,7 @@ private Restriction computeRestriction(LoginReply reply) { private final Deque _logins; private final FsPath _rootPath; private final AtomicInteger openRetry = new AtomicInteger(0); + private boolean _expectProxy; /** * Custom entries for kXR_Qconfig requests. @@ -247,9 +248,13 @@ private Restriction computeRestriction(LoginReply reply) { */ private volatile Thread onOpenThread; - public XrootdRedirectHandler(XrootdDoor door, FsPath rootPath, ExecutorService executor, - Map queryConfig, - Map appIoQueues) { + public XrootdRedirectHandler(XrootdDoor door, + FsPath rootPath, + ExecutorService executor, + Map queryConfig, + Map appIoQueues, + boolean expectProxy + ) { super(executor); _door = door; _rootPath = rootPath; @@ -257,6 +262,7 @@ public XrootdRedirectHandler(XrootdDoor door, FsPath rootPath, ExecutorService e _appIoQueues = appIoQueues; _defaultLoginSessionInfo = new LoginSessionInfo(Restrictions.denyAll()); _logins = new ArrayDeque<>(2); + _expectProxy = expectProxy; } @Override @@ -516,7 +522,8 @@ private InetSocketAddress localAddress() { * Use the advertised endpoint, if possble, otherwise fall back to the * address to which the client connected. */ - return _door.publicEndpoint().orElse(getDestinationAddress()); + return _expectProxy ? getDestinationAddress() : + _door.publicEndpoint().orElse(getDestinationAddress()); } /**