fluent-plugin-secure-forward 0.0.4 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +13 -3
- data/example/client.conf +1 -0
- data/fluent-plugin-secure-forward.gemspec +1 -1
- data/lib/fluent/plugin/out_secure_forward.rb +28 -11
- data/lib/fluent/plugin/output_node.rb +26 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 36c52311efac9f5299e788cd59528b6b219235e1
|
|
4
|
+
data.tar.gz: 9bb3d35a955fb318be671af1a56699deb2ba48fc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 698ac45cf88865ba4246be9bd7bba7d61bf09f604f637874a9c012b861a6d42ae1b04c5d4fe365f08c3ca2175b1e6cae231ca19cd96b9af799604ed4ae22d088
|
|
7
|
+
data.tar.gz: a455211d078fd04730d4d7422c538f3fde4e7da8f39915580905a359c71fc3ba0b7a15090f73e840e374efd7612443cd998aeab0b7028ab098601c7a24cf6d3e
|
data/README.md
CHANGED
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
Fluentd input/output plugin to forward fluentd messages over SSL with authentication.
|
|
4
4
|
|
|
5
|
-
**CURRENT STATUS: HIGHLY EXPERIMENTAL**
|
|
6
|
-
|
|
7
5
|
This plugin makes you to be able to:
|
|
8
6
|
|
|
9
7
|
* protect your data from others in transferring with SSL
|
|
@@ -146,6 +144,19 @@ If server requires username/password, set `username` and `password` in `<server>
|
|
|
146
144
|
</server>
|
|
147
145
|
</match>
|
|
148
146
|
|
|
147
|
+
To specify keepalive timeouts, use `keepalive` configuration with seconds. SSL connection will be disconnected and re-connected for each 1 hour with configuration below. In Default (and with `keepalive 0`), connections will not be disconnected without any communication troubles. (This feature is for dns name updates, and SSL common key refreshing.)
|
|
148
|
+
|
|
149
|
+
<match secret.data.**>
|
|
150
|
+
type secure_forward
|
|
151
|
+
shared_key secret_string
|
|
152
|
+
self_hostname client.fqdn.local
|
|
153
|
+
keepalive 3600
|
|
154
|
+
<server>
|
|
155
|
+
host server.fqdn.local # or IP
|
|
156
|
+
# port 24284
|
|
157
|
+
</server>
|
|
158
|
+
</match>
|
|
159
|
+
|
|
149
160
|
## Senario (developer document)
|
|
150
161
|
|
|
151
162
|
* server
|
|
@@ -230,7 +241,6 @@ CONSIDER RETURN ACK OR NOT
|
|
|
230
241
|
* RDBMS, LDAP, or ...
|
|
231
242
|
* Authentication by clients certificate
|
|
232
243
|
* encryption algorithm option (output plugin)
|
|
233
|
-
* balancing/failover (output plugin)
|
|
234
244
|
* TESTS!
|
|
235
245
|
|
|
236
246
|
* GET NEW MAINTAINER
|
data/example/client.conf
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
|
2
2
|
Gem::Specification.new do |gem|
|
|
3
3
|
gem.name = "fluent-plugin-secure-forward"
|
|
4
|
-
gem.version = "0.0
|
|
4
|
+
gem.version = "0.1.0"
|
|
5
5
|
gem.authors = ["TAGOMORI Satoshi"]
|
|
6
6
|
gem.email = ["tagomoris@gmail.com"]
|
|
7
7
|
gem.summary = %q{Fluentd input/output plugin to forward over SSL with authentications}
|
|
@@ -20,7 +20,7 @@ module Fluent
|
|
|
20
20
|
|
|
21
21
|
config_param :shared_key, :string
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
config_param :keepalive, :time, :default => nil # nil/0 means disable keepalive
|
|
24
24
|
|
|
25
25
|
config_param :send_timeout, :time, :default => 60
|
|
26
26
|
# config_param :hard_timeout, :time, :default => 60
|
|
@@ -33,7 +33,7 @@ module Fluent
|
|
|
33
33
|
config_param :read_interval_msec, :integer, :default => 50 # 50ms
|
|
34
34
|
config_param :socket_interval_msec, :integer, :default => 200 # 200ms
|
|
35
35
|
|
|
36
|
-
config_param :reconnect_interval, :time, :default =>
|
|
36
|
+
config_param :reconnect_interval, :time, :default => 5
|
|
37
37
|
|
|
38
38
|
attr_reader :read_interval, :socket_interval
|
|
39
39
|
|
|
@@ -76,7 +76,10 @@ module Fluent
|
|
|
76
76
|
raise Fluent::ConfigError, "host missing in <server>"
|
|
77
77
|
end
|
|
78
78
|
node_shared_key = element['shared_key'] || @shared_key
|
|
79
|
-
|
|
79
|
+
node = Node.new(self, node_shared_key, element)
|
|
80
|
+
node.first_session = true
|
|
81
|
+
node.keepalive = @keepalive
|
|
82
|
+
@nodes.push node
|
|
80
83
|
else
|
|
81
84
|
raise Fluent::ConfigError, "unknown config tag name #{element.name}"
|
|
82
85
|
end
|
|
@@ -123,25 +126,39 @@ module Fluent
|
|
|
123
126
|
def node_watcher
|
|
124
127
|
loop do
|
|
125
128
|
sleep @reconnect_interval
|
|
126
|
-
|
|
129
|
+
|
|
130
|
+
$log.trace "in node health watcher"
|
|
131
|
+
|
|
127
132
|
(0...(@nodes.size)).each do |i|
|
|
128
|
-
$log.
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
133
|
+
$log.trace "node health watcher for #{@nodes[i].host}"
|
|
134
|
+
|
|
135
|
+
next if @nodes[i].established? && ! @nodes[i].expired?
|
|
136
|
+
|
|
137
|
+
$log.info "dead connection found: #{@nodes[i].host}, reconnecting..." unless @nodes[i].established?
|
|
138
|
+
|
|
139
|
+
node = @nodes[i]
|
|
140
|
+
$log.debug "reconnecting to node", :host => node.host, :port => node.port, :expire => node.expire, :expired => node.expired?
|
|
141
|
+
|
|
142
|
+
@nodes[i] = node.dup
|
|
143
|
+
@nodes[i].start
|
|
144
|
+
begin
|
|
134
145
|
node.shutdown
|
|
146
|
+
rescue => e
|
|
147
|
+
$log.warn "error in shutdown of dead connection", :error_class => e.class, :error => e
|
|
135
148
|
end
|
|
136
149
|
end
|
|
137
150
|
end
|
|
138
151
|
end
|
|
139
152
|
|
|
140
153
|
def shutdown
|
|
154
|
+
super
|
|
155
|
+
|
|
141
156
|
@nodewatcher.kill
|
|
142
157
|
@nodewatcher.join
|
|
158
|
+
|
|
143
159
|
@nodes.each do |node|
|
|
144
|
-
node.
|
|
160
|
+
node.detach = true
|
|
161
|
+
node.join
|
|
145
162
|
end
|
|
146
163
|
end
|
|
147
164
|
|
|
@@ -11,6 +11,10 @@ class Fluent::SecureForwardOutput::Node
|
|
|
11
11
|
attr_accessor :authentication, :keepalive
|
|
12
12
|
attr_accessor :socket, :sslsession, :unpacker, :shared_key_salt, :state
|
|
13
13
|
|
|
14
|
+
attr_accessor :first_session, :detach
|
|
15
|
+
|
|
16
|
+
attr_reader :expire
|
|
17
|
+
|
|
14
18
|
def initialize(sender, shared_key, conf)
|
|
15
19
|
@sender = sender
|
|
16
20
|
@shared_key = shared_key
|
|
@@ -22,7 +26,11 @@ class Fluent::SecureForwardOutput::Node
|
|
|
22
26
|
@password = conf['password'] || ''
|
|
23
27
|
|
|
24
28
|
@authentication = nil
|
|
29
|
+
|
|
25
30
|
@keepalive = nil
|
|
31
|
+
@expire = nil
|
|
32
|
+
@first_session = false
|
|
33
|
+
@detach = false
|
|
26
34
|
|
|
27
35
|
@socket = nil
|
|
28
36
|
@sslsession = nil
|
|
@@ -65,10 +73,22 @@ class Fluent::SecureForwardOutput::Node
|
|
|
65
73
|
$log.debug "error on node shutdown #{e.class}:#{e.message}"
|
|
66
74
|
end
|
|
67
75
|
|
|
76
|
+
def join
|
|
77
|
+
@thread && @thread.join
|
|
78
|
+
end
|
|
79
|
+
|
|
68
80
|
def established?
|
|
69
81
|
@state == :established
|
|
70
82
|
end
|
|
71
83
|
|
|
84
|
+
def expired?
|
|
85
|
+
if @keepalive.nil? || @keepalive == 0
|
|
86
|
+
false
|
|
87
|
+
else
|
|
88
|
+
@expire && @expire < Time.now
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
72
92
|
def generate_salt
|
|
73
93
|
OpenSSL::Random.random_bytes(16)
|
|
74
94
|
end
|
|
@@ -81,7 +101,7 @@ class Fluent::SecureForwardOutput::Node
|
|
|
81
101
|
end
|
|
82
102
|
opts = message[1]
|
|
83
103
|
@authentication = opts['auth']
|
|
84
|
-
@
|
|
104
|
+
@allow_keepalive = opts['keepalive']
|
|
85
105
|
true
|
|
86
106
|
end
|
|
87
107
|
|
|
@@ -135,7 +155,6 @@ class Fluent::SecureForwardOutput::Node
|
|
|
135
155
|
|
|
136
156
|
case @state
|
|
137
157
|
when :helo
|
|
138
|
-
# TODO: log debug
|
|
139
158
|
unless check_helo(data)
|
|
140
159
|
$log.warn "received invalid helo message from #{@host}"
|
|
141
160
|
self.shutdown
|
|
@@ -150,8 +169,10 @@ class Fluent::SecureForwardOutput::Node
|
|
|
150
169
|
self.shutdown
|
|
151
170
|
return
|
|
152
171
|
end
|
|
153
|
-
$log.info "connection established to #{@host}"
|
|
172
|
+
$log.info "connection established to #{@host}" if @first_session
|
|
154
173
|
@state = :established
|
|
174
|
+
@expire = Time.now + @keepalive if @keepalive && @keepalive > 0
|
|
175
|
+
$log.debug "connection established", :host => @host, :port => @port, :expire => @expire
|
|
155
176
|
end
|
|
156
177
|
end
|
|
157
178
|
|
|
@@ -209,6 +230,8 @@ class Fluent::SecureForwardOutput::Node
|
|
|
209
230
|
socket_interval = @sender.socket_interval
|
|
210
231
|
|
|
211
232
|
loop do
|
|
233
|
+
break if @detach
|
|
234
|
+
|
|
212
235
|
begin
|
|
213
236
|
while @sslsession.read_nonblock(read_length, buf)
|
|
214
237
|
if buf == ''
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-secure-forward
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- TAGOMORI Satoshi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-07-
|
|
11
|
+
date: 2013-07-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|