fluent-plugin-secure-forward 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0129c03cd79fb35962e3b4106ce6065a91a7c3a0
|
4
|
+
data.tar.gz: f1138674a8cb6be47aab0eb9215472a8984e8b3b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a44b920b0e142947d94d4869efd3bf8d1d34f43ca6d545382894201cbf153ab6c3a9287633e5243b9795cb64c62072c3cc1951e6256005eefecae86861d3e26a
|
7
|
+
data.tar.gz: b972a083ada6760f7968b425b87322123a0f081926f6670f87a8ff4058f6e2d11be06b2657009b5cecd6ab9c1b6057b2df0139e3be04ba064e2b8fa9782597b4
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
2
|
Gem::Specification.new do |gem|
|
3
3
|
gem.name = "fluent-plugin-secure-forward"
|
4
|
-
gem.version = "0.2.
|
4
|
+
gem.version = "0.2.3"
|
5
5
|
gem.authors = ["TAGOMORI Satoshi"]
|
6
6
|
gem.email = ["tagomoris@gmail.com"]
|
7
7
|
gem.summary = %q{Fluentd input/output plugin to forward over SSL with authentications}
|
@@ -38,15 +38,16 @@ module Fluent
|
|
38
38
|
|
39
39
|
attr_reader :read_interval, :socket_interval
|
40
40
|
|
41
|
+
config_section :server, param_name: :servers do
|
42
|
+
config_param :host, :string
|
43
|
+
config_param :hostlabel, :string, default: nil
|
44
|
+
config_param :port, :integer, default: DEFAULT_SECURE_CONNECT_PORT
|
45
|
+
config_param :shared_key, :string, default: nil
|
46
|
+
config_param :username, :string, default: ''
|
47
|
+
config_param :password, :string, default: ''
|
48
|
+
config_param :standby, :bool, default: false
|
49
|
+
end
|
41
50
|
attr_reader :nodes
|
42
|
-
# <server>
|
43
|
-
# host ipaddr/hostname
|
44
|
-
# hostlabel labelname # certification common name
|
45
|
-
# port 24284
|
46
|
-
# shared_key .... # optional shared key
|
47
|
-
# username name # if required
|
48
|
-
# password pass # if required
|
49
|
-
# </server>
|
50
51
|
|
51
52
|
attr_reader :hostname_resolver
|
52
53
|
|
@@ -73,25 +74,17 @@ module Fluent
|
|
73
74
|
@read_interval = @read_interval_msec / 1000.0
|
74
75
|
@socket_interval = @socket_interval_msec / 1000.0
|
75
76
|
|
76
|
-
# read <server> tags and set to nodes
|
77
77
|
@nodes = []
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
node.first_session = true
|
87
|
-
node.keepalive = @keepalive
|
88
|
-
@nodes.push node
|
89
|
-
when 'secondary'
|
90
|
-
# ignore
|
91
|
-
else
|
92
|
-
raise Fluent::ConfigError, "unknown config tag name #{element.name}"
|
93
|
-
end
|
78
|
+
@servers.each do |server|
|
79
|
+
node = Node.new(self, server)
|
80
|
+
node.first_session = true
|
81
|
+
@nodes.push node
|
82
|
+
end
|
83
|
+
|
84
|
+
if @num_threads > @nodes.select{|n| not n.standby}.size
|
85
|
+
log.warn "Too many num_threads for secure-forward: threads should be smaller or equal to non standby servers"
|
94
86
|
end
|
87
|
+
|
95
88
|
@next_node = 0
|
96
89
|
@mutex = Mutex.new
|
97
90
|
|
@@ -110,7 +103,10 @@ module Fluent
|
|
110
103
|
@next_node += 1
|
111
104
|
@next_node = 0 if @next_node >= nodes
|
112
105
|
|
113
|
-
|
106
|
+
if n && n.established? && (! n.tained?) && (! n.detached?) && (!n.standby || permit_standby)
|
107
|
+
n.tain!
|
108
|
+
return n
|
109
|
+
end
|
114
110
|
|
115
111
|
tries += 1
|
116
112
|
end
|
@@ -181,7 +177,7 @@ module Fluent
|
|
181
177
|
end
|
182
178
|
|
183
179
|
log.trace "old connection shutting down"
|
184
|
-
oldconn.
|
180
|
+
oldconn.detach! if oldconn # connection object doesn't raise any exceptions
|
185
181
|
log.trace "old connection shutted down"
|
186
182
|
|
187
183
|
reconnectings[i] = nil
|
@@ -196,7 +192,7 @@ module Fluent
|
|
196
192
|
timeout_conn = reconnectings[i][:conn]
|
197
193
|
log.debug "SSL connection is not established until timemout", :host => timeout_conn.host, :port => timeout_conn.port, :timeout => @established_timeout
|
198
194
|
reconnectings[i] = nil
|
199
|
-
timeout_conn.
|
195
|
+
timeout_conn.detach! if timeout_conn # connection object doesn't raise any exceptions
|
200
196
|
end
|
201
197
|
end
|
202
198
|
end
|
@@ -208,7 +204,7 @@ module Fluent
|
|
208
204
|
@nodewatcher.join
|
209
205
|
|
210
206
|
@nodes.each do |node|
|
211
|
-
node.detach
|
207
|
+
node.detach!
|
212
208
|
node.join
|
213
209
|
end
|
214
210
|
end
|
@@ -222,13 +218,11 @@ module Fluent
|
|
222
218
|
|
223
219
|
begin
|
224
220
|
send_data(node, tag, es)
|
221
|
+
node.release!
|
225
222
|
rescue Errno::EPIPE, IOError, OpenSSL::SSL::SSLError => e
|
226
223
|
log.warn "Failed to send messages to #{node.host}, parging.", :error_class => e.class, :error => e
|
227
|
-
|
228
|
-
|
229
|
-
rescue => e2
|
230
|
-
# ignore all errors
|
231
|
-
end
|
224
|
+
node.release!
|
225
|
+
node.detach!
|
232
226
|
|
233
227
|
raise # to retry #write_objects
|
234
228
|
end
|
@@ -16,20 +16,23 @@ class Fluent::SecureForwardOutput::Node
|
|
16
16
|
|
17
17
|
attr_reader :expire
|
18
18
|
|
19
|
-
def initialize(sender,
|
19
|
+
def initialize(sender, conf)
|
20
20
|
@sender = sender
|
21
|
-
@shared_key = shared_key
|
21
|
+
@shared_key = conf.shared_key || sender.shared_key
|
22
22
|
|
23
|
-
@host = conf
|
24
|
-
@port =
|
25
|
-
@hostlabel = conf
|
26
|
-
@username = conf
|
27
|
-
@password = conf
|
28
|
-
@standby = conf.
|
23
|
+
@host = conf.host
|
24
|
+
@port = conf.port
|
25
|
+
@hostlabel = conf.hostlabel || conf.host
|
26
|
+
@username = conf.username
|
27
|
+
@password = conf.password
|
28
|
+
@standby = conf.standby
|
29
|
+
|
30
|
+
@keepalive = sender.keepalive
|
29
31
|
|
30
32
|
@authentication = nil
|
31
33
|
|
32
|
-
@
|
34
|
+
@writing = false
|
35
|
+
|
33
36
|
@expire = nil
|
34
37
|
@first_session = false
|
35
38
|
@detach = false
|
@@ -50,10 +53,8 @@ class Fluent::SecureForwardOutput::Node
|
|
50
53
|
def dup
|
51
54
|
renewed = self.class.new(
|
52
55
|
@sender,
|
53
|
-
@shared_key,
|
54
|
-
{'host' => @host, 'port' => @port, 'hostlabel' => @hostlabel, 'username' => @username, 'password' => @password}
|
56
|
+
Fluent::Config::Section.new({host: @host, port: @port, hostlabel: @hostlabel, username: @username, password: @password, shared_key: @shared_key, standby: @standby})
|
55
57
|
)
|
56
|
-
renewed.keepalive = @keepalive if @keepalive
|
57
58
|
renewed
|
58
59
|
end
|
59
60
|
|
@@ -63,6 +64,27 @@ class Fluent::SecureForwardOutput::Node
|
|
63
64
|
# @thread.abort_on_exception = true
|
64
65
|
end
|
65
66
|
|
67
|
+
def detach!
|
68
|
+
@detach = true
|
69
|
+
end
|
70
|
+
|
71
|
+
def detached?
|
72
|
+
@detach
|
73
|
+
end
|
74
|
+
|
75
|
+
def tain!
|
76
|
+
raise RuntimeError, "BUG: taining detached node" if @detach
|
77
|
+
@writing = true
|
78
|
+
end
|
79
|
+
|
80
|
+
def tained?
|
81
|
+
@writing
|
82
|
+
end
|
83
|
+
|
84
|
+
def release!
|
85
|
+
@writing = false
|
86
|
+
end
|
87
|
+
|
66
88
|
def shutdown
|
67
89
|
log.debug "shutting down node #{@host}"
|
68
90
|
@state = :closed
|
@@ -273,6 +295,9 @@ class Fluent::SecureForwardOutput::Node
|
|
273
295
|
break
|
274
296
|
end
|
275
297
|
end
|
298
|
+
while @writing
|
299
|
+
sleep read_interval
|
300
|
+
end
|
276
301
|
self.shutdown
|
277
302
|
end
|
278
303
|
end
|
@@ -27,4 +27,72 @@ class SecureForwardOutputTest < Test::Unit::TestCase
|
|
27
27
|
CONFIG
|
28
28
|
end
|
29
29
|
|
30
|
+
def test_configure_standby_server
|
31
|
+
p1 = nil
|
32
|
+
assert_nothing_raised { p1 = create_driver(<<CONFIG).instance }
|
33
|
+
type secure_forward
|
34
|
+
shared_key secret_string
|
35
|
+
self_hostname client.fqdn.local
|
36
|
+
keepalive 1m
|
37
|
+
<server>
|
38
|
+
host server1.fqdn.local
|
39
|
+
</server>
|
40
|
+
<server>
|
41
|
+
host server2.fqdn.local
|
42
|
+
hostlabel server2
|
43
|
+
</server>
|
44
|
+
<server>
|
45
|
+
host server1.fqdn.local
|
46
|
+
hostlabel server1
|
47
|
+
port 24285
|
48
|
+
shared_key secret_string_more
|
49
|
+
standby
|
50
|
+
</server>
|
51
|
+
CONFIG
|
52
|
+
assert_equal 3, p1.servers.size
|
53
|
+
assert_equal 3, p1.nodes.size
|
54
|
+
|
55
|
+
assert_equal 'server1.fqdn.local', p1.nodes[0].host
|
56
|
+
assert_equal 'server1.fqdn.local', p1.nodes[0].hostlabel
|
57
|
+
assert_equal 24284, p1.nodes[0].port
|
58
|
+
assert_equal false, p1.nodes[0].standby
|
59
|
+
assert_equal 'secret_string', p1.nodes[0].shared_key
|
60
|
+
assert_equal 60, p1.nodes[0].keepalive
|
61
|
+
|
62
|
+
assert_equal 'server2.fqdn.local', p1.nodes[1].host
|
63
|
+
assert_equal 'server2', p1.nodes[1].hostlabel
|
64
|
+
assert_equal 24284, p1.nodes[1].port
|
65
|
+
assert_equal false, p1.nodes[1].standby
|
66
|
+
assert_equal 'secret_string', p1.nodes[1].shared_key
|
67
|
+
assert_equal 60, p1.nodes[1].keepalive
|
68
|
+
|
69
|
+
assert_equal 'server1.fqdn.local', p1.nodes[2].host
|
70
|
+
assert_equal 'server1', p1.nodes[2].hostlabel
|
71
|
+
assert_equal 24285, p1.nodes[2].port
|
72
|
+
assert_equal true, p1.nodes[2].standby
|
73
|
+
assert_equal 'secret_string_more', p1.nodes[2].shared_key
|
74
|
+
assert_equal 60, p1.nodes[2].keepalive
|
75
|
+
end
|
76
|
+
|
77
|
+
def test_configure_standby_server
|
78
|
+
p1 = nil
|
79
|
+
assert_nothing_raised { p1 = create_driver(<<CONFIG).instance }
|
80
|
+
type secure_forward
|
81
|
+
shared_key secret_string
|
82
|
+
self_hostname client.fqdn.local
|
83
|
+
num_threads 3
|
84
|
+
<server>
|
85
|
+
host server1.fqdn.local
|
86
|
+
</server>
|
87
|
+
<server>
|
88
|
+
host server2.fqdn.local
|
89
|
+
</server>
|
90
|
+
<server>
|
91
|
+
host server3.fqdn.local
|
92
|
+
standby
|
93
|
+
</server>
|
94
|
+
CONFIG
|
95
|
+
assert_equal 3, p1.num_threads
|
96
|
+
assert_equal 1, p1.log.logs.select{|line| line =~ /\[warn\]: Too many num_threads for secure-forward:/}.size
|
97
|
+
end
|
30
98
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-secure-forward
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- TAGOMORI Satoshi
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-10-
|
11
|
+
date: 2014-10-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|