fluent-plugin-secure-forward 0.0.4 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b51f31fdd96e025c02cc760ff62119649c41822b
-  data.tar.gz: 8e6173fe782e3fe9f1cb5f919c8f6eac6f43c455
+  metadata.gz: 36c52311efac9f5299e788cd59528b6b219235e1
+  data.tar.gz: 9bb3d35a955fb318be671af1a56699deb2ba48fc
 SHA512:
-  metadata.gz: f90bd6309c2b69c62133efe58fd7732c816c1256086ed681198dcc66d949095d3d3bc86fb78fc4e76ad7392ca1fe591d301bab6488a493aa81750eba266d76d1
-  data.tar.gz: ab9cef4259d0071e81fefbe389ffa4840a80bcc5f621f7b1e82bc79781b1278728c124807df925bec0ebfc4fc3e0405d5a6f98cae8331b864247fd6830d9b022
+  metadata.gz: 698ac45cf88865ba4246be9bd7bba7d61bf09f604f637874a9c012b861a6d42ae1b04c5d4fe365f08c3ca2175b1e6cae231ca19cd96b9af799604ed4ae22d088
+  data.tar.gz: a455211d078fd04730d4d7422c538f3fde4e7da8f39915580905a359c71fc3ba0b7a15090f73e840e374efd7612443cd998aeab0b7028ab098601c7a24cf6d3e

data/README.md

@@ -2,8 +2,6 @@
 
 Fluentd input/output plugin to forward fluentd messages over SSL with authentication.
 
-**CURRENT STATUS: HIGHLY EXPERIMENTAL**
-
 This plugin makes you to be able to:
 
  * protect your data from others in transferring with SSL
@@ -146,6 +144,19 @@ If server requires username/password, set `username` and `password` in `<server>
       </server>
     </match>
 
+To specify keepalive timeouts, use `keepalive` configuration with seconds. SSL connection will be disconnected and re-connected for each 1 hour with configuration below. In Default (and with `keepalive 0`), connections will not be disconnected without any communication troubles. (This feature is for dns name updates, and SSL common key refreshing.)
+
+    <match secret.data.**>
+      type secure_forward
+      shared_key secret_string
+      self_hostname client.fqdn.local
+      keepalive 3600
+      <server>
+        host server.fqdn.local  # or IP
+        # port 24284
+      </server>
+    </match>
+
 ## Senario (developer document)
 
 * server
@@ -230,7 +241,6 @@ CONSIDER RETURN ACK OR NOT
   * RDBMS, LDAP, or ...
   * Authentication by clients certificate
 * encryption algorithm option (output plugin)
-* balancing/failover (output plugin)
 * TESTS!
 
 * GET NEW MAINTAINER

data/example/client.conf

@@ -6,6 +6,7 @@
   type secure_forward
   self_hostname client
   shared_key hogeposxxx0
+  keepalive 30
   <server>
     host localhost
   </server>

data/fluent-plugin-secure-forward.gemspec

@@ -1,7 +1,7 @@
 # -*- encoding: utf-8 -*-
 Gem::Specification.new do |gem|
   gem.name          = "fluent-plugin-secure-forward"
-  gem.version       = "0.0.4"
+  gem.version       = "0.1.0"
   gem.authors       = ["TAGOMORI Satoshi"]
   gem.email         = ["tagomoris@gmail.com"]
   gem.summary       = %q{Fluentd input/output plugin to forward over SSL with authentications}

data/lib/fluent/plugin/out_secure_forward.rb

@@ -20,7 +20,7 @@ module Fluent
 
     config_param :shared_key, :string
 
-    # config_param :keepalive, :time, :default => 3600 # 0 means disable keepalive
+    config_param :keepalive, :time, :default => nil # nil/0 means disable keepalive
 
     config_param :send_timeout, :time, :default => 60
     # config_param :hard_timeout, :time, :default => 60
@@ -33,7 +33,7 @@ module Fluent
     config_param :read_interval_msec, :integer, :default => 50 # 50ms
     config_param :socket_interval_msec, :integer, :default => 200 # 200ms
 
-    config_param :reconnect_interval, :time, :default => 15
+    config_param :reconnect_interval, :time, :default => 5
 
     attr_reader :read_interval, :socket_interval
 
@@ -76,7 +76,10 @@ module Fluent
             raise Fluent::ConfigError, "host missing in <server>"
           end
           node_shared_key = element['shared_key'] || @shared_key
-          @nodes.push Node.new(self, node_shared_key, element)
+          node = Node.new(self, node_shared_key, element)
+          node.first_session = true
+          node.keepalive = @keepalive
+          @nodes.push node
         else
           raise Fluent::ConfigError, "unknown config tag name #{element.name}"
         end
@@ -123,25 +126,39 @@ module Fluent
     def node_watcher
       loop do
         sleep @reconnect_interval
-        $log.debug "in node health watcher"
+
+        $log.trace "in node health watcher"
+
         (0...(@nodes.size)).each do |i|
-          $log.debug "node health watcher for #{@nodes[i].host}"
-          if @nodes[i].state != :established
-            $log.info "dead connection found: #{@nodes[i].host}, reconnecting..."
-            node = @nodes[i]
-            @nodes[i] = node.dup
-            @nodes[i].start
+          $log.trace "node health watcher for #{@nodes[i].host}"
+
+          next if @nodes[i].established? && ! @nodes[i].expired?
+
+          $log.info "dead connection found: #{@nodes[i].host}, reconnecting..." unless @nodes[i].established?
+
+          node = @nodes[i]
+          $log.debug "reconnecting to node", :host => node.host, :port => node.port, :expire => node.expire, :expired => node.expired?
+
+          @nodes[i] = node.dup
+          @nodes[i].start
+          begin
             node.shutdown
+          rescue => e
+            $log.warn "error in shutdown of dead connection", :error_class => e.class, :error => e
           end
         end
       end
     end
 
     def shutdown
+      super
+
       @nodewatcher.kill
       @nodewatcher.join
+
       @nodes.each do |node|
-        node.shutdown
+        node.detach = true
+        node.join
       end
     end
 

data/lib/fluent/plugin/output_node.rb

@@ -11,6 +11,10 @@ class Fluent::SecureForwardOutput::Node
   attr_accessor :authentication, :keepalive
   attr_accessor :socket, :sslsession, :unpacker, :shared_key_salt, :state
 
+  attr_accessor :first_session, :detach
+
+  attr_reader :expire
+
   def initialize(sender, shared_key, conf)
     @sender = sender
     @shared_key = shared_key
@@ -22,7 +26,11 @@ class Fluent::SecureForwardOutput::Node
     @password = conf['password'] || ''
 
     @authentication = nil
+
     @keepalive = nil
+    @expire = nil
+    @first_session = false
+    @detach = false
 
     @socket = nil
     @sslsession = nil
@@ -65,10 +73,22 @@ class Fluent::SecureForwardOutput::Node
     $log.debug "error on node shutdown #{e.class}:#{e.message}"
   end
 
+  def join
+    @thread && @thread.join
+  end
+
   def established?
     @state == :established
   end
 
+  def expired?
+    if @keepalive.nil? || @keepalive == 0
+      false
+    else
+      @expire && @expire < Time.now
+    end
+  end
+
   def generate_salt
     OpenSSL::Random.random_bytes(16)
   end
@@ -81,7 +101,7 @@ class Fluent::SecureForwardOutput::Node
     end
     opts = message[1]
     @authentication = opts['auth']
-    @keepalive = opts['keepalive']
+    @allow_keepalive = opts['keepalive']
     true
   end
 
@@ -135,7 +155,6 @@ class Fluent::SecureForwardOutput::Node
 
     case @state
     when :helo
-      # TODO: log debug
       unless check_helo(data)
         $log.warn "received invalid helo message from #{@host}"
         self.shutdown
@@ -150,8 +169,10 @@ class Fluent::SecureForwardOutput::Node
         self.shutdown
         return
       end
-      $log.info "connection established to #{@host}"
+      $log.info "connection established to #{@host}" if @first_session
       @state = :established
+      @expire = Time.now + @keepalive if @keepalive && @keepalive > 0
+      $log.debug "connection established", :host => @host, :port => @port, :expire => @expire
     end
   end
 
@@ -209,6 +230,8 @@ class Fluent::SecureForwardOutput::Node
     socket_interval = @sender.socket_interval
 
     loop do
+      break if @detach
+
       begin
         while @sslsession.read_nonblock(read_length, buf)
           if buf == ''

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-secure-forward
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.1.0
 platform: ruby
 authors:
 - TAGOMORI Satoshi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-26 00:00:00.000000000 Z
+date: 2013-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd