porkadot 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d234a54eadea75f593857f0d1a697af8be3cb74c5a4b48bb42b19ec966a905ae
+  data.tar.gz: a62e0011627d9d7f5b93e34fadd8c76df6dc88496c7ff39b561d808880ac1570
+SHA512:
+  metadata.gz: e359ab5f970e9ed84d82c1210a4c74215bec8fb878a42b736add72a2c27771ab1c8fe3d36125387694b3ea84c626f5b5bbdcbc9bbcb25e0f47dfa6c54484c651
+  data.tar.gz: 1dda5458027c308e37832c74cd66b67422935c88968960b2ea017aa30aad2a6d39aa3ca2d3eaeb0d334431e4a2e50f4eb2e35bd43cca8b216eccab9c93a38c6b

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+/Gemfile.lock
+
+/*.log
+/.vagrant
+
+/assets

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.5.5
+before_install: gem install bundler -v 2.0.1

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in porkadot.gemspec
+gemspec

data/README.md

@@ -0,0 +1,35 @@
+# Porkadot
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/porkadot`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'porkadot'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install porkadot
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/yuanying/porkadot.

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task :default => :test

data/Vagrantfile

@@ -0,0 +1,63 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+public_key = nil
+[ENV['PORKA_PUBLIC_KEY'], "~/.ssh/id_rsa.pub", "~/.ssh/id_dsa.pub"].each do |p_key|
+  if p_key
+    p_key = File.expand_path(p_key)
+    if File.file?(p_key)
+      public_key = open(p_key).read
+      break
+    end
+  end
+end
+
+unless public_key
+  raise "Please specify ssh public key using following env: PORKA_PUBLIC_KEY"
+end
+
+SCRIPT = <<-EOF
+echo "#{public_key}" >> ~vagrant/.ssh/authorized_keys
+
+apt update
+apt install -y socat conntrack ipset
+EOF
+
+CNI_INSTALL = <<-EOF
+CNI_VERSION="v0.8.2"
+mkdir -p /opt/cni/bin
+curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
+EOF
+
+K8S_INSTALL = <<-EOF
+RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
+
+mkdir -p /opt/bin
+cd /opt/bin
+curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
+chmod +x {kubeadm,kubelet,kubectl}
+
+curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/kubelet.service" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service
+mkdir -p /etc/systemd/system/kubelet.service.d
+curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/10-kubeadm.conf" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+EOF
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "ubuntu/bionic64"
+  config.vm.box_check_update = true
+
+  [[:node01, 111], [:node02, 112], [:node03, 113], [:node04, 114]].each do |worker|
+    config.vm.define worker[0] do |w|
+      w.vm.hostname = worker[0].to_s
+      w.vm.provider "virtualbox" do |v, override|
+        v.customize ["modifyvm", :id, "--memory", "2048"]
+      end
+
+      w.vm.network :private_network, ip: "192.168.33.#{worker[1]}"
+      w.vm.provision "docker", images: ["busybox"]
+      w.vm.provision :shell, inline: SCRIPT
+      w.vm.provision :shell, inline: CNI_INSTALL
+      w.vm.provision :shell, inline: K8S_INSTALL
+    end
+  end
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "porkadot"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config/porkadot.yaml

@@ -0,0 +1,25 @@
+nodes:
+  node01:
+    hostname: 192.168.33.111
+    labels:
+      "k8s.unstable.cloud/master":
+      "etcd.unstable.cloud/member": node01
+    taints:
+      "node-role.kubernetes.io/master": :NoSchedule"
+      "etcd.unstable.cloud/member": node02
+  node02:
+    hostname: 192.168.33.112
+    labels:
+      "k8s.unstable.cloud/master":
+      "etcd.unstable.cloud/member": node03
+    taints:
+      "node-role.kubernetes.io/master": :NoSchedule"
+  node03:
+    hostname: 192.168.33.113
+  node04:
+    hostname: 192.168.33.114
+
+bootstrap: {}
+
+kubernetes:
+  control_plane_endpoint: '192.168.33.101:6443'

data/config/unstable.yaml

@@ -0,0 +1,49 @@
+nodes:
+  172.18.13.111:
+    labels:
+      "k8s.unstable.cloud/master":
+      "etcd.unstable.cloud/member": node01
+    taints:
+      "node-role.kubernetes.io/master": ":NoSchedule"
+  172.18.13.112:
+    labels:
+      "k8s.unstable.cloud/master":
+      "etcd.unstable.cloud/member": node02
+    taints:
+      "node-role.kubernetes.io/master": ":NoSchedule"
+  172.18.13.113:
+    labels:
+      "k8s.unstable.cloud/master":
+      "etcd.unstable.cloud/member": node03
+    taints:
+      "node-role.kubernetes.io/master": ":NoSchedule"
+  172.18.13.121:
+  172.18.13.122:
+  172.18.13.123:
+
+bootstrap:
+  node:
+    hostname: 172.18.13.121
+
+lb:
+  metallb:
+    config: |
+      address-pools:
+      - name: default
+        protocol: layer2
+        addresses:
+        - 172.18.13.101/32
+        - 172.18.13.140-172.18.13.200
+
+cni:
+  flannel:
+    backend: host-gw
+
+kubernetes:
+  kubernetes_version: v1.15.11
+  cluster_name: unstable
+  control_plane_endpoint: '172.18.13.101:6443'
+
+  proxy:
+    config:
+      mode: 'ipvs'

data/exe/porkadot

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'porkadot'
+
+puts Porkadot::Cmd::Cli.start(ARGV)

data/lib/porkadot/assets/bootstrap/bootstrap/kube-proxy-bootstrap.yaml.erb

@@ -0,0 +1 @@
+<%= global_config.k8s.proxy.proxy_config('/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml') %>

data/lib/porkadot/assets/bootstrap/bootstrap/kubeconfig-bootstrap.yaml.erb

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Config
+clusters:
+- name: kubernetes
+  cluster:
+    certificate-authority: /etc/kubernetes/bootstrap/secrets/kubernetes/ca.crt
+    server: https://127.0.0.1:<%= global_config.k8s.apiserver.bind_port %>
+users:
+- name: admin
+  user:
+    client-certificate: /etc/kubernetes/bootstrap/secrets/kubernetes/admin.crt
+    client-key: /etc/kubernetes/bootstrap/secrets/kubernetes/admin.key
+contexts:
+- context:
+    cluster: kubernetes
+    user: admin
+  name: admin-context
+current-context: admin-context

data/lib/porkadot/assets/bootstrap/cleanup.sh.erb

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -eu
+export LC_ALL=C
+ROOT=$(dirname "${BASH_SOURCE}")
+
+export KUBERNETES_PATH="/etc/kubernetes"
+export KUBERNETES_BOOTSTRAP_ASSETS_PATH="${KUBERNETES_PATH}/bootstrap"
+export KUBERNETES_MANIFESTS_PATH="${KUBERNETES_PATH}/manifests"
+
+rm -rf ${KUBERNETES_BOOTSTRAP_ASSETS_PATH}
+rm -rf ${KUBERNETES_MANIFESTS_PATH}/*.bootstrap.yaml

data/lib/porkadot/assets/bootstrap/install.sh.erb

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -eu
+export LC_ALL=C
+ROOT=$(dirname "${BASH_SOURCE}")
+
+export KUBERNETES_PATH="/etc/kubernetes"
+export KUBERNETES_BOOTSTRAP_ASSETS_PATH="${KUBERNETES_PATH}/bootstrap"
+export KUBERNETES_MANIFESTS_PATH="${KUBERNETES_PATH}/manifests"
+
+mkdir -p ${KUBERNETES_BOOTSTRAP_ASSETS_PATH}
+
+cp ${ROOT}/manifests/*.bootstrap.yaml ${KUBERNETES_MANIFESTS_PATH}/
+cp -r ${ROOT}/bootstrap/* ${KUBERNETES_BOOTSTRAP_ASSETS_PATH}/

data/lib/porkadot/assets/bootstrap/manifests/kube-apiserver.bootstrap.yaml.erb

@@ -0,0 +1,91 @@
+<% k8s = global_config.k8s -%>
+apiVersion: v1
+kind: Pod
+metadata:
+  name: bootstrap-kube-apiserver
+  namespace: kube-system
+  labels:
+    <%- labels = k8s.apiserver.labels.to_hash.dup -%>
+    <%- labels[:'app.kubernetes.io/instance'] = 'kube-apiserver-porkadot-bootstrap' -%>
+    <%- labels.each do |k, v| -%>
+    <%= k.to_s %>: <%= v %>
+    <%- end -%>
+spec:
+  hostNetwork: true
+  containers:
+  - name: kube-apiserver
+    resources:
+      requests:
+        cpu: 250m
+    image: <%= k8s.image_repository %>/kube-apiserver:<%= k8s.kubernetes_version %>
+    command:
+    - kube-apiserver
+    - --advertise-address=$(POD_IP)
+    - --allow-privileged
+    - --authorization-mode=Node,RBAC
+    - --bind-address=0.0.0.0
+    - --client-ca-file=/etc/kubernetes/secrets/kubernetes/ca.crt
+    - --enable-admission-plugins=NodeRestriction
+    - --enable-bootstrap-token-auth=true
+    - --etcd-cafile=/etc/kubernetes/secrets/etcd/ca.crt
+    - --etcd-certfile=/etc/kubernetes/secrets/etcd/etcd-client.crt
+    - --etcd-keyfile=/etc/kubernetes/secrets/etcd/etcd-client.key
+    - --etcd-servers=<%= global_config.etcd.advertise_client_urls.join(',') %>
+    - --kubelet-certificate-authority=/etc/kubernetes/secrets/kubernetes/ca.crt
+    - --kubelet-client-certificate=/etc/kubernetes/secrets/kubernetes/kubelet-client.crt
+    - --kubelet-client-key=/etc/kubernetes/secrets/kubernetes/kubelet-client.key
+    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
+    - --proxy-client-cert-file=/etc/kubernetes/secrets/kubernetes/front-proxy-client.crt
+    - --proxy-client-key-file=/etc/kubernetes/secrets/kubernetes/front-proxy-client.key
+    - --requestheader-allowed-names=front-proxy-client
+    - --requestheader-client-ca-file=/etc/kubernetes/secrets/kubernetes/front-proxy-ca.crt
+    - --requestheader-extra-headers-prefix=X-Remote-Extra-
+    - --requestheader-group-headers=X-Remote-Group
+    - --requestheader-username-headers=X-Remote-User
+    - --secure-port=<%= k8s.apiserver.bind_port %>
+    - --service-account-key-file=/etc/kubernetes/secrets/kubernetes/sa.pub
+    - --service-cluster-ip-range=<%= k8s.networking.service_subnet %>
+    - --storage-backend=etcd3
+    - --tls-cert-file=/etc/kubernetes/secrets/kubernetes/apiserver.crt
+    - --tls-private-key-file=/etc/kubernetes/secrets/kubernetes/apiserver.key
+    - --v=2
+    env:
+    - name: POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+    volumeMounts:
+    - mountPath: /etc/ca-certificates
+      name: etc-ca-certificates
+      readOnly: true
+    - mountPath: /etc/ssl/certs
+      name: ca-certs
+      readOnly: true
+    - mountPath: /usr/share/ca-certificates
+      name: usr-share-ca-certificates
+      readOnly: true
+    - mountPath: /etc/kubernetes/secrets
+      name: secrets
+      readOnly: true
+    - mountPath: /var/lock
+      name: var-lock
+      readOnly: false
+  volumes:
+  - name: secrets
+    hostPath:
+      path: /etc/kubernetes/bootstrap/secrets
+  - hostPath:
+      path: /etc/ssl/certs
+      type: DirectoryOrCreate
+    name: ca-certs
+  - hostPath:
+      path: /usr/share/ca-certificates
+      type: DirectoryOrCreate
+    name: usr-share-ca-certificates
+  - hostPath:
+      path: /etc/ca-certificates
+      type: DirectoryOrCreate
+    name: etc-ca-certificates
+  - name: var-lock
+    hostPath:
+      path: /var/lock

data/lib/porkadot/assets/bootstrap/manifests/kube-controller-manager.bootstrap.yaml.erb

@@ -0,0 +1,69 @@
+<% k8s = global_config.k8s -%>
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: bootstrap-kube-controller-manager
+  namespace: kube-system
+  labels:
+    <%- k8s.controller_manager.labels.each do |k, v| -%>
+    <%= k.to_s %>: <%= v %>
+    <%- end -%>
+spec:
+  containers:
+  - name: kube-controller-manager
+    image: <%= k8s.image_repository %>/kube-controller-manager:<%= k8s.kubernetes_version %>
+    command:
+    - kube-controller-manager
+    - --allocate-node-cidrs=true
+    - --cluster-cidr=<%= k8s.networking.pod_subnet %>
+    - --cluster-signing-cert-file=/etc/kubernetes/bootstrap/secrets/kubernetes/ca.crt
+    - --cluster-signing-key-file=/etc/kubernetes/bootstrap/secrets/kubernetes/ca.key
+    - --controllers=*,bootstrapsigner,tokencleaner
+    - --kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+    - --leader-elect=true
+    - --node-cidr-mask-size=24
+    - --root-ca-file=/etc/kubernetes/bootstrap/secrets/kubernetes/ca.crt
+    - --service-account-private-key-file=/etc/kubernetes/bootstrap/secrets/kubernetes/sa.key
+    - --use-service-account-credentials=true
+    - --v=2
+    volumeMounts:
+    - name: var-run-kubernetes
+      mountPath: /var/run/kubernetes
+    - name: kubernetes
+      mountPath: /etc/kubernetes
+      readOnly: true
+    - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
+      name: flexvolume-dir
+    - mountPath: /usr/share/ca-certificates
+      name: usr-share-ca-certificates
+      readOnly: true
+    - mountPath: /etc/ca-certificates
+      name: etc-ca-certificates
+      readOnly: true
+    - mountPath: /etc/ssl/certs
+      name: ca-certs
+      readOnly: true
+  hostNetwork: true
+  volumes:
+  - name: var-run-kubernetes
+    emptyDir: {}
+  - name: kubernetes
+    hostPath:
+      path: /etc/kubernetes
+  - hostPath:
+      path: /etc/ssl/certs
+      type: DirectoryOrCreate
+    name: ca-certs
+  - hostPath:
+      path: /var/lib/kubelet/volumeplugins
+      type: DirectoryOrCreate
+    name: flexvolume-dir
+  - hostPath:
+      path: /usr/share/ca-certificates
+      type: DirectoryOrCreate
+    name: usr-share-ca-certificates
+  - hostPath:
+      path: /etc/ca-certificates
+      type: DirectoryOrCreate
+    name: etc-ca-certificates

data/lib/porkadot/assets/bootstrap/manifests/kube-proxy.bootstrap.yaml.erb

@@ -0,0 +1,56 @@
+<% k8s = global_config.k8s -%>
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: bootstrap-kube-proxy
+  namespace: kube-system
+  labels:
+    tier: node
+    k8s-app: kube-proxy
+    <%- k8s.proxy.labels.each do |k, v| -%>
+    <%= k.to_s %>: <%= v %>
+    <%- end -%>
+spec:
+  containers:
+  - name: kube-proxy
+    image: <%= k8s.image_repository %>/kube-proxy:<%= k8s.kubernetes_version %>
+    imagePullPolicy: IfNotPresent
+    command:
+    - kube-proxy
+    - --config=/etc/kubernetes/bootstrap/kube-proxy-bootstrap.yaml
+    - --hostname-override=$(NODE_NAME)
+    env:
+      - name: NODE_NAME
+        valueFrom:
+          fieldRef:
+            fieldPath: spec.nodeName
+    securityContext:
+      privileged: true
+    volumeMounts:
+    - name: kubernetes
+      mountPath: /etc/kubernetes
+      readOnly: true
+    - mountPath: /run/xtables.lock
+      name: xtables-lock
+    - mountPath: /lib/modules
+      name: lib-modules
+      readOnly: true
+  hostNetwork: true
+  priorityClassName: system-node-critical
+  serviceAccountName: kube-proxy
+  tolerations:
+  - operator: Exists
+    effect: NoSchedule
+  volumes:
+  - hostPath:
+      path: /run/xtables.lock
+      type: FileOrCreate
+    name: xtables-lock
+  - hostPath:
+      path: /lib/modules
+      type: ""
+    name: lib-modules
+  - name: kubernetes
+    hostPath:
+      path: /etc/kubernetes

data/lib/porkadot/assets/bootstrap/manifests/kube-scheduler.bootstrap.yaml.erb

@@ -0,0 +1,31 @@
+<% k8s = global_config.k8s -%>
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: bootstrap-kube-scheduler
+  namespace: kube-system
+  labels:
+    <%- k8s.scheduler.labels.each do |k, v| -%>
+    <%= k.to_s %>: <%= v %>
+    <%- end -%>
+spec:
+  containers:
+  - name: kube-scheduler
+    image: <%= k8s.image_repository %>/kube-scheduler:<%= k8s.kubernetes_version %>
+    command:
+    - kube-scheduler
+    - --kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+    - --authentication-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+    - --authorization-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+    - --leader-elect=true
+    - --v=2
+    volumeMounts:
+    - name: kubernetes
+      mountPath: /etc/kubernetes
+      readOnly: true
+  hostNetwork: true
+  volumes:
+  - name: kubernetes
+    hostPath:
+      path: /etc/kubernetes

data/lib/porkadot/assets/bootstrap.rb

@@ -0,0 +1,52 @@
+require 'fileutils'
+
+module Porkadot; module Assets
+  class Bootstrap
+    include Porkadot::Assets
+    TEMPLATE_DIR = File.join(File.dirname(__FILE__), "bootstrap")
+    attr_reader :global_config
+    attr_reader :config
+    attr_reader :certs_config
+    attr_reader :logger
+
+    def initialize global_config
+      @global_config = global_config
+      @config = global_config.bootstrap
+      @certs_config = global_config.certs
+      @logger = global_config.logger
+    end
+
+    def render
+      logger.info "--> Rendering bootstrap manifests"
+      unless File.directory?(config.target_path)
+        FileUtils.mkdir_p(config.target_path)
+      end
+      render_secrets
+      render_erb 'bootstrap/kubeconfig-bootstrap.yaml'
+      render_erb 'bootstrap/kube-proxy-bootstrap.yaml'
+      render_manifests
+      render_erb 'install.sh'
+      render_erb 'cleanup.sh'
+    end
+
+    def render_secrets
+      logger.info "----> Secrets"
+      unless File.directory?(config.secrets_path)
+        FileUtils.mkdir_p(config.secrets_path)
+      end
+      FileUtils.cp_r(Dir.glob(File.join(certs_config.certs_root_dir, '*')), config.secrets_path)
+    end
+
+    def render_manifests
+      unless File.directory?(config.manifests_path)
+        FileUtils.mkdir_p(config.manifests_path)
+      end
+      render_erb 'manifests/kube-apiserver.bootstrap.yaml'
+      render_erb 'manifests/kube-controller-manager.bootstrap.yaml'
+      render_erb 'manifests/kube-scheduler.bootstrap.yaml'
+      render_erb 'manifests/kube-proxy.bootstrap.yaml'
+    end
+
+  end
+
+end; end

data/lib/porkadot/assets/certs/etcd.rb

@@ -0,0 +1,21 @@
+
+class Porkadot::Assets::Certs::Etcd
+  include Porkadot::Assets::CertsUtils
+  attr_reader :global_config
+  attr_reader :config
+  attr_reader :logger
+
+  def initialize global_config
+    @config = Porkadot::Configs::Certs::Etcd.new(global_config)
+    @logger = config.logger
+    @global_config = config.config
+  end
+
+  def ca_name
+    '/CN=kube-ca'
+  end
+
+  def client_name
+    '/CN=etcd-client'
+  end
+end

data/lib/porkadot/assets/certs/front_proxy.rb

@@ -0,0 +1,21 @@
+
+class Porkadot::Assets::Certs::FrontProxy
+  include Porkadot::Assets::CertsUtils
+  attr_reader :global_config
+  attr_reader :config
+  attr_reader :logger
+
+  def initialize global_config
+    @config = Porkadot::Configs::Certs::FrontProxy.new(global_config)
+    @logger = config.logger
+    @global_config = config.config
+  end
+
+  def ca_name
+    '/CN=front-proxy-ca'
+  end
+
+  def client_name
+    '/CN=aggregator-client'
+  end
+end