port-authority 0.4.2 → 0.4.3

checksums.yaml

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: e29bbb93c31d6ecff7d9931333bda2b6d5b70f04
-  data.tar.gz: e964daf7b9d98e1f93efe3737e96e09c1a9f33f6
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    YjA2NzA1NWY3MjM5ZjE2NWFkZmE4NjdkOWFjMWU4NmU4M2E5M2QyMQ==
+  data.tar.gz: !binary |-
+    Y2FlNTQ0OWI0ZmY4YmE3NzhhMDI1NjZlZTlhNjZiZTNjYjdiYzliNQ==
 SHA512:
-  metadata.gz: 22a89d416d76f7797f51ee1425ca00cd11df6bbc0062940db3cf891d36b08b19019b31580fb01b6abee0bbfc9c26e3d86f3ad005708965904d351f49e634e69f
-  data.tar.gz: 450d1ca0945399efed8020a21f027c7334854689d986e5804fec9807efc4688aed154b5dfa7db59a2a232ea3f5ecdcfe7c94577375676d630579765eb5c875aa
+  metadata.gz: !binary |-
+    NmRjZGE4MDZiZjhiM2ZmZGM3ODVjMjZmZTIzOWE2ZGJmMjQ3ZGY3MzE5YmQ1
+    OTVlNjJmMzkwYjhlYjg4MDFiYzFmNmZhYzFhNDdkOWUxYmQ4MTZjMjU2NzUx
+    NzA5MGI3MTlmYzA5MDdlOGJlMGQxMzBlMzEzNTY0YWI3ZTAyYzc=
+  data.tar.gz: !binary |-
+    MDQ4YTc0NDIzMDBlZjRiNzVjYTNjMTIwMWZlYjg2YzBiODkyNmQ0ZGJjOTli
+    MmZjNDk0NGE1OTZkNjY0MzBkYzc0NjdlMmVjMmRkZDA1OTQ2NTUwNDc3Y2I4
+    NmFjNzQ1NDYwNzEwMDdhMDMxOTIwYjc4YTI1OGI3ZGIwMWRmOWI=

data/bin/pa-manager

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require 'port-authority/manager/app'
+PortAuthority::Manager::App.new('pa-manager').run

data/lib/port-authority/manager/app.rb

@@ -0,0 +1,153 @@
+# rubocop:disable MethodLength, CyclomaticComplexity, Metrics/BlockNesting, Metrics/LineLength, Metrics/AbcSize, Metrics/PerceivedComplexity
+require 'ipaddr'
+require 'port-authority'
+require 'port-authority/util/vip'
+require 'port-authority/util/etcd'
+require 'port-authority/util/loadbalancer'
+require 'port-authority/manager/init'
+require 'port-authority/manager/threads/icmp'
+require 'port-authority/manager/threads/swarm'
+
+module PortAuthority
+  module Manager
+    ##
+    # Port Authority Manager - manages floating VIP and lb placement
+    #
+    class App < PortAuthority::Manager::Init
+      include PortAuthority::Util::Etcd
+      include PortAuthority::Util::Vip
+      include PortAuthority::Util::LoadBalancer
+      include PortAuthority::Manager::Threads
+
+      def run
+        # exit if not root
+        if Process.euid != 0
+          alert 'must run under root user!'
+          exit! 1
+        end
+
+        Signal.trap('USR1') { @lb_update_hook = true }
+
+        # prepare semaphores
+        @semaphore.merge!(swarm: Mutex.new, icmp: Mutex.new)
+
+        # prepare threads
+        @thread = {icmp: thread_icmp,swarm: thread_swarm}
+
+        # prepare status vars
+        @status_swarm = false
+        @status_icmp = false
+
+        # start threads
+        @thread.each_value(&:run)
+
+        # setup docker client
+        lb_docker_setup! || @exit = true
+
+        # prepare container with load-balancer
+        lb_create!
+
+        # wait for threads to make sure they gather something
+        debug 'waiting for threads to gather something...'
+        sleep @config[:vip][:interval]
+        first_cycle = true
+        status_time = Time.now.to_i - 60
+
+        # main loop
+        until @exit
+          # initialize local state vars on first iteration
+          status_swarm = status_icmp = false if first_cycle
+
+          if @lb_update_hook
+            notice 'updating LB image'
+            lb_update!
+          end
+
+          # iteration interval
+          sleep @config[:vip][:interval]
+
+          # sync state to local variables
+          @semaphore[:icmp].synchronize { status_icmp = @status_icmp }
+          @semaphore[:swarm].synchronize { status_swarm = @status_swarm }
+
+          # the logic (should be self-explanatory ;))
+          if status_swarm
+            debug 'i am the leader'
+            if got_vip?
+              debug 'got VIP, that is OK'
+            else
+              info 'no VIP here, checking whether it is free'
+              if status_icmp
+                info 'VIP is still up! (ICMP)'
+                # FIXME: notify by sensu client socket
+              else
+                # FIXME: proper arping handling
+                # info 'VIP is unreachable by ICMP, checking for duplicates on L2'
+                # if vip_dup?
+                #   info 'VIP is still assigned! (ARP)'
+                #   # FIXME: notify by sensu client socket
+                # else
+                #   info 'VIP is free :) assigning'
+                #   vip_handle! status_swarm
+                #   info 'updating other hosts about change'
+                #   vip_update_arp!
+                # end
+                notice 'VIP is free :) assigning'
+                vip_handle! status_swarm
+                notice 'updating other hosts about change'
+                vip_update_arp!
+              end
+            end
+            if lb_up?
+              debug 'load-balancer is up, that is OK'
+            else
+              notice 'load-balancer is down, starting'
+              lb_start!
+            end
+          else
+            debug 'i am not the leader'
+            if got_vip?
+              notice 'i got VIP and should not, removing'
+              vip_handle! status_swarm
+              notice 'updating other hosts about change'
+              vip_update_arp!
+            else
+              debug 'no VIP here, that is OK'
+            end
+            if lb_up?
+              notice 'load-balancer is up, stopping'
+              lb_stop!
+            else
+              debug 'load-balancer is down, that is OK'
+            end
+          end
+
+          if status_time + 60 <= Time.now.to_i
+            info "STATUS_REPORT { leader: '#{status_swarm ? 'yes' : 'no'}', vip: '#{got_vip? ? 'yes' : 'no'}/#{status_icmp ? 'up' : 'down'}', lb: '#{lb_up? ? 'yes' : 'no'}' }"
+            status_time = Time.now.to_i
+          end
+
+        end
+
+        # this is triggerred on exit
+        @thread.each_value(&:join)
+
+        # remove VIP on shutdown
+        if got_vip?
+          notice 'removing VIP'
+          vip_handle! false
+          vip_update_arp!
+        end
+
+        # stop LB on shutdown
+        if lb_up?
+          notice 'stopping load-balancer'
+          lb_stop!
+        end
+
+        info 'exiting...'
+        exit 0
+      end
+    end
+  end
+end

data/lib/port-authority/manager/init.rb

@@ -0,0 +1,43 @@
+require 'timeout'
+require 'json'
+require 'etcd-tools'
+require 'port-authority/util/config'
+require 'port-authority/util/logger'
+require 'port-authority/util/helpers'
+
+module PortAuthority
+  module Manager
+    class Init
+      include PortAuthority::Util::Config
+      include PortAuthority::Util::Logger
+      include PortAuthority::Util::Helpers
+
+      def initialize(proc_name = 'dummy')
+        @config = config
+        @exit = false
+        @semaphore = { log: Mutex.new }
+        Thread.current[:name] = 'main'
+        syslog_init proc_name if @config[:syslog]
+        setup proc_name
+        info 'starting main thread'
+        debug 'setting signal handling'
+        @exit_sigs = %w(INT TERM)
+        @exit_sigs.each { |sig| Signal.trap(sig) { @exit = true } }
+        Signal.trap('USR2') { @config[:debug] = !@config[:debug] }
+        Signal.trap('HUP')  { @config = config }
+      end
+
+      def setup(proc_name, nice = -20)
+        debug 'setting process name'
+        if RUBY_VERSION >= '2.1'
+          Process.setproctitle(proc_name)
+        else
+          $0 = proc_name
+        end
+        debug 'setting process title'
+        Process.setpriority(Process::PRIO_PROCESS, 0, nice)
+        # FIXME: Process.daemon ...
+      end
+    end
+  end
+end

data/lib/port-authority/manager/threads/icmp.rb

@@ -0,0 +1,30 @@
+# rubocop:disable Metrics/MethodLength
+require 'net/ping'
+
+module PortAuthority
+  module Manager
+    module Threads
+      def thread_icmp
+        Thread.new do
+          Thread.current[:name] = 'icmp'
+          begin
+            info 'starting ICMP thread...'
+            icmp = Net::Ping::ICMP.new(@config[:vip][:ip])
+            until @exit
+              debug 'checking state by ICMP echo'
+              status = vip_alive? icmp
+              @semaphore[:icmp].synchronize { @status_icmp = status }
+              debug "VIP is #{status ? 'alive' : 'down'} according to ICMP"
+              sleep @config[:icmp][:interval]
+            end
+            info 'ending ICMP thread...'
+          rescue StandardError => e
+            alert "#{e.class}: #{e.message}"
+            alert e.backtrace
+            @exit = true
+          end
+        end
+      end
+    end
+  end
+end

data/lib/port-authority/manager/threads/swarm.rb

@@ -0,0 +1,42 @@
+# rubocop:disable Metrics/MethodLength
+module PortAuthority
+  module Manager
+    module Threads
+      def thread_swarm
+        Thread.new do
+          Thread.current[:name] = 'swarm'
+          info 'starting swarm thread...'
+          begin
+            etcd = etcd_connect!
+            until @exit
+              debug 'checking ETCD state'
+              etcd_healthy? etcd
+              debug 'checking swarm state'
+              status = am_i_leader? etcd
+              @semaphore[:swarm].synchronize { @status_swarm = status }
+              debug "i am #{status ? 'the leader' : 'not the leader' }"
+              sleep @config[:etcd][:interval]
+            end
+            info 'ending swarm thread...'
+          rescue PortAuthority::Errors::ETCDIsSick => e
+            notice "#{e.class}: #{e.message}"
+            notice "connection: " + e.etcd.to_s
+            @semaphore[:swarm].synchronize { @status_swarm = false }
+            sleep @config[:etcd][:interval]
+            retry unless @exit
+          rescue PortAuthority::Errors::ETCDConnectFailed => e
+            err "#{e.class}: #{e.message}"
+            err "connection: " + e.etcd.to_s
+            @semaphore[:swarm].synchronize { @status_swarm = false }
+            sleep @config[:etcd][:interval]
+            retry unless @exit
+          rescue StandardError => e
+            alert e.message
+            alert e.backtrace.to_s
+            @exit = true
+          end
+        end
+      end
+    end
+  end
+end

data/lib/port-authority/util/config.rb

@@ -0,0 +1,61 @@
+require 'yaml'
+require 'etcd-tools'
+
+module PortAuthority
+  module Util
+    module Config
+
+      def config
+        cfg = default_config
+        if File.exist? '/etc/port-authority.yaml'
+          cfg = cfg.deep_merge YAML.load_file('/etc/port-authority.yaml')
+          puts 'loaded config from /etc/port-authority.yaml'
+        elsif File.exist? './port-authority.yaml'
+          cfg = cfg.deep_merge YAML.load_file('./port-authority.yaml')
+          puts 'loaded config from ./port-authority.yaml'
+        else
+          puts 'no config file loaded, using defaults'
+        end
+        cfg
+      end
+
+      private
+
+      def default_config
+        { debug: false,
+          syslog: false,
+          etcd: {
+            endpoints: ['http://localhost:2379'],
+            interval: 5,
+            timeout: 5
+          },
+          icmp: {
+            count: 5,
+            interval: 2
+          },
+          arping: {
+            count: 1,
+            wait: 1
+          },
+          vip: {
+            interval: 1,
+            ip: '172.17.1.5',
+            mask: '255.255.255.0',
+            interface: 'eth0'
+          },
+          lb: {
+            image: 'docker-registry.prz/stackdocks/haproxy:latest',
+            name: 'lb',
+            network: 'overlay',
+            docker_endpoint: 'unix:///var/run/docker.sock'
+          },
+          commands: {
+            arping: `which arping`.chomp,
+            arp: `which arp`.chomp,
+            iproute: `which ip`.chomp
+          }
+        }
+      end
+    end
+  end
+end

data/lib/port-authority/util/etcd.rb

@@ -0,0 +1,33 @@
+require 'etcd'
+require 'etcd-tools/mixins'
+
+module PortAuthority
+  module Util
+    module Etcd
+      # connect to ETCD
+      def etcd_connect!
+        endpoints = @config[:etcd][:endpoints].map { |e| e = e.gsub!(/^https?:\/\//, '').gsub(/\/$/, '').split(':'); { host: e[0], port: e[1].to_i } }
+        debug "parsed ETCD endpoints: #{endpoints.to_s}"
+        etcd = ::Etcd::Client.new(cluster: endpoints, read_timeout: @config[:etcd][:timeout])
+        etcd if etcd.version
+      rescue
+        raise PortAuthority::Errors::ETCDConnectFailed.new(@config[:etcd][:endpoints])
+      end
+
+      def etcd_healthy?(etcd)
+        raise PortAuthority::Errors::ETCDIsSick.new(@config[:etcd][:endpoints]) unless etcd.healthy?
+      end
+
+      def swarm_leader(etcd)
+        etcd.get('/_pa/docker/swarm/leader').value
+      end
+
+      def am_i_leader?(etcd)
+        Socket.ip_address_list.map(&:ip_address).member?(swarm_leader(etcd).split(':').first)
+      rescue StandardError => e
+        false
+      end
+
+    end
+  end
+end

data/lib/port-authority/util/helpers.rb

@@ -0,0 +1,27 @@
+require 'socket'
+
+module PortAuthority
+  module Util
+    module Helpers
+      def hostname
+        @hostname ||= Socket.gethostname
+      end
+
+      def my_ip
+        @my_ip ||= Socket.ip_address_list.detect(&:ipv4_private?).ip_address
+      end
+
+      def arping
+        @config[:commands][:arping]
+      end
+
+      def iproute
+        @config[:commands][:iproute]
+      end
+
+      def arp
+        @config[:commands][:arp]
+      end
+    end
+  end
+end

data/lib/port-authority/util/loadbalancer.rb

@@ -0,0 +1,66 @@
+require 'docker-api'
+
+module PortAuthority
+  module Util
+    module LoadBalancer
+      # connect to Docker
+      def lb_docker_setup!
+        Docker.url = @config[:lb][:docker_endpoint]
+        Docker.version
+        true
+      rescue
+        false
+      end
+
+      def lb_update!
+        lb_stop! if lb_up?
+        lb_remove!
+        lb_create!
+        @lb_update_hook = false
+      end
+
+      def lb_remove!
+        Docker::Container.get(@config[:lb][:name]).delete
+      rescue Docker::Error::NotFoundError
+      end
+
+
+      def lb_create!
+        lb_remove!
+        img = Docker::Image.create('fromImage' => @config[:lb][:image])
+
+        # setup port bindings hash
+        port_bindings = Hash.new
+        img.json['ContainerConfig']['ExposedPorts'].keys.each do |port|
+          port_bindings[port] = [ { 'HostPort' => "#{port.split('/').first}" } ]
+        end
+
+        # create container with
+        @lb_container = Docker::Container.create(
+          'Image' => img.json['Id'],
+          'name' => @config[:lb][:name],
+          'Hostname' => @config[:lb][:name],
+          'Env' => [ "ETCDCTL_ENDPOINT=#{@config[:etcd][:endpoints].join(',')}" ],
+          'RestartPolicy' => { 'Name' => 'never' },
+          'HostConfig' => {
+            'PortBindings' => port_bindings,
+            'NetworkMode' => @config[:lb][:network]
+          }
+        )
+      end
+
+      def lb_up?
+        @lb_container.json['State']['Running']
+      end
+
+      def lb_start!
+        @lb_container.start
+      end
+
+      def lb_stop!
+        @lb_container.stop
+      end
+
+    end
+  end
+end

data/lib/port-authority/util/logger.rb

@@ -0,0 +1,57 @@
+# rubocop:disable Metrics/LineLength, Metrics/AbcSize, Metrics/MethodLength
+require 'syslog'
+
+module PortAuthority
+  module Util
+    module Logger
+      def debug(message)
+        log :debug, message if @config[:debug]
+      end
+
+      def info(message)
+        log :info, message
+      end
+
+      def notice(message)
+        log :notice, message
+      end
+
+      def err(message)
+        log :err, message
+      end
+
+      def alert(message)
+        log :alert, message if @config[:debug]
+      end
+
+      def syslog_init(proc_name)
+        Syslog.open(proc_name, Syslog::LOG_PID, Syslog::LOG_DAEMON)
+      end
+
+      def log(lvl, msg)
+        if @config[:syslog]
+          case lvl
+          when :debug
+            l = Syslog::LOG_DEBUG
+          when :info
+            l = Syslog::LOG_INFO
+          when :notice
+            l = Syslog::LOG_NOTICE
+          when :err
+            l = Syslog::LOG_ERR
+          when :alert
+            l = Syslog::LOG_ALERT
+          end
+          @semaphore[:log].synchronize do
+            Syslog.log(l, "(%s) %s", Thread.current[:name], msg.to_s)
+          end
+        else
+          @semaphore[:log].synchronize do
+            $stdout.puts("#{Time.now.to_s} #{lvl.to_s[0].capitalize} (#{Thread.current[:name]}) #{msg.to_s}")
+            $stdout.flush
+          end
+        end
+      end
+    end
+  end
+end

data/lib/port-authority/util/vip.rb

@@ -0,0 +1,57 @@
+# rubocop:disable Metrics/LineLength, Metrics/AbcSize
+module PortAuthority
+  module Util
+    module Vip
+      # add or remove VIP on interface
+      # <IMPLEMENTED>
+      def vip_handle!(leader)
+        ip = IPAddr.new(@config[:vip][:ip])
+        mask = @config[:vip][:mask]
+        cmd = [iproute, 'address', '', "#{ip}/#{mask}", 'dev', @config[:vip][:interface], 'label', @config[:vip][:interface] + '-vip', '>/dev/null 2>&1']
+        leader ? cmd[2] = 'add' : cmd[2] = 'delete'
+        debug "#{cmd.join(' ')}"
+        if system(cmd.join(' '))
+          return true
+        else
+          return false
+        end
+      end
+
+      # send gratuitous ARP to the network
+      def vip_update_arp!
+        cmd = [arping, '-U', '-q', '-c', @config[:arping][:count], '-I', @config[:vip][:interface], @config[:vip][:ip]]
+        debug "#{cmd.join(' ')}"
+        if system(cmd.join(' '))
+          return true
+        else
+          return false
+        end
+      end
+
+      # check whether VIP is assigned to me
+      def got_vip?
+        Socket.ip_address_list.map(&:ip_address).member?(@config[:vip][:ip])
+      end
+
+      # check reachability of VIP by ICMP echo
+      def vip_alive?(icmp)
+        (1..@config[:icmp][:count]).each { return true if icmp.ping }
+        false
+      end
+
+      # check whether the IP is registered anywhere
+      def vip_dup?
+        cmd_arp = [arp, '-d', @config[:vip][:ip], '>/dev/null 2>&1']
+        cmd_arping = [arping, '-D', '-q', '-c', @config[:arping][:count], '-w', @config[:arping][:wait], '-I', @config[:vip][:interface], @config[:vip][:ip]]
+        debug "#{cmd_arp.join(' ')}"
+        system(cmd_arp.join(' '))
+        debug "#{cmd_arping.join(' ')}"
+        if system(cmd_arping.join(' '))
+          return false
+        else
+          return true
+        end
+      end
+    end
+  end
+end

data/lib/port-authority.rb

@@ -0,0 +1,28 @@
+module PortAuthority
+  module Manager
+  end
+
+  module Util
+  end
+
+  module Errors
+
+    class ETCDConnectFailed < StandardError
+      attr_reader :etcd, :message
+      def initialize(etcd, message = "Can't connect to ETCD")
+        @message = message
+        @etcd = etcd
+      end
+    end
+
+    class ETCDIsSick < StandardError
+      attr_reader :etcd, :message
+      def initialize(etcd, message = 'ETCD is not healthy')
+        @message = message
+        @etcd = etcd
+      end
+    end
+
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: port-authority
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.4.3
 platform: ruby
 authors:
 - Radek 'blufor' Slavicinsky
@@ -14,88 +14,101 @@ dependencies:
   name: etcd
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.3'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.3'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: etcd-tools
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.4'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.4'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: net-ping
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.7'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 1.7.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.7'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 1.7.8
 - !ruby/object:Gem::Dependency
   name: docker-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.0'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 1.25.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.0'
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 1.25.0
 description: CLI Tools for PortAuthority
 email: radek.slavicinsky@gmail.com
-executables: []
+executables:
+- pa-manager
 extensions: []
 extra_rdoc_files: []
-files: []
+files:
+- bin/pa-manager
+- lib/port-authority.rb
+- lib/port-authority/manager/app.rb
+- lib/port-authority/manager/init.rb
+- lib/port-authority/manager/threads/icmp.rb
+- lib/port-authority/manager/threads/swarm.rb
+- lib/port-authority/util/config.rb
+- lib/port-authority/util/etcd.rb
+- lib/port-authority/util/helpers.rb
+- lib/port-authority/util/loadbalancer.rb
+- lib/port-authority/util/logger.rb
+- lib/port-authority/util/vip.rb
 homepage: https://github.com/prozeta/port-authority
 licenses:
 - GPLv2
@@ -106,17 +119,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.4.3
 signing_key: 
 specification_version: 4
 summary: Port Authority