smart_proxy_dynflow_core 0.0.7

data/bin/smart_proxy_dynflow_core

@@ -0,0 +1,24 @@
+#!/usr/bin/env ruby
+require 'dynflow'
+require 'rack'
+require 'smart_proxy_dynflow_core/launcher'
+require 'yaml'
+require 'optparse'
+
+options = {}
+OptionParser.new do |opts|
+  opts.on('-c', '--config-dir CONFIG_DIR', String, 'Directory to load settings from') do |value|
+    options[:config_dir] = value
+  end
+
+  opts.on('-1', '--one-config', String, 'Do not load more than 1 config') do |value|
+    options[:one_config] = true
+  end
+
+  opts.on_tail('-h', '--help', 'Show usage help') do
+    puts opts
+    exit
+  end
+end.parse!
+
+SmartProxyDynflowCore::Launcher.launch! options

data/bundler.d/dynflow.rb

@@ -0,0 +1 @@
+gem 'smart_proxy_dynflow'

data/config/settings.yml.example

@@ -0,0 +1,18 @@
+---
+# Path to dynflow database, leave blank for in-memory non-persistent database
+:database:
+
+# URL of the smart proxy, used for reporting back
+:callback_url: 'https://localhost:8443'
+
+# Listen on address
+:listen: 127.0.0.1
+
+# Listen on port
+:port: 8008
+
+# SSL settings for client authentication against smart proxy.
+# :use_https: false
+# :ssl_ca_file: ssl/ca.pem
+# :ssl_private_key: ssl/localhost.pem
+# :ssl_certificate: ssl/certs/localhost.pem

data/lib/smart_proxy_dynflow_core.rb

@@ -0,0 +1,5 @@
+require 'smart_proxy_dynflow_core/settings'
+require 'smart_proxy_dynflow_core/core'
+require 'smart_proxy_dynflow_core/helpers'
+require 'smart_proxy_dynflow_core/callback'
+require 'smart_proxy_dynflow_core/api'

data/lib/smart_proxy_dynflow_core/api.rb

@@ -0,0 +1,31 @@
+require 'sinatra/base'
+require 'multi_json'
+require 'dynflow'
+
+module SmartProxyDynflowCore
+  class Api < ::Sinatra::Base
+    helpers Helpers
+
+    before do
+      authorize_with_ssl_client
+      content_type :json
+    end
+
+    post "/tasks/?" do
+      params = MultiJson.load(request.body.read)
+      trigger_task(::Dynflow::Utils.constantize(params['action_name']), params['action_input']).to_json
+    end
+
+    post "/tasks/:task_id/cancel" do |task_id|
+      cancel_task(task_id).to_json
+    end
+
+    get "/tasks/:task_id/status" do |task_id|
+      task_status(task_id).to_json
+    end
+
+    get "/tasks/count" do
+      tasks_count(params['state']).to_json
+    end
+  end
+end

data/lib/smart_proxy_dynflow_core/bundler_helper.rb

@@ -0,0 +1,29 @@
+module SmartProxyDynflowCore
+  class BundlerHelper
+    def self.require_groups(*groups)
+      if File.exist?(File.expand_path('../../Gemfile.in', __FILE__))
+        # If there is a Gemfile.in file, we will not use Bundler but BundlerExt
+        # gem which parses this file and loads all dependencies from the system
+        # rathern then trying to download them from rubygems.org. It always
+        # loads all gemfile groups.
+        begin
+          require 'bundler_ext' unless defined?(BundlerExt)
+        rescue LoadError
+          # Debian packaging guidelines state to avoid needing rubygems, so
+          # we only try to load it if the first require fails (for RPMs)
+          begin
+            require 'rubygems' rescue nil
+            require 'bundler_ext'
+          rescue LoadError
+            puts "`bundler_ext` gem is required to run smart_proxy"
+            exit 1
+          end
+        end
+        BundlerExt.system_require(File.expand_path('../../Gemfile.in', __FILE__), *groups)
+      else
+        require 'bundler' unless defined?(Bundler)
+        Bundler.require(*groups)
+      end
+    end
+  end
+end

data/lib/smart_proxy_dynflow_core/callback.rb

@@ -0,0 +1,69 @@
+require 'rest-client'
+require 'dynflow'
+
+begin
+  require 'smart_proxy_dynflow/callback'
+rescue LoadError
+end
+
+module SmartProxyDynflowCore
+  module Callback
+    class Request
+      def callback(payload)
+        response = callback_resource.post payload
+        if response.code != 200
+          raise "Failed performing callback to smart proxy: #{response.code} #{response.body}"
+        end
+        response
+      end
+
+      def self.callback(callback, data)
+        self.new.callback(self.prepare_payload(callback, data))
+      end
+
+      private
+
+      def self.prepare_payload(callback, data)
+        { :callback => callback, :data => data }.to_json
+      end
+
+      def callback_resource
+        @resource ||= RestClient::Resource.new Settings.instance.callback_url + '/dynflow/tasks/callback',
+                                               ssl_options
+      end
+
+      def ssl_options
+        return {} unless Settings.instance.use_https
+        client_key = File.read  Settings.instance.ssl_private_key
+        client_cert = File.read Settings.instance.ssl_certificate
+        {
+          :ssl_client_cert => OpenSSL::X509::Certificate.new(client_cert),
+          :ssl_client_key  => OpenSSL::PKey::RSA.new(client_key),
+          :ssl_ca_file     => Settings.instance.ssl_ca_file,
+          :verify_ssl      => OpenSSL::SSL::VERIFY_PEER
+        }
+      end
+    end
+
+    class Action < ::Dynflow::Action
+      def plan(callback, data)
+        plan_self(:callback => callback, :data => data)
+      end
+
+      def run
+        callback = (Settings.instance.standalone ? Callback::Request : Proxy::Dynflow::Callback::Request).new
+        callback.callback(SmartProxyDynflowCore::Callback::Request.prepare_payload(input[:callback], input[:data]))
+      end
+    end
+
+    module PlanHelper
+      def plan_with_callback(input)
+        input = input.dup
+        callback = input.delete('callback')
+
+        planned_action = plan_self(input)
+        plan_action(Callback::Action, callback, planned_action.output) if callback
+      end
+    end
+  end
+end

data/lib/smart_proxy_dynflow_core/core.rb

@@ -0,0 +1,92 @@
+module SmartProxyDynflowCore
+  class Core
+
+    attr_accessor :world
+
+    def initialize
+      @world = create_world
+    end
+
+    def create_world(&block)
+      config = default_world_config(&block)
+      ::Dynflow::World.new(config)
+    end
+
+    def persistence_conn_string
+      return ENV['DYNFLOW_DB_CONN_STRING'] if ENV.key? 'DYNFLOW_DB_CONN_STRING'
+      db_conn_string = 'sqlite:/'
+
+      db_file = Settings.instance.database
+      if db_file.nil? || db_file.empty?
+        # TODO: Use some kind of logger
+        STDERR.puts "Could not open DB for dynflow at '#{db_file}', will keep data in memory. Restart will drop all dynflow data."
+      else
+        db_conn_string += "/#{db_file}"
+      end
+
+      db_conn_string
+    end
+
+    def persistence_adapter
+      ::Dynflow::PersistenceAdapters::Sequel.new persistence_conn_string
+    end
+
+    def default_world_config
+      ::Dynflow::Config.new.tap do |config|
+        config.auto_rescue = true
+        config.logger_adapter = logger_adapter
+        config.persistence_adapter = persistence_adapter
+        yield config if block_given?
+      end
+    end
+
+    def logger_adapter
+      ::Dynflow::LoggerAdapters::Simple.new $stderr, 0
+    end
+
+    class << self
+      attr_reader :instance
+
+      def ensure_initialized
+        return @instance if @instance
+        @instance = Core.new
+        after_initialize_blocks.each(&:call)
+        @instance
+      end
+
+      def web_console
+        require 'dynflow/web'
+        dynflow_console = ::Dynflow::Web.setup do
+          # we can't use the proxy's after_activation hook, as
+          # it happens before the Daemon forks the process (including
+          # closing opened file descriptors)
+          # TODO: extend smart proxy to enable hooks that happen after
+          # the forking
+          helpers Helpers
+
+          before do
+            authorize_with_ssl_client
+          end
+
+          Core.ensure_initialized
+          set :world, Core.world
+        end
+        dynflow_console
+      end
+
+      def world
+        instance.world
+      end
+
+      def after_initialize(&block)
+        after_initialize_blocks << block
+      end
+
+      private
+
+      def after_initialize_blocks
+        @after_initialize_blocks ||= []
+      end
+    end
+  end
+end

data/lib/smart_proxy_dynflow_core/helpers.rb

@@ -0,0 +1,48 @@
+module SmartProxyDynflowCore
+  module Helpers
+    def world
+      SmartProxyDynflowCore::Core.world
+    end
+
+    def authorize_with_ssl_client
+      if %w(yes on 1).include? request.env['HTTPS'].to_s
+        if request.env['SSL_CLIENT_CERT'].to_s.empty?
+          status 403
+          # TODO: Use a logger
+          STDERR.puts "No client SSL certificate supplied"
+          halt MultiJson.dump(:error => "No client SSL certificate supplied")
+        end
+      else
+        # TODO: Use a logger
+        # logger.debug('require_ssl_client_verification: skipping, non-HTTPS request')
+        puts 'require_ssl_client_verification: skipping, non-HTTPS request'
+      end
+    end
+
+    def trigger_task(*args)
+      triggered = world.trigger(*args)
+      { :task_id => triggered.id }
+    end
+
+    def cancel_task(task_id)
+      execution_plan = world.persistence.load_execution_plan(task_id)
+      cancel_events = execution_plan.cancel
+      { :task_id => task_id, :canceled_steps_count => cancel_events.size }
+    end
+
+    def task_status(task_id)
+      ep = world.persistence.load_execution_plan(task_id)
+      ep.to_hash.merge(:actions => ep.actions.map(&:to_hash))
+    rescue KeyError => _e
+      status 404
+      {}
+    end
+
+    def tasks_count(state)
+      state ||= 'all'
+      filter = state != 'all' ? { :filters => { :state => [state] } } : {}
+      tasks = world.persistence.find_execution_plans(filter)
+      { :count => tasks.count, :state => state }
+    end
+  end
+end

data/lib/smart_proxy_dynflow_core/launcher.rb

@@ -0,0 +1,123 @@
+require 'webrick/https'
+require 'smart_proxy_dynflow_core/bundler_helper'
+require 'smart_proxy_dynflow_core/settings'
+module SmartProxyDynflowCore
+  class Launcher
+
+    def self.launch!(options)
+      self.new.start options
+    end
+
+    def start(options)
+      load_settings!(options[:config_dir], options[:one_config])
+      Settings.instance.standalone = true
+      Core.ensure_initialized
+      Rack::Server.new(rack_settings).start
+    end
+
+    def load_settings!(config_dir = nil, one_config = false)
+      possible_config_dirs = [
+        '/etc/smart_proxy_dynflow_core',
+        File.expand_path('~/.config/smart_proxy_dynflow_core'),
+        File.join(File.dirname(__FILE__), '..', '..', 'config'),
+      ]
+      possible_config_dirs << config_dir if config_dir
+      BundlerHelper.require_groups(:default)
+      possible_config_dirs.reverse! if one_config
+      possible_config_dirs.select { |config_dir| File.directory? config_dir }.each do |config_dir|
+        break if load_config_dir(config_dir) && one_config
+      end
+    end
+
+    def self.route_mapping(rack_builder)
+      rack_builder.map '/console' do
+        run Core.web_console
+      end
+
+      rack_builder.map '/' do
+        run Api
+      end
+    end
+
+    private
+
+    def rack_settings
+      settings = if https_enabled?
+                   # TODO: Use a logger
+                   puts "Using HTTPS"
+                   https_app
+                 else
+                   # TODO: Use a logger
+                   puts "Using HTTP"
+                   {}
+                 end
+      settings.merge(base_settings)
+    end
+
+    def app
+      Rack::Builder.new do
+        SmartProxyDynflowCore::Launcher.route_mapping(self)
+      end
+    end
+
+    def base_settings
+      {
+        :app => app,
+        :Host => Settings.instance.listen,
+        :Port => Settings.instance.port,
+        :daemonize => false
+      }
+    end
+
+    def https_app
+      ssl_options  = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]
+      ssl_options |= OpenSSL::SSL::OP_CIPHER_SERVER_PREFERENCE if defined?(OpenSSL::SSL::OP_CIPHER_SERVER_PREFERENCE)
+      # This is required to disable SSLv3 on Ruby 1.8.7
+      ssl_options |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+      ssl_options |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+      ssl_options |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1)
+
+      {
+        :SSLEnable => true,
+        :SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER,
+        :SSLPrivateKey => ssl_private_key,
+        :SSLCertificate => ssl_certificate,
+        :SSLCACertificateFile => Settings.instance.ssl_ca_file,
+        :SSLOptions => ssl_options
+      }
+    end
+
+    def https_enabled?
+      Settings.instance.use_https
+    end
+
+    def ssl_private_key
+      OpenSSL::PKey::RSA.new(File.read(Settings.instance.ssl_private_key))
+    rescue Exception => e
+      # TODO: Use a logger
+      STDERR.puts "Unable to load private SSL key. Are the values correct in settings.yml and do permissions allow reading?: #{e}"
+      # logger.error "Unable to load private SSL key. Are the values correct in settings.yml and do permissions allow reading?: #{e}"
+      raise e
+    end
+
+    def ssl_certificate
+      OpenSSL::X509::Certificate.new(File.read(Settings.instance.ssl_certificate))
+    rescue Exception => e
+      # TODO: Use a logger
+      STDERR.puts "Unable to load SSL certificate. Are the values correct in settings.yml and do permissions allow reading?: #{e}"
+      # logger.error "Unable to load SSL certificate. Are the values correct in settings.yml and do permissions allow reading?: #{e}"
+      raise e
+    end
+
+    def load_config_dir(dir)
+      settings_yml = File.join(dir, 'settings.yml')
+      if File.exist? settings_yml
+        # TODO: Use a logger
+        puts "Loading settings from #{dir}"
+        Settings.load_global_settings settings_yml
+        Dir[File.join(dir, 'settings.d', '*.yml')].each { |path| Settings.load_plugin_settings(path) }
+        true
+      end
+    end
+  end
+end