smart_proxy_dynflow_core 0.1.5 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/settings.yml.example +6 -0
- data/deploy/smart_proxy_dynflow_core.init +1 -0
- data/deploy/smart_proxy_dynflow_core.service +1 -0
- data/lib/smart_proxy_dynflow_core/launcher.rb +11 -2
- data/lib/smart_proxy_dynflow_core/log.rb +25 -1
- data/lib/smart_proxy_dynflow_core/settings.rb +2 -1
- data/lib/smart_proxy_dynflow_core/version.rb +1 -1
- data/lib/smart_proxy_dynflow_core/webrick-patch.rb +37 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ae526e7d72f4b4ee46d8bcfa40e64f6790491ff1
|
|
4
|
+
data.tar.gz: 5ed7ee98098fd949f9619465cc7362fbce43b157
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1eeaf64c14cdba89b6a787082c603aca475e941935e8307b695ab4bef84bcb258907453cb368a6d5992565217921c8bed405968191bc773cd50f99ee0bde603c
|
|
7
|
+
data.tar.gz: b1aa187080d29a83a79a014afe9434b3876bdc31e55c9e50f1227eb0f429d66075f4387d9746808a5d18e4bc6eb5e9649a8bc8defbb6258df9fac6e799a32183
|
data/config/settings.yml.example
CHANGED
|
@@ -28,6 +28,12 @@
|
|
|
28
28
|
# :ssl_private_key: ssl/localhost.pem
|
|
29
29
|
# :ssl_certificate: ssl/certs/localhost.pem
|
|
30
30
|
|
|
31
|
+
# Use this option only if you need to disable certain cipher suites.
|
|
32
|
+
# Note: we use the OpenSSL suite name, take a look at:
|
|
33
|
+
# https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-SUITE-NAMES
|
|
34
|
+
# for more information.
|
|
35
|
+
#:ssl_disabled_ciphers: [CIPHER-SUITE-1, CIPHER-SUITE-2]
|
|
36
|
+
|
|
31
37
|
# File to log to, leave empty for logging to STDOUT
|
|
32
38
|
# :log_file: /var/log/foreman-proxy/smart_proxy_dynflow_core.log
|
|
33
39
|
|
|
@@ -15,6 +15,7 @@ SMART_PROXY_DYNFLOW_CORE_USER=${SMART_PROXY_DYNFLOW_CORE_USER:-foreman-proxy}
|
|
|
15
15
|
|
|
16
16
|
start() {
|
|
17
17
|
echo -n $"Starting $prog: "
|
|
18
|
+
ulimit -n 65536
|
|
18
19
|
daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} /usr/bin/smart_proxy_dynflow_core -d -p $SMART_PROXY_DYNFLOW_CORE_PID > /dev/null
|
|
19
20
|
RETVAL=$?
|
|
20
21
|
if [ $RETVAL = 0 ]
|
|
@@ -8,6 +8,7 @@ Type=forking
|
|
|
8
8
|
User=foreman-proxy
|
|
9
9
|
PIDFile=/var/run/foreman-proxy/smart_proxy_dynflow_core.pid
|
|
10
10
|
ExecStart=/usr/bin/smart_proxy_dynflow_core -d -p /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
|
|
11
|
+
LimitNOFILE=65536
|
|
11
12
|
|
|
12
13
|
[Install]
|
|
13
14
|
WantedBy=multi-user.target
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'webrick/https'
|
|
2
2
|
require 'smart_proxy_dynflow_core/bundler_helper'
|
|
3
3
|
require 'smart_proxy_dynflow_core/settings'
|
|
4
|
+
require 'smart_proxy_dynflow_core/webrick-patch'
|
|
4
5
|
module SmartProxyDynflowCore
|
|
5
6
|
class Launcher
|
|
6
7
|
|
|
@@ -11,6 +12,7 @@ module SmartProxyDynflowCore
|
|
|
11
12
|
def start(options)
|
|
12
13
|
load_settings!(options)
|
|
13
14
|
Settings.instance.standalone = true
|
|
15
|
+
install_usr1_trap
|
|
14
16
|
Rack::Server.new(rack_settings).start
|
|
15
17
|
end
|
|
16
18
|
|
|
@@ -42,6 +44,12 @@ module SmartProxyDynflowCore
|
|
|
42
44
|
end
|
|
43
45
|
end
|
|
44
46
|
|
|
47
|
+
def install_usr1_trap
|
|
48
|
+
trap(:USR1) do
|
|
49
|
+
Log.instance.roll_log
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
45
53
|
private
|
|
46
54
|
|
|
47
55
|
def rack_settings
|
|
@@ -66,10 +74,11 @@ module SmartProxyDynflowCore
|
|
|
66
74
|
:app => app,
|
|
67
75
|
:Host => Settings.instance.listen,
|
|
68
76
|
:Port => Settings.instance.port,
|
|
69
|
-
:AccessLog => [[Log.
|
|
77
|
+
:AccessLog => [[Log.instance, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
|
|
70
78
|
:Logger => Log.instance,
|
|
71
79
|
:daemonize => Settings.instance.daemonize,
|
|
72
|
-
:pid => Settings.instance.pid_file
|
|
80
|
+
:pid => Settings.instance.pid_file,
|
|
81
|
+
:server => :webrick
|
|
73
82
|
}
|
|
74
83
|
end
|
|
75
84
|
|
|
@@ -8,7 +8,7 @@ module SmartProxyDynflowCore
|
|
|
8
8
|
class << self
|
|
9
9
|
def instance
|
|
10
10
|
if @logger.nil?
|
|
11
|
-
@logger =
|
|
11
|
+
@logger = self.new log_file
|
|
12
12
|
@logger.level = log_level
|
|
13
13
|
end
|
|
14
14
|
@logger
|
|
@@ -40,6 +40,30 @@ module SmartProxyDynflowCore
|
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
def initialize(file, *rest)
|
|
44
|
+
@file = file
|
|
45
|
+
@fd = @file.kind_of?(IO) ? @file : File.open(@file, 'a')
|
|
46
|
+
@fd.sync = true
|
|
47
|
+
super(@fd, rest)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def add(*args)
|
|
51
|
+
handle_log_rolling if @roll_log
|
|
52
|
+
super(*args)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def roll_log
|
|
56
|
+
@roll_log = true
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def handle_log_rolling
|
|
60
|
+
@roll_log = false
|
|
61
|
+
unless @file.kind_of? IO
|
|
62
|
+
@fd.reopen @file, 'a'
|
|
63
|
+
@fd.sync = true
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
43
67
|
class ProxyAdapter < ::Dynflow::LoggerAdapters::Simple
|
|
44
68
|
def initialize(logger, level = Logger::DEBUG, formatters = [::Dynflow::LoggerAdapters::Formatters::Exception])
|
|
45
69
|
@logger = logger
|
|
@@ -30,6 +30,7 @@ module SmartProxyDynflowCore
|
|
|
30
30
|
:ssl_ca_file => nil,
|
|
31
31
|
:ssl_private_key => nil,
|
|
32
32
|
:ssl_certificate => nil,
|
|
33
|
+
:ssl_disabled_ciphers => [],
|
|
33
34
|
:foreman_ssl_ca => nil,
|
|
34
35
|
:foreman_ssl_key => nil,
|
|
35
36
|
:foreman_ssl_cert => nil,
|
|
@@ -44,7 +45,7 @@ module SmartProxyDynflowCore
|
|
|
44
45
|
|
|
45
46
|
PROXY_SETTINGS = [:ssl_ca_file, :ssl_certificate, :ssl_private_key, :foreman_url,
|
|
46
47
|
:foreman_ssl_ca, :foreman_ssl_cert, :foreman_ssl_key,
|
|
47
|
-
:log_file, :log_level]
|
|
48
|
+
:log_file, :log_level, :ssl_disabled_ciphers]
|
|
48
49
|
PLUGIN_SETTINGS = [:database, :core_url, :console_auth]
|
|
49
50
|
|
|
50
51
|
def initialize(settings = {})
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require 'webrick/https'
|
|
2
|
+
|
|
3
|
+
CIPHERS = ['ECDHE-RSA-AES128-GCM-SHA256','ECDHE-RSA-AES256-GCM-SHA384',
|
|
4
|
+
'ECDHE-RSA-AES128-CBC-SHA','ECDHE-RSA-AES256-CBC-SHA',
|
|
5
|
+
'AES128-GCM-SHA256','AES256-GCM-SHA384','AES128-SHA256',
|
|
6
|
+
'AES256-SHA256','AES128-SHA','AES256-SHA']
|
|
7
|
+
|
|
8
|
+
module WEBrick
|
|
9
|
+
class GenericServer
|
|
10
|
+
def setup_ssl_context(config) # :nodoc:
|
|
11
|
+
unless config[:SSLCertificate]
|
|
12
|
+
cn = config[:SSLCertName]
|
|
13
|
+
comment = config[:SSLCertComment]
|
|
14
|
+
cert, key = Utils::create_self_signed_cert(1024, cn, comment)
|
|
15
|
+
config[:SSLCertificate] = cert
|
|
16
|
+
config[:SSLPrivateKey] = key
|
|
17
|
+
end
|
|
18
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
|
19
|
+
ctx.set_params
|
|
20
|
+
ctx.ciphers = (CIPHERS - SmartProxyDynflowCore::Settings.instance.ssl_disabled_ciphers).join(':')
|
|
21
|
+
ctx.key = config[:SSLPrivateKey]
|
|
22
|
+
ctx.cert = config[:SSLCertificate]
|
|
23
|
+
ctx.client_ca = config[:SSLClientCA]
|
|
24
|
+
ctx.extra_chain_cert = config[:SSLExtraChainCert]
|
|
25
|
+
ctx.ca_file = config[:SSLCACertificateFile]
|
|
26
|
+
ctx.ca_path = config[:SSLCACertificatePath]
|
|
27
|
+
ctx.cert_store = config[:SSLCertificateStore]
|
|
28
|
+
ctx.tmp_dh_callback = config[:SSLTmpDhCallback]
|
|
29
|
+
ctx.verify_mode = config[:SSLVerifyClient]
|
|
30
|
+
ctx.verify_depth = config[:SSLVerifyDepth]
|
|
31
|
+
ctx.verify_callback = config[:SSLVerifyCallback]
|
|
32
|
+
ctx.timeout = config[:SSLTimeout]
|
|
33
|
+
ctx.options |= config[:SSLOptions] unless config[:SSLOptions].nil?
|
|
34
|
+
ctx
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_dynflow_core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-05-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -206,8 +206,7 @@ dependencies:
|
|
|
206
206
|
- - ">="
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
208
|
version: '0'
|
|
209
|
-
description:
|
|
210
|
-
Use the Dynflow inside Foreman smart proxy
|
|
209
|
+
description: " Use the Dynflow inside Foreman smart proxy\n"
|
|
211
210
|
email:
|
|
212
211
|
- inecas@redhat.com
|
|
213
212
|
executables:
|
|
@@ -232,6 +231,7 @@ files:
|
|
|
232
231
|
- lib/smart_proxy_dynflow_core/settings.rb
|
|
233
232
|
- lib/smart_proxy_dynflow_core/testing.rb
|
|
234
233
|
- lib/smart_proxy_dynflow_core/version.rb
|
|
234
|
+
- lib/smart_proxy_dynflow_core/webrick-patch.rb
|
|
235
235
|
- smart_proxy_dynflow_core.gemspec
|
|
236
236
|
homepage: https://github.com/theforeman/smart_proxy_dynflow
|
|
237
237
|
licenses:
|
|
@@ -253,7 +253,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
253
253
|
version: '0'
|
|
254
254
|
requirements: []
|
|
255
255
|
rubyforge_project:
|
|
256
|
-
rubygems_version: 2.
|
|
256
|
+
rubygems_version: 2.5.1
|
|
257
257
|
signing_key:
|
|
258
258
|
specification_version: 4
|
|
259
259
|
summary: Dynflow runtime for Foreman smart proxy
|