smart_proxy_dynflow_core 0.1.5 → 0.1.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fe1b9027d6be956e15fb935a09a4c605af906509
4
- data.tar.gz: 541d1bded54dc876f331dabcf44e89ae35996e15
3
+ metadata.gz: ae526e7d72f4b4ee46d8bcfa40e64f6790491ff1
4
+ data.tar.gz: 5ed7ee98098fd949f9619465cc7362fbce43b157
5
5
  SHA512:
6
- metadata.gz: 2f51f45104e278ce3c23f566018cd80bfb972cb6c62c58606d5c8926c7f738381e11f170b888339b582ad0274c6551de5e643bb749d29cd3b86c90940ef7f9cc
7
- data.tar.gz: c860021c0d3a466a5dd630edfeedb1b1ed3e17844f591ad471426ee703e473a0adf2b93aaea0199f23e976f01fe5325fb83ddfb48607e8ab20eb67158169578e
6
+ metadata.gz: 1eeaf64c14cdba89b6a787082c603aca475e941935e8307b695ab4bef84bcb258907453cb368a6d5992565217921c8bed405968191bc773cd50f99ee0bde603c
7
+ data.tar.gz: b1aa187080d29a83a79a014afe9434b3876bdc31e55c9e50f1227eb0f429d66075f4387d9746808a5d18e4bc6eb5e9649a8bc8defbb6258df9fac6e799a32183
@@ -28,6 +28,12 @@
28
28
  # :ssl_private_key: ssl/localhost.pem
29
29
  # :ssl_certificate: ssl/certs/localhost.pem
30
30
 
31
+ # Use this option only if you need to disable certain cipher suites.
32
+ # Note: we use the OpenSSL suite name, take a look at:
33
+ # https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-SUITE-NAMES
34
+ # for more information.
35
+ #:ssl_disabled_ciphers: [CIPHER-SUITE-1, CIPHER-SUITE-2]
36
+
31
37
  # File to log to, leave empty for logging to STDOUT
32
38
  # :log_file: /var/log/foreman-proxy/smart_proxy_dynflow_core.log
33
39
 
@@ -15,6 +15,7 @@ SMART_PROXY_DYNFLOW_CORE_USER=${SMART_PROXY_DYNFLOW_CORE_USER:-foreman-proxy}
15
15
 
16
16
  start() {
17
17
  echo -n $"Starting $prog: "
18
+ ulimit -n 65536
18
19
  daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} /usr/bin/smart_proxy_dynflow_core -d -p $SMART_PROXY_DYNFLOW_CORE_PID > /dev/null
19
20
  RETVAL=$?
20
21
  if [ $RETVAL = 0 ]
@@ -8,6 +8,7 @@ Type=forking
8
8
  User=foreman-proxy
9
9
  PIDFile=/var/run/foreman-proxy/smart_proxy_dynflow_core.pid
10
10
  ExecStart=/usr/bin/smart_proxy_dynflow_core -d -p /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
11
+ LimitNOFILE=65536
11
12
 
12
13
  [Install]
13
14
  WantedBy=multi-user.target
@@ -1,6 +1,7 @@
1
1
  require 'webrick/https'
2
2
  require 'smart_proxy_dynflow_core/bundler_helper'
3
3
  require 'smart_proxy_dynflow_core/settings'
4
+ require 'smart_proxy_dynflow_core/webrick-patch'
4
5
  module SmartProxyDynflowCore
5
6
  class Launcher
6
7
 
@@ -11,6 +12,7 @@ module SmartProxyDynflowCore
11
12
  def start(options)
12
13
  load_settings!(options)
13
14
  Settings.instance.standalone = true
15
+ install_usr1_trap
14
16
  Rack::Server.new(rack_settings).start
15
17
  end
16
18
 
@@ -42,6 +44,12 @@ module SmartProxyDynflowCore
42
44
  end
43
45
  end
44
46
 
47
+ def install_usr1_trap
48
+ trap(:USR1) do
49
+ Log.instance.roll_log
50
+ end
51
+ end
52
+
45
53
  private
46
54
 
47
55
  def rack_settings
@@ -66,10 +74,11 @@ module SmartProxyDynflowCore
66
74
  :app => app,
67
75
  :Host => Settings.instance.listen,
68
76
  :Port => Settings.instance.port,
69
- :AccessLog => [[Log.log_file, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
77
+ :AccessLog => [[Log.instance, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
70
78
  :Logger => Log.instance,
71
79
  :daemonize => Settings.instance.daemonize,
72
- :pid => Settings.instance.pid_file
80
+ :pid => Settings.instance.pid_file,
81
+ :server => :webrick
73
82
  }
74
83
  end
75
84
 
@@ -8,7 +8,7 @@ module SmartProxyDynflowCore
8
8
  class << self
9
9
  def instance
10
10
  if @logger.nil?
11
- @logger = Logger.new log_file
11
+ @logger = self.new log_file
12
12
  @logger.level = log_level
13
13
  end
14
14
  @logger
@@ -40,6 +40,30 @@ module SmartProxyDynflowCore
40
40
  end
41
41
  end
42
42
 
43
+ def initialize(file, *rest)
44
+ @file = file
45
+ @fd = @file.kind_of?(IO) ? @file : File.open(@file, 'a')
46
+ @fd.sync = true
47
+ super(@fd, rest)
48
+ end
49
+
50
+ def add(*args)
51
+ handle_log_rolling if @roll_log
52
+ super(*args)
53
+ end
54
+
55
+ def roll_log
56
+ @roll_log = true
57
+ end
58
+
59
+ def handle_log_rolling
60
+ @roll_log = false
61
+ unless @file.kind_of? IO
62
+ @fd.reopen @file, 'a'
63
+ @fd.sync = true
64
+ end
65
+ end
66
+
43
67
  class ProxyAdapter < ::Dynflow::LoggerAdapters::Simple
44
68
  def initialize(logger, level = Logger::DEBUG, formatters = [::Dynflow::LoggerAdapters::Formatters::Exception])
45
69
  @logger = logger
@@ -30,6 +30,7 @@ module SmartProxyDynflowCore
30
30
  :ssl_ca_file => nil,
31
31
  :ssl_private_key => nil,
32
32
  :ssl_certificate => nil,
33
+ :ssl_disabled_ciphers => [],
33
34
  :foreman_ssl_ca => nil,
34
35
  :foreman_ssl_key => nil,
35
36
  :foreman_ssl_cert => nil,
@@ -44,7 +45,7 @@ module SmartProxyDynflowCore
44
45
 
45
46
  PROXY_SETTINGS = [:ssl_ca_file, :ssl_certificate, :ssl_private_key, :foreman_url,
46
47
  :foreman_ssl_ca, :foreman_ssl_cert, :foreman_ssl_key,
47
- :log_file, :log_level]
48
+ :log_file, :log_level, :ssl_disabled_ciphers]
48
49
  PLUGIN_SETTINGS = [:database, :core_url, :console_auth]
49
50
 
50
51
  def initialize(settings = {})
@@ -1,3 +1,3 @@
1
1
  module SmartProxyDynflowCore
2
- VERSION = '0.1.5'
2
+ VERSION = '0.1.6'
3
3
  end
@@ -0,0 +1,37 @@
1
+ require 'webrick/https'
2
+
3
+ CIPHERS = ['ECDHE-RSA-AES128-GCM-SHA256','ECDHE-RSA-AES256-GCM-SHA384',
4
+ 'ECDHE-RSA-AES128-CBC-SHA','ECDHE-RSA-AES256-CBC-SHA',
5
+ 'AES128-GCM-SHA256','AES256-GCM-SHA384','AES128-SHA256',
6
+ 'AES256-SHA256','AES128-SHA','AES256-SHA']
7
+
8
+ module WEBrick
9
+ class GenericServer
10
+ def setup_ssl_context(config) # :nodoc:
11
+ unless config[:SSLCertificate]
12
+ cn = config[:SSLCertName]
13
+ comment = config[:SSLCertComment]
14
+ cert, key = Utils::create_self_signed_cert(1024, cn, comment)
15
+ config[:SSLCertificate] = cert
16
+ config[:SSLPrivateKey] = key
17
+ end
18
+ ctx = OpenSSL::SSL::SSLContext.new
19
+ ctx.set_params
20
+ ctx.ciphers = (CIPHERS - SmartProxyDynflowCore::Settings.instance.ssl_disabled_ciphers).join(':')
21
+ ctx.key = config[:SSLPrivateKey]
22
+ ctx.cert = config[:SSLCertificate]
23
+ ctx.client_ca = config[:SSLClientCA]
24
+ ctx.extra_chain_cert = config[:SSLExtraChainCert]
25
+ ctx.ca_file = config[:SSLCACertificateFile]
26
+ ctx.ca_path = config[:SSLCACertificatePath]
27
+ ctx.cert_store = config[:SSLCertificateStore]
28
+ ctx.tmp_dh_callback = config[:SSLTmpDhCallback]
29
+ ctx.verify_mode = config[:SSLVerifyClient]
30
+ ctx.verify_depth = config[:SSLVerifyDepth]
31
+ ctx.verify_callback = config[:SSLVerifyCallback]
32
+ ctx.timeout = config[:SSLTimeout]
33
+ ctx.options |= config[:SSLOptions] unless config[:SSLOptions].nil?
34
+ ctx
35
+ end
36
+ end
37
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: smart_proxy_dynflow_core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ivan Nečas
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-09-08 00:00:00.000000000 Z
11
+ date: 2017-05-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -206,8 +206,7 @@ dependencies:
206
206
  - - ">="
207
207
  - !ruby/object:Gem::Version
208
208
  version: '0'
209
- description: |2
210
- Use the Dynflow inside Foreman smart proxy
209
+ description: " Use the Dynflow inside Foreman smart proxy\n"
211
210
  email:
212
211
  - inecas@redhat.com
213
212
  executables:
@@ -232,6 +231,7 @@ files:
232
231
  - lib/smart_proxy_dynflow_core/settings.rb
233
232
  - lib/smart_proxy_dynflow_core/testing.rb
234
233
  - lib/smart_proxy_dynflow_core/version.rb
234
+ - lib/smart_proxy_dynflow_core/webrick-patch.rb
235
235
  - smart_proxy_dynflow_core.gemspec
236
236
  homepage: https://github.com/theforeman/smart_proxy_dynflow
237
237
  licenses:
@@ -253,7 +253,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
253
253
  version: '0'
254
254
  requirements: []
255
255
  rubyforge_project:
256
- rubygems_version: 2.4.5
256
+ rubygems_version: 2.5.1
257
257
  signing_key:
258
258
  specification_version: 4
259
259
  summary: Dynflow runtime for Foreman smart proxy