smart_proxy_dynflow_core 0.1.5 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/config/settings.yml.example +6 -0
- data/deploy/smart_proxy_dynflow_core.init +1 -0
- data/deploy/smart_proxy_dynflow_core.service +1 -0
- data/lib/smart_proxy_dynflow_core/launcher.rb +11 -2
- data/lib/smart_proxy_dynflow_core/log.rb +25 -1
- data/lib/smart_proxy_dynflow_core/settings.rb +2 -1
- data/lib/smart_proxy_dynflow_core/version.rb +1 -1
- data/lib/smart_proxy_dynflow_core/webrick-patch.rb +37 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ae526e7d72f4b4ee46d8bcfa40e64f6790491ff1
|
|
4
|
+
data.tar.gz: 5ed7ee98098fd949f9619465cc7362fbce43b157
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1eeaf64c14cdba89b6a787082c603aca475e941935e8307b695ab4bef84bcb258907453cb368a6d5992565217921c8bed405968191bc773cd50f99ee0bde603c
|
|
7
|
+
data.tar.gz: b1aa187080d29a83a79a014afe9434b3876bdc31e55c9e50f1227eb0f429d66075f4387d9746808a5d18e4bc6eb5e9649a8bc8defbb6258df9fac6e799a32183
|
data/config/settings.yml.example
CHANGED
|
@@ -28,6 +28,12 @@
|
|
|
28
28
|
# :ssl_private_key: ssl/localhost.pem
|
|
29
29
|
# :ssl_certificate: ssl/certs/localhost.pem
|
|
30
30
|
|
|
31
|
+
# Use this option only if you need to disable certain cipher suites.
|
|
32
|
+
# Note: we use the OpenSSL suite name, take a look at:
|
|
33
|
+
# https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-SUITE-NAMES
|
|
34
|
+
# for more information.
|
|
35
|
+
#:ssl_disabled_ciphers: [CIPHER-SUITE-1, CIPHER-SUITE-2]
|
|
36
|
+
|
|
31
37
|
# File to log to, leave empty for logging to STDOUT
|
|
32
38
|
# :log_file: /var/log/foreman-proxy/smart_proxy_dynflow_core.log
|
|
33
39
|
|
|
@@ -15,6 +15,7 @@ SMART_PROXY_DYNFLOW_CORE_USER=${SMART_PROXY_DYNFLOW_CORE_USER:-foreman-proxy}
|
|
|
15
15
|
|
|
16
16
|
start() {
|
|
17
17
|
echo -n $"Starting $prog: "
|
|
18
|
+
ulimit -n 65536
|
|
18
19
|
daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} /usr/bin/smart_proxy_dynflow_core -d -p $SMART_PROXY_DYNFLOW_CORE_PID > /dev/null
|
|
19
20
|
RETVAL=$?
|
|
20
21
|
if [ $RETVAL = 0 ]
|
|
@@ -8,6 +8,7 @@ Type=forking
|
|
|
8
8
|
User=foreman-proxy
|
|
9
9
|
PIDFile=/var/run/foreman-proxy/smart_proxy_dynflow_core.pid
|
|
10
10
|
ExecStart=/usr/bin/smart_proxy_dynflow_core -d -p /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
|
|
11
|
+
LimitNOFILE=65536
|
|
11
12
|
|
|
12
13
|
[Install]
|
|
13
14
|
WantedBy=multi-user.target
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'webrick/https'
|
|
2
2
|
require 'smart_proxy_dynflow_core/bundler_helper'
|
|
3
3
|
require 'smart_proxy_dynflow_core/settings'
|
|
4
|
+
require 'smart_proxy_dynflow_core/webrick-patch'
|
|
4
5
|
module SmartProxyDynflowCore
|
|
5
6
|
class Launcher
|
|
6
7
|
|
|
@@ -11,6 +12,7 @@ module SmartProxyDynflowCore
|
|
|
11
12
|
def start(options)
|
|
12
13
|
load_settings!(options)
|
|
13
14
|
Settings.instance.standalone = true
|
|
15
|
+
install_usr1_trap
|
|
14
16
|
Rack::Server.new(rack_settings).start
|
|
15
17
|
end
|
|
16
18
|
|
|
@@ -42,6 +44,12 @@ module SmartProxyDynflowCore
|
|
|
42
44
|
end
|
|
43
45
|
end
|
|
44
46
|
|
|
47
|
+
def install_usr1_trap
|
|
48
|
+
trap(:USR1) do
|
|
49
|
+
Log.instance.roll_log
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
45
53
|
private
|
|
46
54
|
|
|
47
55
|
def rack_settings
|
|
@@ -66,10 +74,11 @@ module SmartProxyDynflowCore
|
|
|
66
74
|
:app => app,
|
|
67
75
|
:Host => Settings.instance.listen,
|
|
68
76
|
:Port => Settings.instance.port,
|
|
69
|
-
:AccessLog => [[Log.
|
|
77
|
+
:AccessLog => [[Log.instance, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
|
|
70
78
|
:Logger => Log.instance,
|
|
71
79
|
:daemonize => Settings.instance.daemonize,
|
|
72
|
-
:pid => Settings.instance.pid_file
|
|
80
|
+
:pid => Settings.instance.pid_file,
|
|
81
|
+
:server => :webrick
|
|
73
82
|
}
|
|
74
83
|
end
|
|
75
84
|
|
|
@@ -8,7 +8,7 @@ module SmartProxyDynflowCore
|
|
|
8
8
|
class << self
|
|
9
9
|
def instance
|
|
10
10
|
if @logger.nil?
|
|
11
|
-
@logger =
|
|
11
|
+
@logger = self.new log_file
|
|
12
12
|
@logger.level = log_level
|
|
13
13
|
end
|
|
14
14
|
@logger
|
|
@@ -40,6 +40,30 @@ module SmartProxyDynflowCore
|
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
def initialize(file, *rest)
|
|
44
|
+
@file = file
|
|
45
|
+
@fd = @file.kind_of?(IO) ? @file : File.open(@file, 'a')
|
|
46
|
+
@fd.sync = true
|
|
47
|
+
super(@fd, rest)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def add(*args)
|
|
51
|
+
handle_log_rolling if @roll_log
|
|
52
|
+
super(*args)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def roll_log
|
|
56
|
+
@roll_log = true
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def handle_log_rolling
|
|
60
|
+
@roll_log = false
|
|
61
|
+
unless @file.kind_of? IO
|
|
62
|
+
@fd.reopen @file, 'a'
|
|
63
|
+
@fd.sync = true
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
43
67
|
class ProxyAdapter < ::Dynflow::LoggerAdapters::Simple
|
|
44
68
|
def initialize(logger, level = Logger::DEBUG, formatters = [::Dynflow::LoggerAdapters::Formatters::Exception])
|
|
45
69
|
@logger = logger
|
|
@@ -30,6 +30,7 @@ module SmartProxyDynflowCore
|
|
|
30
30
|
:ssl_ca_file => nil,
|
|
31
31
|
:ssl_private_key => nil,
|
|
32
32
|
:ssl_certificate => nil,
|
|
33
|
+
:ssl_disabled_ciphers => [],
|
|
33
34
|
:foreman_ssl_ca => nil,
|
|
34
35
|
:foreman_ssl_key => nil,
|
|
35
36
|
:foreman_ssl_cert => nil,
|
|
@@ -44,7 +45,7 @@ module SmartProxyDynflowCore
|
|
|
44
45
|
|
|
45
46
|
PROXY_SETTINGS = [:ssl_ca_file, :ssl_certificate, :ssl_private_key, :foreman_url,
|
|
46
47
|
:foreman_ssl_ca, :foreman_ssl_cert, :foreman_ssl_key,
|
|
47
|
-
:log_file, :log_level]
|
|
48
|
+
:log_file, :log_level, :ssl_disabled_ciphers]
|
|
48
49
|
PLUGIN_SETTINGS = [:database, :core_url, :console_auth]
|
|
49
50
|
|
|
50
51
|
def initialize(settings = {})
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require 'webrick/https'
|
|
2
|
+
|
|
3
|
+
CIPHERS = ['ECDHE-RSA-AES128-GCM-SHA256','ECDHE-RSA-AES256-GCM-SHA384',
|
|
4
|
+
'ECDHE-RSA-AES128-CBC-SHA','ECDHE-RSA-AES256-CBC-SHA',
|
|
5
|
+
'AES128-GCM-SHA256','AES256-GCM-SHA384','AES128-SHA256',
|
|
6
|
+
'AES256-SHA256','AES128-SHA','AES256-SHA']
|
|
7
|
+
|
|
8
|
+
module WEBrick
|
|
9
|
+
class GenericServer
|
|
10
|
+
def setup_ssl_context(config) # :nodoc:
|
|
11
|
+
unless config[:SSLCertificate]
|
|
12
|
+
cn = config[:SSLCertName]
|
|
13
|
+
comment = config[:SSLCertComment]
|
|
14
|
+
cert, key = Utils::create_self_signed_cert(1024, cn, comment)
|
|
15
|
+
config[:SSLCertificate] = cert
|
|
16
|
+
config[:SSLPrivateKey] = key
|
|
17
|
+
end
|
|
18
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
|
19
|
+
ctx.set_params
|
|
20
|
+
ctx.ciphers = (CIPHERS - SmartProxyDynflowCore::Settings.instance.ssl_disabled_ciphers).join(':')
|
|
21
|
+
ctx.key = config[:SSLPrivateKey]
|
|
22
|
+
ctx.cert = config[:SSLCertificate]
|
|
23
|
+
ctx.client_ca = config[:SSLClientCA]
|
|
24
|
+
ctx.extra_chain_cert = config[:SSLExtraChainCert]
|
|
25
|
+
ctx.ca_file = config[:SSLCACertificateFile]
|
|
26
|
+
ctx.ca_path = config[:SSLCACertificatePath]
|
|
27
|
+
ctx.cert_store = config[:SSLCertificateStore]
|
|
28
|
+
ctx.tmp_dh_callback = config[:SSLTmpDhCallback]
|
|
29
|
+
ctx.verify_mode = config[:SSLVerifyClient]
|
|
30
|
+
ctx.verify_depth = config[:SSLVerifyDepth]
|
|
31
|
+
ctx.verify_callback = config[:SSLVerifyCallback]
|
|
32
|
+
ctx.timeout = config[:SSLTimeout]
|
|
33
|
+
ctx.options |= config[:SSLOptions] unless config[:SSLOptions].nil?
|
|
34
|
+
ctx
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_dynflow_core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-05-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -206,8 +206,7 @@ dependencies:
|
|
|
206
206
|
- - ">="
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
208
|
version: '0'
|
|
209
|
-
description:
|
|
210
|
-
Use the Dynflow inside Foreman smart proxy
|
|
209
|
+
description: " Use the Dynflow inside Foreman smart proxy\n"
|
|
211
210
|
email:
|
|
212
211
|
- inecas@redhat.com
|
|
213
212
|
executables:
|
|
@@ -232,6 +231,7 @@ files:
|
|
|
232
231
|
- lib/smart_proxy_dynflow_core/settings.rb
|
|
233
232
|
- lib/smart_proxy_dynflow_core/testing.rb
|
|
234
233
|
- lib/smart_proxy_dynflow_core/version.rb
|
|
234
|
+
- lib/smart_proxy_dynflow_core/webrick-patch.rb
|
|
235
235
|
- smart_proxy_dynflow_core.gemspec
|
|
236
236
|
homepage: https://github.com/theforeman/smart_proxy_dynflow
|
|
237
237
|
licenses:
|
|
@@ -253,7 +253,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
253
253
|
version: '0'
|
|
254
254
|
requirements: []
|
|
255
255
|
rubyforge_project:
|
|
256
|
-
rubygems_version: 2.
|
|
256
|
+
rubygems_version: 2.5.1
|
|
257
257
|
signing_key:
|
|
258
258
|
specification_version: 4
|
|
259
259
|
summary: Dynflow runtime for Foreman smart proxy
|