smart_proxy_dynflow_core 0.3.0 → 0.4.1

data/deploy/smart_proxy_dynflow_core.init

@@ -1,92 +0,0 @@
-#!/bin/bash
-#
-# Init script for foreman smart proxy dynflow core service
-#
-# chkconfig: - 85 15
-# description: Init script for foreman proxy dynflow core service
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-prog=smart_proxy_dynflow_core
-RETVAL=0
-SMART_PROXY_DYNFLOW_CORE_PID=/var/run/foreman-proxy/$prog.pid
-SMART_PROXY_DYNFLOW_CORE_USER=${SMART_PROXY_DYNFLOW_CORE_USER:-foreman-proxy}
-
-start() {
-    echo -n $"Starting $prog: "
-    ulimit -n 65536
-    daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} /usr/bin/smart_proxy_dynflow_core -d -p $SMART_PROXY_DYNFLOW_CORE_PID > /dev/null
-    RETVAL=$?
-    if [ $RETVAL = 0 ]
-    then
-        echo_success
-    else
-        echo_failure
-    fi
-
-    echo
-    return $RETVAL
-}
-
-stop() {
-    echo -n $"Stopping $prog: "
-    if [ -f ${SMART_PROXY_DYNFLOW_CORE_PID} ]; then
-        killproc -p ${SMART_PROXY_DYNFLOW_CORE_PID}
-        RETVAL=$?
-    else
-        echo -n $"$prog was not running.";
-        failure $"$prog was not running.";
-        echo
-        return 1
-    fi
-    echo
-    [ $RETVAL -eq 0 ] && rm -f ${SMART_PROXY_DYNFLOW_CORE_PID}
-    return $RETVAL
-}
-
-logrotate() {
-    echo -n $"Rotating logs for $prog: "
-    if [ -f ${SMART_PROXY_DYNFLOW_CORE_PID} ]; then
-        killproc -p ${SMART_PROXY_DYNFLOW_CORE_PID} $prog -USR1
-        RETVAL=$?
-        echo
-    else
-        echo -n $"$prog was not running.";
-        failure $"$prog was not running.";
-        echo
-        return 1
-    fi
-    return $RETVAL
-}
-
-# See how we were called.
-case "$1" in
-    start)
-        start
-    ;;
-    stop)
-        stop
-    ;;
-    status)
-        echo -n "$prog"
-        status -p $SMART_PROXY_DYNFLOW_CORE_PID
-        RETVAL=$?
-    ;;
-    restart)
-        stop
-        start
-    ;;
-    condrestart)
-        stop
-        [ $? -eq 0 ] && start
-    ;;
-    logrotate)
-        logrotate
-    ;;
-    *)
-        echo $"Usage: $prog {start|stop|restart|condrestart|logrotate}"
-        exit 1
-esac
-
-exit $RETVAL

data/deploy/smart_proxy_dynflow_core.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Foreman smart proxy dynflow core service
-Documentation=https://github.com/theforeman/smart_proxy_dynflow
-After=network.target remote-fs.target nss-lookup.target
-
-[Service]
-Type=notify
-User=foreman-proxy
-ExecStart=/usr/bin/smart_proxy_dynflow_core --no-daemonize
-EnvironmentFile=-/etc/sysconfig/smart_proxy_dynflow_core
-
-[Install]
-WantedBy=multi-user.target

data/lib/smart_proxy_dynflow_core/api.rb

@@ -1,89 +0,0 @@
-require 'sinatra/base'
-require 'multi_json'
-
-module SmartProxyDynflowCore
-  class Api < ::Sinatra::Base
-    TASK_UPDATE_REGEXP_PATH = %r{/tasks/(\S+)/(update|done)}
-    helpers Helpers
-
-    configure do
-      if Settings.instance.standalone
-        ::Sinatra::Base.set :logging, false
-        ::Sinatra::Base.use ::SmartProxyDynflowCore::RequestIdMiddleware
-        ::Sinatra::Base.use ::SmartProxyDynflowCore::LoggerMiddleware
-      end
-    end
-
-    before do
-      if match = request.path_info.match(TASK_UPDATE_REGEXP_PATH)
-        task_id = match[1]
-        action = match[2]
-        authorize_with_token(task_id: task_id, clear: action == 'done')
-      else
-        authorize_with_ssl_client
-      end
-      content_type :json
-    end
-
-    post "/tasks/status" do
-      params = MultiJson.load(request.body.read)
-      ids = params.fetch('task_ids', [])
-      result = world.persistence
-                    .find_execution_plans(:filters => { :uuid => ids }).reduce({}) do |acc, plan|
-        acc.update(plan.id => { 'state' => plan.state, 'result' => plan.result })
-      end
-      MultiJson.dump(result)
-    end
-
-    post "/tasks/launch/?" do
-      params = MultiJson.load(request.body.read)
-      launcher = launcher_class(params).new(world, callback_host(params, request), params.fetch('options', {}))
-      launcher.launch!(params['input'])
-      launcher.results.to_json
-    end
-
-    post "/tasks/?" do
-      params = MultiJson.load(request.body.read)
-      trigger_task(::Dynflow::Utils.constantize(params['action_name']),
-                   params['action_input'].merge(:callback_host => callback_host(params, request))).to_json
-    end
-
-    post "/tasks/:task_id/cancel" do |task_id|
-      cancel_task(task_id).to_json
-    end
-
-    get "/tasks/:task_id/status" do |task_id|
-      task_status(task_id).to_json
-    end
-
-    get "/tasks/count" do
-      tasks_count(params['state']).to_json
-    end
-
-    # capturing post "/tasks/:task_id/(update|done)"
-    post TASK_UPDATE_REGEXP_PATH do |task_id, _action|
-      data = MultiJson.load(request.body.read)
-      dispatch_external_event(task_id, data)
-    end
-
-    get "/tasks/operations" do
-      TaskLauncherRegistry.operations.to_json
-    end
-
-    private
-
-    def callback_host(params, request)
-      params.fetch('action_input', {})['proxy_url'] ||
-        request.env.values_at('HTTP_X_FORWARDED_FOR', 'HTTP_HOST').compact.first
-    end
-
-    def launcher_class(params)
-      operation = params.fetch('operation')
-      if TaskLauncherRegistry.key?(operation)
-        TaskLauncherRegistry.fetch(operation)
-      else
-        halt 404, MultiJson.dump(:error => "Unknown operation '#{operation}' requested.")
-      end
-    end
-  end
-end

data/lib/smart_proxy_dynflow_core/bundler_helper.rb

@@ -1,30 +0,0 @@
-module SmartProxyDynflowCore
-  class BundlerHelper
-    def self.require_groups(*groups)
-      if File.exist?(File.expand_path('../../../Gemfile.in', __FILE__))
-        # If there is a Gemfile.in file, we will not use Bundler but BundlerExt
-        # gem which parses this file and loads all dependencies from the system
-        # rathern then trying to download them from rubygems.org. It always
-        # loads all gemfile groups.
-        begin
-          require 'bundler_ext' unless defined?(BundlerExt)
-        rescue LoadError
-          # Debian packaging guidelines state to avoid needing rubygems, so
-          # we only try to load it if the first require fails (for RPMs)
-          begin
-            require 'rubygems' rescue nil
-            require 'bundler_ext'
-          rescue LoadError
-            puts "`bundler_ext` gem is required to run smart_proxy"
-            exit 1
-          end
-        end
-        BundlerExt.system_require(File.expand_path('../../../Gemfile.in', __FILE__), *groups)
-      else
-        require 'bundler' unless defined?(Bundler)
-        Bundler.require(*groups)
-      end
-    end
-    # rubocop:enable Metrics/PerceivedComplexity
-  end
-end

data/lib/smart_proxy_dynflow_core/callback.rb

@@ -1,85 +0,0 @@
-require 'rest-client'
-
-# rubocop:disable Lint/HandleExceptions
-begin
-  require 'smart_proxy_dynflow/callback'
-rescue LoadError
-end
-# rubocop:enable Lint/HandleExceptions
-
-module SmartProxyDynflowCore
-  module Callback
-    class Request
-      class << self
-        def send_to_foreman_tasks(callback_info, data)
-          self.new.callback(prepare_payload(callback_info, data))
-        end
-
-        def ssl_options
-          return @ssl_options if defined? @ssl_options
-          @ssl_options = {}
-          settings = Settings.instance
-          return @ssl_options unless URI.parse(settings.foreman_url).scheme == 'https'
-
-          @ssl_options[:verify_ssl] = OpenSSL::SSL::VERIFY_PEER
-
-          private_key_file = settings.foreman_ssl_key || settings.ssl_private_key
-          if private_key_file
-            private_key = File.read(private_key_file)
-            @ssl_options[:ssl_client_key] = OpenSSL::PKey::RSA.new(private_key)
-          end
-          certificate_file = settings.foreman_ssl_cert || settings.ssl_certificate
-          if certificate_file
-            certificate = File.read(certificate_file)
-            @ssl_options[:ssl_client_cert] = OpenSSL::X509::Certificate.new(certificate)
-          end
-          ca_file = settings.foreman_ssl_ca || settings.ssl_ca_file
-          @ssl_options[:ssl_ca_file] = ca_file if ca_file
-          @ssl_options
-        end
-        # rubocop:enable Metrics/PerceivedComplexity
-
-        private
-
-        def prepare_payload(callback, data)
-          { :callback => callback, :data => data }.to_json
-        end
-      end
-
-      def callback(payload)
-        response = callback_resource.post(payload, :content_type => :json)
-        if response.code.to_s != "200"
-          raise "Failed performing callback to Foreman server: #{response.code} #{response.body}"
-        end
-        response
-      end
-
-      private
-
-      def callback_resource
-        @resource ||= RestClient::Resource.new(Settings.instance.foreman_url + '/foreman_tasks/api/tasks/callback',
-                                               self.class.ssl_options)
-      end
-    end
-
-    class Action < ::Dynflow::Action
-      def plan(callback, data)
-        plan_self(:callback => callback, :data => data)
-      end
-
-      def run
-        Callback::Request.send_to_foreman_tasks(input[:callback], input[:data])
-      end
-    end
-
-    module PlanHelper
-      def plan_with_callback(input)
-        input = input.dup
-        callback = input.delete('callback')
-
-        planned_action = plan_self(input)
-        plan_action(Callback::Action, callback, planned_action.output) if callback
-      end
-    end
-  end
-end

data/lib/smart_proxy_dynflow_core/core.rb

@@ -1,124 +0,0 @@
-module SmartProxyDynflowCore
-  class Core
-    attr_accessor :world, :accepted_cert_serial
-
-    def initialize
-      @world = create_world
-      cert_file = Settings.instance.foreman_ssl_cert || Settings.instance.ssl_certificate
-      if cert_file
-        client_cert = File.read(cert_file)
-        # we trust only requests using the same certificate as we are
-        # (in other words the local proxy only)
-        @accepted_cert_serial = OpenSSL::X509::Certificate.new(client_cert).serial
-      end
-    end
-
-    def create_world(&block)
-      config = default_world_config(&block)
-      world = ::Dynflow::World.new(config)
-      world.middleware.use ::Actions::Middleware::KeepCurrentRequestID
-      world
-    end
-
-    def persistence_conn_string
-      return ENV['DYNFLOW_DB_CONN_STRING'] if ENV.key? 'DYNFLOW_DB_CONN_STRING'
-      db_conn_string = 'sqlite:/'
-
-      db_file = Settings.instance.database
-      if db_file.nil? || db_file.empty?
-        Log.instance.warn "Could not open DB for dynflow at '#{db_file}', " \
-                          "will keep data in memory. Restart will drop all dynflow data."
-      else
-        db_conn_string += "/#{db_file}"
-      end
-
-      db_conn_string
-    end
-
-    def persistence_adapter
-      ::Dynflow::PersistenceAdapters::Sequel.new persistence_conn_string
-    end
-
-    def default_world_config
-      ::Dynflow::Config.new.tap do |config|
-        config.auto_rescue = true
-        config.logger_adapter = logger_adapter
-        config.persistence_adapter = persistence_adapter
-        config.execution_plan_cleaner = execution_plan_cleaner
-        # TODO: There has to be a better way
-        matchers = config.silent_dead_letter_matchers.call.concat(self.class.silencer_matchers)
-        config.silent_dead_letter_matchers = matchers
-        yield config if block_given?
-      end
-    end
-
-    def logger_adapter
-      if Settings.instance.standalone
-        Log::ProxyAdapter.new(Log.instance, Log.instance.level)
-      else
-        Log::ProxyAdapter.new(Proxy::LogBuffer::Decorator.instance, Log.instance.level)
-      end
-    end
-
-    def execution_plan_cleaner
-      proc do |world|
-        age = Settings.instance.execution_plan_cleaner_age
-        options = { :poll_interval => age, :max_age => age }
-        ::Dynflow::Actors::ExecutionPlanCleaner.new(world, options)
-      end
-    end
-
-    class << self
-      attr_reader :instance
-
-      def ensure_initialized
-        return @instance if @instance
-        @instance = Core.new
-        after_initialize_blocks.each { |block| block.call(@instance) }
-        @instance
-      end
-
-      def silencer_matchers
-        @matchers ||= []
-      end
-
-      def register_silencer_matchers(matchers)
-        silencer_matchers.concat matchers
-      end
-
-      def web_console
-        require 'dynflow/web'
-        dynflow_console = ::Dynflow::Web.setup do
-          # we can't use the proxy's after_activation hook, as
-          # it happens before the Daemon forks the process (including
-          # closing opened file descriptors)
-          # TODO: extend smart proxy to enable hooks that happen after
-          # the forking
-          helpers Helpers
-
-          before do
-            authorize_with_ssl_client if Settings.instance.console_auth
-          end
-
-          Core.ensure_initialized
-          set :world, Core.world
-        end
-        dynflow_console
-      end
-
-      def world
-        instance.world
-      end
-
-      def after_initialize(&block)
-        after_initialize_blocks << block
-      end
-
-      private
-
-      def after_initialize_blocks
-        @after_initialize_blocks ||= []
-      end
-    end
-  end
-end

data/lib/smart_proxy_dynflow_core/helpers.rb

@@ -1,73 +0,0 @@
-module SmartProxyDynflowCore
-  module Helpers
-    def world
-      SmartProxyDynflowCore::Core.world
-    end
-
-    def authorize_with_token(task_id:, clear: true)
-      if request.env.key? 'HTTP_AUTHORIZATION'
-        if defined?(::ForemanTasksCore)
-          auth = request.env['HTTP_AUTHORIZATION']
-          basic_prefix = /\ABasic /
-          if !auth.to_s.empty? && auth =~ basic_prefix &&
-             ForemanTasksCore::OtpManager.authenticate(auth.gsub(basic_prefix, ''),
-                                                       expected_user: task_id, clear: clear)
-            Log.instance.debug('authorized with token')
-            return true
-          end
-        end
-        halt 403, MultiJson.dump(:error => 'Invalid username or password supplied')
-      end
-      false
-    end
-
-    def authorize_with_ssl_client
-      if %w[yes on 1].include? request.env['HTTPS'].to_s
-        if request.env['SSL_CLIENT_CERT'].to_s.empty?
-          Log.instance.error "No client SSL certificate supplied"
-          halt 403, MultiJson.dump(:error => "No client SSL certificate supplied")
-        else
-          client_cert = OpenSSL::X509::Certificate.new(request.env['SSL_CLIENT_CERT'])
-          unless SmartProxyDynflowCore::Core.instance.accepted_cert_serial == client_cert.serial
-            Log.instance.error "SSL certificate with unexpected serial supplied"
-            halt 403, MultiJson.dump(:error => "SSL certificate with unexpected serial supplied")
-          end
-        end
-      else
-        Log.instance.debug 'require_ssl_client_verification: skipping, non-HTTPS request'
-      end
-    end
-
-    def trigger_task(*args)
-      triggered = world.trigger(*args)
-      { :task_id => triggered.id }
-    end
-
-    def cancel_task(task_id)
-      execution_plan = world.persistence.load_execution_plan(task_id)
-      cancel_events = execution_plan.cancel
-      { :task_id => task_id, :canceled_steps_count => cancel_events.size }
-    end
-
-    def task_status(task_id)
-      ep = world.persistence.load_execution_plan(task_id)
-      ep.to_hash.merge(:actions => ep.actions.map(&:to_hash))
-    rescue KeyError => _e
-      status 404
-      {}
-    end
-
-    def tasks_count(state)
-      state ||= 'all'
-      filter = state != 'all' ? { :filters => { :state => [state] } } : {}
-      tasks = world.persistence.find_execution_plans(filter)
-      { :count => tasks.count, :state => state }
-    end
-
-    def dispatch_external_event(task_id, params)
-      world.event(task_id,
-                  params['step_id'].to_i,
-                  ::ForemanTasksCore::Runner::ExternalEvent.new(params))
-    end
-  end
-end