smart_proxy_dynflow_core 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/bin/smart_proxy_dynflow_core +9 -1
  3. data/config/settings.yml.example +18 -3
  4. data/deploy/smart_proxy_dynflow_core.init +2 -6
  5. data/deploy/smart_proxy_dynflow_core.service +3 -4
  6. data/lib/smart_proxy_dynflow_core/callback.rb +29 -19
  7. data/lib/smart_proxy_dynflow_core/core.rb +9 -2
  8. data/lib/smart_proxy_dynflow_core/helpers.rb +7 -0
  9. data/lib/smart_proxy_dynflow_core/launcher.rb +8 -5
  10. data/lib/smart_proxy_dynflow_core/settings.rb +8 -4
  11. data/lib/smart_proxy_dynflow_core/version.rb +1 -1
  12. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 05e52d07afb1e6ed23416a5f7d01a5c69df9fa02
4
- data.tar.gz: d6d6b8e5549ebf91138f77e4bf5dc44ca924df50
3
+ metadata.gz: aea249b437a5dbb1733238540d317b5ece223d8e
4
+ data.tar.gz: 534cc45d145d741845b0719848d67dd4d60aa39d
5
5
  SHA512:
6
- metadata.gz: e0eca67a30067038b0fc1cc2104011ea43612d36197f723287bb11943c77df9499771888d528406cf03a6a5e43815725d960397641cc491c4b73ad86379bdf59
7
- data.tar.gz: f1f9060ff0d134af8bc22899e8d3e0af3fa46e866117b4a273b1e9a5dd567297985392a57523c0d8430da26e5eb8ac8ea2efe48eff46f3480f8744054608fb51
6
+ metadata.gz: a42b78b3eeb087847016050dad2e36218e8c908ea7557d33bddd5049dacd60caf3405e521626be53d8e05d45c9c762c04b5d9d1d35da26150763c050cde955c1
7
+ data.tar.gz: a512036ed6b11ec0b077d2e29d56beaf2f4d2c1bfb6f45b0b4e00c5719178f2d05870184f968c393ad56ff4194892148d4128cbc7407885d3db0a2a95b4d8e92
data/bin/smart_proxy_dynflow_core CHANGED
@@ -11,10 +11,18 @@ OptionParser.new do |opts|
11
11
  options[:config_dir] = value
12
12
  end
13
13
 
14
- opts.on('-1', '--one-config', String, 'Do not load more than 1 config') do |value|
14
+ opts.on('-1', '--one-config', 'Do not load more than 1 config') do |value|
15
15
  options[:one_config] = true
16
16
  end
17
17
 
18
+ opts.on('-d', '--[no-]daemonize', 'Fork to background after start') do |value|
19
+ options[:daemonize] = value
20
+ end
21
+
22
+ opts.on('-p', '--pid-file PID_FILE', String, 'Write pid to this file') do |value|
23
+ options[:pid_file] = value
24
+ end
25
+
18
26
  opts.on_tail('-h', '--help', 'Show usage help') do
19
27
  puts opts
20
28
  exit
data/config/settings.yml.example CHANGED
@@ -2,8 +2,19 @@
2
2
  # Path to dynflow database, leave blank for in-memory non-persistent database
3
3
  :database:
4
4
 
5
- # URL of the smart proxy, used for reporting back
6
- :callback_url: 'https://localhost:8443'
5
+ # URL of the foreman, used for reporting back
6
+ :foreman_url: 'http://localhost:3000'
7
+
8
+ # SSL settings for client authentication against Foreman
9
+ # :foreman_ssl_ca: ssl/foreman_ca.pem
10
+ # :foreman_ssl_key: ssl/foreman_key.pem
11
+ # :foreman_ssl_cert: ssl/foreman_cert.pem
12
+
13
+ :console_auth: false
14
+
15
+ # Set to true to make the core fork to background after start
16
+ # :daemonize: false
17
+ # :pid_file: /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
7
18
 
8
19
  # Listen on address
9
20
  :listen: 127.0.0.1
@@ -11,10 +22,14 @@
11
22
  # Listen on port
12
23
  :port: 8008
13
24
 
14
- # SSL settings for client authentication against smart proxy.
25
+ # SSL settings for running core as https service
15
26
  # :use_https: false
16
27
  # :ssl_ca_file: ssl/ca.pem
17
28
  # :ssl_private_key: ssl/localhost.pem
18
29
  # :ssl_certificate: ssl/certs/localhost.pem
19
30
 
31
+ # File to log to, leave empty for logging to STDOUT
20
32
  # :log_file: /var/log/foreman-proxy/smart_proxy_dynflow_core.log
33
+
34
+ # Log level, one of UNKNOWN, FATAL, ERROR, WARN, INFO, DEBUG
35
+ # :log_level: ERROR
data/deploy/smart_proxy_dynflow_core.init CHANGED
@@ -10,16 +10,12 @@
10
10
 
11
11
  prog=smart_proxy_dynflow_core
12
12
  RETVAL=0
13
- SMART_PROXY_DYNFLOW_SCL_ROOT=/opt/theforeman/tfm/root
14
- SMART_PROXY_DYNFLOW_CORE_PID=${SMART_PROXY_DYNFLOW_SCL_ROOT}/var/run/$prog/$prog.pid
13
+ SMART_PROXY_DYNFLOW_CORE_PID=/var/run/foreman-proxy/$prog.pid
15
14
  SMART_PROXY_DYNFLOW_CORE_USER=${SMART_PROXY_DYNFLOW_CORE_USER:-foreman-proxy}
16
15
 
17
- . /opt/theforeman/tfm/service-environment
18
- . scl_source enable $TFM_SCLS_ENABLED
19
-
20
16
  start() {
21
17
  echo -n $"Starting $prog: "
22
- daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} ${SMART_PROXY_DYNFLOW_SCL_ROOT}/usr/bin/smart_proxy_dynflow_core > /dev/null
18
+ daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} /usr/bin/smart_proxy_dynflow_core -d -p $SMART_PROXY_DYNFLOW_CORE_PID > /dev/null
23
19
  RETVAL=$?
24
20
  if [ $RETVAL = 0 ]
25
21
  then
data/deploy/smart_proxy_dynflow_core.service CHANGED
@@ -4,11 +4,10 @@ Documentation=https://github.com/theforeman/smart_proxy_dynflow
4
4
  After=network.target remote-fs.target nss-lookup.target
5
5
 
6
6
  [Service]
7
- Type=simple
7
+ Type=forking
8
8
  User=foreman-proxy
9
- PIDFile=/opt/theforeman/tfm/root/var/run/smart_proxy_dynflow_core/smart_proxy_dynflow_core.pid
10
- EnvironmentFile=/opt/theforeman/tfm/service-environment
11
- ExecStart=/usr/bin/scl enable $TFM_SCLS_ENABLED -- /opt/theforeman/tfm/root/usr/bin/smart_proxy_dynflow_core
9
+ PIDFile=/var/run/foreman-proxy/smart_proxy_dynflow_core.pid
10
+ ExecStart=/usr/bin/smart_proxy_dynflow_core -d -p /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
12
11
 
13
12
  [Install]
14
13
  WantedBy=multi-user.target
data/lib/smart_proxy_dynflow_core/callback.rb CHANGED
@@ -10,15 +10,15 @@ module SmartProxyDynflowCore
10
10
  module Callback
11
11
  class Request
12
12
  def callback(payload)
13
- response = callback_resource.post payload
14
- if response.code != 200
15
- raise "Failed performing callback to smart proxy: #{response.code} #{response.body}"
13
+ response = callback_resource.post(payload, :content_type => :json)
14
+ if response.code.to_s != "200"
15
+ raise "Failed performing callback to Foreman server: #{response.code} #{response.body}"
16
16
  end
17
17
  response
18
18
  end
19
19
 
20
- def self.callback(callback, data)
21
- self.new.callback(self.prepare_payload(callback, data))
20
+ def self.send_to_foreman_tasks(callback_info, data)
21
+ self.new.callback(self.prepare_payload(callback_info, data))
22
22
  end
23
23
 
24
24
  private
@@ -28,20 +28,31 @@ module SmartProxyDynflowCore
28
28
  end
29
29
 
30
30
  def callback_resource
31
- @resource ||= RestClient::Resource.new Settings.instance.callback_url + '/dynflow/tasks/callback',
32
- ssl_options
31
+ @resource ||= RestClient::Resource.new(Settings.instance.foreman_url + '/foreman_tasks/api/tasks/callback',
32
+ self.class.ssl_options)
33
33
  end
34
34
 
35
- def ssl_options
36
- return {} unless Settings.instance.use_https
37
- client_key = File.read Settings.instance.ssl_private_key
38
- client_cert = File.read Settings.instance.ssl_certificate
39
- {
40
- :ssl_client_cert => OpenSSL::X509::Certificate.new(client_cert),
41
- :ssl_client_key => OpenSSL::PKey::RSA.new(client_key),
42
- :ssl_ca_file => Settings.instance.ssl_ca_file,
43
- :verify_ssl => OpenSSL::SSL::VERIFY_PEER
44
- }
35
+ def self.ssl_options
36
+ return @ssl_options if defined? @ssl_options
37
+ @ssl_options = {}
38
+ settings = Settings.instance
39
+ return @ssl_options unless URI.parse(settings.foreman_url).scheme == 'https'
40
+
41
+ @ssl_options[:verify_ssl] = OpenSSL::SSL::VERIFY_PEER
42
+
43
+ private_key_file = settings.foreman_ssl_key || settings.ssl_private_key
44
+ if private_key_file
45
+ private_key = File.read(private_key_file)
46
+ @ssl_options[:ssl_client_key] = OpenSSL::PKey::RSA.new(private_key)
47
+ end
48
+ certificate_file = settings.foreman_ssl_cert || settings.ssl_certificate
49
+ if certificate_file
50
+ certificate = File.read(certificate_file)
51
+ @ssl_options[:ssl_client_cert] = OpenSSL::X509::Certificate.new(certificate)
52
+ end
53
+ ca_file = settings.foreman_ssl_ca || settings.ssl_ca_file
54
+ @ssl_options[:ssl_ca_file] = ca_file if ca_file
55
+ @ssl_options
45
56
  end
46
57
  end
47
58
 
@@ -51,8 +62,7 @@ module SmartProxyDynflowCore
51
62
  end
52
63
 
53
64
  def run
54
- callback = (Settings.instance.standalone ? Callback::Request : Proxy::Dynflow::Callback::Request).new
55
- callback.callback(SmartProxyDynflowCore::Callback::Request.prepare_payload(input[:callback], input[:data]))
65
+ Callback::Request.send_to_foreman_tasks(input[:callback], input[:data])
56
66
  end
57
67
  end
58
68
 
data/lib/smart_proxy_dynflow_core/core.rb CHANGED
@@ -1,10 +1,17 @@
1
1
  module SmartProxyDynflowCore
2
2
  class Core
3
3
 
4
- attr_accessor :world
4
+ attr_accessor :world, :accepted_cert_serial
5
5
 
6
6
  def initialize
7
7
  @world = create_world
8
+ cert_file = Settings.instance.foreman_ssl_cert || Settings.instance.ssl_certificate
9
+ if cert_file
10
+ client_cert = File.read(cert_file)
11
+ # we trust only requests using the same certificate as we are
12
+ # (in other words the local proxy only)
13
+ @accepted_cert_serial = OpenSSL::X509::Certificate.new(client_cert).serial
14
+ end
8
15
  end
9
16
 
10
17
  def create_world(&block)
@@ -68,7 +75,7 @@ module SmartProxyDynflowCore
68
75
  helpers Helpers
69
76
 
70
77
  before do
71
- authorize_with_ssl_client
78
+ authorize_with_ssl_client if Settings.instance.console_auth
72
79
  end
73
80
 
74
81
  Core.ensure_initialized
data/lib/smart_proxy_dynflow_core/helpers.rb CHANGED
@@ -10,6 +10,13 @@ module SmartProxyDynflowCore
10
10
  status 403
11
11
  Log.instance.error "No client SSL certificate supplied"
12
12
  halt MultiJson.dump(:error => "No client SSL certificate supplied")
13
+ else
14
+ client_cert = OpenSSL::X509::Certificate.new(request.env['SSL_CLIENT_CERT'])
15
+ unless SmartProxyDynflowCore::Core.instance.accepted_cert_serial == client_cert.serial
16
+ Log.instance.error "SSL certificate with unexpected serial supplied"
17
+ halt MultiJson.dump(:error => "SSL certificate with unexpected serial supplied")
18
+ status 403
19
+ end
13
20
  end
14
21
  else
15
22
  Log.instance.debug 'require_ssl_client_verification: skipping, non-HTTPS request'
data/lib/smart_proxy_dynflow_core/launcher.rb CHANGED
@@ -9,13 +9,13 @@ module SmartProxyDynflowCore
9
9
  end
10
10
 
11
11
  def start(options)
12
- load_settings!(options[:config_dir], options[:one_config])
12
+ load_settings!(options)
13
13
  Settings.instance.standalone = true
14
- Core.ensure_initialized
15
14
  Rack::Server.new(rack_settings).start
16
15
  end
17
16
 
18
- def load_settings!(config_dir = nil, one_config = false)
17
+ def load_settings!(options = {})
18
+ config_dir, one_config = options.values_at(:config_dir, :one_config)
19
19
  possible_config_dirs = [
20
20
  '/etc/smart_proxy_dynflow_core',
21
21
  File.expand_path('~/.config/smart_proxy_dynflow_core'),
@@ -27,6 +27,8 @@ module SmartProxyDynflowCore
27
27
  possible_config_dirs.select { |config_dir| File.directory? config_dir }.each do |config_dir|
28
28
  break if load_config_dir(config_dir) && one_config
29
29
  end
30
+ Settings.instance.daemonize = options[:daemonize] if options.key?(:daemonize)
31
+ Settings.instance.pid_file = options[:pid_file] if options.key?(:pid_file)
30
32
  Settings.loaded!
31
33
  end
32
34
 
@@ -64,9 +66,10 @@ module SmartProxyDynflowCore
64
66
  :app => app,
65
67
  :Host => Settings.instance.listen,
66
68
  :Port => Settings.instance.port,
67
- :daemonize => false,
68
69
  :AccessLog => [[Log.log_file, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
69
- :Logger => Log.instance
70
+ :Logger => Log.instance,
71
+ :daemonize => Settings.instance.daemonize,
72
+ :pid => Settings.instance.pid_file
70
73
  }
71
74
  end
72
75
 
data/lib/smart_proxy_dynflow_core/settings.rb CHANGED
@@ -22,23 +22,28 @@ module SmartProxyDynflowCore
22
22
 
23
23
  DEFAULT_SETTINGS = {
24
24
  :database => '/var/lib/foreman-proxy/dynflow/dynflow.sqlite',
25
- :callback_url => 'https://127.0.0.1:8443',
25
+ :foreman_url => 'https://127.0.0.1:3000',
26
26
  :console_auth => true,
27
- :foreman_url => 'http://127.0.0.1:3000',
28
27
  :listen => '127.0.0.1',
29
28
  :port => '8008',
30
29
  :use_https => false,
31
30
  :ssl_ca_file => nil,
32
31
  :ssl_private_key => nil,
33
32
  :ssl_certificate => nil,
33
+ :foreman_ssl_ca => nil,
34
+ :foreman_ssl_key => nil,
35
+ :foreman_ssl_cert => nil,
34
36
  :standalone => false,
35
37
  :log_file => '/var/log/foreman-proxy/smart_proxy_dynflow_core.log',
36
38
  :log_level => :ERROR,
37
39
  :plugins => {},
40
+ :pid_file => '/var/run/foreman-proxy/smart_proxy_dynflow_core.pid',
41
+ :daemonize => false,
38
42
  :loaded => false
39
43
  }
40
44
 
41
- PROXY_SETTINGS = [:ssl_certificate, :ssl_ca_file, :ssl_private_key, :foreman_url,
45
+ PROXY_SETTINGS = [:ssl_ca_file, :ssl_certificate, :ssl_private_key, :foreman_url,
46
+ :foreman_ssl_ca, :foreman_ssl_cert, :foreman_ssl_key,
42
47
  :log_file, :log_level]
43
48
  PLUGIN_SETTINGS = [:database, :core_url, :console_auth]
44
49
 
@@ -68,7 +73,6 @@ module SmartProxyDynflowCore
68
73
  PROXY_SETTINGS.each do |key|
69
74
  SETTINGS[key] = Proxy::SETTINGS[key]
70
75
  end
71
- SETTINGS.callback_url = SETTINGS.foreman_url
72
76
  PLUGIN_SETTINGS.each do |key|
73
77
  SETTINGS[key] = plugin.settings[key]
74
78
  end
data/lib/smart_proxy_dynflow_core/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SmartProxyDynflowCore
2
- VERSION = '0.1.2'
2
+ VERSION = '0.1.3'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: smart_proxy_dynflow_core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ivan Nečas
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-15 00:00:00.000000000 Z
11
+ date: 2016-06-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler