smart_proxy_dynflow_core 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/smart_proxy_dynflow_core +9 -1
- data/config/settings.yml.example +18 -3
- data/deploy/smart_proxy_dynflow_core.init +2 -6
- data/deploy/smart_proxy_dynflow_core.service +3 -4
- data/lib/smart_proxy_dynflow_core/callback.rb +29 -19
- data/lib/smart_proxy_dynflow_core/core.rb +9 -2
- data/lib/smart_proxy_dynflow_core/helpers.rb +7 -0
- data/lib/smart_proxy_dynflow_core/launcher.rb +8 -5
- data/lib/smart_proxy_dynflow_core/settings.rb +8 -4
- data/lib/smart_proxy_dynflow_core/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aea249b437a5dbb1733238540d317b5ece223d8e
|
4
|
+
data.tar.gz: 534cc45d145d741845b0719848d67dd4d60aa39d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a42b78b3eeb087847016050dad2e36218e8c908ea7557d33bddd5049dacd60caf3405e521626be53d8e05d45c9c762c04b5d9d1d35da26150763c050cde955c1
|
7
|
+
data.tar.gz: a512036ed6b11ec0b077d2e29d56beaf2f4d2c1bfb6f45b0b4e00c5719178f2d05870184f968c393ad56ff4194892148d4128cbc7407885d3db0a2a95b4d8e92
|
@@ -11,10 +11,18 @@ OptionParser.new do |opts|
|
|
11
11
|
options[:config_dir] = value
|
12
12
|
end
|
13
13
|
|
14
|
-
opts.on('-1', '--one-config',
|
14
|
+
opts.on('-1', '--one-config', 'Do not load more than 1 config') do |value|
|
15
15
|
options[:one_config] = true
|
16
16
|
end
|
17
17
|
|
18
|
+
opts.on('-d', '--[no-]daemonize', 'Fork to background after start') do |value|
|
19
|
+
options[:daemonize] = value
|
20
|
+
end
|
21
|
+
|
22
|
+
opts.on('-p', '--pid-file PID_FILE', String, 'Write pid to this file') do |value|
|
23
|
+
options[:pid_file] = value
|
24
|
+
end
|
25
|
+
|
18
26
|
opts.on_tail('-h', '--help', 'Show usage help') do
|
19
27
|
puts opts
|
20
28
|
exit
|
data/config/settings.yml.example
CHANGED
@@ -2,8 +2,19 @@
|
|
2
2
|
# Path to dynflow database, leave blank for in-memory non-persistent database
|
3
3
|
:database:
|
4
4
|
|
5
|
-
# URL of the
|
6
|
-
:
|
5
|
+
# URL of the foreman, used for reporting back
|
6
|
+
:foreman_url: 'http://localhost:3000'
|
7
|
+
|
8
|
+
# SSL settings for client authentication against Foreman
|
9
|
+
# :foreman_ssl_ca: ssl/foreman_ca.pem
|
10
|
+
# :foreman_ssl_key: ssl/foreman_key.pem
|
11
|
+
# :foreman_ssl_cert: ssl/foreman_cert.pem
|
12
|
+
|
13
|
+
:console_auth: false
|
14
|
+
|
15
|
+
# Set to true to make the core fork to background after start
|
16
|
+
# :daemonize: false
|
17
|
+
# :pid_file: /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
|
7
18
|
|
8
19
|
# Listen on address
|
9
20
|
:listen: 127.0.0.1
|
@@ -11,10 +22,14 @@
|
|
11
22
|
# Listen on port
|
12
23
|
:port: 8008
|
13
24
|
|
14
|
-
# SSL settings for
|
25
|
+
# SSL settings for running core as https service
|
15
26
|
# :use_https: false
|
16
27
|
# :ssl_ca_file: ssl/ca.pem
|
17
28
|
# :ssl_private_key: ssl/localhost.pem
|
18
29
|
# :ssl_certificate: ssl/certs/localhost.pem
|
19
30
|
|
31
|
+
# File to log to, leave empty for logging to STDOUT
|
20
32
|
# :log_file: /var/log/foreman-proxy/smart_proxy_dynflow_core.log
|
33
|
+
|
34
|
+
# Log level, one of UNKNOWN, FATAL, ERROR, WARN, INFO, DEBUG
|
35
|
+
# :log_level: ERROR
|
@@ -10,16 +10,12 @@
|
|
10
10
|
|
11
11
|
prog=smart_proxy_dynflow_core
|
12
12
|
RETVAL=0
|
13
|
-
|
14
|
-
SMART_PROXY_DYNFLOW_CORE_PID=${SMART_PROXY_DYNFLOW_SCL_ROOT}/var/run/$prog/$prog.pid
|
13
|
+
SMART_PROXY_DYNFLOW_CORE_PID=/var/run/foreman-proxy/$prog.pid
|
15
14
|
SMART_PROXY_DYNFLOW_CORE_USER=${SMART_PROXY_DYNFLOW_CORE_USER:-foreman-proxy}
|
16
15
|
|
17
|
-
. /opt/theforeman/tfm/service-environment
|
18
|
-
. scl_source enable $TFM_SCLS_ENABLED
|
19
|
-
|
20
16
|
start() {
|
21
17
|
echo -n $"Starting $prog: "
|
22
|
-
daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER}
|
18
|
+
daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} /usr/bin/smart_proxy_dynflow_core -d -p $SMART_PROXY_DYNFLOW_CORE_PID > /dev/null
|
23
19
|
RETVAL=$?
|
24
20
|
if [ $RETVAL = 0 ]
|
25
21
|
then
|
@@ -4,11 +4,10 @@ Documentation=https://github.com/theforeman/smart_proxy_dynflow
|
|
4
4
|
After=network.target remote-fs.target nss-lookup.target
|
5
5
|
|
6
6
|
[Service]
|
7
|
-
Type=
|
7
|
+
Type=forking
|
8
8
|
User=foreman-proxy
|
9
|
-
PIDFile=/
|
10
|
-
|
11
|
-
ExecStart=/usr/bin/scl enable $TFM_SCLS_ENABLED -- /opt/theforeman/tfm/root/usr/bin/smart_proxy_dynflow_core
|
9
|
+
PIDFile=/var/run/foreman-proxy/smart_proxy_dynflow_core.pid
|
10
|
+
ExecStart=/usr/bin/smart_proxy_dynflow_core -d -p /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
|
12
11
|
|
13
12
|
[Install]
|
14
13
|
WantedBy=multi-user.target
|
@@ -10,15 +10,15 @@ module SmartProxyDynflowCore
|
|
10
10
|
module Callback
|
11
11
|
class Request
|
12
12
|
def callback(payload)
|
13
|
-
response = callback_resource.post
|
14
|
-
if response.code != 200
|
15
|
-
raise "Failed performing callback to
|
13
|
+
response = callback_resource.post(payload, :content_type => :json)
|
14
|
+
if response.code.to_s != "200"
|
15
|
+
raise "Failed performing callback to Foreman server: #{response.code} #{response.body}"
|
16
16
|
end
|
17
17
|
response
|
18
18
|
end
|
19
19
|
|
20
|
-
def self.
|
21
|
-
self.new.callback(self.prepare_payload(
|
20
|
+
def self.send_to_foreman_tasks(callback_info, data)
|
21
|
+
self.new.callback(self.prepare_payload(callback_info, data))
|
22
22
|
end
|
23
23
|
|
24
24
|
private
|
@@ -28,20 +28,31 @@ module SmartProxyDynflowCore
|
|
28
28
|
end
|
29
29
|
|
30
30
|
def callback_resource
|
31
|
-
@resource ||= RestClient::Resource.new
|
32
|
-
ssl_options
|
31
|
+
@resource ||= RestClient::Resource.new(Settings.instance.foreman_url + '/foreman_tasks/api/tasks/callback',
|
32
|
+
self.class.ssl_options)
|
33
33
|
end
|
34
34
|
|
35
|
-
def ssl_options
|
36
|
-
return
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
35
|
+
def self.ssl_options
|
36
|
+
return @ssl_options if defined? @ssl_options
|
37
|
+
@ssl_options = {}
|
38
|
+
settings = Settings.instance
|
39
|
+
return @ssl_options unless URI.parse(settings.foreman_url).scheme == 'https'
|
40
|
+
|
41
|
+
@ssl_options[:verify_ssl] = OpenSSL::SSL::VERIFY_PEER
|
42
|
+
|
43
|
+
private_key_file = settings.foreman_ssl_key || settings.ssl_private_key
|
44
|
+
if private_key_file
|
45
|
+
private_key = File.read(private_key_file)
|
46
|
+
@ssl_options[:ssl_client_key] = OpenSSL::PKey::RSA.new(private_key)
|
47
|
+
end
|
48
|
+
certificate_file = settings.foreman_ssl_cert || settings.ssl_certificate
|
49
|
+
if certificate_file
|
50
|
+
certificate = File.read(certificate_file)
|
51
|
+
@ssl_options[:ssl_client_cert] = OpenSSL::X509::Certificate.new(certificate)
|
52
|
+
end
|
53
|
+
ca_file = settings.foreman_ssl_ca || settings.ssl_ca_file
|
54
|
+
@ssl_options[:ssl_ca_file] = ca_file if ca_file
|
55
|
+
@ssl_options
|
45
56
|
end
|
46
57
|
end
|
47
58
|
|
@@ -51,8 +62,7 @@ module SmartProxyDynflowCore
|
|
51
62
|
end
|
52
63
|
|
53
64
|
def run
|
54
|
-
|
55
|
-
callback.callback(SmartProxyDynflowCore::Callback::Request.prepare_payload(input[:callback], input[:data]))
|
65
|
+
Callback::Request.send_to_foreman_tasks(input[:callback], input[:data])
|
56
66
|
end
|
57
67
|
end
|
58
68
|
|
@@ -1,10 +1,17 @@
|
|
1
1
|
module SmartProxyDynflowCore
|
2
2
|
class Core
|
3
3
|
|
4
|
-
attr_accessor :world
|
4
|
+
attr_accessor :world, :accepted_cert_serial
|
5
5
|
|
6
6
|
def initialize
|
7
7
|
@world = create_world
|
8
|
+
cert_file = Settings.instance.foreman_ssl_cert || Settings.instance.ssl_certificate
|
9
|
+
if cert_file
|
10
|
+
client_cert = File.read(cert_file)
|
11
|
+
# we trust only requests using the same certificate as we are
|
12
|
+
# (in other words the local proxy only)
|
13
|
+
@accepted_cert_serial = OpenSSL::X509::Certificate.new(client_cert).serial
|
14
|
+
end
|
8
15
|
end
|
9
16
|
|
10
17
|
def create_world(&block)
|
@@ -68,7 +75,7 @@ module SmartProxyDynflowCore
|
|
68
75
|
helpers Helpers
|
69
76
|
|
70
77
|
before do
|
71
|
-
authorize_with_ssl_client
|
78
|
+
authorize_with_ssl_client if Settings.instance.console_auth
|
72
79
|
end
|
73
80
|
|
74
81
|
Core.ensure_initialized
|
@@ -10,6 +10,13 @@ module SmartProxyDynflowCore
|
|
10
10
|
status 403
|
11
11
|
Log.instance.error "No client SSL certificate supplied"
|
12
12
|
halt MultiJson.dump(:error => "No client SSL certificate supplied")
|
13
|
+
else
|
14
|
+
client_cert = OpenSSL::X509::Certificate.new(request.env['SSL_CLIENT_CERT'])
|
15
|
+
unless SmartProxyDynflowCore::Core.instance.accepted_cert_serial == client_cert.serial
|
16
|
+
Log.instance.error "SSL certificate with unexpected serial supplied"
|
17
|
+
halt MultiJson.dump(:error => "SSL certificate with unexpected serial supplied")
|
18
|
+
status 403
|
19
|
+
end
|
13
20
|
end
|
14
21
|
else
|
15
22
|
Log.instance.debug 'require_ssl_client_verification: skipping, non-HTTPS request'
|
@@ -9,13 +9,13 @@ module SmartProxyDynflowCore
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def start(options)
|
12
|
-
load_settings!(options
|
12
|
+
load_settings!(options)
|
13
13
|
Settings.instance.standalone = true
|
14
|
-
Core.ensure_initialized
|
15
14
|
Rack::Server.new(rack_settings).start
|
16
15
|
end
|
17
16
|
|
18
|
-
def load_settings!(
|
17
|
+
def load_settings!(options = {})
|
18
|
+
config_dir, one_config = options.values_at(:config_dir, :one_config)
|
19
19
|
possible_config_dirs = [
|
20
20
|
'/etc/smart_proxy_dynflow_core',
|
21
21
|
File.expand_path('~/.config/smart_proxy_dynflow_core'),
|
@@ -27,6 +27,8 @@ module SmartProxyDynflowCore
|
|
27
27
|
possible_config_dirs.select { |config_dir| File.directory? config_dir }.each do |config_dir|
|
28
28
|
break if load_config_dir(config_dir) && one_config
|
29
29
|
end
|
30
|
+
Settings.instance.daemonize = options[:daemonize] if options.key?(:daemonize)
|
31
|
+
Settings.instance.pid_file = options[:pid_file] if options.key?(:pid_file)
|
30
32
|
Settings.loaded!
|
31
33
|
end
|
32
34
|
|
@@ -64,9 +66,10 @@ module SmartProxyDynflowCore
|
|
64
66
|
:app => app,
|
65
67
|
:Host => Settings.instance.listen,
|
66
68
|
:Port => Settings.instance.port,
|
67
|
-
:daemonize => false,
|
68
69
|
:AccessLog => [[Log.log_file, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
|
69
|
-
:Logger => Log.instance
|
70
|
+
:Logger => Log.instance,
|
71
|
+
:daemonize => Settings.instance.daemonize,
|
72
|
+
:pid => Settings.instance.pid_file
|
70
73
|
}
|
71
74
|
end
|
72
75
|
|
@@ -22,23 +22,28 @@ module SmartProxyDynflowCore
|
|
22
22
|
|
23
23
|
DEFAULT_SETTINGS = {
|
24
24
|
:database => '/var/lib/foreman-proxy/dynflow/dynflow.sqlite',
|
25
|
-
:
|
25
|
+
:foreman_url => 'https://127.0.0.1:3000',
|
26
26
|
:console_auth => true,
|
27
|
-
:foreman_url => 'http://127.0.0.1:3000',
|
28
27
|
:listen => '127.0.0.1',
|
29
28
|
:port => '8008',
|
30
29
|
:use_https => false,
|
31
30
|
:ssl_ca_file => nil,
|
32
31
|
:ssl_private_key => nil,
|
33
32
|
:ssl_certificate => nil,
|
33
|
+
:foreman_ssl_ca => nil,
|
34
|
+
:foreman_ssl_key => nil,
|
35
|
+
:foreman_ssl_cert => nil,
|
34
36
|
:standalone => false,
|
35
37
|
:log_file => '/var/log/foreman-proxy/smart_proxy_dynflow_core.log',
|
36
38
|
:log_level => :ERROR,
|
37
39
|
:plugins => {},
|
40
|
+
:pid_file => '/var/run/foreman-proxy/smart_proxy_dynflow_core.pid',
|
41
|
+
:daemonize => false,
|
38
42
|
:loaded => false
|
39
43
|
}
|
40
44
|
|
41
|
-
PROXY_SETTINGS = [:
|
45
|
+
PROXY_SETTINGS = [:ssl_ca_file, :ssl_certificate, :ssl_private_key, :foreman_url,
|
46
|
+
:foreman_ssl_ca, :foreman_ssl_cert, :foreman_ssl_key,
|
42
47
|
:log_file, :log_level]
|
43
48
|
PLUGIN_SETTINGS = [:database, :core_url, :console_auth]
|
44
49
|
|
@@ -68,7 +73,6 @@ module SmartProxyDynflowCore
|
|
68
73
|
PROXY_SETTINGS.each do |key|
|
69
74
|
SETTINGS[key] = Proxy::SETTINGS[key]
|
70
75
|
end
|
71
|
-
SETTINGS.callback_url = SETTINGS.foreman_url
|
72
76
|
PLUGIN_SETTINGS.each do |key|
|
73
77
|
SETTINGS[key] = plugin.settings[key]
|
74
78
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_dynflow_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ivan Nečas
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-06-
|
11
|
+
date: 2016-06-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|