smart_proxy_dynflow_core 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/bin/smart_proxy_dynflow_core +9 -1
  3. data/config/settings.yml.example +18 -3
  4. data/deploy/smart_proxy_dynflow_core.init +2 -6
  5. data/deploy/smart_proxy_dynflow_core.service +3 -4
  6. data/lib/smart_proxy_dynflow_core/callback.rb +29 -19
  7. data/lib/smart_proxy_dynflow_core/core.rb +9 -2
  8. data/lib/smart_proxy_dynflow_core/helpers.rb +7 -0
  9. data/lib/smart_proxy_dynflow_core/launcher.rb +8 -5
  10. data/lib/smart_proxy_dynflow_core/settings.rb +8 -4
  11. data/lib/smart_proxy_dynflow_core/version.rb +1 -1
  12. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 05e52d07afb1e6ed23416a5f7d01a5c69df9fa02
4
- data.tar.gz: d6d6b8e5549ebf91138f77e4bf5dc44ca924df50
3
+ metadata.gz: aea249b437a5dbb1733238540d317b5ece223d8e
4
+ data.tar.gz: 534cc45d145d741845b0719848d67dd4d60aa39d
5
5
  SHA512:
6
- metadata.gz: e0eca67a30067038b0fc1cc2104011ea43612d36197f723287bb11943c77df9499771888d528406cf03a6a5e43815725d960397641cc491c4b73ad86379bdf59
7
- data.tar.gz: f1f9060ff0d134af8bc22899e8d3e0af3fa46e866117b4a273b1e9a5dd567297985392a57523c0d8430da26e5eb8ac8ea2efe48eff46f3480f8744054608fb51
6
+ metadata.gz: a42b78b3eeb087847016050dad2e36218e8c908ea7557d33bddd5049dacd60caf3405e521626be53d8e05d45c9c762c04b5d9d1d35da26150763c050cde955c1
7
+ data.tar.gz: a512036ed6b11ec0b077d2e29d56beaf2f4d2c1bfb6f45b0b4e00c5719178f2d05870184f968c393ad56ff4194892148d4128cbc7407885d3db0a2a95b4d8e92
data/bin/smart_proxy_dynflow_core CHANGED
@@ -11,10 +11,18 @@ OptionParser.new do |opts|
11
11
  options[:config_dir] = value
12
12
  end
13
13
 
14
- opts.on('-1', '--one-config', String, 'Do not load more than 1 config') do |value|
14
+ opts.on('-1', '--one-config', 'Do not load more than 1 config') do |value|
15
15
  options[:one_config] = true
16
16
  end
17
17
 
18
+ opts.on('-d', '--[no-]daemonize', 'Fork to background after start') do |value|
19
+ options[:daemonize] = value
20
+ end
21
+
22
+ opts.on('-p', '--pid-file PID_FILE', String, 'Write pid to this file') do |value|
23
+ options[:pid_file] = value
24
+ end
25
+
18
26
  opts.on_tail('-h', '--help', 'Show usage help') do
19
27
  puts opts
20
28
  exit
data/config/settings.yml.example CHANGED
@@ -2,8 +2,19 @@
2
2
  # Path to dynflow database, leave blank for in-memory non-persistent database
3
3
  :database:
4
4
 
5
- # URL of the smart proxy, used for reporting back
6
- :callback_url: 'https://localhost:8443'
5
+ # URL of the foreman, used for reporting back
6
+ :foreman_url: 'http://localhost:3000'
7
+
8
+ # SSL settings for client authentication against Foreman
9
+ # :foreman_ssl_ca: ssl/foreman_ca.pem
10
+ # :foreman_ssl_key: ssl/foreman_key.pem
11
+ # :foreman_ssl_cert: ssl/foreman_cert.pem
12
+
13
+ :console_auth: false
14
+
15
+ # Set to true to make the core fork to background after start
16
+ # :daemonize: false
17
+ # :pid_file: /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
7
18
 
8
19
  # Listen on address
9
20
  :listen: 127.0.0.1
@@ -11,10 +22,14 @@
11
22
  # Listen on port
12
23
  :port: 8008
13
24
 
14
- # SSL settings for client authentication against smart proxy.
25
+ # SSL settings for running core as https service
15
26
  # :use_https: false
16
27
  # :ssl_ca_file: ssl/ca.pem
17
28
  # :ssl_private_key: ssl/localhost.pem
18
29
  # :ssl_certificate: ssl/certs/localhost.pem
19
30
 
31
+ # File to log to, leave empty for logging to STDOUT
20
32
  # :log_file: /var/log/foreman-proxy/smart_proxy_dynflow_core.log
33
+
34
+ # Log level, one of UNKNOWN, FATAL, ERROR, WARN, INFO, DEBUG
35
+ # :log_level: ERROR
data/deploy/smart_proxy_dynflow_core.init CHANGED
@@ -10,16 +10,12 @@
10
10
 
11
11
  prog=smart_proxy_dynflow_core
12
12
  RETVAL=0
13
- SMART_PROXY_DYNFLOW_SCL_ROOT=/opt/theforeman/tfm/root
14
- SMART_PROXY_DYNFLOW_CORE_PID=${SMART_PROXY_DYNFLOW_SCL_ROOT}/var/run/$prog/$prog.pid
13
+ SMART_PROXY_DYNFLOW_CORE_PID=/var/run/foreman-proxy/$prog.pid
15
14
  SMART_PROXY_DYNFLOW_CORE_USER=${SMART_PROXY_DYNFLOW_CORE_USER:-foreman-proxy}
16
15
 
17
- . /opt/theforeman/tfm/service-environment
18
- . scl_source enable $TFM_SCLS_ENABLED
19
-
20
16
  start() {
21
17
  echo -n $"Starting $prog: "
22
- daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} ${SMART_PROXY_DYNFLOW_SCL_ROOT}/usr/bin/smart_proxy_dynflow_core > /dev/null
18
+ daemon --user ${SMART_PROXY_DYNFLOW_CORE_USER} /usr/bin/smart_proxy_dynflow_core -d -p $SMART_PROXY_DYNFLOW_CORE_PID > /dev/null
23
19
  RETVAL=$?
24
20
  if [ $RETVAL = 0 ]
25
21
  then
data/deploy/smart_proxy_dynflow_core.service CHANGED
@@ -4,11 +4,10 @@ Documentation=https://github.com/theforeman/smart_proxy_dynflow
4
4
  After=network.target remote-fs.target nss-lookup.target
5
5
 
6
6
  [Service]
7
- Type=simple
7
+ Type=forking
8
8
  User=foreman-proxy
9
- PIDFile=/opt/theforeman/tfm/root/var/run/smart_proxy_dynflow_core/smart_proxy_dynflow_core.pid
10
- EnvironmentFile=/opt/theforeman/tfm/service-environment
11
- ExecStart=/usr/bin/scl enable $TFM_SCLS_ENABLED -- /opt/theforeman/tfm/root/usr/bin/smart_proxy_dynflow_core
9
+ PIDFile=/var/run/foreman-proxy/smart_proxy_dynflow_core.pid
10
+ ExecStart=/usr/bin/smart_proxy_dynflow_core -d -p /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
12
11
 
13
12
  [Install]
14
13
  WantedBy=multi-user.target
data/lib/smart_proxy_dynflow_core/callback.rb CHANGED
@@ -10,15 +10,15 @@ module SmartProxyDynflowCore
10
10
  module Callback
11
11
  class Request
12
12
  def callback(payload)
13
- response = callback_resource.post payload
14
- if response.code != 200
15
- raise "Failed performing callback to smart proxy: #{response.code} #{response.body}"
13
+ response = callback_resource.post(payload, :content_type => :json)
14
+ if response.code.to_s != "200"
15
+ raise "Failed performing callback to Foreman server: #{response.code} #{response.body}"
16
16
  end
17
17
  response
18
18
  end
19
19
 
20
- def self.callback(callback, data)
21
- self.new.callback(self.prepare_payload(callback, data))
20
+ def self.send_to_foreman_tasks(callback_info, data)
21
+ self.new.callback(self.prepare_payload(callback_info, data))
22
22
  end
23
23
 
24
24
  private
@@ -28,20 +28,31 @@ module SmartProxyDynflowCore
28
28
  end
29
29
 
30
30
  def callback_resource
31
- @resource ||= RestClient::Resource.new Settings.instance.callback_url + '/dynflow/tasks/callback',
32
- ssl_options
31
+ @resource ||= RestClient::Resource.new(Settings.instance.foreman_url + '/foreman_tasks/api/tasks/callback',
32
+ self.class.ssl_options)
33
33
  end
34
34
 
35
- def ssl_options
36
- return {} unless Settings.instance.use_https
37
- client_key = File.read Settings.instance.ssl_private_key
38
- client_cert = File.read Settings.instance.ssl_certificate
39
- {
40
- :ssl_client_cert => OpenSSL::X509::Certificate.new(client_cert),
41
- :ssl_client_key => OpenSSL::PKey::RSA.new(client_key),
42
- :ssl_ca_file => Settings.instance.ssl_ca_file,
43
- :verify_ssl => OpenSSL::SSL::VERIFY_PEER
44
- }
35
+ def self.ssl_options
36
+ return @ssl_options if defined? @ssl_options
37
+ @ssl_options = {}
38
+ settings = Settings.instance
39
+ return @ssl_options unless URI.parse(settings.foreman_url).scheme == 'https'
40
+
41
+ @ssl_options[:verify_ssl] = OpenSSL::SSL::VERIFY_PEER
42
+
43
+ private_key_file = settings.foreman_ssl_key || settings.ssl_private_key
44
+ if private_key_file
45
+ private_key = File.read(private_key_file)
46
+ @ssl_options[:ssl_client_key] = OpenSSL::PKey::RSA.new(private_key)
47
+ end
48
+ certificate_file = settings.foreman_ssl_cert || settings.ssl_certificate
49
+ if certificate_file
50
+ certificate = File.read(certificate_file)
51
+ @ssl_options[:ssl_client_cert] = OpenSSL::X509::Certificate.new(certificate)
52
+ end
53
+ ca_file = settings.foreman_ssl_ca || settings.ssl_ca_file
54
+ @ssl_options[:ssl_ca_file] = ca_file if ca_file
55
+ @ssl_options
45
56
  end
46
57
  end
47
58
 
@@ -51,8 +62,7 @@ module SmartProxyDynflowCore
51
62
  end
52
63
 
53
64
  def run
54
- callback = (Settings.instance.standalone ? Callback::Request : Proxy::Dynflow::Callback::Request).new
55
- callback.callback(SmartProxyDynflowCore::Callback::Request.prepare_payload(input[:callback], input[:data]))
65
+ Callback::Request.send_to_foreman_tasks(input[:callback], input[:data])
56
66
  end
57
67
  end
58
68
 
data/lib/smart_proxy_dynflow_core/core.rb CHANGED
@@ -1,10 +1,17 @@
1
1
  module SmartProxyDynflowCore
2
2
  class Core
3
3
 
4
- attr_accessor :world
4
+ attr_accessor :world, :accepted_cert_serial
5
5
 
6
6
  def initialize
7
7
  @world = create_world
8
+ cert_file = Settings.instance.foreman_ssl_cert || Settings.instance.ssl_certificate
9
+ if cert_file
10
+ client_cert = File.read(cert_file)
11
+ # we trust only requests using the same certificate as we are
12
+ # (in other words the local proxy only)
13
+ @accepted_cert_serial = OpenSSL::X509::Certificate.new(client_cert).serial
14
+ end
8
15
  end
9
16
 
10
17
  def create_world(&block)
@@ -68,7 +75,7 @@ module SmartProxyDynflowCore
68
75
  helpers Helpers
69
76
 
70
77
  before do
71
- authorize_with_ssl_client
78
+ authorize_with_ssl_client if Settings.instance.console_auth
72
79
  end
73
80
 
74
81
  Core.ensure_initialized
data/lib/smart_proxy_dynflow_core/helpers.rb CHANGED
@@ -10,6 +10,13 @@ module SmartProxyDynflowCore
10
10
  status 403
11
11
  Log.instance.error "No client SSL certificate supplied"
12
12
  halt MultiJson.dump(:error => "No client SSL certificate supplied")
13
+ else
14
+ client_cert = OpenSSL::X509::Certificate.new(request.env['SSL_CLIENT_CERT'])
15
+ unless SmartProxyDynflowCore::Core.instance.accepted_cert_serial == client_cert.serial
16
+ Log.instance.error "SSL certificate with unexpected serial supplied"
17
+ halt MultiJson.dump(:error => "SSL certificate with unexpected serial supplied")
18
+ status 403
19
+ end
13
20
  end
14
21
  else
15
22
  Log.instance.debug 'require_ssl_client_verification: skipping, non-HTTPS request'
data/lib/smart_proxy_dynflow_core/launcher.rb CHANGED
@@ -9,13 +9,13 @@ module SmartProxyDynflowCore
9
9
  end
10
10
 
11
11
  def start(options)
12
- load_settings!(options[:config_dir], options[:one_config])
12
+ load_settings!(options)
13
13
  Settings.instance.standalone = true
14
- Core.ensure_initialized
15
14
  Rack::Server.new(rack_settings).start
16
15
  end
17
16
 
18
- def load_settings!(config_dir = nil, one_config = false)
17
+ def load_settings!(options = {})
18
+ config_dir, one_config = options.values_at(:config_dir, :one_config)
19
19
  possible_config_dirs = [
20
20
  '/etc/smart_proxy_dynflow_core',
21
21
  File.expand_path('~/.config/smart_proxy_dynflow_core'),
@@ -27,6 +27,8 @@ module SmartProxyDynflowCore
27
27
  possible_config_dirs.select { |config_dir| File.directory? config_dir }.each do |config_dir|
28
28
  break if load_config_dir(config_dir) && one_config
29
29
  end
30
+ Settings.instance.daemonize = options[:daemonize] if options.key?(:daemonize)
31
+ Settings.instance.pid_file = options[:pid_file] if options.key?(:pid_file)
30
32
  Settings.loaded!
31
33
  end
32
34
 
@@ -64,9 +66,10 @@ module SmartProxyDynflowCore
64
66
  :app => app,
65
67
  :Host => Settings.instance.listen,
66
68
  :Port => Settings.instance.port,
67
- :daemonize => false,
68
69
  :AccessLog => [[Log.log_file, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
69
- :Logger => Log.instance
70
+ :Logger => Log.instance,
71
+ :daemonize => Settings.instance.daemonize,
72
+ :pid => Settings.instance.pid_file
70
73
  }
71
74
  end
72
75
 
data/lib/smart_proxy_dynflow_core/settings.rb CHANGED
@@ -22,23 +22,28 @@ module SmartProxyDynflowCore
22
22
 
23
23
  DEFAULT_SETTINGS = {
24
24
  :database => '/var/lib/foreman-proxy/dynflow/dynflow.sqlite',
25
- :callback_url => 'https://127.0.0.1:8443',
25
+ :foreman_url => 'https://127.0.0.1:3000',
26
26
  :console_auth => true,
27
- :foreman_url => 'http://127.0.0.1:3000',
28
27
  :listen => '127.0.0.1',
29
28
  :port => '8008',
30
29
  :use_https => false,
31
30
  :ssl_ca_file => nil,
32
31
  :ssl_private_key => nil,
33
32
  :ssl_certificate => nil,
33
+ :foreman_ssl_ca => nil,
34
+ :foreman_ssl_key => nil,
35
+ :foreman_ssl_cert => nil,
34
36
  :standalone => false,
35
37
  :log_file => '/var/log/foreman-proxy/smart_proxy_dynflow_core.log',
36
38
  :log_level => :ERROR,
37
39
  :plugins => {},
40
+ :pid_file => '/var/run/foreman-proxy/smart_proxy_dynflow_core.pid',
41
+ :daemonize => false,
38
42
  :loaded => false
39
43
  }
40
44
 
41
- PROXY_SETTINGS = [:ssl_certificate, :ssl_ca_file, :ssl_private_key, :foreman_url,
45
+ PROXY_SETTINGS = [:ssl_ca_file, :ssl_certificate, :ssl_private_key, :foreman_url,
46
+ :foreman_ssl_ca, :foreman_ssl_cert, :foreman_ssl_key,
42
47
  :log_file, :log_level]
43
48
  PLUGIN_SETTINGS = [:database, :core_url, :console_auth]
44
49
 
@@ -68,7 +73,6 @@ module SmartProxyDynflowCore
68
73
  PROXY_SETTINGS.each do |key|
69
74
  SETTINGS[key] = Proxy::SETTINGS[key]
70
75
  end
71
- SETTINGS.callback_url = SETTINGS.foreman_url
72
76
  PLUGIN_SETTINGS.each do |key|
73
77
  SETTINGS[key] = plugin.settings[key]
74
78
  end
data/lib/smart_proxy_dynflow_core/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SmartProxyDynflowCore
2
- VERSION = '0.1.2'
2
+ VERSION = '0.1.3'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: smart_proxy_dynflow_core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ivan Nečas
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-15 00:00:00.000000000 Z
11
+ date: 2016-06-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler