smart_proxy_omaha 0.0.1

data/README.md

@@ -0,0 +1,99 @@
+# Smart Proxy - Omaha
+
+This plug-in adds support for the Omaha Procotol to Foreman's Smart Proxy. It is used when updating CoreOS clusters.
+The Smart Proxy Omaha plugin acts as a mirror for Omaha releases and sends reports to Foreman about the update activity of the managed hosts. It needs the [Foreman Omaha plugin](https://github.com/theforeman/foreman_omaha) installed to work properly.
+
+## How it works
+
+The operatingsystem packages install a cronjob, that runs the binary `smart-proxy-omaha-sync` nightly to sync omaha content from the upstream mirror servers.
+Your CoreOS hosts can then be configured to update against the smart proxy. The proxy then uploads facts and reports to Foreman.
+Omaha content is served directly from the proxy.
+
+## Compatibility
+
+| Foreman Proxy Version | Plugin Version |
+| --------------------- | -------------- |
+| >= 1.12               | any            |
+
+## Installation
+
+To be able to use Foreman for your Omaha updates, you need to install the [Foreman Omaha plugin](https://github.com/theforeman/foreman_omaha), install this smart-proxy plugin and configure your CoreOS hosts.
+
+For the Smart Proxy plugin, follow the [smart-proxy plugin installation instructions](http://projects.theforeman.org/projects/foreman/wiki/How_to_Install_a_Smart-Proxy_Plugin). You usually just need to install the `rubygem-smart_proxy_omaha` package and restart the `foreman-proxy` service.
+
+For the initial sync of releases you need to run the binary `smart-proxy-omaha-sync` as `foreman-proxy` user.
+
+Do not forget to register the smart proxy in Foreman via the user interface.
+
+## Host Configuration
+
+You need to configure your CoreOS hosts to connect to the Omaha smart-proxy for updates. You can either configure your servers manually or use cloud-config.
+
+### Using Config File
+
+Edit `/etc/coreos/update.conf`
+
+```
+GROUP=stable
+SERVER=https://omahaproxy.example.com:8443/omaha/v1/update
+```
+
+Restart update engine
+
+```bash
+sudo systemctl restart update-engine
+```
+
+### Using Cloud-Config
+
+```yaml
+#cloud-config
+coreos:
+  update:
+    group: "stable"
+    server: "https://omahaproxy.example.com:8443/omaha/v1/update"
+```
+
+### Release channels
+
+All three default release channels (alpha, beta, stable) are supported. You cannot define custom channels right now.
+
+### Testing
+
+To test if a client can successfully check for updates, these commands may help:
+
+```bash
+$ update_engine_client -check_for_update
+$ journalctl -u update-engine.service
+```
+
+## Proxy Support
+
+In the settings file you can specify a http proxy that is used to download Omaha content.
+You need to allow https access to these servers:
+
+* alpha.release.core-os.net
+* beta.release.core-os.net
+* stable.release.core-os.net
+* update.release.core-os.net
+
+## Make it High Available
+
+In order to make the Omaha Smart Proxy high available or add additional capacity, just scale out and put a loadbalancer in front of the proxies.
+
+## Copyright
+
+Copyright (c) 2016 The Foreman developers
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.

data/Rakefile

@@ -0,0 +1,14 @@
+require 'rake'
+require 'rake/testtask'
+
+desc 'Default: run unit tests.'
+task default: :test
+
+desc 'Test the Foreman Proxy plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << '.'
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.test_files = FileList['test/**/*_test.rb']
+  t.verbose = true
+end

data/bin/smart-proxy-omaha-sync

@@ -0,0 +1,35 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift '/usr/share/foreman-proxy/lib'
+$LOAD_PATH.unshift '/usr/share/foreman-proxy/modules'
+
+require 'smart_proxy'
+require 'smart_proxy_main'
+require 'smart_proxy_omaha'
+require 'smart_proxy_omaha/syncer'
+
+module Proxy::LogBuffer
+  class Decorator
+    @@instance = Proxy::LogBuffer::Decorator.new(::Logger.new(STDOUT), 'STDOUT')
+  end
+end
+include Proxy::Log
+
+::Proxy::PluginInitializer.new(::Proxy::Plugins.instance).initialize_plugins
+
+unless ::Proxy::Plugins.instance.plugin_enabled?(:omaha)
+  logger.info "Omaha plugin not enabled. Exiting."
+  exit
+end
+
+if !Proxy::SETTINGS.foreman_url
+  logger.error "Foreman URL not configured"
+  exit false
+end
+
+begin
+  Proxy::Omaha::Syncer.new.run
+rescue StandardError => e
+  logger.error "#{e}"
+  exit false
+end

data/bundler.d/omaha.rb

@@ -0,0 +1 @@
+gem 'smart_proxy_omaha'

data/extra/foreman-proxy-omaha-sync.cron

@@ -0,0 +1,2 @@
+# Sync omaha releases once a day
+0 22 * * * foreman-proxy smart-proxy-omaha-sync >>/var/log/foreman-proxy/cron.log 2>&1

data/lib/smart_proxy_omaha.rb

@@ -0,0 +1,3 @@
+require 'smart_proxy_omaha/version'
+require 'smart_proxy_omaha/configuration_loader'
+require 'smart_proxy_omaha/omaha_plugin'

data/lib/smart_proxy_omaha/configuration_loader.rb

@@ -0,0 +1,17 @@
+module ::Proxy::Omaha
+  class ConfigurationLoader
+    def load_classes
+      require 'smart_proxy_omaha/dependency_injection'
+      require 'smart_proxy_omaha/foreman_client'
+      require 'smart_proxy_omaha/omaha_api'
+    end
+
+    def load_dependency_injection_wirings(container_instance, settings)
+      container_instance.singleton_dependency :foreman_client_impl, Proxy::Omaha::ForemanClient
+      container_instance.singleton_dependency :release_repository_impl, Proxy::Omaha::ReleaseRepository
+      container_instance.singleton_dependency :metadata_provider_impl, (lambda do
+        Proxy::Omaha::MetadataProvider.new(:contentpath => settings[:contentpath])
+      end)
+    end
+  end
+end

data/lib/smart_proxy_omaha/dependency_injection.rb

@@ -0,0 +1,8 @@
+module Proxy::Omaha
+  module DependencyInjection
+    include Proxy::DependencyInjection::Accessors
+    def container_instance
+      @container_instance ||= ::Proxy::Plugins.instance.find { |p| p[:name] == :omaha }[:di_container]
+    end
+  end
+end

data/lib/smart_proxy_omaha/foreman_client.rb

@@ -0,0 +1,11 @@
+module Proxy::Omaha
+  class ForemanClient < Proxy::HttpRequest::ForemanRequest
+    def post_facts(factsdata)
+      send_request(request_factory.create_post('api/hosts/facts', factsdata))
+    end
+
+    def post_report(report)
+      send_request(request_factory.create_post('api/omaha_reports', report))
+    end
+  end
+end

data/lib/smart_proxy_omaha/http_download.rb

@@ -0,0 +1,65 @@
+require 'thread'
+require 'smart_proxy_omaha/http_shared'
+
+module Proxy::Omaha
+  class HttpDownload
+    include Proxy::Log
+    include HttpShared
+
+    attr_accessor :dst, :src, :result
+
+    def initialize(src, dst)
+      @src = src
+      @dst = dst
+    end
+
+    def start
+      @task = Thread.new do
+        @result = run
+      end
+      @task.abort_on_exception = true
+      @task
+    end
+
+    def run
+      with_filelock do
+        logger.info "Downloading #{src} to #{dst}."
+        res = download
+        logger.info "Finished downloading #{dst}."
+        res
+      end
+    end
+
+    def join
+      @task.join
+    end
+
+    private
+
+    def download
+      http, request = connection_factory(src)
+
+      http.request(request) do |response|
+        open(dst, 'w') do |io|
+          response.read_body do |chunk|
+            io.write chunk
+          end
+        end
+      end
+      true
+    end
+
+    def with_filelock
+      lock = Proxy::FileLock.try_locking(dst)
+      if lock.nil?
+        false
+      else
+        begin
+          yield
+        ensure
+          Proxy::FileLock.unlock(lock)
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_omaha/http_request.rb

@@ -0,0 +1,20 @@
+require 'smart_proxy_omaha/http_shared'
+
+module Proxy::Omaha
+  class HttpRequest
+    include Proxy::Log
+    include HttpShared
+
+    def get(url)
+      http, request = connection_factory(url)
+
+      Timeout::timeout(10) do
+        response = http.request(request)
+
+        raise "Error retrieving from #{url}: #{response.class}" unless ["200", "201"].include?(response.code)
+
+        response.body
+      end
+    end
+  end
+end

data/lib/smart_proxy_omaha/http_shared.rb

@@ -0,0 +1,30 @@
+require 'net/http'
+require 'net/https'
+require 'uri'
+
+module Proxy::Omaha
+  module HttpShared
+    def connection_factory(url)
+      uri = URI.parse(url)
+
+      if Proxy::Omaha::Plugin.settings.proxy.to_s.empty?
+        proxy_host = nil
+        proxy_port = nil
+      else
+        proxy = URI.parse(Proxy::Omaha::Plugin.settings.proxy)
+        proxy_host = proxy.host
+        proxy_port = proxy.port
+      end
+
+      http = Net::HTTP.new(uri.host, uri.port, proxy_host, proxy_port)
+
+      if uri.scheme == 'https'
+        http.use_ssl = true
+      end
+
+      request = Net::HTTP::Get.new(uri.request_uri)
+
+      [http, request]
+    end
+  end
+end

data/lib/smart_proxy_omaha/metadata.rb

@@ -0,0 +1,34 @@
+module Proxy::Omaha
+  class Metadata
+    attr_accessor :release, :sha1_b64, :sha256_b64, :size, :track
+
+    def initialize(params)
+      symbolize_keys_deep!(params)
+      @release = params.fetch(:release)
+      @sha1_b64 = params.fetch(:sha1_b64)
+      @sha256_b64 = params.fetch(:sha256_b64)
+      @size = params.fetch(:size)
+      @track = params.fetch(:track)
+    end
+
+    def to_json
+      {
+        :release => release,
+        :sha1_b64 => sha1_b64,
+        :sha256_b64 => sha256_b64,
+        :size => size,
+        :track => track,
+      }.to_json
+    end
+
+    private
+
+    def symbolize_keys_deep!(h)
+      h.keys.each do |k|
+        ks    = k.to_sym
+        h[ks] = h.delete k
+        symbolize_keys_deep! h[ks] if h[ks].is_a? Hash
+      end
+    end
+  end
+end

data/lib/smart_proxy_omaha/metadata_provider.rb

@@ -0,0 +1,23 @@
+module Proxy::Omaha
+  class MetadataProvider
+    attr_accessor :contentpath
+
+    def initialize(options)
+      @contentpath = options.fetch(:contentpath)
+    end
+
+    def get(track, release)
+      Metadata.new(JSON.parse(File.read(metadata_file(track, release))))
+    end
+
+    def store(metadata)
+      File.write(metadata_file(metadata.track, metadata.release), metadata.to_json)
+    end
+
+    private
+
+    def metadata_file(track, release)
+      File.join(contentpath, track, release.to_s, 'metadata.json')
+    end
+  end
+end

data/lib/smart_proxy_omaha/omaha_api.rb

@@ -0,0 +1,33 @@
+require 'sinatra'
+require 'smart_proxy_omaha/omaha_protocol'
+
+module Proxy::Omaha
+
+  class Api < ::Sinatra::Base
+    extend Proxy::Omaha::DependencyInjection
+
+    helpers ::Proxy::Helpers
+
+    inject_attr :foreman_client_impl, :foreman_client
+    inject_attr :release_repository_impl, :release_repository
+    inject_attr :metadata_provider_impl, :metadata_provider
+
+    post '/v1/update' do
+      request.body.rewind
+      request_body = request.body.read
+      omaha_request = Proxy::Omaha::OmahaProtocol::Request.new(
+        request_body,
+        :ip => request.ip,
+        :base_url => request.base_url
+      )
+      omaha_handler = Proxy::Omaha::OmahaProtocol::Handler.new(
+        :request => omaha_request,
+        :foreman_client => foreman_client,
+        :repository => release_repository,
+        :metadata_provider => metadata_provider
+      )
+      response = omaha_handler.handle
+      response.to_xml
+    end
+  end
+end

data/lib/smart_proxy_omaha/omaha_http_config.ru

@@ -0,0 +1,9 @@
+require 'smart_proxy_omaha/omaha_api'
+
+map '/omaha' do
+  run Proxy::Omaha::Api
+end
+
+map "/omahareleases" do
+  run Rack::Directory.new(Proxy::Omaha::Plugin.settings.contentpath)
+end

data/lib/smart_proxy_omaha/omaha_plugin.rb

@@ -0,0 +1,18 @@
+module Proxy::Omaha
+  class NotFound < RuntimeError; end
+
+  class Plugin < ::Proxy::Plugin
+    plugin 'omaha', Proxy::Omaha::VERSION
+
+    http_rackup_path File.expand_path('omaha_http_config.ru', File.expand_path('../', __FILE__))
+    https_rackup_path File.expand_path('omaha_http_config.ru', File.expand_path('../', __FILE__))
+
+    load_classes ::Proxy::Omaha::ConfigurationLoader
+    load_dependency_injection_wirings ::Proxy::Omaha::ConfigurationLoader
+
+    default_settings :sync_releases => 0,
+      :contentpath => '/var/lib/foreman-proxy/omaha/content'
+
+    validate_readable :contentpath
+  end
+end