From 49bff93eedbdb7083a36fbe0dbcdc2e7686a6c42 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 6 Jul 2015 13:48:01 -0400 Subject: [PATCH] Provide for configuration of the TLS remote socket Refactor the http api configuration and have a section to apply to the remote TLS socket as well. From Lucio Seki --- confluent_server/confluent/main.py | 27 ++++++++++++++++----------- confluent_server/confluent/sockapi.py | 11 +++++++---- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/confluent_server/confluent/main.py b/confluent_server/confluent/main.py index edd653fc..0004d59b 100644 --- a/confluent_server/confluent/main.py +++ b/confluent_server/confluent/main.py @@ -116,7 +116,6 @@ def doexit(): def run(): - configfile = "/etc/confluent/service.cfg" _checkpidfile() confluentcore.load_plugins() _daemonize() @@ -129,19 +128,25 @@ def run(): #dbgsock = eventlet.listen("/var/run/confluent/dbg.sock", # family=socket.AF_UNIX) #eventlet.spawn_n(backdoor.backdoor_server, dbgsock) - config = ConfigParser.ConfigParser() - config.read(configfile) - try: - bind_host = config.get('http', 'bindhost') - bind_port = config.getint('http', 'bindport') - except (ConfigParser.NoSectionError, ConfigParser.NoOptionError) as e: - bind_host = None - bind_port = None + http_bind_host, http_bind_port = _get_connector_config('http') + sock_bind_host, sock_bind_port = _get_connector_config('socket') consoleserver.start_console_sessions() - webservice = httpapi.HttpApi(bind_host, bind_port) + webservice = httpapi.HttpApi(http_bind_host, http_bind_port) webservice.start() - sockservice = sockapi.SockApi() + sockservice = sockapi.SockApi(sock_bind_host, sock_bind_port) sockservice.start() atexit.register(doexit) while 1: eventlet.sleep(100) + +def _get_connector_config(session): + configfile = "/etc/confluent/service.cfg" + config = ConfigParser.ConfigParser() + config.read(configfile) + try: + host = config.get(session, 'bindhost') + port = config.getint(session, 'bindport') + except (ConfigParser.NoSectionError, ConfigParser.NoOptionError) as e: + host = None + port = None + return (host, port) diff --git a/confluent_server/confluent/sockapi.py b/confluent_server/confluent/sockapi.py index 7e9833a2..0a7d2e63 100644 --- a/confluent_server/confluent/sockapi.py +++ b/confluent_server/confluent/sockapi.py @@ -236,11 +236,11 @@ def process_request(connection, request, cfm, authdata, authname, skipauth): return -def _tlshandler(): +def _tlshandler(bind_host, bind_port): plainsocket = socket.socket(socket.AF_INET6) plainsocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) plainsocket.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) - plainsocket.bind(('::', 13001, 0, 0)) + plainsocket.bind((bind_host, bind_port, 0, 0)) plainsocket.listen(5) while (1): # TODO: exithook cnn, addr = plainsocket.accept() @@ -299,14 +299,17 @@ def _unixdomainhandler(): class SockApi(object): - def __init__(self): + def __init__(self, bindhost=None, bindport=None): self.tlsserver = None self.unixdomainserver = None + self.bind_host = bindhost or '::' + self.bind_port = bindport or 13001 def start(self): global auditlog global tracelog tracelog = log.Logger('trace') auditlog = log.Logger('audit') - self.tlsserver = eventlet.spawn(_tlshandler) + self.tlsserver = eventlet.spawn( + _tlshandler, self.bind_host, self.bind_port) self.unixdomainserver = eventlet.spawn(_unixdomainhandler)