Commit 8182f719 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Start socat on the server

To provide a SSL proxy. This moves it out of the python process, so it
can keep up with the load.
parent 06cb691d
......@@ -176,7 +176,7 @@ class ClientConn(twisted.protocols.basic.Int32StringReceiver):
if self.__cid:
return self.__cid
else:
return self.__addr.host
return self.__addr.name
class ClientFactory(twisted.internet.protocol.Factory):
"""
......
......@@ -16,7 +16,8 @@ log_file_size: 134217728
; Maximum number of backup log files when rotated
log_file_count: 5
; The SSL certificate
cert = server.key
cert = server.cert
key = server.key
; The plugins to load follow. Each name is the class to load and instantiate.
......
......@@ -18,8 +18,10 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
from twisted.internet import reactor, ssl
from twisted.internet.endpoints import SSL4ServerEndpoint
from twisted.internet import reactor, ssl, protocol
from twisted.internet.endpoints import UNIXServerEndpoint
from twisted.internet.error import ReactorNotRunning
from subprocess import Popen
import log_extra
import logging
import logging.handlers
......@@ -28,6 +30,7 @@ from plugin import Plugins
import master_config
import activity
import importlib
import os
severity = master_config.get('log_severity')
if severity == 'TRACE':
......@@ -50,16 +53,42 @@ for (plugin, config) in master_config.plugins().items():
loaded_plugins[plugin] = constructor(plugins, config)
logging.info('Loaded plugin %s from %s', loaded_plugins[plugin].name(), plugin)
# Some configuration, to load the port from?
port = master_config.getint('port')
with open(master_config.get('cert')) as key:
cert = ssl.PrivateCertificate.loadPEM(key.read())
endpoint = SSL4ServerEndpoint(reactor, port, cert.options())
logging.info('Listening on port %s', port)
endpoint = UNIXServerEndpoint(reactor, './collect-master.sock')
socat = None
class Socat(protocol.ProcessProtocol):
def connectionMade(self):
global socat
socat = self.transport
logging.info('Started socat proxy')
def processEnded(self, status):
global socat
if socat:
socat = None
try:
reactor.stop()
# Don't report lost socat if we're already terminating
logging.fatal('Lost socat, terminating')
except ReactorNotRunning:
pass
def errReceived(self, data):
logging.warn('Socat complained: %s', data)
args = ['/usr/bin/socat', 'OPENSSL-LISTEN:' + str(master_config.getint('port')) + ',fork,backlog=50,key=' + master_config.get('key') + ',cert=' + master_config.get('cert') + ',verify=0,cipher=TLSv1,reuseaddr,pf=ip6', 'UNIX-CONNECT:./collect-master.sock']
logging.debug('Starting socat with: %s', args)
reactor.spawnProcess(Socat(), '/usr/bin/socat', args=args, env=os.environ)
endpoint.listen(ClientFactory(plugins))
logging.info('Init done')
reactor.run()
logging.info('Finishing up')
if socat:
soc = socat
socat = None
soc.signalProcess('TERM')
activity.shutdown()
logging.info('Shutdown done')
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment