Commit 8182f719 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Start socat on the server

To provide a SSL proxy. This moves it out of the python process, so it
can keep up with the load.
parent 06cb691d
......@@ -176,7 +176,7 @@ class ClientConn(twisted.protocols.basic.Int32StringReceiver):
if self.__cid:
return self.__cid
class ClientFactory(twisted.internet.protocol.Factory):
......@@ -16,7 +16,8 @@ log_file_size: 134217728
; Maximum number of backup log files when rotated
log_file_count: 5
; The SSL certificate
cert = server.key
cert = server.cert
key = server.key
; The plugins to load follow. Each name is the class to load and instantiate.
......@@ -18,8 +18,10 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
from twisted.internet import reactor, ssl
from twisted.internet.endpoints import SSL4ServerEndpoint
from twisted.internet import reactor, ssl, protocol
from twisted.internet.endpoints import UNIXServerEndpoint
from twisted.internet.error import ReactorNotRunning
from subprocess import Popen
import log_extra
import logging
import logging.handlers
......@@ -28,6 +30,7 @@ from plugin import Plugins
import master_config
import activity
import importlib
import os
severity = master_config.get('log_severity')
if severity == 'TRACE':
......@@ -50,16 +53,42 @@ for (plugin, config) in master_config.plugins().items():
loaded_plugins[plugin] = constructor(plugins, config)'Loaded plugin %s from %s', loaded_plugins[plugin].name(), plugin)
# Some configuration, to load the port from?
port = master_config.getint('port')
with open(master_config.get('cert')) as key:
cert = ssl.PrivateCertificate.loadPEM(
endpoint = SSL4ServerEndpoint(reactor, port, cert.options())'Listening on port %s', port)
endpoint = UNIXServerEndpoint(reactor, './collect-master.sock')
socat = None
class Socat(protocol.ProcessProtocol):
def connectionMade(self):
global socat
socat = self.transport'Started socat proxy')
def processEnded(self, status):
global socat
if socat:
socat = None
# Don't report lost socat if we're already terminating
logging.fatal('Lost socat, terminating')
except ReactorNotRunning:
def errReceived(self, data):
logging.warn('Socat complained: %s', data)
args = ['/usr/bin/socat', 'OPENSSL-LISTEN:' + str(master_config.getint('port')) + ',fork,backlog=50,key=' + master_config.get('key') + ',cert=' + master_config.get('cert') + ',verify=0,cipher=TLSv1,reuseaddr,pf=ip6', 'UNIX-CONNECT:./collect-master.sock']
logging.debug('Starting socat with: %s', args)
reactor.spawnProcess(Socat(), '/usr/bin/socat', args=args, env=os.environ)
endpoint.listen(ClientFactory(plugins))'Init done')'Finishing up')
if socat:
soc = socat
socat = None
activity.shutdown()'Shutdown done')
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment