def main(argv=sys.argv): """Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be called as a function by an external program.""" config = configparser.ConfigParser() config.read(common.CONFIG_FILE) cloudverifier_port = config.get('general', 'cloudverifier_port') db_filename = "%s/%s" % (common.WORK_DIR, config.get('cloud_verifier', 'db_filename')) db = cloud_verifier_common.init_db(db_filename) db.update_all_agents( 'operational_state', cloud_verifier_common.CloudAgent_Operational_State.SAVED) num = db.count_agents() if num > 0: agent_ids = db.get_agent_ids() logger.info("agent ids in db loaded from file: %s" % agent_ids) logger.info('Starting Cloud Verifier (tornado) on port ' + cloudverifier_port + ', use <Ctrl-C> to stop') app = tornado.web.Application([ (r"/(?:v[0-9]/)?agents/.*", AgentsHandler, { 'db': db }), (r"/verifier.*", AgentsHandler, { 'db': db }), (r".*", MainHandler), ]) context = cloud_verifier_common.init_mtls() #after TLS is up, start revocation notifier if config.getboolean('cloud_verifier', 'revocation_notifier'): logger.info( "Starting service for revocation notifications on port %s" % config.getint('general', 'revocation_notifier_port')) revocation_notifier.start_broker() # need to pass in the rev_port? sockets = tornado.netutil.bind_sockets(int(cloudverifier_port), address='0.0.0.0') #tornado.process.fork_processes(config.getint('cloud_verifier','multiprocessing_pool_num_workers')) asyncio.set_event_loop(asyncio.new_event_loop()) server = tornado.httpserver.HTTPServer(app, ssl_options=context) server.add_sockets(sockets) try: tornado.ioloop.IOLoop.instance().start() except KeyboardInterrupt: tornado.ioloop.IOLoop.instance().stop() if config.getboolean('cloud_verifier', 'revocation_notifier'): revocation_notifier.stop_broker()
def main(argv=sys.argv): """Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be called as a function by an external program.""" config = configparser.ConfigParser() config.read(common.CONFIG_FILE) cloudverifier_port = config.get('cloud_verifier', 'cloudverifier_port') VerfierMain.metadata.create_all(engine, checkfirst=True) session = SessionManager().make_session(engine) try: query_all = session.query(VerfierMain).all() except SQLAlchemyError as e: logger.error(f'SQLAlchemy Error: {e}') for row in query_all: row.operational_state = cloud_verifier_common.CloudAgent_Operational_State.SAVED try: session.commit() except SQLAlchemyError as e: logger.error(f'SQLAlchemy Error: {e}') num = session.query(VerfierMain.agent_id).count() if num > 0: agent_ids = session.query(VerfierMain.agent_id).all() logger.info("agent ids in db loaded from file: %s" % agent_ids) logger.info('Starting Cloud Verifier (tornado) on port ' + cloudverifier_port + ', use <Ctrl-C> to stop') app = tornado.web.Application([ (r"/(?:v[0-9]/)?agents/.*", AgentsHandler), (r".*", MainHandler), ]) context = cloud_verifier_common.init_mtls() # after TLS is up, start revocation notifier if config.getboolean('cloud_verifier', 'revocation_notifier'): logger.info( "Starting service for revocation notifications on port %s" % config.getint('cloud_verifier', 'revocation_notifier_port')) revocation_notifier.start_broker() sockets = tornado.netutil.bind_sockets(int(cloudverifier_port), address='0.0.0.0') tornado.process.fork_processes( config.getint('cloud_verifier', 'multiprocessing_pool_num_workers')) asyncio.set_event_loop(asyncio.new_event_loop()) server = tornado.httpserver.HTTPServer(app, ssl_options=context) server.add_sockets(sockets) try: tornado.ioloop.IOLoop.instance().start() except KeyboardInterrupt: tornado.ioloop.IOLoop.instance().stop() if config.getboolean('cloud_verifier', 'revocation_notifier'): revocation_notifier.stop_broker()
def main(): """Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be called as a function by an external program.""" cloudverifier_port = config.get('cloud_verifier', 'cloudverifier_port') cloudverifier_host = config.get('cloud_verifier', 'cloudverifier_ip') # allow tornado's max upload size to be configurable max_upload_size = None if config.has_option('cloud_verifier', 'max_upload_size'): max_upload_size = int(config.get('cloud_verifier', 'max_upload_size')) VerfierMain.metadata.create_all(engine, checkfirst=True) session = get_session() try: query_all = session.query(VerfierMain).all() for row in query_all: if row.operational_state in states.APPROVED_REACTIVATE_STATES: row.operational_state = states.START session.commit() except SQLAlchemyError as e: logger.error('SQLAlchemy Error: %s', e) num = session.query(VerfierMain.agent_id).count() if num > 0: agent_ids = session.query(VerfierMain.agent_id).all() logger.info("Agent ids in db loaded from file: %s", agent_ids) logger.info('Starting Cloud Verifier (tornado) on port %s, use <Ctrl-C> to stop', cloudverifier_port) app = tornado.web.Application([ (r"/(?:v[0-9]/)?agents/.*", AgentsHandler), (r"/(?:v[0-9]/)?allowlists/.*", AllowlistHandler), (r".*", MainHandler), ]) context = cloud_verifier_common.init_mtls() # after TLS is up, start revocation notifier if config.getboolean('cloud_verifier', 'revocation_notifier'): logger.info("Starting service for revocation notifications on port %s", config.getint('cloud_verifier', 'revocation_notifier_port')) revocation_notifier.start_broker() sockets = tornado.netutil.bind_sockets( int(cloudverifier_port), address=cloudverifier_host) task_id = tornado.process.fork_processes(config.getint( 'cloud_verifier', 'multiprocessing_pool_num_workers')) asyncio.set_event_loop(asyncio.new_event_loop()) # Auto reactivate agent if task_id == 0: asyncio.ensure_future(activate_agents()) server = tornado.httpserver.HTTPServer(app, ssl_options=context, max_buffer_size=max_upload_size) server.add_sockets(sockets) try: tornado.ioloop.IOLoop.instance().start() except KeyboardInterrupt: tornado.ioloop.IOLoop.instance().stop() if config.getboolean('cloud_verifier', 'revocation_notifier'): revocation_notifier.stop_broker()
def main(argv=sys.argv): """Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be called as a function by an external program.""" config = configparser.ConfigParser() config.read(common.CONFIG_FILE) # CONFIG_FILE="../keylime.conf" # print('file name comes here') cloudverifier_port = config.get('general', 'cloudverifier_port') # general is all? cloudcerifier_port = 8881 db_filename = "%s/%s" % (common.WORK_DIR, config.get('cloud_verifier', 'db_filename')) ''' common.WORK_DIR WORK_DIR=os.path.abspath(".") or os.getenv('KEYLIME_DIR','/var/lib/keylime') Return a normalized absolutized version of the pathname path. cloud_verifier: a bunch of setting I couldn't understand ~_~ db_filename: db_filename = cv_data.sqlite What's this???!!! ''' db = cloud_verifier_common.init_db( db_filename) # init a light weighted db, db is an object db.update_all_agents( 'operational_state', cloud_verifier_common.CloudAgent_Operational_State.SAVED) ''' key: 'operational_state' value: cloud_verifier_common.CloudAgent_Operational_State.SAVED: just a state code update status? SET <key, value> operation ''' num = db.count_agents( ) # count the number of agents: return len(self.get_agent_ids()) if num > 0: agent_ids = db.get_agent_ids() # get a list of agent ids logger.info("agent ids in db loaded from file: %s" % agent_ids) else: # this log is added by me for testing logger.info("no agent now(testing)") logger.info('Starting Cloud Verifier (tornado) on port ' + cloudverifier_port + ', use <Ctrl-C> to stop') ''' this is what shows on screen logger = keylime_logging.init_logging('cloudverifier') logger is a logging ''' VerifierHandler = VerifierHandler_provider if identity == "provider" else VerifierHandler_tenant app = tornado.web.Application([ (r"/(?:v[0-9]/)?agents/.*", AgentsHandler, { 'db': db }), # r"/ main page handler (r"/verifier/(.*)", VerifierHandler), (r".*", MainHandler), ]) ''' Apache framework The Tornado web server and tools. https://www.tornadoweb.org/en/stable/web.html#application-configuration ([...])each request handler is a tuple r"/" root location, according handler need to create a handler, class regular expression what are these handlers do? how do they react with each others ''' context = cloud_verifier_common.init_mtls() ''' init_mtls(section='cloud_verifier',generatedir='cv_ca'): ''' #after TLS is up, start revocation notifier if config.getboolean('cloud_verifier', 'revocation_notifier' ): # [cloud_verifier] revocation_notifier = True logger.info( "Starting service for revocation notifications on port %s" % config.getint('general', 'revocation_notifier_port')) revocation_notifier.start_broker() sockets = tornado.netutil.bind_sockets(int(cloudverifier_port), address='0.0.0.0') # 0.0.0.0 all ip addr on local machine # Creates listening sockets bound to the given port and address. # [<socket.socket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('0.0.0.0', 8881)>] tornado.process.fork_processes( config.getint('cloud_verifier', 'multiprocessing_pool_num_workers')) ''' Starts multiple worker processes. multiprocessing_pool_num_workers = 0 If num_processes is None or <= 0, we detect the number of cores available on this machine and fork that number of child processes. Since we use processes and not threads, there is no shared memory between any server code. ''' asyncio.set_event_loop(asyncio.new_event_loop()) ''' Asynchronous I/O asyncio is a library to write concurrent code using the async/await syntax. The event loop is the core of every asyncio application. Event loops run asynchronous tasks and callbacks, perform network IO operations, and run subprocesses. low level code Note that the behaviour of get_event_loop(), set_event_loop(), and new_event_loop() functions can be altered by setting a custom event loop policy. ''' server = tornado.httpserver.HTTPServer(app, ssl_options=context) ''' A non-blocking, single-threaded HTTP server. Typical applications have little direct interaction with the HTTPServer class except to start a server at the beginning of the process (and even that is often done indirectly via tornado.web.Application.listen). ''' server.add_sockets(sockets) ''' similar to example sockets = tornado.netutil.bind_sockets(8888) tornado.process.fork_processes(0) server = HTTPServer(app) server.add_sockets(sockets) IOLoop.current().start() ''' try: if identity == tenant: requests.get(url=provider_ip + "/verifier/I_need_quote") tornado.ioloop.IOLoop.instance().start() except KeyboardInterrupt: tornado.ioloop.IOLoop.instance().stop() if config.getboolean('cloud_verifier', 'revocation_notifier'): revocation_notifier.stop_broker()