def run(self):
try:
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
ssl.set_credentials(str(self.options.accountPublicKey),
str(self.options.accountPrivateKey), str(""))
ssl.set_trusted_ca_db(str(self.options.brokerPublicKey))
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME,
trusted_CAs=str(
self.options.brokerPublicKey))
connection = BlockingConnection(self.address,
ssl_domain=ssl,
heartbeat=60000)
receiver = connection.create_receiver(self.broadcast_address,
credit=self.capacity)
while True:
received_message = None
try:
received_message = receiver.receive(
timeout=self.options.timeout)
except Timeout, e:
print("-I- No message received for ", self.options.timeout,
" seconds")
break
self.message_counter += 1
print("-I- Received broadcast message: " +
received_message.body)
receiver.accept()
print("-I- " + str(self.message_counter) + " messages received")
connection.close()
def __init__(self, router_host, router_port, cert_dir):
self.router_host = router_host
self.router_port = router_port
self.cert_dir = cert_dir
ssl_domain = None
allowed_mechs = []
sasl_enabled = False
if self.cert_dir != None:
ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
ssl_domain.set_trusted_ca_db(
str(os.path.join(self.cert_dir, 'ca.crt')))
ssl_domain.set_credentials(
str(os.path.join(self.cert_dir, "tls.crt")),
str(os.path.join(self.cert_dir, "tls.key")), None)
ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER)
allowed_mechs = str("EXTERNAL")
sasl_enabled = True
self.client = SyncRequestResponse(
BlockingConnection("amqps://" + self.router_host + ":" +
str(self.router_port),
30,
None,
ssl_domain,
allowed_mechs=allowed_mechs,
sasl_enabled=sasl_enabled), "$management")
def run(self):
try:
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str(""))
ssl.set_trusted_ca_db(str(self.options.brokerPublicKey))
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str(self.options.brokerPublicKey))
connection = BlockingConnection(self.address, ssl_domain=ssl, heartbeat=60000)
receiver = connection.create_receiver(self.broadcast_address, credit=self.capacity)
while True:
received_message = None
try:
received_message = receiver.receive(timeout=self.options.timeout)
except Timeout, e:
print("-I- No message received for ", self.options.timeout, " seconds")
break
self.message_counter += 1
print("-I- Received broadcast message: " + received_message.body)
receiver.accept()
print("-I- " + str(self.message_counter) + " messages received")
connection.close()
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT):
"""Return proton.SSLDomain from command line options or None if no SSL options specified.
@param opts: Parsed optoins including connection_options()
"""
certificate, key, trustfile, password, password_file, ssl_disable_peer_name_verify = opts.ssl_certificate,\
opts.ssl_key,\
opts.ssl_trustfile,\
opts.ssl_password,\
opts.ssl_password_file, \
opts.ssl_disable_peer_name_verify
if not (certificate or trustfile):
return None
if password_file:
password = get_password(password_file)
domain = SSLDomain(mode)
if trustfile:
domain.set_trusted_ca_db(str(trustfile))
if ssl_disable_peer_name_verify:
domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(trustfile))
else:
domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, str(trustfile))
if certificate:
domain.set_credentials(str(certificate), str(key), str(password))
return domain
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT):
"""Return proton.SSLDomain from command line options or None if no SSL options specified.
@param opts: Parsed optoins including connection_options()
"""
certificate, key, trustfile, password, password_file, ssl_disable_peer_name_verify = opts.ssl_certificate,\
opts.ssl_key,\
opts.ssl_trustfile,\
opts.ssl_password,\
opts.ssl_password_file, \
opts.ssl_disable_peer_name_verify
if not (certificate or trustfile):
return None
if password_file:
password = get_password(password_file)
domain = SSLDomain(mode)
if trustfile:
domain.set_trusted_ca_db(str(trustfile))
if ssl_disable_peer_name_verify:
domain.set_peer_authentication(SSLDomain.VERIFY_PEER,
str(trustfile))
else:
domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME,
str(trustfile))
if certificate:
domain.set_credentials(str(certificate), str(key), str(password))
return domain
def on_start(self, event):
self.container = event.container
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str(""))
ssl.set_trusted_ca_db(str(self.options.brokerPublicKey))
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str(self.options.brokerPublicKey))
conn = event.container.connect(self.address, ssl_domain=ssl, heartbeat=60000, allowed_mechs=str("EXTERNAL"))
event.container.create_receiver(conn, self.broadcast_address)
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT):
"""Return proton.SSLDomain from command line options or None if no SSL options specified.
@param opts: Parsed optoins including connection_options()
"""
certificate, key, trustfile, password = opts.ssl_certificate, opts.ssl_key, opts.ssl_trustfile, opts.ssl_password
if not (certificate or trustfile): return None
domain = SSLDomain(mode)
if trustfile:
domain.set_trusted_ca_db(trustfile)
domain.set_peer_authentication(SSLDomain.VERIFY_PEER, trustfile)
if certificate:
domain.set_credentials(certificate, key, password)
return domain
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT):
"""Return proton.SSLDomain from command line options or None if no SSL options specified.
@param opts: Parsed optoins including connection_options()
"""
certificate, key, trustfile, password = opts.ssl_certificate, opts.ssl_key, opts.ssl_trustfile, opts.ssl_password
if not (certificate or trustfile): return None
domain = SSLDomain(mode)
if trustfile:
domain.set_trusted_ca_db(trustfile)
domain.set_peer_authentication(SSLDomain.VERIFY_PEER, trustfile)
if certificate:
domain.set_credentials(certificate, key, password)
return domain
def on_start(self, event):
self.container = event.container
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
ssl.set_credentials(str(self.options.accountPublicKey),
str(self.options.accountPrivateKey), str(""))
ssl.set_trusted_ca_db(str(self.options.brokerPublicKey))
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME,
trusted_CAs=str(
self.options.brokerPublicKey))
conn = event.container.connect(self.address,
ssl_domain=ssl,
heartbeat=60000,
allowed_mechs=str("EXTERNAL"))
event.container.create_receiver(conn, self.broadcast_address)
def on_start(self, event):
self.log.debug('Container starting')
event.container.connected = False
if self.conf.has_option('broker', 'cert') and self.conf.has_option('broker', 'cacert'):
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
cert = self.conf.get('broker', 'cert')
ssl.set_credentials(cert, cert, None)
ssl.set_trusted_ca_db(self.conf.get('broker', 'cacert'))
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER)
else:
ssl = None
self.log.debug('connecting to %s', self.url)
event.container.connect(url=self.url, reconnect=False, ssl_domain=ssl)
connect_timeout = self.conf.getint('broker', 'connect_timeout')
self.connect_task = event.container.schedule(connect_timeout, self)
send_timeout = self.conf.getint('broker', 'send_timeout')
self.timeout_task = event.container.schedule(send_timeout, self)
def on_start(self, event):
log.debug('Container starting')
event.container.connected = False
event.container.error_msgs = []
if 'cert' in self.conf and 'key' in self.conf and 'cacert' in self.conf:
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
ssl.set_credentials(self.conf['cert'], self.conf['key'], None)
ssl.set_trusted_ca_db(self.conf['cacert'])
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER)
else:
ssl = None
log.debug('connecting to %s', self.url)
event.container.connect(url=self.url, reconnect=False, ssl_domain=ssl)
connect_timeout = self.conf['connect_timeout']
self.connect_task = event.container.schedule(connect_timeout, self)
send_timeout = self.conf['send_timeout']
self.timeout_task = event.container.schedule(send_timeout, self)
def on_start(self, event):
self.log.debug('Container starting')
event.container.connected = False
if self.conf.has_option('broker', 'cert') and self.conf.has_option('broker', 'cacert'):
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
cert = self.conf.get('broker', 'cert')
ssl.set_credentials(cert, cert, None)
ssl.set_trusted_ca_db(self.conf.get('broker', 'cacert'))
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER)
else:
ssl = None
self.log.debug('connecting to %s', self.url)
event.container.connect(url=self.url, reconnect=False, ssl_domain=ssl)
connect_timeout = self.conf.getint('broker', 'connect_timeout')
self.connect_task = event.container.schedule(connect_timeout, self)
send_timeout = self.conf.getint('broker', 'send_timeout')
self.timeout_task = event.container.schedule(send_timeout, self)
def create_ssl_domain(self, ssl_options_dict, mode=SSLDomain.MODE_CLIENT):
"""Return proton.SSLDomain from command line options or None if no SSL options specified.
@param opts: Parsed optoins including connection_options()
"""
certificate, key, trustfile, password = ssl_options_dict.get('ssl-certificate'), \
ssl_options_dict.get('ssl-key'), \
ssl_options_dict.get('ssl-trustfile'), \
ssl_options_dict.get('ssl-password')
if not (certificate or trustfile):
return None
domain = SSLDomain(mode)
if trustfile:
domain.set_trusted_ca_db(str(trustfile))
domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(trustfile))
if certificate:
domain.set_credentials(str(certificate), str(key), str(password))
return domain
def create_ssl_domain(self, ssl_options_dict, mode=SSLDomain.MODE_CLIENT):
"""Return proton.SSLDomain from command line options or None if no SSL options specified.
@param opts: Parsed optoins including connection_options()
"""
certificate, key, trustfile, password = ssl_options_dict.get('ssl-certificate'), \
ssl_options_dict.get('ssl-key'), \
ssl_options_dict.get('ssl-trustfile'), \
ssl_options_dict.get('ssl-password')
if not (certificate or trustfile):
return None
domain = SSLDomain(mode)
if trustfile:
domain.set_trusted_ca_db(str(trustfile))
domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(trustfile))
if certificate:
domain.set_credentials(str(certificate), str(key), str(password))
return domain
class AMQConsumer(object):
def __init__(self, urls, certificate=None, private_key=None,
trusted_certificates=None):
self.urls = urls
self.ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
self.ssl_domain.set_credentials(certificate, private_key, None)
self.ssl_domain.set_trusted_ca_db(trusted_certificates)
self.ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER)
def consume(self, address, callback,
data=None, selector=None, auto_accept=True,
subscription_name=None):
"""Start to consume messages
:param str address: refer to ``ReceiverHandler.__init__``.
:param callable callback: refer to ``ReceiverHandler.__init__``.
:param data: refer to ``ReceiverHandler.__init__``.
:param str selector: refer to ``ReceiverHandler.__init__``.
:param bool auto_accept: whether to accept message automatically.
Defaults to ``True``, that is to use default behaivor of
``proton.MessagingHandler``. Otherwise, received message will be
accepted according to return value from ``callback``. For
detailed information, refer to ``ReceiverHandler.on_message``.
:param str subscription_name: name to use to identify the durable
subscription. It will also be used as the client ID. If it is
None, the subscription will be non-durable, and the client ID
will be random.
:return: the return value of ``callback`` once a message is handled.
Or, the value returned when the last time ``callback`` is called.
"""
handler = ReceiverHandler(self.urls, address,
callback, data=data,
selector=selector,
ssl_domain=self.ssl_domain,
auto_accept=auto_accept,
subscription_name=subscription_name)
Container(handler).run()
return handler.result
def run(self):
try:
ssl = SSLDomain(SSLDomain.MODE_CLIENT)
ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str(""))
ssl.set_trusted_ca_db(str(self.options.brokerPublicKey))
ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str(self.options.brokerPublicKey))
connection = BlockingConnection(self.address, ssl_domain=ssl, heartbeat=60000)
receiver = connection.create_receiver(self.response_address)
sender = connection.create_sender(self.request_address)
message = Message(body="<FIXML>...</FIXML>", reply_to=self.reply_adress)
print("-I- Sending request message: " + message.body)
sender.send(message);
try:
received_message = receiver.receive(timeout=self.options.timeout)
print("-I- Received response message: " + received_message.body)
self.message_counter += 1
receiver.accept()
except Timeout, e:
print("-I- No message received for ", self.options.timeout, " seconds")
connection.close()
def ssl_domain(connector):
"""
Get the ssl domain using the broker settings.
:param connector: A broker.
:type connector: Connector
:return: The populated domain.
:rtype: SSLDomain
:raise: SSLException
:raise: ValueError
"""
domain = None
if connector.use_ssl():
connector.ssl.validate()
domain = SSLDomain(SSLDomain.MODE_CLIENT)
domain.set_trusted_ca_db(connector.ssl.ca_certificate)
domain.set_credentials(
connector.ssl.client_certificate, connector.ssl.client_key
or connector.ssl.client_certificate, None)
if connector.ssl.host_validation:
mode = SSLDomain.VERIFY_PEER_NAME
else:
mode = SSLDomain.VERIFY_PEER
domain.set_peer_authentication(mode)
return domain
def ssl_domain(connector):
"""
Get the ssl domain using the broker settings.
:param connector: A broker.
:type connector: Connector
:return: The populated domain.
:rtype: SSLDomain
:raise: SSLException
:raise: ValueError
"""
domain = None
if connector.use_ssl():
connector.ssl.validate()
domain = SSLDomain(SSLDomain.MODE_CLIENT)
domain.set_trusted_ca_db(connector.ssl.ca_certificate)
domain.set_credentials(
connector.ssl.client_certificate,
connector.ssl.client_key or connector.ssl.client_certificate, None)
if connector.ssl.host_validation:
mode = SSLDomain.VERIFY_PEER_NAME
else:
mode = SSLDomain.VERIFY_PEER
domain.set_peer_authentication(mode)
return domain
class RouterCollector(object):
def __init__(self, router_host, router_port, cert_dir):
self.router_host = router_host
self.router_port = router_port
self.cert_dir = cert_dir
self.ssl_domain = None
self.allowed_mechs = []
self.sasl_enabled = False
if self.cert_dir != None:
self.ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
self.ssl_domain.set_trusted_ca_db(
str(os.path.join(self.cert_dir, 'ca.crt')))
self.ssl_domain.set_credentials(
str(os.path.join(self.cert_dir, "tls.crt")),
str(os.path.join(self.cert_dir, "tls.key")), None)
self.ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER)
self.allowed_mechs = str("EXTERNAL")
self.sasl_enabled = True
def create_collector_map(self):
metrics = [
MetricCollector('connectionCount',
'Number of connections to router', ['container']),
MetricCollector('connectionCount',
'Total number of connections to router',
['routerId'],
id="totalConnectionCount"),
MetricCollector('linkCount', 'Number of links to router',
['address']),
MetricCollector('linkCount',
'Number of consumers to router', ['address'],
id="consumerCount",
filter={"linkDir": "out"}),
MetricCollector('linkCount',
'Number of producers to router', ['address'],
id="producerCount",
filter={"linkDir": "in"}),
MetricCollector('linkCount',
'Total number of links to router', ['routerId'],
id="totalLinkCount"),
MetricCollector('addrCount',
'Number of addresses defined in router',
['routerId']),
MetricCollector('autoLinkCount',
'Number of auto links defined in router',
['routerId']),
MetricCollector('linkRouteCount',
'Number of link routers defined in router',
['routerId']),
MetricCollector('unsettledCount', 'Number of unsettled messages',
['address']),
MetricCollector('deliveryCount', 'Number of delivered messages',
['address'], "COUNTER"),
MetricCollector('releasedCount', 'Number of released messages',
['address'], "COUNTER"),
MetricCollector('rejectedCount', 'Number of rejected messages',
['address'], "COUNTER"),
MetricCollector('acceptedCount', 'Number of accepted messages',
['address'], "COUNTER"),
MetricCollector('undeliveredCount',
'Number of undelivered messages', ['address']),
MetricCollector('capacity', 'Capacity of link', ['address'])
]
m = {}
for metric in metrics:
m[metric.id] = metric
return m
def create_entity_map(self, collector_map):
return {
self.get_router: [
collector_map['totalConnectionCount'],
collector_map['totalLinkCount'], collector_map['addrCount'],
collector_map['autoLinkCount'], collector_map['linkRouteCount']
],
self.get_connections: [collector_map['connectionCount']],
self.get_links: [
collector_map['linkCount'], collector_map['unsettledCount'],
collector_map['deliveryCount'], collector_map['releasedCount'],
collector_map['rejectedCount'], collector_map['acceptedCount'],
collector_map['undeliveredCount'], collector_map['capacity'],
collector_map['consumerCount'], collector_map['producerCount']
]
}
def get_router(self, client):
return self.collect_metric('org.apache.qpid.dispatch.router', client)
def get_links(self, client):
links = self.collect_metric('org.apache.qpid.dispatch.router.link',
client)
if links == None:
return links
connections = self.get_connections(client)
if connections == None:
return connections
links.add_field_from("address", "owningAddr", clean_address)
links.add_field("linkCount", 1)
links.add_field_from(
"container", "connectionId",
lambda connection_id: get_container_from_connections(
connection_id, connections))
return links
def get_connections(self, client):
response = self.collect_metric('org.apache.qpid.dispatch.connection',
client)
if response == None:
return response
response.add_field("connectionCount", 1)
return response
def collect(self):
collector_map = self.create_collector_map()
fetcher_map = self.create_entity_map(collector_map)
connection = None
print("Collecting metrics")
try:
connection = BlockingConnection("amqps://" + self.router_host +
":" + str(self.router_port),
30,
None,
self.ssl_domain,
allowed_mechs=self.allowed_mechs,
sasl_enabled=self.sasl_enabled,
container_id="router-metrics")
client = SyncRequestResponse(connection, "$management")
for fetcher in fetcher_map:
response = fetcher(client)
if response != None:
for collector in fetcher_map[fetcher]:
for entity in response.get_results():
if response.contains(entity, collector.filter):
labels = []
for l in collector.labels:
label_idx = response.get_index(l)
if label_idx != None and entity[
label_idx] != None:
labels.append(entity[label_idx])
else:
labels.append("")
value = entity[response.get_index(
collector.name)]
collector.add(labels, int(value))
finally:
if connection != None:
connection.close()
for collector in collector_map.itervalues():
yield collector.metric()
def collect_metric(self, entityType, client):
result = None
try:
properties = {}
properties["entityType"] = entityType
properties["operation"] = "QUERY"
properties["name"] = "self"
message = Message(body=None, properties=properties)
response = client.call(message)
if response != None:
result = RouterResponse(response)
except NameError as e:
print("Error querying router for metrics: %s" % e)
return result
parser.add_option("-a", "--address", default="amqps://127.0.0.1:5672",
help="address to which messages are sent (default %default)")
parser.add_option("-m", "--messages", type="int", default=100,
help="number of messages to send (default %default)")
parser.add_option("-t", "--ssl-trustfile", default="/home/gmurthy/opensource/dispatch/tests/config-2/ca-certificate.pem",
help="The trust file")
parser.add_option("-c", "--ssl-certificate", default="/home/gmurthy/opensource/dispatch/tests/config-2/client-certificate.pem",
help="The cert file")
parser.add_option("-k", "--ssl-key", default="/home/gmurthy/opensource/dispatch/tests/config-2/client-private-key.pem",
help="The trust key")
parser.add_option("-p", "--ssl-password", default="client-password",
help="The trust file")
opts, args = parser.parse_args()
try:
ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
ssl_domain.set_trusted_ca_db(str(opts.ssl_trustfile))
ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(opts.ssl_trustfile))
# for client authentication and private key password protected
#ssl_domain.set_credentials(str(opts.ssl_certificate), str(opts.ssl_key), str(opts.ssl_password))
# for client authentication and private key NOT password protected
#ssl_domain.set_credentials(str(opts.ssl_certificate), str(opts.ssl_key), None)
Container(Send(opts.address, opts.messages, ssl_domain=ssl_domain)).run()
except KeyboardInterrupt: pass