def add_protocol_port(self, protocol='tcp', port=80, cookie_name=None, cookie_expire=None, cert=None, comment=None):
'''
add new protocol/port to the config file. if there's existing one, pass
'''
if not ( protocol == 'http' or protocol == 'tcp' or protocol == 'https' or protocol == 'ssl'):
raise Exception('unknown protocol')
# make sure no other frontend listen on the port
for key in self.__content_map.iterkeys():
key = key.strip(' ')
if key.startswith('frontend') and key.endswith('-%s'%port):
raise Exception('the port is found')
section_name = 'frontend %s-%s' % (protocol,port)
if not section_name in self.__content_map.iterkeys():
self.__content_map[section_name]= []
if comment is not None:
self.__content_map[section_name].append('# %s'%comment)
if protocol == 'https':
self.__content_map[section_name].append('mode http')
elif protocol == 'ssl':
self.__content_map[section_name].append('mode tcp')
else:
self.__content_map[section_name].append('mode %s' % protocol)
if protocol == 'http' or protocol == 'https':
self.__content_map[section_name].append('option forwardfor except 127.0.0.1')
if protocol == 'https' or protocol == 'ssl':
self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s' % (port, cert))
else:
self.__content_map[section_name].append('bind 0.0.0.0:%s' % port)
if config.ENABLE_CLOUD_WATCH: # this may have significant performance impact
self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
if protocol == 'http' or protocol == 'https':
self.__content_map[section_name].append('log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt')
elif protocol == 'tcp' or protocol == 'ssl':
self.__content_map[section_name].append('log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt')
def_backend = 'backend-%s-%s' % (protocol, port)
self.__content_map[section_name].append('default_backend %s' % def_backend)
if protocol == 'https':
backend_attribute = 'mode http\n balance roundrobin'
elif protocol == 'ssl':
backend_attribute = 'mode tcp\n balance roundrobin'
else:
backend_attribute = 'mode %s\n balance roundrobin' % protocol
if cookie_expire and cookie_name:
servo.log.error('both duration-based and app-controlled cookie stickiness are enabled. something is wrong!')
if ( protocol == 'http' or protocol == 'https' ) and cookie_expire:
try:
cookie_expire = int(cookie_expire)
backend_attribute = '%s\n cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds' % (backend_attribute, cookie_expire, cookie_expire)
except exceptions.ValueError:
servo.log.error('failed to set cookie expiration: value is not a number type')
elif ( protocol == 'http' or protocol == 'https' ) and cookie_name:
backend_attribute = '%s\n appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout())
# create the empty backend section
self.__content_map['backend %s' % def_backend] = [backend_attribute]
else:
pass # do nothing
return self
def add_protocol_port(self,
protocol='tcp',
port=80,
policies=[],
cert=None,
comment=None,
connection_idle_timeout=None):
'''
add new protocol/port to the config file. if there's existing one, pass
'''
if not (protocol == 'http' or protocol == 'tcp' or protocol == 'https'
or protocol == 'ssl'):
raise Exception('unknown protocol')
# make sure no other frontend listen on the port
for key in self.__content_map.iterkeys():
key = key.strip(' ')
if key.startswith('frontend') and key.endswith('-%s' % port):
raise Exception('the port is found')
section_name = 'frontend %s-%s' % (protocol, port)
if not section_name in self.__content_map.iterkeys():
self.__content_map[section_name] = []
if comment is not None:
self.__content_map[section_name].append('# %s' % comment)
if protocol == 'https':
self.__content_map[section_name].append('mode http')
elif protocol == 'ssl':
self.__content_map[section_name].append('mode tcp')
else:
self.__content_map[section_name].append('mode %s' % protocol)
if protocol == 'http' or protocol == 'https':
self.__content_map[section_name].append(
'option forwardfor except 127.0.0.1')
self.__content_map[section_name].append(
'reqadd X-Forwarded-Proto:\ %s' % protocol)
self.__content_map[section_name].append(
'reqadd X-Forwarded-Port:\ %s' % port)
if protocol == 'https' or protocol == 'ssl':
# haproxy always disables sslv2
sslv_setting = ''
if ConfBuilderHaproxy.ssl_v3(policies) == False:
sslv_setting = '%s no-sslv3' % sslv_setting
if ConfBuilderHaproxy.tls_v1(policies) == False:
sslv_setting = '%s no-tlsv10' % sslv_setting
if ConfBuilderHaproxy.tls_v11(policies) == False:
sslv_setting = '%s no-tlsv11' % sslv_setting
if ConfBuilderHaproxy.tls_v12(policies) == False:
sslv_setting = '%s no-tlsv12' % sslv_setting
cipher_str = ConfBuilderHaproxy.cipher_string(policies)
if cipher_str:
self.__content_map[section_name].append(
'bind 0.0.0.0:%s ssl crt %s %s ciphers %s' %
(port, cert, sslv_setting, cipher_str))
else:
self.__content_map[section_name].append(
'bind 0.0.0.0:%s ssl crt %s %s' %
(port, cert, sslv_setting))
else:
self.__content_map[section_name].append('bind 0.0.0.0:%s' %
port)
if connection_idle_timeout:
self.__content_map[section_name].append(
'timeout client %ss' % connection_idle_timeout)
# CLOUDWATCH metric update
self.__content_map[section_name].append(
'log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
if protocol == 'http' or protocol == 'https':
self.__content_map[section_name].append(
'capture request header User-Agent len 8192')
self.__content_map[section_name].append(
'log-format %s' % HttpAccessLog.log_format())
elif protocol == 'tcp' or protocol == 'ssl':
self.__content_map[section_name].append(
'log-format %s' % TcpAccessLog.log_format())
def_backend = 'backend-%s-%s' % (protocol, port)
self.__content_map[section_name].append('default_backend %s' %
def_backend)
if protocol == 'https':
backend_attribute = 'mode http\n balance roundrobin'
elif protocol == 'ssl':
backend_attribute = 'mode tcp\n balance roundrobin'
else:
backend_attribute = 'mode %s\n balance roundrobin' % protocol
if connection_idle_timeout:
backend_attribute = '%s\n timeout server %ss' % (
backend_attribute, connection_idle_timeout)
cookie_name = ConfBuilderHaproxy.get_app_cookie_name(policies)
cookie_expire = ConfBuilderHaproxy.get_lb_cookie_period(policies)
if (protocol == 'http' or protocol == 'https') and cookie_expire:
try:
cookie_expire = int(cookie_expire)
cache_control_header = '\n http-response set-header Cache-control no-cache=\"set-cookie\"'
backend_attribute = '%s%s\n cookie AWSELB insert indirect maxidle %ds maxlife %ds' % (
backend_attribute, cache_control_header, cookie_expire,
cookie_expire)
except exceptions.ValueError:
servo.log.error(
'failed to set cookie expiration: value is not a number type'
)
elif (protocol == 'http' or protocol == 'https') and cookie_name:
backend_attribute = '%s\n appsession %s len %d timeout %dm' % (
backend_attribute, cookie_name, config.appcookie_length(),
config.appcookie_timeout())
# create the empty backend section
self.__content_map['backend %s' %
def_backend] = [backend_attribute]
else:
pass # do nothing
return self
def add_protocol_port(self, protocol='tcp', port=80, cookie_name=None, cookie_expire=None, comment=None):
'''
add new protocol/port to the config file. if there's existing one, pass
'''
if not ( protocol == 'http' or protocol == 'tcp'):
raise Exception('unknown protocol')
# make sure no other frontend listen on the port
for key in self.__content_map.iterkeys():
key = key.strip(' ')
if key.startswith('frontend') and key.endswith('-%s'%port):
raise Exception('the port is found')
section_name = 'frontend %s-%s' % (protocol,port)
if not section_name in self.__content_map.iterkeys():
self.__content_map[section_name]= []
if comment is not None:
self.__content_map[section_name].append('# %s'%comment)
self.__content_map[section_name].append('mode %s' % protocol)
if protocol == 'http':
self.__content_map[section_name].append('option forwardfor except 127.0.0.1')
self.__content_map[section_name].append('bind 0.0.0.0:%s' % port)
if config.ENABLE_CLOUD_WATCH: # this may have significant performance impact
self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
if protocol == 'http':
self.__content_map[section_name].append('log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt')
elif protocol == 'tcp':
self.__content_map[section_name].append('log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt')
def_backend = 'backend-%s-%s' % (protocol, port)
self.__content_map[section_name].append('default_backend %s' % def_backend)
backend_attribute = 'mode %s\n balance roundrobin' % protocol
if cookie_expire and cookie_name:
servo.log.error('both duration-based and app-controlled cookie stickiness are enabled. something is wrong!')
if ( protocol == 'http' or protocol == 'https' ) and cookie_expire:
try:
cookie_expire = int(cookie_expire)
backend_attribute = '%s\n cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds' % (backend_attribute, cookie_expire, cookie_expire)
except exceptions.ValueError:
servo.log.error('failed to set cookie expiration: value is not a number type')
elif ( protocol == 'http' or protocol == 'https' ) and cookie_name:
backend_attribute = '%s\n appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout())
# create the empty backend section
self.__content_map['backend %s' % def_backend] = [backend_attribute]
else:
pass # do nothing
return self
def add_protocol_port(self, protocol='tcp', port=80, policies=[], cert=None, comment=None, connection_idle_timeout=None):
'''
add new protocol/port to the config file. if there's existing one, pass
'''
if not ( protocol == 'http' or protocol == 'tcp' or protocol == 'https' or protocol == 'ssl'):
raise Exception('unknown protocol')
# make sure no other frontend listen on the port
for key in self.__content_map.iterkeys():
key = key.strip(' ')
if key.startswith('frontend') and key.endswith('-%s'%port):
raise Exception('the port is found')
section_name = 'frontend %s-%s' % (protocol,port)
if not section_name in self.__content_map.iterkeys():
self.__content_map[section_name]= []
if comment is not None:
self.__content_map[section_name].append('# %s'%comment)
if protocol == 'https':
self.__content_map[section_name].append('mode http')
elif protocol == 'ssl':
self.__content_map[section_name].append('mode tcp')
else:
self.__content_map[section_name].append('mode %s' % protocol)
if protocol == 'http' or protocol == 'https':
self.__content_map[section_name].append('option forwardfor except 127.0.0.1')
self.__content_map[section_name].append('reqadd X-Forwarded-Proto:\ %s' % protocol)
self.__content_map[section_name].append('reqadd X-Forwarded-Port:\ %s' % port)
if protocol == 'https' or protocol == 'ssl':
# haproxy always disables sslv2
sslv_setting = ''
if ConfBuilderHaproxy.ssl_v3(policies) == False:
sslv_setting = '%s no-sslv3' % sslv_setting
if ConfBuilderHaproxy.tls_v1(policies) == False:
sslv_setting = '%s no-tlsv10' % sslv_setting
if ConfBuilderHaproxy.tls_v11(policies) == False:
sslv_setting = '%s no-tlsv11' % sslv_setting
if ConfBuilderHaproxy.tls_v12(policies) == False:
sslv_setting = '%s no-tlsv12' % sslv_setting
cipher_str = ConfBuilderHaproxy.cipher_string(policies)
if cipher_str:
self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s %s ciphers %s' % (port, cert, sslv_setting, cipher_str))
else:
self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s %s' % (port, cert, sslv_setting))
else:
self.__content_map[section_name].append('bind 0.0.0.0:%s' % port)
if connection_idle_timeout:
self.__content_map[section_name].append('timeout client %ss' % connection_idle_timeout)
# CLOUDWATCH metric update
self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
if protocol == 'http' or protocol == 'https':
self.__content_map[section_name].append('capture request header User-Agent len 8192')
self.__content_map[section_name].append('log-format %s' % HttpAccessLog.log_format())
elif protocol == 'tcp' or protocol == 'ssl':
self.__content_map[section_name].append('log-format %s' % TcpAccessLog.log_format())
def_backend = 'backend-%s-%s' % (protocol, port)
self.__content_map[section_name].append('default_backend %s' % def_backend)
if protocol == 'https':
backend_attribute = 'mode http\n balance roundrobin'
elif protocol == 'ssl':
backend_attribute = 'mode tcp\n balance roundrobin'
else:
backend_attribute = 'mode %s\n balance roundrobin' % protocol
if connection_idle_timeout:
backend_attribute = '%s\n timeout server %ss' % (backend_attribute, connection_idle_timeout)
cookie_name = ConfBuilderHaproxy.get_app_cookie_name(policies)
cookie_expire = ConfBuilderHaproxy.get_lb_cookie_period(policies)
if ( protocol == 'http' or protocol == 'https' ) and cookie_expire:
try:
cookie_expire = int(cookie_expire)
cache_control_header = '\n http-response set-header Cache-control no-cache=\"set-cookie\"'
backend_attribute = '%s%s\n cookie AWSELB insert indirect maxidle %ds maxlife %ds' % (backend_attribute, cache_control_header, cookie_expire, cookie_expire)
except exceptions.ValueError:
servo.log.error('failed to set cookie expiration: value is not a number type')
elif ( protocol == 'http' or protocol == 'https' ) and cookie_name:
backend_attribute = '%s\n appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout())
# create the empty backend section
self.__content_map['backend %s' % def_backend] = [backend_attribute]
else:
pass # do nothing
return self
def add_protocol_port(self, protocol="tcp", port=80, cookie_name=None, cookie_expire=None, comment=None):
"""
add new protocol/port to the config file. if there's existing one, pass
"""
if not (protocol == "http" or protocol == "tcp"):
raise Exception("unknown protocol")
# make sure no other frontend listen on the port
for key in self.__content_map.iterkeys():
key = key.strip(" ")
if key.startswith("frontend") and key.endswith("-%s" % port):
raise Exception("the port is found")
section_name = "frontend %s-%s" % (protocol, port)
if not section_name in self.__content_map.iterkeys():
self.__content_map[section_name] = []
if comment is not None:
self.__content_map[section_name].append("# %s" % comment)
self.__content_map[section_name].append("mode %s" % protocol)
if protocol == "http":
self.__content_map[section_name].append("option forwardfor except 127.0.0.1")
self.__content_map[section_name].append("bind 0.0.0.0:%s" % port)
if config.ENABLE_CLOUD_WATCH: # this may have significant performance impact
self.__content_map[section_name].append("log %s local2 info" % config.CW_LISTENER_DOM_SOCKET)
if protocol == "http":
self.__content_map[section_name].append(
"log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt"
)
elif protocol == "tcp":
self.__content_map[section_name].append("log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt")
def_backend = "backend-%s-%s" % (protocol, port)
self.__content_map[section_name].append("default_backend %s" % def_backend)
backend_attribute = "mode %s\n balance roundrobin" % protocol
if cookie_expire and cookie_name:
servo.log.error(
"both duration-based and app-controlled cookie stickiness are enabled. something is wrong!"
)
if (protocol == "http" or protocol == "https") and cookie_expire:
try:
cookie_expire = int(cookie_expire)
backend_attribute = "%s\n cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds" % (
backend_attribute,
cookie_expire,
cookie_expire,
)
except exceptions.ValueError:
servo.log.error("failed to set cookie expiration: value is not a number type")
elif (protocol == "http" or protocol == "https") and cookie_name:
backend_attribute = "%s\n appsession %s len %d timeout %dm" % (
backend_attribute,
cookie_name,
config.appcookie_length(),
config.appcookie_timeout(),
)
# create the empty backend section
self.__content_map["backend %s" % def_backend] = [backend_attribute]
else:
pass # do nothing
return self
