コード例 #1
0
def _set_global_config(config, sock_path):
    global_custom_attributes = validator(config, 'global')
    maxconn = global_custom_attributes.pop('max_conn', None) \
        if 'max_conn' in global_custom_attributes else 65000
    ssl_ciphers = global_custom_attributes.pop('ssl_ciphers', None) \
        if 'ssl_ciphers' in global_custom_attributes else \
            'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:' \
            'ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:' \
            'RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'

    conf = [
        'global',
        'daemon',
        'user nobody',
        'group nogroup',
        'log /dev/log local0',
        'log /dev/log local1 notice',
        'tune.ssl.default-dh-param 2048',
        'ssl-default-bind-ciphers %s' % ssl_ciphers,
        'ulimit-n 200000',
        'maxconn %d' % maxconn
    ]
    conf.append('stats socket %s mode 0666 level user' % sock_path)

    return _construct_config_block(config, conf, "global", global_custom_attributes)
コード例 #2
0
def _set_frontend(config, conf_dir, keystone_auth_conf_file):
    port = config['vip']['port']
    vip_custom_attributes = validator(config, 'vip', keystone_auth_conf_file)
    ssl = ''

    if 'tls_container' in vip_custom_attributes:
        data = vip_custom_attributes.pop('tls_container', None)
        crt_file = _populate_pem_file(data, conf_dir)
    else:
        crt_file = config['ssl-crt']

    if config['vip']['protocol'] == PROTO_HTTPS:
        ssl = 'ssl crt %s no-sslv3' % crt_file
    conf = [
        'frontend %s' % config['vip']['id'],
        'option tcplog',
        'bind %s:%d %s' % (config['vip']['address'], port, ssl),
        'mode %s' % PROTO_MAP[config['vip']['protocol']],
        'default_backend %s' % config['pool']['id']
    ]
    if config['vip']['connection-limit'] >= 0:
        conf.append('maxconn %s' % config['vip']['connection-limit'])
    if config['vip']['protocol'] == PROTO_HTTP or \
            config['vip']['protocol'] == PROTO_HTTPS:
        conf.append('option forwardfor')

    return _construct_config_block(config, conf, "vip", vip_custom_attributes)
コード例 #3
0
def _set_backend(config):
    pool_custom_attributes = validator(config, 'pool')
    conf = [
        'backend %s' % config['pool']['id'],
        'mode %s' % PROTO_MAP[config['pool']['protocol']],
        'balance %s' % LB_METHOD_MAP[config['pool']['method']]
    ]
    if config['pool']['protocol'] == PROTO_HTTP:
        conf.append('option forwardfor')

    server_suffix, monitor_conf = _set_health_monitor(config)
    conf.extend(monitor_conf)
    session_conf = _set_session_persistence(config)
    conf.extend(session_conf)

    for member in config['members']:
        if not member['admin-state']:
            continue
        server = (('server %(id)s %(address)s:%(port)s '
                  'weight %(weight)s') % member) + server_suffix
        if (config['vip']['persistence-type'] == PERSISTENCE_HTTP_COOKIE):
            server += ' cookie %d' % config['members'].index(member)
        conf.append(server)

    return _construct_config_block(config, conf, "pool", pool_custom_attributes)
コード例 #4
0
def _set_global_config(config, sock_path):
    global_custom_attributes = validator(config, 'global')
    maxconn = global_custom_attributes.pop('maxconn', None) \
        if 'maxconn' in global_custom_attributes else 65000
    ssl_ciphers = global_custom_attributes.pop('ssl_ciphers', None) \
        if 'ssl_ciphers' in global_custom_attributes else \
            'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:' \
            'ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:' \
            'RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'

    conf = [
        'global',
        'daemon',
        'user nobody',
        'group nogroup',
        'log /dev/log local0',
        'log /dev/log local1 notice',
        'tune.ssl.default-dh-param 2048',
        'ssl-default-bind-ciphers %s' % ssl_ciphers,
        'ulimit-n 200000',
        'maxconn %d' % maxconn
    ]
    conf.append('stats socket %s mode 0666 level user' % sock_path)
    for key, value in global_custom_attributes.iteritems():
        cmd = custom_attributes_dict['global'][key]['cmd']
        conf.append(cmd % value)

    return ("\n\t".join(conf))
コード例 #5
0
def _set_global_config(config, sock_path):
    global_custom_attributes = validator(config, 'global')
    maxconn = global_custom_attributes.pop('max_conn', None) \
        if 'max_conn' in global_custom_attributes else 65000
    ssl_ciphers = global_custom_attributes.pop('ssl_ciphers', None) \
        if 'ssl_ciphers' in global_custom_attributes else \
            'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:' \
            'ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:' \
            'RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'

    conf = [
        'global',
        'daemon',
        'user nobody',
        'group nogroup',
        'log /dev/log local0',
        'log /dev/log local1 notice',
        'tune.ssl.default-dh-param 2048',
        'ssl-default-bind-ciphers %s' % ssl_ciphers,
        'ulimit-n 200000',
        'maxconn %d' % maxconn
    ]
    conf.append('stats socket %s mode 0666 level user' % sock_path)

    return _construct_config_block(config, conf, "global", global_custom_attributes)
コード例 #6
0
def _set_backend(config):
    if 'loadbalancer' in config:
        return _set_backend_v2(config)

    pool_custom_attributes = validator(config, 'pool')
    conf = [
        'backend %s' % config['pool']['id'],
        'mode %s' % PROTO_MAP[config['pool']['protocol']],
        'balance %s' % LB_METHOD_MAP[config['pool']['method']]
    ]
    if config['pool']['protocol'] == PROTO_HTTP:
        conf.append('option forwardfor')

    server_suffix, monitor_conf = _set_health_monitor(config)
    conf.extend(monitor_conf)
    session_conf = _set_session_persistence(config)
    conf.extend(session_conf)

    for member in config['members']:
        if not member['admin-state']:
            continue
        server = (('server %(id)s %(address)s:%(port)s '
                  'weight %(weight)s') % member) + server_suffix
        if (config['vip']['persistence-type'] == PERSISTENCE_HTTP_COOKIE):
            server += ' cookie %d' % config['members'].index(member)
        conf.append(server)

    return _construct_config_block(config, conf, "pool", pool_custom_attributes)
コード例 #7
0
def _set_frontend(config, conf_dir, keystone_auth_conf_file):
    if 'loadbalancer' in config:
        return _set_frontend_v2(config, conf_dir, keystone_auth_conf_file)

    port = config['vip']['port']
    vip_custom_attributes = validator(config, 'vip', keystone_auth_conf_file)
    ssl = ''

    if 'tls_container' in vip_custom_attributes:
        data = vip_custom_attributes.pop('tls_container', None)
        crt_file = _populate_pem_file(data, conf_dir)
    else:
        crt_file = config['ssl-crt']

    if config['vip']['protocol'] == PROTO_HTTPS:
        ssl = 'ssl crt %s no-sslv3' % crt_file
    conf = [
        'frontend %s' % config['vip']['id'],
        'option tcplog',
        'bind %s:%d %s' % (config['vip']['address'], port, ssl),
        'mode %s' % PROTO_MAP[config['vip']['protocol']],
        'default_backend %s' % config['pool']['id']
    ]
    if config['vip']['connection-limit'] >= 0:
        conf.append('maxconn %s' % config['vip']['connection-limit'])
    if config['vip']['protocol'] == PROTO_HTTP or \
            config['vip']['protocol'] == PROTO_HTTPS:
        conf.append('option forwardfor')

    return _construct_config_block(config, conf, "vip", vip_custom_attributes)
コード例 #8
0
def _set_defaults(config):
    default_custom_attributes = validator(config, 'default')
    client_timeout = default_custom_attributes.pop('client_timeout', None) \
        if 'client_timeout' in default_custom_attributes else 300000
    server_timeout = default_custom_attributes.pop('server_timeout', None) \
        if 'server_timeout' in default_custom_attributes else 300000
    connect_timeout = default_custom_attributes.pop('connect_timeout', None) \
        if 'connect_timeout' in default_custom_attributes else 5000

    conf = [
        'defaults',
        'log global',
        'retries 3',
        'option redispatch',
        'timeout connect %d' % connect_timeout,
        'timeout client %d' % client_timeout,
        'timeout server %d' % server_timeout,
    ]

    return _construct_config_block(config, conf, "default", default_custom_attributes)
コード例 #9
0
def _set_defaults(config):
    default_custom_attributes = validator(config, 'default')
    client_timeout = default_custom_attributes.pop('client_timeout', None) \
        if 'client_timeout' in default_custom_attributes else 300000
    server_timeout = default_custom_attributes.pop('server_timeout', None) \
        if 'server_timeout' in default_custom_attributes else 300000
    connect_timeout = default_custom_attributes.pop('connect_timeout', None) \
        if 'connect_timeout' in default_custom_attributes else 5000

    conf = [
        'defaults',
        'log global',
        'retries 3',
        'option redispatch',
        'timeout connect %d' % connect_timeout,
        'timeout client %d' % client_timeout,
        'timeout server %d' % server_timeout,
    ]

    return _construct_config_block(config, conf, "default", default_custom_attributes)
コード例 #10
0
def _set_defaults(config):
    default_custom_attributes = validator(config, 'default')
    client_timeout = default_custom_attributes.pop('client_timeout', None) \
        if 'client_timeout' in default_custom_attributes else 300000
    server_timeout = default_custom_attributes.pop('server_timeout', None) \
        if 'server_timeout' in default_custom_attributes else 300000
    connect_timeout = default_custom_attributes.pop('connect_timeout', None) \
        if 'connect_timeout' in default_custom_attributes else 5000

    conf = [
        'defaults',
        'log global',
        'retries 3',
        'option redispatch',
        'timeout connect %d' % connect_timeout,
        'timeout client %d' % client_timeout,
        'timeout server %d' % server_timeout,
    ]

    for key, value in default_custom_attributes.iteritems():
        cmd = custom_attributes_dict['default'][key]['cmd']
        conf.append(cmd % value)

    return ("\n\t".join(conf))
コード例 #11
0
def _set_frontend(config):
    port = config['vip']['port']
    vip_custom_attributes = validator(config, 'vip')
    ssl = ''
    if config['vip']['protocol'] == PROTO_HTTPS:
        ssl = 'ssl crt %s no-sslv3' % config['ssl-crt']
    conf = [
        'frontend %s' % config['vip']['id'],
        'option tcplog',
        'bind %s:%d %s' % (config['vip']['address'], port, ssl),
        'mode %s' % PROTO_MAP[config['vip']['protocol']],
        'default_backend %s' % config['pool']['id']
    ]
    if config['vip']['connection-limit'] >= 0:
        conf.append('maxconn %s' % config['vip']['connection-limit'])
    if config['vip']['protocol'] == PROTO_HTTP or \
            config['vip']['protocol'] == PROTO_HTTPS:
        conf.append('option forwardfor')

    for key, value in vip_custom_attributes.iteritems():
        cmd = custom_attributes_dict['vip'][key]['cmd']
        conf.append(cmd % value)

    return ("\n\t".join(conf))