def _create_glance_client(context, host, port, use_ssl, version=1): """Instantiate a new glanceclient.Client object.""" params = {} if use_ssl: scheme = 'https' # https specific params params['insecure'] = CONF.glance.api_insecure params['ssl_compression'] = False sslutils.is_enabled(CONF) if CONF.ssl.cert_file: params['cert_file'] = CONF.ssl.cert_file if CONF.ssl.key_file: params['key_file'] = CONF.ssl.key_file if CONF.ssl.ca_file: params['cacert'] = CONF.ssl.ca_file else: scheme = 'http' if CONF.auth_strategy == 'keystone': # NOTE(isethi): Glanceclient <= 0.9.0.49 accepts only # keyword 'token', but later versions accept both the # header 'X-Auth-Token' and 'token' params['token'] = context.auth_token params['identity_headers'] = generate_identity_headers(context) if netutils.is_valid_ipv6(host): # if so, it is ipv6 address, need to wrap it with '[]' host = '[%s]' % host endpoint = '%s://%s:%s' % (scheme, host, port) return glanceclient.Client(str(version), endpoint, **params)
def __init__(self, conf, name, app, host='0.0.0.0', port=0, # nosec pool_size=None, protocol=eventlet.wsgi.HttpProtocol, backlog=128, use_ssl=False, max_url_len=None, logger_name='eventlet.wsgi.server', socket_family=None, socket_file=None, socket_mode=None): """Initialize, but do not start, a WSGI server. :param conf: Instance of ConfigOpts. :param name: Pretty name for logging. :param app: The WSGI application to serve. :param host: IP address to serve the application. :param port: Port number to server the application. :param pool_size: Maximum number of eventlets to spawn concurrently. :param protocol: Protocol class. :param backlog: Maximum number of queued connections. :param use_ssl: Wraps the socket in an SSL context if True. :param max_url_len: Maximum length of permitted URLs. :param logger_name: The name for the logger. :param socket_family: Socket family. :param socket_file: location of UNIX socket. :param socket_mode: UNIX socket mode. :returns: None :raises: InvalidInput :raises: EnvironmentError """ self.conf = conf self.conf.register_opts(_options.wsgi_opts) self.default_pool_size = self.conf.wsgi_default_pool_size # Allow operators to customize http requests max header line size. eventlet.wsgi.MAX_HEADER_LINE = conf.max_header_line self.name = name self.app = app self._server = None self._protocol = protocol self.pool_size = pool_size or self.default_pool_size self._pool = eventlet.GreenPool(self.pool_size) self._logger = logging.getLogger(logger_name) self._use_ssl = use_ssl self._max_url_len = max_url_len self.client_socket_timeout = conf.client_socket_timeout or None if backlog < 1: raise InvalidInput(reason=_('The backlog must be more than 0')) if not socket_family or socket_family in [socket.AF_INET, socket.AF_INET6]: self.socket = self._get_socket(host, port, backlog) elif hasattr(socket, "AF_UNIX") and socket_family == socket.AF_UNIX: self.socket = self._get_unix_socket(socket_file, socket_mode, backlog) else: raise ValueError(_("Unsupported socket family: %s"), socket_family) (self.host, self.port) = self.socket.getsockname()[0:2] if self._use_ssl: sslutils.is_enabled(conf)
def test_is_enabled(self, exists_mock, runtime_error_mock): exists_mock.return_value = True self.conf.set_default("cert_file", self.cert_file_name, group=sslutils.config_section) self.conf.set_default("key_file", self.key_file_name, group=sslutils.config_section) self.conf.set_default("ca_file", self.ca_file_name, group=sslutils.config_section) sslutils.is_enabled(self.conf) self.assertFalse(runtime_error_mock.called)
def __init__(self, name, num_threads=1000): # Raise the default from 8192 to accommodate large tokens eventlet.wsgi.MAX_HEADER_LINE = CONF.max_header_line self.num_threads = num_threads # Pool for a greenthread in which wsgi server will be running self.pool = eventlet.GreenPool(1) self.name = name self._server = None # A value of 0 is converted to None because None is what causes the # wsgi server to wait forever. self.client_socket_timeout = CONF.client_socket_timeout or None if CONF.use_ssl: sslutils.is_enabled(CONF)
def __init__(self, name, num_threads=None, disable_ssl=False): # Raise the default from 8192 to accommodate large tokens eventlet.wsgi.MAX_HEADER_LINE = CONF.max_header_line self.num_threads = num_threads or CONF.wsgi_default_pool_size self.disable_ssl = disable_ssl # Pool for a greenthread in which wsgi server will be running self.pool = eventlet.GreenPool(1) self.name = name self._server = None # A value of 0 is converted to None because None is what causes the # wsgi server to wait forever. self.client_socket_timeout = CONF.client_socket_timeout or None if CONF.use_ssl and not self.disable_ssl: sslutils.is_enabled(CONF)
def _get_socket(self, host, port, backlog): # TODO(dims): eventlet's green dns/socket module does not actually # support IPv6 in getaddrinfo(). We need to get around this in the # future or monitor upstream for a fix info = socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket.SOCK_STREAM)[0] family = info[0] bind_addr = info[-1] sock = None retry_until = time.time() + 30 while not sock and time.time() < retry_until: try: sock = eventlet.listen(bind_addr, backlog=backlog, family=family) if sslutils.is_enabled(CONF): sock = sslutils.wrap(CONF, sock) except socket.error as err: if err.args[0] != errno.EADDRINUSE: raise eventlet.sleep(0.1) if not sock: raise RuntimeError( _("Could not bind to %(host)s:%(port)s " "after trying for 30 seconds") % {"host": host, "port": port} ) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # sockets can hang around forever without keepalive sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) # This option isn't available in the OS X version of eventlet if hasattr(socket, "TCP_KEEPIDLE"): sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, CONF.tcp_keepidle) return sock
def _get_socket(host, port, backlog): info = socket.getaddrinfo( host, port, socket.AF_UNSPEC, socket.SOCK_STREAM )[0] family = info[0] bind_addr = info[-1] sock = None retry_until = time.time() + 30 while not sock and time.time() < retry_until: try: sock = eventlet.listen(bind_addr, backlog=backlog, family=family) if sslutils.is_enabled(CONF): sock = sslutils.wrap(CONF, sock) except socket.error as err: if err.args[0] != errno.EADDRINUSE: raise if not sock: raise RuntimeError(_( "Could not bind to %(host)s:%(port)s " "after trying for 30 seconds") % {'host': host, 'port': port}) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # sockets can hang around forever without keepalive sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) # This option isn't available in the OS X version of eventlet if hasattr(socket, 'TCP_KEEPIDLE'): sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, CONF.tcp_keepidle) return sock
def __init__(self, service_name, app): super(SaharaWSGIService, self).__init__(CONF, service_name, app, host=CONF.host, port=CONF.port, use_ssl=sslutils.is_enabled(CONF))
def _start(self, host, port): wsgi_sock = utils.bind_tcp(host, port, CONF.backlog, CONF.tcp_keepidle) if sslutils.is_enabled(CONF): wsgi_sock = sslutils.wrap(CONF, wsgi_sock) self._wsgi_socks.append(wsgi_sock) self.tg.add_thread(self._wsgi_handle, wsgi_sock)
def _glanceclient_from_endpoint(context, endpoint, version=1): """Instantiate a new glanceclient.Client object.""" params = {} # NOTE(sdague): even if we aren't using keystone, it doesn't # hurt to send these headers. params['identity_headers'] = generate_identity_headers(context) if endpoint.startswith('https://'): # https specific params params['insecure'] = CONF.glance.api_insecure params['ssl_compression'] = False sslutils.is_enabled(CONF) if CONF.ssl.cert_file: params['cert_file'] = CONF.ssl.cert_file if CONF.ssl.key_file: params['key_file'] = CONF.ssl.key_file if CONF.ssl.ca_file: params['cacert'] = CONF.ssl.ca_file return glanceclient.Client(str(version), endpoint, **params)
def _start(self, host, port): wsgi_sock = utils.bind_tcp( host, port, CONF.backlog, CONF.tcp_keepidle) if sslutils.is_enabled(CONF): wsgi_sock = sslutils.wrap(CONF, wsgi_sock) self._wsgi_socks.append(wsgi_sock) self.tg.add_thread(self._wsgi_handle, wsgi_sock)
def start(self): super(WSGIService, self).start() self._wsgi_sock = utils.bind_tcp(self._service_config.api_host, self._service_config.api_port, CONF.backlog, CONF.tcp_keepidle) if sslutils.is_enabled(CONF): self._wsgi_sock = sslutils.wrap(CONF, self._wsgi_sock) self.tg.add_thread(self._wsgi_handle)
def start(self): super(WSGIService, self).start() self._wsgi_sock = utils.bind_tcp( self._service_config.api_host, self._service_config.api_port, CONF.backlog, CONF.tcp_keepidle) if sslutils.is_enabled(CONF): self._wsgi_sock = sslutils.wrap(CONF, self._wsgi_sock) self.tg.add_thread(self._wsgi_handle)
def _wsgi_get_socket(self): # TODO(dims): eventlet's green dns/socket module does not actually # support IPv6 in getaddrinfo(). We need to get around this in the # future or monitor upstream for a fix info = socket.getaddrinfo(self._service_config.api_host, self._service_config.api_port, socket.AF_UNSPEC, socket.SOCK_STREAM)[0] family = info[0] bind_addr = info[-1] sock = None retry_until = time.time() + 30 while not sock and time.time() < retry_until: try: # TODO(kiall): Backlog should be a service specific setting, # rather than a global sock = eventlet.listen(bind_addr, backlog=cfg.CONF.backlog, family=family) if sslutils.is_enabled(CONF): sock = sslutils.wrap(CONF, sock) except socket.error as err: if err.args[0] != errno.EADDRINUSE: raise eventlet.sleep(0.1) if not sock: raise RuntimeError( _("Could not bind to %(host)s:%(port)s " "after trying for 30 seconds") % { 'host': self._service_config.api_host, 'port': self._service_config.api_port }) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # sockets can hang around forever without keepalive sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) # This option isn't available in the OS X version of eventlet if hasattr(socket, 'TCP_KEEPIDLE'): sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, CONF.tcp_keepidle) return sock
def _run_wsgi(app_name): app = config.load_paste_app(app_name) if not app: LOG.error(_('No known API applications configured.')) return server = wsgi.Server(cfg.CONF, app_name, app, host=cfg.CONF.bind_host, port=cfg.CONF.bind_port, use_ssl=sslutils.is_enabled(cfg.CONF)) server.start() # Dump all option values here after all options are parsed cfg.CONF.log_opt_values(LOG, std_logging.DEBUG) LOG.info(_("Hypernet service started, listening on %(host)s:%(port)s"), { 'host': cfg.CONF.bind_host, 'port': cfg.CONF.bind_port }) return server
def __init__(self, app, name, listen, max_url_len=None): super(WSGIService, self).__init__(CONF.senlin_api.threads) self.app = app self.name = name self.listen = listen self.servers = [] for address in self.listen: host, port = netutils.parse_host_port(address) server = wsgi.Server(CONF, name, app, host=host, port=port, pool_size=CONF.senlin_api.threads, use_ssl=sslutils.is_enabled(CONF), max_url_len=max_url_len) self.servers.append(server)
def start(self, application): """Run a WSGI server with the given application. :param application: The application to run in the WSGI server """ def kill_children(*args): """Kills the entire process group.""" LOG.error(_LE('SIGTERM received')) signal.signal(signal.SIGTERM, signal.SIG_IGN) self.running = False os.killpg(0, signal.SIGTERM) def hup(*args): """Shuts down the server(s). Shuts down the server(s), but allows running requests to complete """ LOG.error(_LE('SIGHUP received')) signal.signal(signal.SIGHUP, signal.SIG_IGN) os.killpg(0, signal.SIGHUP) signal.signal(signal.SIGHUP, hup) self.application = application self.sock = eventlet.listen((CONF.host, CONF.port), backlog=500) if sslutils.is_enabled(CONF): LOG.info(_LI("Using HTTPS for port %s"), CONF.port) self.sock = sslutils.wrap(CONF, self.sock) if CONF.api_workers == 0: # Useful for profiling, test, debug etc. self.pool = eventlet.GreenPool(size=self.threads) self.pool.spawn_n(self._single_run, application, self.sock) return LOG.debug("Starting %d workers", CONF.api_workers) signal.signal(signal.SIGTERM, kill_children) signal.signal(signal.SIGHUP, hup) while len(self.children) < CONF.api_workers: self.run_child()
default=True, help='Validate security group names' ' according to EC2 specification'), cfg.IntOpt('ec2_timestamp_expiry', default=300, help='Time in seconds before ec2 timestamp expires'), cfg.BoolOpt('keystone_ec2_insecure', default=False, help='Disable SSL ' 'certificate verification.'), ] CONF = cfg.CONF CONF.register_opts(ec2_opts) CONF.import_opt('use_forwarded_for', 'nova.api.auth') sslutils.is_enabled(CONF) # Fault Wrapper around all EC2 requests class FaultWrapper(wsgi.Middleware): """Calls the middleware stack, captures any exceptions into faults.""" @webob.dec.wsgify(RequestClass=wsgi.Request) def __call__(self, req): try: return req.get_response(self.application) except Exception: LOG.exception(_LE("FaultWrapper error")) return faults.Fault(webob.exc.HTTPInternalServerError()) class RequestLogging(wsgi.Middleware):
cfg.BoolOpt( "ec2_private_dns_show_ip", default=False, help="Return the IP address as private dns hostname in " "describe instances", ), cfg.BoolOpt( "ec2_strict_validation", default=True, help="Validate security group names" " according to EC2 specification" ), cfg.IntOpt("ec2_timestamp_expiry", default=300, help="Time in seconds before ec2 timestamp expires"), cfg.BoolOpt("keystone_ec2_insecure", default=False, help="Disable SSL " "certificate verification."), ] CONF = cfg.CONF CONF.register_opts(ec2_opts) CONF.import_opt("use_forwarded_for", "nova.api.auth") sslutils.is_enabled(CONF) # Fault Wrapper around all EC2 requests class FaultWrapper(wsgi.Middleware): """Calls the middleware stack, captures any exceptions into faults.""" @webob.dec.wsgify(RequestClass=wsgi.Request) def __call__(self, req): try: return req.get_response(self.application) except Exception: LOG.exception(_LE("FaultWrapper error")) return faults.Fault(webob.exc.HTTPInternalServerError())
def __init__(self, *args, **kwargs): super(WSGIService, self).__init__(*args, **kwargs) self._use_ssl = sslutils.is_enabled(CONF) self._wsgi_socks = []
def __init__(self, conf, name, app, host='0.0.0.0', port=0, pool_size=None, protocol=eventlet.wsgi.HttpProtocol, backlog=128, use_ssl=False, max_url_len=None): """Initialize, but do not start, a WSGI server. :param conf: Instance of ConfigOpts. :param name: Pretty name for logging. :param app: The WSGI application to serve. :param host: IP address to serve the application. :param port: Port number to server the application. :param pool_size: Maximum number of eventlets to spawn concurrently. :param protocol: Protocol class. :param backlog: Maximum number of queued connections. :param use_ssl: Wraps the socket in an SSL context if True. :param max_url_len: Maximum length of permitted URLs. :returns: None :raises: InvalidInput :raises: EnvironmentError """ self.conf = conf self.conf.register_opts(_options.wsgi_opts) self.default_pool_size = self.conf.wsgi_default_pool_size # Allow operators to customize http requests max header line size. eventlet.wsgi.MAX_HEADER_LINE = conf.max_header_line self.name = name self.app = app self._server = None self._protocol = protocol self.pool_size = pool_size or self.default_pool_size self._pool = eventlet.GreenPool(self.pool_size) self._logger = logging.getLogger("eventlet.wsgi.server") self._use_ssl = use_ssl self._max_url_len = max_url_len self.client_socket_timeout = conf.client_socket_timeout or None if backlog < 1: raise InvalidInput(reason=_('The backlog must be more than 0')) bind_addr = (host, port) # TODO(dims): eventlet's green dns/socket module does not actually # support IPv6 in getaddrinfo(). We need to get around this in the # future or monitor upstream for a fix try: info = socket.getaddrinfo(bind_addr[0], bind_addr[1], socket.AF_UNSPEC, socket.SOCK_STREAM)[0] family = info[0] bind_addr = info[-1] except Exception: family = socket.AF_INET if self._use_ssl: sslutils.is_enabled(conf) try: self._socket = eventlet.listen(bind_addr, family, backlog=backlog) except EnvironmentError: LOG.error(_LE("Could not bind to %(host)s:%(port)s"), {'host': host, 'port': port}) raise (self.host, self.port) = self._socket.getsockname()[0:2] LOG.info(_LI("%(name)s listening on %(host)s:%(port)s"), {'name': self.name, 'host': self.host, 'port': self.port})
def __init__(self, service_name, app): super(SaharaWSGIService, self).__init__( CONF, service_name, app, host=CONF.host, port=CONF.port, use_ssl=sslutils.is_enabled(CONF))
def __init__(self, conf, name, app, host='0.0.0.0', port=0, pool_size=None, protocol=eventlet.wsgi.HttpProtocol, backlog=128, use_ssl=False, max_url_len=None): """Initialize, but do not start, a WSGI server. :param name: Pretty name for logging. :param app: The WSGI application to serve. :param host: IP address to serve the application. :param port: Port number to server the application. :param pool_size: Maximum number of eventlets to spawn concurrently. :param backlog: Maximum number of queued connections. :param max_url_len: Maximum length of permitted URLs. :returns: None :raises: InvalidInput """ self.conf = conf self.conf.register_opts(_options.wsgi_opts) self.default_pool_size = self.conf.wsgi_default_pool_size # Allow operators to customize http requests max header line size. eventlet.wsgi.MAX_HEADER_LINE = conf.max_header_line self.name = name self.app = app self._server = None self._protocol = protocol self.pool_size = pool_size or self.default_pool_size self._pool = eventlet.GreenPool(self.pool_size) self._logger = logging.getLogger("eventlet.wsgi.server") self._use_ssl = use_ssl self._max_url_len = max_url_len self.client_socket_timeout = conf.client_socket_timeout or None self.default_pool_size = conf.wsgi_default_pool_size if backlog < 1: raise InvalidInput(reason='The backlog must be more than 0') bind_addr = (host, port) # TODO(dims): eventlet's green dns/socket module does not actually # support IPv6 in getaddrinfo(). We need to get around this in the # future or monitor upstream for a fix try: info = socket.getaddrinfo(bind_addr[0], bind_addr[1], socket.AF_UNSPEC, socket.SOCK_STREAM)[0] family = info[0] bind_addr = info[-1] except Exception: family = socket.AF_INET if self._use_ssl: sslutils.is_enabled(conf) try: self._socket = eventlet.listen(bind_addr, family, backlog=backlog) except EnvironmentError: LOG.error(_LE("Could not bind to %(host)s:%(port)s"), { 'host': host, 'port': port }) raise (self.host, self.port) = self._socket.getsockname()[0:2] LOG.info(_LI("%(name)s listening on %(host)s:%(port)s"), { 'name': self.name, 'host': self.host, 'port': self.port })
def __init__( self, conf, name, app, host='0.0.0.0', port=0, # nosec pool_size=None, protocol=eventlet.wsgi.HttpProtocol, backlog=128, use_ssl=False, max_url_len=None, logger_name='eventlet.wsgi.server', socket_family=None, socket_file=None, socket_mode=None): """Initialize, but do not start, a WSGI server. :param conf: Instance of ConfigOpts. :param name: Pretty name for logging. :param app: The WSGI application to serve. :param host: IP address to serve the application. :param port: Port number to server the application. :param pool_size: Maximum number of eventlets to spawn concurrently. :param protocol: Protocol class. :param backlog: Maximum number of queued connections. :param use_ssl: Wraps the socket in an SSL context if True. :param max_url_len: Maximum length of permitted URLs. :param logger_name: The name for the logger. :param socket_family: Socket family. :param socket_file: location of UNIX socket. :param socket_mode: UNIX socket mode. :returns: None :raises: InvalidInput :raises: EnvironmentError """ self.conf = conf self.conf.register_opts(_options.wsgi_opts) self.default_pool_size = self.conf.wsgi_default_pool_size # Allow operators to customize http requests max header line size. eventlet.wsgi.MAX_HEADER_LINE = conf.max_header_line self.name = name self.app = app self._server = None self._protocol = protocol self.pool_size = pool_size or self.default_pool_size self._pool = eventlet.GreenPool(self.pool_size) self._logger = logging.getLogger(logger_name) self._use_ssl = use_ssl self._max_url_len = max_url_len self.client_socket_timeout = conf.client_socket_timeout or None if backlog < 1: raise InvalidInput(reason=_('The backlog must be more than 0')) if not socket_family or socket_family in [ socket.AF_INET, socket.AF_INET6 ]: self.socket = self._get_socket(host, port, backlog) elif hasattr(socket, "AF_UNIX") and socket_family == socket.AF_UNIX: self.socket = self._get_unix_socket(socket_file, socket_mode, backlog) else: raise ValueError(_("Unsupported socket family: %s"), socket_family) (self.host, self.port) = self.socket.getsockname()[0:2] if self._use_ssl: sslutils.is_enabled(conf)