def __configure_traffic_manager(self, log_data):
''' Common ATS configuration logic.
Args:
log_data (dict): The log name information passed to the
MakeATSProcess extension.
Return:
The traffic_manager process.
'''
self._ts_name = f"ts{LogFilenamesTest.__ts_counter}"
LogFilenamesTest.__ts_counter += 1
self.ts = Test.MakeATSProcess(self._ts_name,
command="traffic_manager",
use_traffic_out=False,
log_data=log_data)
self.ts.Disk.records_config.update({
'proxy.config.diags.debug.enabled':
0,
'proxy.config.diags.debug.tags':
'log',
'proxy.config.log.periodic_tasks_interval':
1,
})
# Intentionally retrieve a port that is closed, that is no server is
# listening on it. We will use this to attempt talking with a
# non-existent server, which will result in an error log entry.
ports.get_port(self.ts, 'closed_port')
self.ts.Disk.remap_config.AddLines([
f'map /server/down http://127.0.0.1:{self.ts.Variables.closed_port}',
'map / https://trafficserver.apache.org @action=deny',
])
# The following log is configured so that we can wait upon it being
# written so we know that ATS is done writing logs.
self.sentinel_log_filename = "sentinel"
self.ts.Disk.logging_yaml.AddLine(f'''
logging:
formats:
- name: url_and_return_code
format: "%<cqu>: %<pssc>"
logs:
- filename: {self.sentinel_log_filename}
format: url_and_return_code
''')
self.sentinel_log_path = os.path.join(
self.ts.Variables.LOGDIR, f"{self.sentinel_log_filename}.log")
return self.ts
def _configure_origin_server(self):
"""Configure the origin server and the DNS port."""
self._server = Test.MakeVerifierServerProcess("server",
self._replay_file)
# Associate the DNS port with the long-running server. This way
# ATS can be configured to use it across the multiple test runs
# and DNS servers.
self._dns_port = get_port(self._server, "DNSPort")
def setupTS(self):
self.ts = Test.MakeATSProcess(f"ts-{self.server_process_counter}",
select_ports=True,
enable_cache=False)
self.dns_port = ports.get_port(self.ts, 'dns_port')
self.ts.Disk.records_config.update({
"proxy.config.diags.debug.enabled":
1,
"proxy.config.diags.debug.tags":
"dns",
'proxy.config.dns.nameservers':
f'127.0.0.1:{self.dns_port}',
'proxy.config.dns.resolv_conf':
'NULL',
# Configure ATS to treat each resolved name to have a 1 second
# time to live.
"proxy.config.hostdb.ttl_mode":
1,
"proxy.config.hostdb.timeout":
self.dnsTTL,
# MicroDNS will be down for the second transaction. Have ATS give
# up trying to talk to it after one second.
"proxy.config.hostdb.lookup_timeout":
self.queryTimeout,
})
if self.configure_serve_stale:
if self.exceed_serve_stale:
stale_timeout = 1
else:
stale_timeout = 300
self.ts.Disk.records_config.update(
{"proxy.config.hostdb.serve_stale_for": stale_timeout})
self.ts.Disk.remap_config.AddLine(
f"map / http://resolve.this.com:{self.server.Variables.http_port}/"
)
import os
import ports
Test.Summary = '''
Forwarding a non-HTTP protocol out of TLS
'''
# Define default ATS
ts = Test.MakeATSProcess("ts", select_ports=True, enable_tls=True)
# add ssl materials like key, certificates for the server
ts.addSSLfile("ssl/server.pem")
ts.addSSLfile("ssl/server.key")
# reserve a port of the s_client that will be released with 'ts'
ports.get_port(ts, 's_client_port')
nameserver = Test.MakeDNServer("dns", default='127.0.0.1')
# Need no remap rules. Everything should be processed by sni
# Make sure the TS server certs are different from the origin certs
ts.Disk.ssl_multicert_config.AddLine(
'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
)
# Case 1, global config policy=permissive properties=signature
# override for foo.com policy=enforced properties=all
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
"timestamp": "1469733493.993",
"body": ""
}
server.addResponse("sessionlog.json", request_header, response_header)
# Set up ATS
ts = Test.MakeATSProcess("ts", command="traffic_manager", enable_tls=1)
# Set up ssl files
ts.addSSLfile("ssl/server1.pem")
ts.addSSLfile("ssl/server2.pem")
ts.addSSLfile("ssl/client1.pem")
ts.addSSLfile("ssl/client2.pem")
# reserve port, attach it to 'ts' so it is released later
ports.get_port(ts, 's_server_port')
ts.Disk.records_config.update({
'proxy.config.diags.debug.enabled':
1,
'proxy.config.diags.debug.tags':
'cert_update',
'proxy.config.ssl.server.cert.path':
'{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.cert.path':
'{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.private_key.path':
'{0}'.format(ts.Variables.SSLDir),
'proxy.config.url_remap.pristine_host_hdr':
