def clientServiceGreenlet(self):
ezd = ServiceDiscoveryClient(gConfig.zk)
ezd.register_endpoint(gConfig.appName, EzFrontendServiceName,
gConfig.internal_hostname, gConfig.thriftPort)
ezd.set_security_id_for_application(gConfig.appName, '_Ez_EFE')
while gConfig.run:
try:
handler = ezRPKazookeeper.EzReverseProxyHandler(
self._logger, self._sfh)
processor = EzFrontendService.Processor(handler)
transport = TSSLServerSocket(
host=gConfig.internal_hostname,
port=gConfig.thriftPort,
verify_pattern=gConfig.ez_frontend_access,
ca_certs=gConfig.ez_cafile,
cert=gConfig.ez_certfile,
key=gConfig.ez_keyfile)
tfactory = TTransport.TBufferedTransportFactory()
pfactory = TBinaryProtocol.TBinaryProtocolFactory()
#server = TServer.TSimpleServer(processor,transport,tfactory,pfactory)
server = TGeventServer(self._logger, processor, transport,
tfactory, pfactory)
gevent.sleep()
server.serve()
except Exception as e:
self._logger.exception("Error in Thrift server: %s" % e)
self._logger.info("exiting clientServiceGreenlet")
def run(self):
glt = ezRPGreenlet.EzReverseProxyGreenlet(self._logger, self._sfh)
self._logger.info("starting greenlet for thrift service...")
clientGreenlet = gevent.spawn(glt.clientServiceGreenlet)
self._logger.info("started")
self._logger.info("starting greenlet to monitor zookeeper...")
kzGreenlet = gevent.spawn(glt.kzMonitorGreenlet)
self._logger.info("started")
self._logger.info(
"starting greenlet to write out nginx configuration changes...")
cfgProcessorGreenlet = gevent.spawn(
glt.configurationChangeQueueGreenlet)
self._logger.info("started")
self._logger.info("starting greenlet to monitor for shutdown...")
fd = gevent_inotifyx.init()
wd = gevent_inotifyx.add_watch(fd, gConfig.shutdownFile,
gevent_inotifyx.IN_DELETE)
wGreenlet = gevent.spawn(glt.watchGreenlet, fd)
self._logger.info("started")
gConfig.addGreenlets(clientGreenlet, kzGreenlet, cfgProcessorGreenlet,
wGreenlet)
gevent.joinall([clientGreenlet])
self._logger.warn("joined thrift service greenlet")
gevent.joinall([kzGreenlet])
self._logger.warn("joined zookeeper monitoring greenlet")
gConfig.run = False
while not gConfig.configurationChangeQueue.empty():
print "queue not empty"
gConfig.configurationChangeQueue.get()
print "got"
gConfig.configurationChangeQueue.task_done()
print "joining conf queue"
gConfig.configurationChangeQueue.join()
self._logger.warn("joined configuration queue")
gevent.joinall([cfgProcessorGreenlet])
self._logger.warn("joined configuration change greenlet")
gConfig.wGreenlet.join()
self._logger.warn("joined shutdown monitor greenlet")
ServiceDiscoveryClient(gConfig.zk).unregister_endpoint(
gConfig.appName, EzFrontendServiceName, gConfig.internal_hostname,
gConfig.thriftPort)
self._logger.warn("unregistered from discovery service")
def ca_server(ezconfig, service_name=None, ca_name="ezbakeca", zoo_host=None,
host=None, port=None, verify_pattern=None, ssldir=None):
Crypto.Random.atfork()
# make sure zookeeper is available for registering with service discovery
if zoo_host is None:
zooConf = ZookeeperConfiguration(ezconfig)
zoo_host = zooConf.getZookeeperConnectionString()
if not zoo_host:
raise RuntimeError("Zookeeper connection string must be specified "
"in EzConfiguration")
# make sure the ssl certificate directory is available
if not ssldir:
ac = ApplicationConfiguration(ezconfig)
ssldir = ac.getCertificatesDir()
if not ssldir:
raise RuntimeError("Certificates Directory \"{0}\" must be set in"
" EzConfiguration!".format(
ApplicationConfiguration.CERTIFICATES_DIRECTORY_KEY))
# get a free port to bind to (and figure out our hostname)
if not port:
port = get_port(range(31005,34999))
if not host:
host = socket.gethostname()
# register with ezdiscovery
ezdiscovery = ServiceDiscoveryClient(zoo_host)
try:
if service_name is None:
service_name = ezbake.ezca.constants.SERVICE_NAME
logger.info('Registering with service discovery')
ezdiscovery.register_common_endpoint(service_name=service_name, host=host, port=port)
ezdiscovery.set_security_id_for_common_service(service_name=service_name, security_id="EzCAService")
except TimeoutError as e:
logger.error("Fatal timeout connecting to zookeeper. Unable to "
"register with service discovery.")
raise e
# create the thrift handler
handler = EzCAHandler(ca_name, ezconfig)
# generate/get the server SSL certs and write them to disk
certs = handler._server_certs()
cert_files = []
for k, cert in certs.items():
of = os.path.join(ssldir, k)
cert_files.append(of)
with os.fdopen(os.open(of, os.O_WRONLY | os.O_CREAT, 0o600), 'w') as ofs:
ofs.write(str(cert))
# generate certs for configured clients (read from ezconfig)
clients = ezconfig.get(EzCAHandler.CLIENT_CERTS)
if clients:
gen_client_certs(handler.ca, clients.split(','),
ezconfig.get(EzCAHandler.CLIENT_CERT_O))
# start the thrift server
processor = EzCA.Processor(handler)
transport = TSSLServerSocket(host=host, port=port,
verify_pattern=verify_pattern,
ca_certs=cert_files[0],
cert=cert_files[1],
key=cert_files[2])
tfactory = TTransport.TBufferedTransportFactory()
pfactory = TBinaryProtocol.TBinaryProtocolFactory()
server = TServer.TThreadPoolServer(processor, transport, tfactory, pfactory)
logger.info('Starting ezca service on {}:{}'.format(host,port))
server.serve()
