def clientServiceGreenlet(self):
        ezd = ServiceDiscoveryClient(gConfig.zk)
        ezd.register_endpoint(gConfig.appName, EzFrontendServiceName,
                              gConfig.internal_hostname, gConfig.thriftPort)
        ezd.set_security_id_for_application(gConfig.appName, '_Ez_EFE')

        while gConfig.run:
            try:
                handler = ezRPKazookeeper.EzReverseProxyHandler(
                    self._logger, self._sfh)
                processor = EzFrontendService.Processor(handler)
                transport = TSSLServerSocket(
                    host=gConfig.internal_hostname,
                    port=gConfig.thriftPort,
                    verify_pattern=gConfig.ez_frontend_access,
                    ca_certs=gConfig.ez_cafile,
                    cert=gConfig.ez_certfile,
                    key=gConfig.ez_keyfile)
                tfactory = TTransport.TBufferedTransportFactory()
                pfactory = TBinaryProtocol.TBinaryProtocolFactory()
                #server = TServer.TSimpleServer(processor,transport,tfactory,pfactory)
                server = TGeventServer(self._logger, processor, transport,
                                       tfactory, pfactory)
                gevent.sleep()
                server.serve()
            except Exception as e:
                self._logger.exception("Error in Thrift server: %s" % e)
        self._logger.info("exiting clientServiceGreenlet")
예제 #2
0
    def run(self):
        glt = ezRPGreenlet.EzReverseProxyGreenlet(self._logger, self._sfh)
        self._logger.info("starting greenlet for thrift service...")
        clientGreenlet = gevent.spawn(glt.clientServiceGreenlet)
        self._logger.info("started")

        self._logger.info("starting greenlet to monitor zookeeper...")
        kzGreenlet = gevent.spawn(glt.kzMonitorGreenlet)
        self._logger.info("started")

        self._logger.info(
            "starting greenlet to write out nginx configuration changes...")
        cfgProcessorGreenlet = gevent.spawn(
            glt.configurationChangeQueueGreenlet)
        self._logger.info("started")

        self._logger.info("starting greenlet to monitor for shutdown...")
        fd = gevent_inotifyx.init()
        wd = gevent_inotifyx.add_watch(fd, gConfig.shutdownFile,
                                       gevent_inotifyx.IN_DELETE)
        wGreenlet = gevent.spawn(glt.watchGreenlet, fd)
        self._logger.info("started")

        gConfig.addGreenlets(clientGreenlet, kzGreenlet, cfgProcessorGreenlet,
                             wGreenlet)

        gevent.joinall([clientGreenlet])
        self._logger.warn("joined thrift service greenlet")
        gevent.joinall([kzGreenlet])
        self._logger.warn("joined zookeeper monitoring greenlet")
        gConfig.run = False
        while not gConfig.configurationChangeQueue.empty():
            print "queue not empty"
            gConfig.configurationChangeQueue.get()
            print "got"
            gConfig.configurationChangeQueue.task_done()
        print "joining conf queue"
        gConfig.configurationChangeQueue.join()
        self._logger.warn("joined configuration queue")
        gevent.joinall([cfgProcessorGreenlet])
        self._logger.warn("joined configuration change greenlet")
        gConfig.wGreenlet.join()
        self._logger.warn("joined shutdown monitor greenlet")
        ServiceDiscoveryClient(gConfig.zk).unregister_endpoint(
            gConfig.appName, EzFrontendServiceName, gConfig.internal_hostname,
            gConfig.thriftPort)
        self._logger.warn("unregistered from discovery service")
예제 #3
0
def ca_server(ezconfig, service_name=None, ca_name="ezbakeca", zoo_host=None,
              host=None, port=None, verify_pattern=None, ssldir=None):
    Crypto.Random.atfork()
    # make sure zookeeper is available for registering with service discovery
    if zoo_host is None:
        zooConf = ZookeeperConfiguration(ezconfig)
        zoo_host = zooConf.getZookeeperConnectionString()
        if not zoo_host:
            raise RuntimeError("Zookeeper connection string must be specified "
                "in EzConfiguration")

    # make sure the ssl certificate directory is available
    if not ssldir:
        ac = ApplicationConfiguration(ezconfig)
        ssldir = ac.getCertificatesDir()
        if not ssldir:
            raise RuntimeError("Certificates Directory \"{0}\" must be set in"
                " EzConfiguration!".format(
                ApplicationConfiguration.CERTIFICATES_DIRECTORY_KEY))

    # get a free port to bind to (and figure out our hostname)
    if not port:
        port = get_port(range(31005,34999))
    if not host:
        host = socket.gethostname()

    # register with ezdiscovery
    ezdiscovery = ServiceDiscoveryClient(zoo_host)
    try:
        if service_name is None:
            service_name = ezbake.ezca.constants.SERVICE_NAME

        logger.info('Registering with service discovery')
        ezdiscovery.register_common_endpoint(service_name=service_name, host=host, port=port)
        ezdiscovery.set_security_id_for_common_service(service_name=service_name, security_id="EzCAService")
    except TimeoutError as e:
        logger.error("Fatal timeout connecting to zookeeper. Unable to "
                     "register with service discovery.")
        raise e

    # create the thrift handler
    handler = EzCAHandler(ca_name, ezconfig)

    # generate/get the server SSL certs and write them to disk
    certs = handler._server_certs()
    cert_files = []
    for k, cert in certs.items():
        of = os.path.join(ssldir, k)
        cert_files.append(of)
        with os.fdopen(os.open(of, os.O_WRONLY | os.O_CREAT, 0o600), 'w') as ofs:
            ofs.write(str(cert))

    # generate certs for configured clients (read from ezconfig)
    clients = ezconfig.get(EzCAHandler.CLIENT_CERTS)
    if clients:
        gen_client_certs(handler.ca, clients.split(','),
                         ezconfig.get(EzCAHandler.CLIENT_CERT_O))

    # start the thrift server
    processor = EzCA.Processor(handler)
    transport = TSSLServerSocket(host=host, port=port,
                                 verify_pattern=verify_pattern,
                                 ca_certs=cert_files[0],
                                 cert=cert_files[1],
                                 key=cert_files[2])
    tfactory = TTransport.TBufferedTransportFactory()
    pfactory = TBinaryProtocol.TBinaryProtocolFactory()
    server = TServer.TThreadPoolServer(processor, transport, tfactory, pfactory)
    logger.info('Starting ezca service on {}:{}'.format(host,port))
    server.serve()