def add_protocol_port(self, protocol='tcp', port=80, cookie_name=None, cookie_expire=None, cert=None, comment=None): ''' add new protocol/port to the config file. if there's existing one, pass ''' if not ( protocol == 'http' or protocol == 'tcp' or protocol == 'https' or protocol == 'ssl'): raise Exception('unknown protocol') # make sure no other frontend listen on the port for key in self.__content_map.iterkeys(): key = key.strip(' ') if key.startswith('frontend') and key.endswith('-%s'%port): raise Exception('the port is found') section_name = 'frontend %s-%s' % (protocol,port) if not section_name in self.__content_map.iterkeys(): self.__content_map[section_name]= [] if comment is not None: self.__content_map[section_name].append('# %s'%comment) if protocol == 'https': self.__content_map[section_name].append('mode http') elif protocol == 'ssl': self.__content_map[section_name].append('mode tcp') else: self.__content_map[section_name].append('mode %s' % protocol) if protocol == 'http' or protocol == 'https': self.__content_map[section_name].append('option forwardfor except 127.0.0.1') if protocol == 'https' or protocol == 'ssl': self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s' % (port, cert)) else: self.__content_map[section_name].append('bind 0.0.0.0:%s' % port) if config.ENABLE_CLOUD_WATCH: # this may have significant performance impact self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET) if protocol == 'http' or protocol == 'https': self.__content_map[section_name].append('log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt') elif protocol == 'tcp' or protocol == 'ssl': self.__content_map[section_name].append('log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt') def_backend = 'backend-%s-%s' % (protocol, port) self.__content_map[section_name].append('default_backend %s' % def_backend) if protocol == 'https': backend_attribute = 'mode http\n balance roundrobin' elif protocol == 'ssl': backend_attribute = 'mode tcp\n balance roundrobin' else: backend_attribute = 'mode %s\n balance roundrobin' % protocol if cookie_expire and cookie_name: servo.log.error('both duration-based and app-controlled cookie stickiness are enabled. something is wrong!') if ( protocol == 'http' or protocol == 'https' ) and cookie_expire: try: cookie_expire = int(cookie_expire) backend_attribute = '%s\n cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds' % (backend_attribute, cookie_expire, cookie_expire) except exceptions.ValueError: servo.log.error('failed to set cookie expiration: value is not a number type') elif ( protocol == 'http' or protocol == 'https' ) and cookie_name: backend_attribute = '%s\n appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout()) # create the empty backend section self.__content_map['backend %s' % def_backend] = [backend_attribute] else: pass # do nothing return self
def add_protocol_port(self, protocol='tcp', port=80, policies=[], cert=None, comment=None, connection_idle_timeout=None): ''' add new protocol/port to the config file. if there's existing one, pass ''' if not (protocol == 'http' or protocol == 'tcp' or protocol == 'https' or protocol == 'ssl'): raise Exception('unknown protocol') # make sure no other frontend listen on the port for key in self.__content_map.iterkeys(): key = key.strip(' ') if key.startswith('frontend') and key.endswith('-%s' % port): raise Exception('the port is found') section_name = 'frontend %s-%s' % (protocol, port) if not section_name in self.__content_map.iterkeys(): self.__content_map[section_name] = [] if comment is not None: self.__content_map[section_name].append('# %s' % comment) if protocol == 'https': self.__content_map[section_name].append('mode http') elif protocol == 'ssl': self.__content_map[section_name].append('mode tcp') else: self.__content_map[section_name].append('mode %s' % protocol) if protocol == 'http' or protocol == 'https': self.__content_map[section_name].append( 'option forwardfor except 127.0.0.1') self.__content_map[section_name].append( 'reqadd X-Forwarded-Proto:\ %s' % protocol) self.__content_map[section_name].append( 'reqadd X-Forwarded-Port:\ %s' % port) if protocol == 'https' or protocol == 'ssl': # haproxy always disables sslv2 sslv_setting = '' if ConfBuilderHaproxy.ssl_v3(policies) == False: sslv_setting = '%s no-sslv3' % sslv_setting if ConfBuilderHaproxy.tls_v1(policies) == False: sslv_setting = '%s no-tlsv10' % sslv_setting if ConfBuilderHaproxy.tls_v11(policies) == False: sslv_setting = '%s no-tlsv11' % sslv_setting if ConfBuilderHaproxy.tls_v12(policies) == False: sslv_setting = '%s no-tlsv12' % sslv_setting cipher_str = ConfBuilderHaproxy.cipher_string(policies) if cipher_str: self.__content_map[section_name].append( 'bind 0.0.0.0:%s ssl crt %s %s ciphers %s' % (port, cert, sslv_setting, cipher_str)) else: self.__content_map[section_name].append( 'bind 0.0.0.0:%s ssl crt %s %s' % (port, cert, sslv_setting)) else: self.__content_map[section_name].append('bind 0.0.0.0:%s' % port) if connection_idle_timeout: self.__content_map[section_name].append( 'timeout client %ss' % connection_idle_timeout) # CLOUDWATCH metric update self.__content_map[section_name].append( 'log %s local2 info' % config.CW_LISTENER_DOM_SOCKET) if protocol == 'http' or protocol == 'https': self.__content_map[section_name].append( 'capture request header User-Agent len 8192') self.__content_map[section_name].append( 'log-format %s' % HttpAccessLog.log_format()) elif protocol == 'tcp' or protocol == 'ssl': self.__content_map[section_name].append( 'log-format %s' % TcpAccessLog.log_format()) def_backend = 'backend-%s-%s' % (protocol, port) self.__content_map[section_name].append('default_backend %s' % def_backend) if protocol == 'https': backend_attribute = 'mode http\n balance roundrobin' elif protocol == 'ssl': backend_attribute = 'mode tcp\n balance roundrobin' else: backend_attribute = 'mode %s\n balance roundrobin' % protocol if connection_idle_timeout: backend_attribute = '%s\n timeout server %ss' % ( backend_attribute, connection_idle_timeout) cookie_name = ConfBuilderHaproxy.get_app_cookie_name(policies) cookie_expire = ConfBuilderHaproxy.get_lb_cookie_period(policies) if (protocol == 'http' or protocol == 'https') and cookie_expire: try: cookie_expire = int(cookie_expire) cache_control_header = '\n http-response set-header Cache-control no-cache=\"set-cookie\"' backend_attribute = '%s%s\n cookie AWSELB insert indirect maxidle %ds maxlife %ds' % ( backend_attribute, cache_control_header, cookie_expire, cookie_expire) except exceptions.ValueError: servo.log.error( 'failed to set cookie expiration: value is not a number type' ) elif (protocol == 'http' or protocol == 'https') and cookie_name: backend_attribute = '%s\n appsession %s len %d timeout %dm' % ( backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout()) # create the empty backend section self.__content_map['backend %s' % def_backend] = [backend_attribute] else: pass # do nothing return self
def add_protocol_port(self, protocol='tcp', port=80, cookie_name=None, cookie_expire=None, comment=None): ''' add new protocol/port to the config file. if there's existing one, pass ''' if not ( protocol == 'http' or protocol == 'tcp'): raise Exception('unknown protocol') # make sure no other frontend listen on the port for key in self.__content_map.iterkeys(): key = key.strip(' ') if key.startswith('frontend') and key.endswith('-%s'%port): raise Exception('the port is found') section_name = 'frontend %s-%s' % (protocol,port) if not section_name in self.__content_map.iterkeys(): self.__content_map[section_name]= [] if comment is not None: self.__content_map[section_name].append('# %s'%comment) self.__content_map[section_name].append('mode %s' % protocol) if protocol == 'http': self.__content_map[section_name].append('option forwardfor except 127.0.0.1') self.__content_map[section_name].append('bind 0.0.0.0:%s' % port) if config.ENABLE_CLOUD_WATCH: # this may have significant performance impact self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET) if protocol == 'http': self.__content_map[section_name].append('log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt') elif protocol == 'tcp': self.__content_map[section_name].append('log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt') def_backend = 'backend-%s-%s' % (protocol, port) self.__content_map[section_name].append('default_backend %s' % def_backend) backend_attribute = 'mode %s\n balance roundrobin' % protocol if cookie_expire and cookie_name: servo.log.error('both duration-based and app-controlled cookie stickiness are enabled. something is wrong!') if ( protocol == 'http' or protocol == 'https' ) and cookie_expire: try: cookie_expire = int(cookie_expire) backend_attribute = '%s\n cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds' % (backend_attribute, cookie_expire, cookie_expire) except exceptions.ValueError: servo.log.error('failed to set cookie expiration: value is not a number type') elif ( protocol == 'http' or protocol == 'https' ) and cookie_name: backend_attribute = '%s\n appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout()) # create the empty backend section self.__content_map['backend %s' % def_backend] = [backend_attribute] else: pass # do nothing return self
def add_protocol_port(self, protocol='tcp', port=80, policies=[], cert=None, comment=None, connection_idle_timeout=None): ''' add new protocol/port to the config file. if there's existing one, pass ''' if not ( protocol == 'http' or protocol == 'tcp' or protocol == 'https' or protocol == 'ssl'): raise Exception('unknown protocol') # make sure no other frontend listen on the port for key in self.__content_map.iterkeys(): key = key.strip(' ') if key.startswith('frontend') and key.endswith('-%s'%port): raise Exception('the port is found') section_name = 'frontend %s-%s' % (protocol,port) if not section_name in self.__content_map.iterkeys(): self.__content_map[section_name]= [] if comment is not None: self.__content_map[section_name].append('# %s'%comment) if protocol == 'https': self.__content_map[section_name].append('mode http') elif protocol == 'ssl': self.__content_map[section_name].append('mode tcp') else: self.__content_map[section_name].append('mode %s' % protocol) if protocol == 'http' or protocol == 'https': self.__content_map[section_name].append('option forwardfor except 127.0.0.1') self.__content_map[section_name].append('reqadd X-Forwarded-Proto:\ %s' % protocol) self.__content_map[section_name].append('reqadd X-Forwarded-Port:\ %s' % port) if protocol == 'https' or protocol == 'ssl': # haproxy always disables sslv2 sslv_setting = '' if ConfBuilderHaproxy.ssl_v3(policies) == False: sslv_setting = '%s no-sslv3' % sslv_setting if ConfBuilderHaproxy.tls_v1(policies) == False: sslv_setting = '%s no-tlsv10' % sslv_setting if ConfBuilderHaproxy.tls_v11(policies) == False: sslv_setting = '%s no-tlsv11' % sslv_setting if ConfBuilderHaproxy.tls_v12(policies) == False: sslv_setting = '%s no-tlsv12' % sslv_setting cipher_str = ConfBuilderHaproxy.cipher_string(policies) if cipher_str: self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s %s ciphers %s' % (port, cert, sslv_setting, cipher_str)) else: self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s %s' % (port, cert, sslv_setting)) else: self.__content_map[section_name].append('bind 0.0.0.0:%s' % port) if connection_idle_timeout: self.__content_map[section_name].append('timeout client %ss' % connection_idle_timeout) # CLOUDWATCH metric update self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET) if protocol == 'http' or protocol == 'https': self.__content_map[section_name].append('capture request header User-Agent len 8192') self.__content_map[section_name].append('log-format %s' % HttpAccessLog.log_format()) elif protocol == 'tcp' or protocol == 'ssl': self.__content_map[section_name].append('log-format %s' % TcpAccessLog.log_format()) def_backend = 'backend-%s-%s' % (protocol, port) self.__content_map[section_name].append('default_backend %s' % def_backend) if protocol == 'https': backend_attribute = 'mode http\n balance roundrobin' elif protocol == 'ssl': backend_attribute = 'mode tcp\n balance roundrobin' else: backend_attribute = 'mode %s\n balance roundrobin' % protocol if connection_idle_timeout: backend_attribute = '%s\n timeout server %ss' % (backend_attribute, connection_idle_timeout) cookie_name = ConfBuilderHaproxy.get_app_cookie_name(policies) cookie_expire = ConfBuilderHaproxy.get_lb_cookie_period(policies) if ( protocol == 'http' or protocol == 'https' ) and cookie_expire: try: cookie_expire = int(cookie_expire) cache_control_header = '\n http-response set-header Cache-control no-cache=\"set-cookie\"' backend_attribute = '%s%s\n cookie AWSELB insert indirect maxidle %ds maxlife %ds' % (backend_attribute, cache_control_header, cookie_expire, cookie_expire) except exceptions.ValueError: servo.log.error('failed to set cookie expiration: value is not a number type') elif ( protocol == 'http' or protocol == 'https' ) and cookie_name: backend_attribute = '%s\n appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout()) # create the empty backend section self.__content_map['backend %s' % def_backend] = [backend_attribute] else: pass # do nothing return self
def add_protocol_port(self, protocol="tcp", port=80, cookie_name=None, cookie_expire=None, comment=None): """ add new protocol/port to the config file. if there's existing one, pass """ if not (protocol == "http" or protocol == "tcp"): raise Exception("unknown protocol") # make sure no other frontend listen on the port for key in self.__content_map.iterkeys(): key = key.strip(" ") if key.startswith("frontend") and key.endswith("-%s" % port): raise Exception("the port is found") section_name = "frontend %s-%s" % (protocol, port) if not section_name in self.__content_map.iterkeys(): self.__content_map[section_name] = [] if comment is not None: self.__content_map[section_name].append("# %s" % comment) self.__content_map[section_name].append("mode %s" % protocol) if protocol == "http": self.__content_map[section_name].append("option forwardfor except 127.0.0.1") self.__content_map[section_name].append("bind 0.0.0.0:%s" % port) if config.ENABLE_CLOUD_WATCH: # this may have significant performance impact self.__content_map[section_name].append("log %s local2 info" % config.CW_LISTENER_DOM_SOCKET) if protocol == "http": self.__content_map[section_name].append( "log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt" ) elif protocol == "tcp": self.__content_map[section_name].append("log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt") def_backend = "backend-%s-%s" % (protocol, port) self.__content_map[section_name].append("default_backend %s" % def_backend) backend_attribute = "mode %s\n balance roundrobin" % protocol if cookie_expire and cookie_name: servo.log.error( "both duration-based and app-controlled cookie stickiness are enabled. something is wrong!" ) if (protocol == "http" or protocol == "https") and cookie_expire: try: cookie_expire = int(cookie_expire) backend_attribute = "%s\n cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds" % ( backend_attribute, cookie_expire, cookie_expire, ) except exceptions.ValueError: servo.log.error("failed to set cookie expiration: value is not a number type") elif (protocol == "http" or protocol == "https") and cookie_name: backend_attribute = "%s\n appsession %s len %d timeout %dm" % ( backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout(), ) # create the empty backend section self.__content_map["backend %s" % def_backend] = [backend_attribute] else: pass # do nothing return self