예제 #1
0
    def add_protocol_port(self, protocol='tcp', port=80, cookie_name=None, cookie_expire=None, cert=None, comment=None):
        '''
            add new protocol/port to the config file. if there's existing one, pass
        '''
        if not ( protocol == 'http' or protocol == 'tcp' or protocol == 'https' or protocol == 'ssl'):
            raise Exception('unknown protocol')

        # make sure no other frontend listen on the port
        for key in self.__content_map.iterkeys():
            key = key.strip(' ')
            if key.startswith('frontend') and key.endswith('-%s'%port):
                raise Exception('the port is found')
            
        section_name = 'frontend %s-%s' % (protocol,port)
        if not section_name in self.__content_map.iterkeys():
            self.__content_map[section_name]= [] 
            if comment is not None:
                self.__content_map[section_name].append('# %s'%comment)
            if protocol == 'https':
                self.__content_map[section_name].append('mode http')
            elif protocol == 'ssl':
                self.__content_map[section_name].append('mode tcp')
            else:
                self.__content_map[section_name].append('mode %s' % protocol)
            if protocol == 'http' or protocol == 'https':
                self.__content_map[section_name].append('option forwardfor except 127.0.0.1')
            if protocol == 'https' or protocol == 'ssl':
                self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s' % (port, cert))
            else: 
                self.__content_map[section_name].append('bind 0.0.0.0:%s' % port)

            if config.ENABLE_CLOUD_WATCH:  # this may have significant performance impact
                self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
                if protocol == 'http' or protocol == 'https':
                    self.__content_map[section_name].append('log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt') 
                elif protocol == 'tcp' or protocol == 'ssl':
                    self.__content_map[section_name].append('log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt') 

            def_backend = 'backend-%s-%s' % (protocol, port)
            self.__content_map[section_name].append('default_backend %s' % def_backend)
           
            if protocol == 'https':
                backend_attribute = 'mode http\n  balance roundrobin' 
            elif protocol == 'ssl':
                backend_attribute = 'mode tcp\n  balance roundrobin' 
            else:
                backend_attribute = 'mode %s\n  balance roundrobin' % protocol 
            if cookie_expire and cookie_name:
                servo.log.error('both duration-based and app-controlled cookie stickiness are enabled. something is wrong!')
            if ( protocol == 'http' or protocol == 'https' ) and cookie_expire:
                try:
                    cookie_expire = int(cookie_expire)
                    backend_attribute = '%s\n  cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds' % (backend_attribute, cookie_expire, cookie_expire) 
                except exceptions.ValueError:
                    servo.log.error('failed to set cookie expiration: value is not a number type')
            elif ( protocol == 'http' or protocol == 'https' ) and cookie_name:
                backend_attribute = '%s\n  appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout())

            # create the empty backend section
            self.__content_map['backend %s' % def_backend] = [backend_attribute]
        else:
            pass # do nothing

        return self
예제 #2
0
    def add_protocol_port(self,
                          protocol='tcp',
                          port=80,
                          policies=[],
                          cert=None,
                          comment=None,
                          connection_idle_timeout=None):
        '''
            add new protocol/port to the config file. if there's existing one, pass
        '''
        if not (protocol == 'http' or protocol == 'tcp' or protocol == 'https'
                or protocol == 'ssl'):
            raise Exception('unknown protocol')

        # make sure no other frontend listen on the port
        for key in self.__content_map.iterkeys():
            key = key.strip(' ')
            if key.startswith('frontend') and key.endswith('-%s' % port):
                raise Exception('the port is found')

        section_name = 'frontend %s-%s' % (protocol, port)
        if not section_name in self.__content_map.iterkeys():
            self.__content_map[section_name] = []
            if comment is not None:
                self.__content_map[section_name].append('# %s' % comment)
            if protocol == 'https':
                self.__content_map[section_name].append('mode http')
            elif protocol == 'ssl':
                self.__content_map[section_name].append('mode tcp')
            else:
                self.__content_map[section_name].append('mode %s' % protocol)
            if protocol == 'http' or protocol == 'https':
                self.__content_map[section_name].append(
                    'option forwardfor except 127.0.0.1')
                self.__content_map[section_name].append(
                    'reqadd X-Forwarded-Proto:\ %s' % protocol)
                self.__content_map[section_name].append(
                    'reqadd X-Forwarded-Port:\ %s' % port)
            if protocol == 'https' or protocol == 'ssl':
                # haproxy always disables sslv2
                sslv_setting = ''
                if ConfBuilderHaproxy.ssl_v3(policies) == False:
                    sslv_setting = '%s no-sslv3' % sslv_setting
                if ConfBuilderHaproxy.tls_v1(policies) == False:
                    sslv_setting = '%s no-tlsv10' % sslv_setting
                if ConfBuilderHaproxy.tls_v11(policies) == False:
                    sslv_setting = '%s no-tlsv11' % sslv_setting
                if ConfBuilderHaproxy.tls_v12(policies) == False:
                    sslv_setting = '%s no-tlsv12' % sslv_setting
                cipher_str = ConfBuilderHaproxy.cipher_string(policies)
                if cipher_str:
                    self.__content_map[section_name].append(
                        'bind 0.0.0.0:%s ssl crt %s %s ciphers %s' %
                        (port, cert, sslv_setting, cipher_str))
                else:
                    self.__content_map[section_name].append(
                        'bind 0.0.0.0:%s ssl crt %s %s' %
                        (port, cert, sslv_setting))
            else:
                self.__content_map[section_name].append('bind 0.0.0.0:%s' %
                                                        port)

            if connection_idle_timeout:
                self.__content_map[section_name].append(
                    'timeout client %ss' % connection_idle_timeout)

            # CLOUDWATCH metric update
            self.__content_map[section_name].append(
                'log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
            if protocol == 'http' or protocol == 'https':
                self.__content_map[section_name].append(
                    'capture request header User-Agent len 8192')
                self.__content_map[section_name].append(
                    'log-format %s' % HttpAccessLog.log_format())
            elif protocol == 'tcp' or protocol == 'ssl':
                self.__content_map[section_name].append(
                    'log-format %s' % TcpAccessLog.log_format())

            def_backend = 'backend-%s-%s' % (protocol, port)
            self.__content_map[section_name].append('default_backend %s' %
                                                    def_backend)

            if protocol == 'https':
                backend_attribute = 'mode http\n  balance roundrobin'
            elif protocol == 'ssl':
                backend_attribute = 'mode tcp\n  balance roundrobin'
            else:
                backend_attribute = 'mode %s\n  balance roundrobin' % protocol

            if connection_idle_timeout:
                backend_attribute = '%s\n  timeout server %ss' % (
                    backend_attribute, connection_idle_timeout)

            cookie_name = ConfBuilderHaproxy.get_app_cookie_name(policies)
            cookie_expire = ConfBuilderHaproxy.get_lb_cookie_period(policies)

            if (protocol == 'http' or protocol == 'https') and cookie_expire:
                try:
                    cookie_expire = int(cookie_expire)
                    cache_control_header = '\n  http-response set-header Cache-control no-cache=\"set-cookie\"'
                    backend_attribute = '%s%s\n  cookie AWSELB insert indirect maxidle %ds maxlife %ds' % (
                        backend_attribute, cache_control_header, cookie_expire,
                        cookie_expire)
                except exceptions.ValueError:
                    servo.log.error(
                        'failed to set cookie expiration: value is not a number type'
                    )
            elif (protocol == 'http' or protocol == 'https') and cookie_name:
                backend_attribute = '%s\n  appsession %s len %d timeout %dm' % (
                    backend_attribute, cookie_name, config.appcookie_length(),
                    config.appcookie_timeout())

            # create the empty backend section
            self.__content_map['backend %s' %
                               def_backend] = [backend_attribute]
        else:
            pass  # do nothing

        return self
    def add_protocol_port(self, protocol='tcp', port=80, cookie_name=None, cookie_expire=None, comment=None):
        '''
            add new protocol/port to the config file. if there's existing one, pass
        '''
        if not ( protocol == 'http' or protocol == 'tcp'):
            raise Exception('unknown protocol')

        # make sure no other frontend listen on the port
        for key in self.__content_map.iterkeys():
            key = key.strip(' ')
            if key.startswith('frontend') and key.endswith('-%s'%port):
                raise Exception('the port is found')
            
        section_name = 'frontend %s-%s' % (protocol,port)
        if not section_name in self.__content_map.iterkeys():
            self.__content_map[section_name]= [] 
            if comment is not None:
                self.__content_map[section_name].append('# %s'%comment)
            self.__content_map[section_name].append('mode %s' % protocol)
            if protocol == 'http':
                self.__content_map[section_name].append('option forwardfor except 127.0.0.1')
            self.__content_map[section_name].append('bind 0.0.0.0:%s' % port)

            if config.ENABLE_CLOUD_WATCH:  # this may have significant performance impact
                self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
                if protocol == 'http':
                    self.__content_map[section_name].append('log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt') 
                elif protocol == 'tcp':
                    self.__content_map[section_name].append('log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt') 

            def_backend = 'backend-%s-%s' % (protocol, port)
            self.__content_map[section_name].append('default_backend %s' % def_backend)
            
            backend_attribute = 'mode %s\n  balance roundrobin' % protocol 
            if cookie_expire and cookie_name:
                servo.log.error('both duration-based and app-controlled cookie stickiness are enabled. something is wrong!')
            if ( protocol == 'http' or protocol == 'https' ) and cookie_expire:
                try:
                    cookie_expire = int(cookie_expire)
                    backend_attribute = '%s\n  cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds' % (backend_attribute, cookie_expire, cookie_expire) 
                except exceptions.ValueError:
                    servo.log.error('failed to set cookie expiration: value is not a number type')
            elif ( protocol == 'http' or protocol == 'https' ) and cookie_name:
                backend_attribute = '%s\n  appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout())

            # create the empty backend section
            self.__content_map['backend %s' % def_backend] = [backend_attribute]
        else:
            pass # do nothing

        return self
    def add_protocol_port(self, protocol='tcp', port=80, policies=[], cert=None, comment=None, connection_idle_timeout=None):
        '''
            add new protocol/port to the config file. if there's existing one, pass
        '''
        if not ( protocol == 'http' or protocol == 'tcp' or protocol == 'https' or protocol == 'ssl'):
            raise Exception('unknown protocol')

        # make sure no other frontend listen on the port
        for key in self.__content_map.iterkeys():
            key = key.strip(' ')
            if key.startswith('frontend') and key.endswith('-%s'%port):
                raise Exception('the port is found')
            
        section_name = 'frontend %s-%s' % (protocol,port)
        if not section_name in self.__content_map.iterkeys():
            self.__content_map[section_name]= [] 
            if comment is not None:
                self.__content_map[section_name].append('# %s'%comment)
            if protocol == 'https':
                self.__content_map[section_name].append('mode http')
            elif protocol == 'ssl':
                self.__content_map[section_name].append('mode tcp')
            else:
                self.__content_map[section_name].append('mode %s' % protocol)
            if protocol == 'http' or protocol == 'https':
                self.__content_map[section_name].append('option forwardfor except 127.0.0.1')
                self.__content_map[section_name].append('reqadd X-Forwarded-Proto:\ %s' % protocol)
                self.__content_map[section_name].append('reqadd X-Forwarded-Port:\ %s' % port)
            if protocol == 'https' or protocol == 'ssl':
                # haproxy always disables sslv2
                sslv_setting = ''
                if ConfBuilderHaproxy.ssl_v3(policies) == False:
                    sslv_setting = '%s no-sslv3' % sslv_setting
                if ConfBuilderHaproxy.tls_v1(policies) == False:
                    sslv_setting = '%s no-tlsv10' % sslv_setting 
                if ConfBuilderHaproxy.tls_v11(policies) == False:
                    sslv_setting = '%s no-tlsv11' % sslv_setting
                if ConfBuilderHaproxy.tls_v12(policies) == False:
                    sslv_setting = '%s no-tlsv12' % sslv_setting
                cipher_str = ConfBuilderHaproxy.cipher_string(policies)
                if cipher_str:
                    self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s %s ciphers %s' % (port, cert, sslv_setting, cipher_str))
                else:
                    self.__content_map[section_name].append('bind 0.0.0.0:%s ssl crt %s %s' % (port, cert, sslv_setting))
            else: 
                self.__content_map[section_name].append('bind 0.0.0.0:%s' % port)

            if connection_idle_timeout:
                self.__content_map[section_name].append('timeout client %ss' % connection_idle_timeout)

            # CLOUDWATCH metric update
            self.__content_map[section_name].append('log %s local2 info' % config.CW_LISTENER_DOM_SOCKET)
            if protocol == 'http' or protocol == 'https':
                self.__content_map[section_name].append('capture request header User-Agent len 8192')
                self.__content_map[section_name].append('log-format %s' % HttpAccessLog.log_format())
            elif protocol == 'tcp' or protocol == 'ssl':
                self.__content_map[section_name].append('log-format %s' % TcpAccessLog.log_format())

            def_backend = 'backend-%s-%s' % (protocol, port)
            self.__content_map[section_name].append('default_backend %s' % def_backend)
           
            if protocol == 'https':
                backend_attribute = 'mode http\n  balance roundrobin' 
            elif protocol == 'ssl':
                backend_attribute = 'mode tcp\n  balance roundrobin' 
            else:
                backend_attribute = 'mode %s\n  balance roundrobin' % protocol 

            if connection_idle_timeout:
                backend_attribute = '%s\n  timeout server %ss' % (backend_attribute, connection_idle_timeout)
 
            cookie_name = ConfBuilderHaproxy.get_app_cookie_name(policies)
            cookie_expire = ConfBuilderHaproxy.get_lb_cookie_period(policies)
            
            if ( protocol == 'http' or protocol == 'https' ) and cookie_expire:
                try:
                    cookie_expire = int(cookie_expire)
                    cache_control_header = '\n  http-response set-header Cache-control no-cache=\"set-cookie\"'
                    backend_attribute = '%s%s\n  cookie AWSELB insert indirect maxidle %ds maxlife %ds' % (backend_attribute, cache_control_header, cookie_expire, cookie_expire) 
                except exceptions.ValueError:
                    servo.log.error('failed to set cookie expiration: value is not a number type')
            elif ( protocol == 'http' or protocol == 'https' ) and cookie_name:
                backend_attribute = '%s\n  appsession %s len %d timeout %dm' % (backend_attribute, cookie_name, config.appcookie_length(), config.appcookie_timeout())
          
            # create the empty backend section
            self.__content_map['backend %s' % def_backend] = [backend_attribute]
        else:
            pass # do nothing

        return self
    def add_protocol_port(self, protocol="tcp", port=80, cookie_name=None, cookie_expire=None, comment=None):
        """
            add new protocol/port to the config file. if there's existing one, pass
        """
        if not (protocol == "http" or protocol == "tcp"):
            raise Exception("unknown protocol")

        # make sure no other frontend listen on the port
        for key in self.__content_map.iterkeys():
            key = key.strip(" ")
            if key.startswith("frontend") and key.endswith("-%s" % port):
                raise Exception("the port is found")

        section_name = "frontend %s-%s" % (protocol, port)
        if not section_name in self.__content_map.iterkeys():
            self.__content_map[section_name] = []
            if comment is not None:
                self.__content_map[section_name].append("# %s" % comment)
            self.__content_map[section_name].append("mode %s" % protocol)
            if protocol == "http":
                self.__content_map[section_name].append("option forwardfor except 127.0.0.1")
            self.__content_map[section_name].append("bind 0.0.0.0:%s" % port)

            if config.ENABLE_CLOUD_WATCH:  # this may have significant performance impact
                self.__content_map[section_name].append("log %s local2 info" % config.CW_LISTENER_DOM_SOCKET)
                if protocol == "http":
                    self.__content_map[section_name].append(
                        "log-format httplog\ %f\ %b\ %s\ %ST\ %ts\ %Tq\ %Tw\ %Tc\ %Tr\ %Tt"
                    )
                elif protocol == "tcp":
                    self.__content_map[section_name].append("log-format tcplog\ %f\ %b\ %s\ %ts\ %Tw\ %Tc\ %Tt")

            def_backend = "backend-%s-%s" % (protocol, port)
            self.__content_map[section_name].append("default_backend %s" % def_backend)

            backend_attribute = "mode %s\n  balance roundrobin" % protocol
            if cookie_expire and cookie_name:
                servo.log.error(
                    "both duration-based and app-controlled cookie stickiness are enabled. something is wrong!"
                )
            if (protocol == "http" or protocol == "https") and cookie_expire:
                try:
                    cookie_expire = int(cookie_expire)
                    backend_attribute = "%s\n  cookie AWSELB insert indirect nocache maxidle %ds maxlife %ds" % (
                        backend_attribute,
                        cookie_expire,
                        cookie_expire,
                    )
                except exceptions.ValueError:
                    servo.log.error("failed to set cookie expiration: value is not a number type")
            elif (protocol == "http" or protocol == "https") and cookie_name:
                backend_attribute = "%s\n  appsession %s len %d timeout %dm" % (
                    backend_attribute,
                    cookie_name,
                    config.appcookie_length(),
                    config.appcookie_timeout(),
                )

            # create the empty backend section
            self.__content_map["backend %s" % def_backend] = [backend_attribute]
        else:
            pass  # do nothing

        return self