def clientServiceGreenlet(self): ezd = ServiceDiscoveryClient(gConfig.zk) ezd.register_endpoint(gConfig.appName, EzFrontendServiceName, gConfig.internal_hostname, gConfig.thriftPort) ezd.set_security_id_for_application(gConfig.appName, '_Ez_EFE') while gConfig.run: try: handler = ezRPKazookeeper.EzReverseProxyHandler( self._logger, self._sfh) processor = EzFrontendService.Processor(handler) transport = TSSLServerSocket( host=gConfig.internal_hostname, port=gConfig.thriftPort, verify_pattern=gConfig.ez_frontend_access, ca_certs=gConfig.ez_cafile, cert=gConfig.ez_certfile, key=gConfig.ez_keyfile) tfactory = TTransport.TBufferedTransportFactory() pfactory = TBinaryProtocol.TBinaryProtocolFactory() #server = TServer.TSimpleServer(processor,transport,tfactory,pfactory) server = TGeventServer(self._logger, processor, transport, tfactory, pfactory) gevent.sleep() server.serve() except Exception as e: self._logger.exception("Error in Thrift server: %s" % e) self._logger.info("exiting clientServiceGreenlet")
def run(self): glt = ezRPGreenlet.EzReverseProxyGreenlet(self._logger, self._sfh) self._logger.info("starting greenlet for thrift service...") clientGreenlet = gevent.spawn(glt.clientServiceGreenlet) self._logger.info("started") self._logger.info("starting greenlet to monitor zookeeper...") kzGreenlet = gevent.spawn(glt.kzMonitorGreenlet) self._logger.info("started") self._logger.info( "starting greenlet to write out nginx configuration changes...") cfgProcessorGreenlet = gevent.spawn( glt.configurationChangeQueueGreenlet) self._logger.info("started") self._logger.info("starting greenlet to monitor for shutdown...") fd = gevent_inotifyx.init() wd = gevent_inotifyx.add_watch(fd, gConfig.shutdownFile, gevent_inotifyx.IN_DELETE) wGreenlet = gevent.spawn(glt.watchGreenlet, fd) self._logger.info("started") gConfig.addGreenlets(clientGreenlet, kzGreenlet, cfgProcessorGreenlet, wGreenlet) gevent.joinall([clientGreenlet]) self._logger.warn("joined thrift service greenlet") gevent.joinall([kzGreenlet]) self._logger.warn("joined zookeeper monitoring greenlet") gConfig.run = False while not gConfig.configurationChangeQueue.empty(): print "queue not empty" gConfig.configurationChangeQueue.get() print "got" gConfig.configurationChangeQueue.task_done() print "joining conf queue" gConfig.configurationChangeQueue.join() self._logger.warn("joined configuration queue") gevent.joinall([cfgProcessorGreenlet]) self._logger.warn("joined configuration change greenlet") gConfig.wGreenlet.join() self._logger.warn("joined shutdown monitor greenlet") ServiceDiscoveryClient(gConfig.zk).unregister_endpoint( gConfig.appName, EzFrontendServiceName, gConfig.internal_hostname, gConfig.thriftPort) self._logger.warn("unregistered from discovery service")
def ca_server(ezconfig, service_name=None, ca_name="ezbakeca", zoo_host=None, host=None, port=None, verify_pattern=None, ssldir=None): Crypto.Random.atfork() # make sure zookeeper is available for registering with service discovery if zoo_host is None: zooConf = ZookeeperConfiguration(ezconfig) zoo_host = zooConf.getZookeeperConnectionString() if not zoo_host: raise RuntimeError("Zookeeper connection string must be specified " "in EzConfiguration") # make sure the ssl certificate directory is available if not ssldir: ac = ApplicationConfiguration(ezconfig) ssldir = ac.getCertificatesDir() if not ssldir: raise RuntimeError("Certificates Directory \"{0}\" must be set in" " EzConfiguration!".format( ApplicationConfiguration.CERTIFICATES_DIRECTORY_KEY)) # get a free port to bind to (and figure out our hostname) if not port: port = get_port(range(31005,34999)) if not host: host = socket.gethostname() # register with ezdiscovery ezdiscovery = ServiceDiscoveryClient(zoo_host) try: if service_name is None: service_name = ezbake.ezca.constants.SERVICE_NAME logger.info('Registering with service discovery') ezdiscovery.register_common_endpoint(service_name=service_name, host=host, port=port) ezdiscovery.set_security_id_for_common_service(service_name=service_name, security_id="EzCAService") except TimeoutError as e: logger.error("Fatal timeout connecting to zookeeper. Unable to " "register with service discovery.") raise e # create the thrift handler handler = EzCAHandler(ca_name, ezconfig) # generate/get the server SSL certs and write them to disk certs = handler._server_certs() cert_files = [] for k, cert in certs.items(): of = os.path.join(ssldir, k) cert_files.append(of) with os.fdopen(os.open(of, os.O_WRONLY | os.O_CREAT, 0o600), 'w') as ofs: ofs.write(str(cert)) # generate certs for configured clients (read from ezconfig) clients = ezconfig.get(EzCAHandler.CLIENT_CERTS) if clients: gen_client_certs(handler.ca, clients.split(','), ezconfig.get(EzCAHandler.CLIENT_CERT_O)) # start the thrift server processor = EzCA.Processor(handler) transport = TSSLServerSocket(host=host, port=port, verify_pattern=verify_pattern, ca_certs=cert_files[0], cert=cert_files[1], key=cert_files[2]) tfactory = TTransport.TBufferedTransportFactory() pfactory = TBinaryProtocol.TBinaryProtocolFactory() server = TServer.TThreadPoolServer(processor, transport, tfactory, pfactory) logger.info('Starting ezca service on {}:{}'.format(host,port)) server.serve()