def start(host, tlsport, port):
"""Main method of the Registrar Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
threads = []
servers = []
serveraddr = (host, tlsport)
RegistrarMain.metadata.create_all(engine, checkfirst=True)
session = SessionManager().make_session(engine)
try:
count = session.query(RegistrarMain.agent_id).count()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
if count > 0:
logger.info("Loaded %d public keys from database" % count)
server = RegistrarServer(serveraddr, ProtectedHandler)
context = cloud_verifier_common.init_mtls(section='registrar',
generatedir='reg_ca')
if context is not None:
server.socket = context.wrap_socket(server.socket, server_side=True)
thread = threading.Thread(target=server.serve_forever)
threads.append(thread)
# start up the unprotected registrar server
serveraddr2 = (host, port)
server2 = RegistrarServer(serveraddr2, UnprotectedHandler)
thread2 = threading.Thread(target=server2.serve_forever)
threads.append(thread2)
servers.append(server)
servers.append(server2)
logger.info(
'Starting Cloud Registrar Server on ports %s and %s (TLS) use <Ctrl-C> to stop' % (port, tlsport))
for thread in threads:
thread.start()
def signal_handler(signal, frame):
do_shutdown(servers)
sys.exit(0)
# Catch these signals. Note that a SIGKILL cannot be caught, so
# killing this process with "kill -9" may result in improper shutdown
signal.signal(signal.SIGTERM, signal_handler)
signal.signal(signal.SIGQUIT, signal_handler)
signal.signal(signal.SIGINT, signal_handler)
# keep the main thread active, so it can process the signals and gracefully shutdown
while True:
if not any([thread.isAlive() for thread in threads]):
# All threads have stopped
break
# Some threads are still going
time.sleep(1)
for thread in threads:
thread.join()
def start(tlsport, port, dbfile):
"""Main method of the Registrar Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
threads = []
servers = []
serveraddr = ('', tlsport)
db = init_db("%s/%s" % (common.WORK_DIR, dbfile))
count = db.count_agents()
if count > 0:
logger.info("Loaded %d public keys from database" % count)
server = ProtectedRegistrarServer(serveraddr, db, ProtectedHandler)
context = cloud_verifier_common.init_mtls(section='registrar',
generatedir='reg_ca')
if context is not None:
server.socket = context.wrap_socket(server.socket, server_side=True)
thread = threading.Thread(target=server.serve_forever)
threads.append(thread)
# start up the unprotected registrar server
serveraddr2 = ('', port)
server2 = UnprotectedRegistrarServer(serveraddr2, db, UnprotectedHandler)
thread2 = threading.Thread(target=server2.serve_forever)
threads.append(thread2)
servers.append(server)
servers.append(server2)
logger.info(
'Starting Cloud Registrar Server on ports %s and %s (TLS) use <Ctrl-C> to stop'
% (port, tlsport))
for thread in threads:
thread.start()
def signal_handler(signal, frame):
do_shutdown(servers)
sys.exit(0)
# Catch these signals. Note that a SIGKILL cannot be caught, so
# killing this process with "kill -9" may result in improper shutdown
signal.signal(signal.SIGTERM, signal_handler)
signal.signal(signal.SIGQUIT, signal_handler)
signal.signal(signal.SIGINT, signal_handler)
# keep the main thread active, so it can process the signals and gracefully shutdown
while True:
if not any([thread.isAlive() for thread in threads]):
# All threads have stopped
break
else:
# Some threads are still going
time.sleep(1)
for thread in threads:
thread.join()
def main(argv=sys.argv):
"""Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
config = configparser.ConfigParser()
config.read(common.CONFIG_FILE)
cloudverifier_port = config.get('general', 'cloudverifier_port')
db_filename = "%s/%s" % (common.WORK_DIR,
config.get('cloud_verifier', 'db_filename'))
db = cloud_verifier_common.init_db(db_filename)
db.update_all_agents(
'operational_state',
cloud_verifier_common.CloudAgent_Operational_State.SAVED)
num = db.count_agents()
if num > 0:
agent_ids = db.get_agent_ids()
logger.info("agent ids in db loaded from file: %s" % agent_ids)
logger.info('Starting Cloud Verifier (tornado) on port ' +
cloudverifier_port + ', use <Ctrl-C> to stop')
app = tornado.web.Application([
(r"/(?:v[0-9]/)?agents/.*", AgentsHandler, {
'db': db
}),
(r"/verifier.*", AgentsHandler, {
'db': db
}),
(r".*", MainHandler),
])
context = cloud_verifier_common.init_mtls()
#after TLS is up, start revocation notifier
if config.getboolean('cloud_verifier', 'revocation_notifier'):
logger.info(
"Starting service for revocation notifications on port %s" %
config.getint('general', 'revocation_notifier_port'))
revocation_notifier.start_broker() # need to pass in the rev_port?
sockets = tornado.netutil.bind_sockets(int(cloudverifier_port),
address='0.0.0.0')
#tornado.process.fork_processes(config.getint('cloud_verifier','multiprocessing_pool_num_workers'))
asyncio.set_event_loop(asyncio.new_event_loop())
server = tornado.httpserver.HTTPServer(app, ssl_options=context)
server.add_sockets(sockets)
try:
tornado.ioloop.IOLoop.instance().start()
except KeyboardInterrupt:
tornado.ioloop.IOLoop.instance().stop()
if config.getboolean('cloud_verifier', 'revocation_notifier'):
revocation_notifier.stop_broker()
def main(argv=sys.argv):
"""Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
config = configparser.ConfigParser()
config.read(common.CONFIG_FILE)
cloudverifier_port = config.get('cloud_verifier', 'cloudverifier_port')
VerfierMain.metadata.create_all(engine, checkfirst=True)
session = SessionManager().make_session(engine)
try:
query_all = session.query(VerfierMain).all()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
for row in query_all:
row.operational_state = cloud_verifier_common.CloudAgent_Operational_State.SAVED
try:
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
num = session.query(VerfierMain.agent_id).count()
if num > 0:
agent_ids = session.query(VerfierMain.agent_id).all()
logger.info("agent ids in db loaded from file: %s" % agent_ids)
logger.info('Starting Cloud Verifier (tornado) on port ' +
cloudverifier_port + ', use <Ctrl-C> to stop')
app = tornado.web.Application([
(r"/(?:v[0-9]/)?agents/.*", AgentsHandler),
(r".*", MainHandler),
])
context = cloud_verifier_common.init_mtls()
# after TLS is up, start revocation notifier
if config.getboolean('cloud_verifier', 'revocation_notifier'):
logger.info(
"Starting service for revocation notifications on port %s" %
config.getint('cloud_verifier', 'revocation_notifier_port'))
revocation_notifier.start_broker()
sockets = tornado.netutil.bind_sockets(int(cloudverifier_port),
address='0.0.0.0')
tornado.process.fork_processes(
config.getint('cloud_verifier', 'multiprocessing_pool_num_workers'))
asyncio.set_event_loop(asyncio.new_event_loop())
server = tornado.httpserver.HTTPServer(app, ssl_options=context)
server.add_sockets(sockets)
try:
tornado.ioloop.IOLoop.instance().start()
except KeyboardInterrupt:
tornado.ioloop.IOLoop.instance().stop()
if config.getboolean('cloud_verifier', 'revocation_notifier'):
revocation_notifier.stop_broker()
def main():
"""Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
cloudverifier_port = config.get('cloud_verifier', 'cloudverifier_port')
cloudverifier_host = config.get('cloud_verifier', 'cloudverifier_ip')
# allow tornado's max upload size to be configurable
max_upload_size = None
if config.has_option('cloud_verifier', 'max_upload_size'):
max_upload_size = int(config.get('cloud_verifier', 'max_upload_size'))
VerfierMain.metadata.create_all(engine, checkfirst=True)
session = get_session()
try:
query_all = session.query(VerfierMain).all()
for row in query_all:
if row.operational_state in states.APPROVED_REACTIVATE_STATES:
row.operational_state = states.START
session.commit()
except SQLAlchemyError as e:
logger.error('SQLAlchemy Error: %s', e)
num = session.query(VerfierMain.agent_id).count()
if num > 0:
agent_ids = session.query(VerfierMain.agent_id).all()
logger.info("Agent ids in db loaded from file: %s", agent_ids)
logger.info('Starting Cloud Verifier (tornado) on port %s, use <Ctrl-C> to stop', cloudverifier_port)
app = tornado.web.Application([
(r"/(?:v[0-9]/)?agents/.*", AgentsHandler),
(r"/(?:v[0-9]/)?allowlists/.*", AllowlistHandler),
(r".*", MainHandler),
])
context = cloud_verifier_common.init_mtls()
# after TLS is up, start revocation notifier
if config.getboolean('cloud_verifier', 'revocation_notifier'):
logger.info("Starting service for revocation notifications on port %s", config.getint('cloud_verifier', 'revocation_notifier_port'))
revocation_notifier.start_broker()
sockets = tornado.netutil.bind_sockets(
int(cloudverifier_port), address=cloudverifier_host)
task_id = tornado.process.fork_processes(config.getint(
'cloud_verifier', 'multiprocessing_pool_num_workers'))
asyncio.set_event_loop(asyncio.new_event_loop())
# Auto reactivate agent
if task_id == 0:
asyncio.ensure_future(activate_agents())
server = tornado.httpserver.HTTPServer(app, ssl_options=context, max_buffer_size=max_upload_size)
server.add_sockets(sockets)
try:
tornado.ioloop.IOLoop.instance().start()
except KeyboardInterrupt:
tornado.ioloop.IOLoop.instance().stop()
if config.getboolean('cloud_verifier', 'revocation_notifier'):
revocation_notifier.stop_broker()
def main(argv=sys.argv):
"""Main method of the Cloud Verifier Server. This method is encapsulated in a function for packaging to allow it to be
called as a function by an external program."""
config = configparser.ConfigParser()
config.read(common.CONFIG_FILE) # CONFIG_FILE="../keylime.conf"
# print('file name comes here')
cloudverifier_port = config.get('general', 'cloudverifier_port')
# general is all? cloudcerifier_port = 8881
db_filename = "%s/%s" % (common.WORK_DIR,
config.get('cloud_verifier', 'db_filename'))
'''
common.WORK_DIR
WORK_DIR=os.path.abspath(".") or os.getenv('KEYLIME_DIR','/var/lib/keylime')
Return a normalized absolutized version of the pathname path.
cloud_verifier: a bunch of setting I couldn't understand ~_~
db_filename: db_filename = cv_data.sqlite What's this???!!!
'''
db = cloud_verifier_common.init_db(
db_filename) # init a light weighted db, db is an object
db.update_all_agents(
'operational_state',
cloud_verifier_common.CloudAgent_Operational_State.SAVED)
'''
key: 'operational_state'
value: cloud_verifier_common.CloudAgent_Operational_State.SAVED: just a state code
update status? SET <key, value> operation
'''
num = db.count_agents(
) # count the number of agents: return len(self.get_agent_ids())
if num > 0:
agent_ids = db.get_agent_ids() # get a list of agent ids
logger.info("agent ids in db loaded from file: %s" % agent_ids)
else: # this log is added by me for testing
logger.info("no agent now(testing)")
logger.info('Starting Cloud Verifier (tornado) on port ' +
cloudverifier_port + ', use <Ctrl-C> to stop')
'''
this is what shows on screen
logger = keylime_logging.init_logging('cloudverifier') logger is a logging
'''
VerifierHandler = VerifierHandler_provider if identity == "provider" else VerifierHandler_tenant
app = tornado.web.Application([
(r"/(?:v[0-9]/)?agents/.*", AgentsHandler, {
'db': db
}), # r"/ main page handler
(r"/verifier/(.*)", VerifierHandler),
(r".*", MainHandler),
])
'''
Apache framework
The Tornado web server and tools.
https://www.tornadoweb.org/en/stable/web.html#application-configuration
([...])each request handler is a tuple
r"/" root location, according handler
need to create a handler, class
regular expression
what are these handlers do? how do they react with each others
'''
context = cloud_verifier_common.init_mtls()
'''
init_mtls(section='cloud_verifier',generatedir='cv_ca'):
'''
#after TLS is up, start revocation notifier
if config.getboolean('cloud_verifier', 'revocation_notifier'
): # [cloud_verifier] revocation_notifier = True
logger.info(
"Starting service for revocation notifications on port %s" %
config.getint('general', 'revocation_notifier_port'))
revocation_notifier.start_broker()
sockets = tornado.netutil.bind_sockets(int(cloudverifier_port),
address='0.0.0.0')
# 0.0.0.0 all ip addr on local machine
# Creates listening sockets bound to the given port and address.
# [<socket.socket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('0.0.0.0', 8881)>]
tornado.process.fork_processes(
config.getint('cloud_verifier', 'multiprocessing_pool_num_workers'))
'''
Starts multiple worker processes.
multiprocessing_pool_num_workers = 0
If num_processes is None or <= 0, we detect the number of cores available
on this machine and fork that number of child processes.
Since we use processes and not threads, there is no shared memory between any server code.
'''
asyncio.set_event_loop(asyncio.new_event_loop())
'''
Asynchronous I/O
asyncio is a library to write concurrent code using the async/await syntax.
The event loop is the core of every asyncio application. Event loops run asynchronous tasks and callbacks,
perform network IO operations, and run subprocesses.
low level code
Note that the behaviour of get_event_loop(), set_event_loop(), and new_event_loop() functions
can be altered by setting a custom event loop policy.
'''
server = tornado.httpserver.HTTPServer(app, ssl_options=context)
'''
A non-blocking, single-threaded HTTP server.
Typical applications have little direct interaction with the HTTPServer class
except to start a server at the beginning of the process
(and even that is often done indirectly via tornado.web.Application.listen).
'''
server.add_sockets(sockets)
'''
similar to example
sockets = tornado.netutil.bind_sockets(8888)
tornado.process.fork_processes(0)
server = HTTPServer(app)
server.add_sockets(sockets)
IOLoop.current().start()
'''
try:
if identity == tenant:
requests.get(url=provider_ip + "/verifier/I_need_quote")
tornado.ioloop.IOLoop.instance().start()
except KeyboardInterrupt:
tornado.ioloop.IOLoop.instance().stop()
if config.getboolean('cloud_verifier', 'revocation_notifier'):
revocation_notifier.stop_broker()
