Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
O
opennsa3
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Michal Hažlinský
opennsa3
Commits
69d04b01
Unverified
Commit
69d04b01
authored
3 years ago
by
JohannesGarm
Committed by
GitHub
3 years ago
Browse files
Options
Downloads
Plain Diff
Merge pull request #31 from BandwidthOnDemand/proxied_setup_support
Proxied setup support
parents
68953b95
e5e7c61f
No related branches found
No related tags found
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
datafiles/opennsa.conf
+3
-0
3 additions, 0 deletions
datafiles/opennsa.conf
opennsa/config.py
+26
-9
26 additions, 9 deletions
opennsa/config.py
opennsa/setup.py
+9
-10
9 additions, 10 deletions
opennsa/setup.py
with
38 additions
and
19 deletions
datafiles/opennsa.conf
+
3
−
0
View file @
69d04b01
...
@@ -16,6 +16,9 @@
...
@@ -16,6 +16,9 @@
# host=example.org
# host=example.org
# port=9443
# port=9443
## in a proxied setup specify base_url
# base_url=https://opennsa.example.domain/
## security settings
## security settings
#tls=true # defaults to true
#tls=true # defaults to true
...
...
This diff is collapsed.
Click to expand it.
opennsa/config.py
+
26
−
9
View file @
69d04b01
...
@@ -44,6 +44,7 @@ LOG_FILE = 'logfile'
...
@@ -44,6 +44,7 @@ LOG_FILE = 'logfile'
HOST
=
'
host
'
HOST
=
'
host
'
PORT
=
'
port
'
PORT
=
'
port
'
TLS
=
'
tls
'
TLS
=
'
tls
'
BASE_URL
=
'
base_url
'
REST
=
'
rest
'
REST
=
'
rest
'
NRM_MAP_FILE
=
'
nrmmap
'
NRM_MAP_FILE
=
'
nrmmap
'
PEERS
=
'
peers
'
PEERS
=
'
peers
'
...
@@ -309,6 +310,21 @@ class Config(object):
...
@@ -309,6 +310,21 @@ class Config(object):
vc
[
TLS
]
=
cfg
.
getboolean
(
BLOCK_SERVICE
,
TLS
,
fallback
=
DEFAULT_TLS
)
vc
[
TLS
]
=
cfg
.
getboolean
(
BLOCK_SERVICE
,
TLS
,
fallback
=
DEFAULT_TLS
)
vc
[
PORT
]
=
cfg
.
getint
(
BLOCK_SERVICE
,
PORT
,
fallback
=
DEFAULT_TLS_PORT
if
vc
[
TLS
]
else
DEFAULT_TCP_PORT
)
vc
[
PORT
]
=
cfg
.
getint
(
BLOCK_SERVICE
,
PORT
,
fallback
=
DEFAULT_TLS_PORT
if
vc
[
TLS
]
else
DEFAULT_TCP_PORT
)
try
:
vc
[
BASE_URL
]
=
cfg
.
get
(
BLOCK_SERVICE
,
BASE_URL
)
except
configparser
.
NoOptionError
:
vc
[
BASE_URL
]
=
None
try
:
vc
[
KEY
]
=
cfg
.
get
(
BLOCK_SERVICE
,
KEY
)
except
configparser
.
NoOptionError
:
vc
[
KEY
]
=
None
try
:
vc
[
CERTIFICATE
]
=
cfg
.
get
(
BLOCK_SERVICE
,
CERTIFICATE
)
except
configparser
.
NoOptionError
:
vc
[
CERTIFICATE
]
=
None
try
:
try
:
policies
=
cfg
.
get
(
BLOCK_SERVICE
,
POLICY
).
split
(
'
,
'
)
policies
=
cfg
.
get
(
BLOCK_SERVICE
,
POLICY
).
split
(
'
,
'
)
for
policy
in
policies
:
for
policy
in
policies
:
...
@@ -350,18 +366,19 @@ class Config(object):
...
@@ -350,18 +366,19 @@ class Config(object):
# tls
# tls
if
vc
[
TLS
]:
if
vc
[
TLS
]:
try
:
try
:
hostkey
=
cfg
.
get
(
BLOCK_SERVICE
,
KEY
)
if
not
vc
[
KEY
]:
hostcert
=
cfg
.
get
(
BLOCK_SERVICE
,
CERTIFICATE
)
if
not
os
.
path
.
exists
(
hostkey
):
raise
ConfigurationError
(
raise
ConfigurationError
(
'
Specified hostkey does not exist (%s)
'
%
hostkey
)
'
must specify a key when TLS is enabled
'
)
if
not
os
.
path
.
exists
(
hostcert
):
el
if
not
os
.
path
.
exists
(
vc
[
KEY
]
):
raise
ConfigurationError
(
raise
ConfigurationError
(
'
Specified
hostcert
does not exist (%s)
'
%
hostcert
)
'
Specified
key
does not exist (%s)
'
%
vc
[
KEY
]
)
vc
[
KEY
]
=
hostkey
if
not
vc
[
CERTIFICATE
]:
vc
[
CERTIFICATE
]
=
hostcert
raise
ConfigurationError
(
'
must specify a certificate when TLS is enabled
'
)
elif
not
os
.
path
.
exists
(
vc
[
CERTIFICATE
]):
raise
ConfigurationError
(
'
Specified certificate does not exist (%s)
'
%
vc
[
CERTIFICATE
])
try
:
try
:
allowed_hosts_cfg
=
cfg
.
get
(
BLOCK_SERVICE
,
ALLOWED_HOSTS
)
allowed_hosts_cfg
=
cfg
.
get
(
BLOCK_SERVICE
,
ALLOWED_HOSTS
)
...
...
This diff is collapsed.
Click to expand it.
opennsa/setup.py
+
9
−
10
View file @
69d04b01
...
@@ -99,20 +99,16 @@ def setupBackend(backend_cfg, network_name, nrm_ports, parent_requester):
...
@@ -99,20 +99,16 @@ def setupBackend(backend_cfg, network_name, nrm_ports, parent_requester):
def
setupTLSContext
(
vc
):
def
setupTLSContext
(
vc
):
# ssl/tls contxt
# ssl/tls contxt
if
vc
[
config
.
TLS
]:
if
vc
[
config
.
KEY
]
and
vc
[
config
.
CERTIFICATE
]:
log
.
msg
(
'
setup full 2Way TLS context
'
)
from
opennsa.opennsaTlsContext
import
opennsa2WayTlsContext
from
opennsa.opennsaTlsContext
import
opennsa2WayTlsContext
ctx_factory
=
opennsa2WayTlsContext
(
ctx_factory
=
opennsa2WayTlsContext
(
vc
[
config
.
KEY
],
vc
[
config
.
CERTIFICATE
],
vc
[
config
.
CERTIFICATE_DIR
],
vc
[
config
.
VERIFY_CERT
])
vc
[
config
.
KEY
],
vc
[
config
.
CERTIFICATE
],
vc
[
config
.
CERTIFICATE_DIR
],
vc
[
config
.
VERIFY_CERT
])
elif
vc
[
config
.
CERTIFICATE_DIR
]:
else
:
# create a context so we can verify https urls
if
not
os
.
path
.
isdir
(
vc
[
config
.
CERTIFICATE_DIR
]):
raise
config
.
ConfigurationError
(
'
certdir value {} is not a directory
'
.
format
(
vc
[
config
.
CERTIFICATE_DIR
]))
from
opennsa.opennsaTlsContext
import
opennsaTlsContext
from
opennsa.opennsaTlsContext
import
opennsaTlsContext
log
.
msg
(
'
setup client TLS context without client authentication
'
)
ctx_factory
=
opennsaTlsContext
(
ctx_factory
=
opennsaTlsContext
(
vc
[
config
.
CERTIFICATE_DIR
],
vc
[
config
.
VERIFY_CERT
])
vc
[
config
.
CERTIFICATE_DIR
],
vc
[
config
.
VERIFY_CERT
])
else
:
ctx_factory
=
None
return
ctx_factory
return
ctx_factory
...
@@ -168,8 +164,11 @@ class OpenNSAService(twistedservice.MultiService):
...
@@ -168,8 +164,11 @@ class OpenNSAService(twistedservice.MultiService):
nsa_name
=
domain_name
+
'
:nsa
'
nsa_name
=
domain_name
+
'
:nsa
'
# base url
# base url
base_protocol
=
'
https://
'
if
vc
[
config
.
TLS
]
else
'
http://
'
if
vc
[
config
.
BASE_URL
]:
base_url
=
base_protocol
+
vc
[
config
.
HOST
]
+
'
:
'
+
str
(
vc
[
config
.
PORT
])
base_url
=
vc
[
config
.
BASE_URL
]
else
:
base_protocol
=
'
https://
'
if
vc
[
config
.
TLS
]
else
'
http://
'
base_url
=
base_protocol
+
vc
[
config
.
HOST
]
+
'
:
'
+
str
(
vc
[
config
.
PORT
])
# nsi endpoint and agent
# nsi endpoint and agent
provider_endpoint
=
base_url
+
'
/NSI/services/CS2
'
# hardcode for now
provider_endpoint
=
base_url
+
'
/NSI/services/CS2
'
# hardcode for now
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment