Skip to content
Snippets Groups Projects
Unverified Commit 69d04b01 authored by JohannesGarm's avatar JohannesGarm Committed by GitHub
Browse files

Merge pull request #31 from BandwidthOnDemand/proxied_setup_support

Proxied setup support
parents 68953b95 e5e7c61f
No related branches found
No related tags found
No related merge requests found
...@@ -16,6 +16,9 @@ ...@@ -16,6 +16,9 @@
# host=example.org # host=example.org
# port=9443 # port=9443
## in a proxied setup specify base_url
# base_url=https://opennsa.example.domain/
## security settings ## security settings
#tls=true # defaults to true #tls=true # defaults to true
......
...@@ -44,6 +44,7 @@ LOG_FILE = 'logfile' ...@@ -44,6 +44,7 @@ LOG_FILE = 'logfile'
HOST = 'host' HOST = 'host'
PORT = 'port' PORT = 'port'
TLS = 'tls' TLS = 'tls'
BASE_URL = 'base_url'
REST = 'rest' REST = 'rest'
NRM_MAP_FILE = 'nrmmap' NRM_MAP_FILE = 'nrmmap'
PEERS = 'peers' PEERS = 'peers'
...@@ -309,6 +310,21 @@ class Config(object): ...@@ -309,6 +310,21 @@ class Config(object):
vc[TLS] = cfg.getboolean(BLOCK_SERVICE, TLS, fallback=DEFAULT_TLS) vc[TLS] = cfg.getboolean(BLOCK_SERVICE, TLS, fallback=DEFAULT_TLS)
vc[PORT] = cfg.getint(BLOCK_SERVICE, PORT, fallback=DEFAULT_TLS_PORT if vc[TLS] else DEFAULT_TCP_PORT) vc[PORT] = cfg.getint(BLOCK_SERVICE, PORT, fallback=DEFAULT_TLS_PORT if vc[TLS] else DEFAULT_TCP_PORT)
try:
vc[BASE_URL] = cfg.get(BLOCK_SERVICE, BASE_URL)
except configparser.NoOptionError:
vc[BASE_URL] = None
try:
vc[KEY] = cfg.get(BLOCK_SERVICE, KEY)
except configparser.NoOptionError:
vc[KEY] = None
try:
vc[CERTIFICATE] = cfg.get(BLOCK_SERVICE, CERTIFICATE)
except configparser.NoOptionError:
vc[CERTIFICATE] = None
try: try:
policies = cfg.get(BLOCK_SERVICE, POLICY).split(',') policies = cfg.get(BLOCK_SERVICE, POLICY).split(',')
for policy in policies: for policy in policies:
...@@ -350,18 +366,19 @@ class Config(object): ...@@ -350,18 +366,19 @@ class Config(object):
# tls # tls
if vc[TLS]: if vc[TLS]:
try: try:
hostkey = cfg.get(BLOCK_SERVICE, KEY) if not vc[KEY]:
hostcert = cfg.get(BLOCK_SERVICE, CERTIFICATE)
if not os.path.exists(hostkey):
raise ConfigurationError( raise ConfigurationError(
'Specified hostkey does not exist (%s)' % hostkey) 'must specify a key when TLS is enabled')
if not os.path.exists(hostcert): elif not os.path.exists(vc[KEY]):
raise ConfigurationError( raise ConfigurationError(
'Specified hostcert does not exist (%s)' % hostcert) 'Specified key does not exist (%s)' % vc[KEY])
vc[KEY] = hostkey if not vc[CERTIFICATE]:
vc[CERTIFICATE] = hostcert raise ConfigurationError(
'must specify a certificate when TLS is enabled')
elif not os.path.exists(vc[CERTIFICATE]):
raise ConfigurationError(
'Specified certificate does not exist (%s)' % vc[CERTIFICATE])
try: try:
allowed_hosts_cfg = cfg.get(BLOCK_SERVICE, ALLOWED_HOSTS) allowed_hosts_cfg = cfg.get(BLOCK_SERVICE, ALLOWED_HOSTS)
......
...@@ -99,20 +99,16 @@ def setupBackend(backend_cfg, network_name, nrm_ports, parent_requester): ...@@ -99,20 +99,16 @@ def setupBackend(backend_cfg, network_name, nrm_ports, parent_requester):
def setupTLSContext(vc): def setupTLSContext(vc):
# ssl/tls contxt # ssl/tls contxt
if vc[config.TLS]: if vc[config.KEY] and vc[config.CERTIFICATE]:
log.msg('setup full 2Way TLS context')
from opennsa.opennsaTlsContext import opennsa2WayTlsContext from opennsa.opennsaTlsContext import opennsa2WayTlsContext
ctx_factory = opennsa2WayTlsContext( ctx_factory = opennsa2WayTlsContext(
vc[config.KEY], vc[config.CERTIFICATE], vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT]) vc[config.KEY], vc[config.CERTIFICATE], vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT])
elif vc[config.CERTIFICATE_DIR]: else:
# create a context so we can verify https urls
if not os.path.isdir(vc[config.CERTIFICATE_DIR]):
raise config.ConfigurationError(
'certdir value {} is not a directory'.format(vc[config.CERTIFICATE_DIR]))
from opennsa.opennsaTlsContext import opennsaTlsContext from opennsa.opennsaTlsContext import opennsaTlsContext
log.msg('setup client TLS context without client authentication')
ctx_factory = opennsaTlsContext( ctx_factory = opennsaTlsContext(
vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT]) vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT])
else:
ctx_factory = None
return ctx_factory return ctx_factory
...@@ -168,8 +164,11 @@ class OpenNSAService(twistedservice.MultiService): ...@@ -168,8 +164,11 @@ class OpenNSAService(twistedservice.MultiService):
nsa_name = domain_name + ':nsa' nsa_name = domain_name + ':nsa'
# base url # base url
base_protocol = 'https://' if vc[config.TLS] else 'http://' if vc[config.BASE_URL]:
base_url = base_protocol + vc[config.HOST] + ':' + str(vc[config.PORT]) base_url = vc[config.BASE_URL]
else:
base_protocol = 'https://' if vc[config.TLS] else 'http://'
base_url = base_protocol + vc[config.HOST] + ':' + str(vc[config.PORT])
# nsi endpoint and agent # nsi endpoint and agent
provider_endpoint = base_url + '/NSI/services/CS2' # hardcode for now provider_endpoint = base_url + '/NSI/services/CS2' # hardcode for now
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment