Merge "SSL parameter setting in haproxy"

Juniper · May 9, 2016 · 32e3c39 · 32e3c39
2 parents 6760951 + 7234830
commit 32e3c39
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 14 deletions.
diff --git a/...w/opencontrail-vrouter-netns/opencontrail_vrouter_netns/cert_mgr/barbican_cert_manager.py b/...w/opencontrail-vrouter-netns/opencontrail_vrouter_netns/cert_mgr/barbican_cert_manager.py
@@ -197,17 +197,14 @@ def create_pem_file(barbican, url, dest_dir):
     f.close()
     return pem_file_name
 
-def update_ssl_conf(file):
+def update_ssl_conf(haproxy_conf, dest_dir):
     barb_auth = BarbicanKeystoneSession()
     sess = barb_auth.get_session()
     if sess is None:
         return None
     barbican = client.Client(session=sess)
-    dest_dir = os.path.dirname(file)
-    with open(file) as f:
-        conf = f.read()
-        updated_conf = conf
-    for line in conf.split('\n'):
+    updated_conf = haproxy_conf
+    for line in haproxy_conf.split('\n'):
         if 'ssl crt http' in line:
             try:
                 url_list = filter(lambda x: x.startswith('http:'), line.split(' '))
@@ -219,6 +216,4 @@ def update_ssl_conf(file):
                     return None
                 updated_conf = updated_conf.replace(url, pem_file_name)
 
-    with open(file, "w") as f:
-        conf = f.write(updated_conf)
     return updated_conf
diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py
@@ -15,6 +15,15 @@
                     format='%(asctime)s %(levelname)-8s %(message)s',
                     datefmt='%m/%d/%Y %H:%M:%S',
                     filename=LOG_FILE)
+log_levels = {
+    'MSG': {
+        'name': 'MSG',
+        'value': 35,
+    },
+}
+for log_level_key in log_levels.keys():
+    log_level = log_levels[log_level_key]
+    logging.addLevelName(log_level['value'], log_level['name'])
 
 def delete_haproxy_dir(base_dir, loadbalancer_id):
     dir_name = base_dir + "/" +  loadbalancer_id
@@ -41,12 +50,15 @@ def get_haproxy_config_file(cfg_file, dir_name):
         if (KeyValue[0] == 'haproxy_config'):
             break;
     haproxy_cfg_file = dir_name + "/" + HAPROXY_PROCESS_CONF
+    haproxy_conf = KeyValue[1]
+    if 'ssl crt http' in haproxy_conf:
+        haproxy_conf = barbican_cert_mgr.update_ssl_conf(haproxy_conf, dir_name)
+        if haproxy_conf is None:
+            return None
+
     f = open(haproxy_cfg_file, 'w+')
-    f.write(KeyValue[1])
+    f.write(haproxy_conf)
     f.close()
-    updated_conf = barbican_cert_mgr.update_ssl_conf(haproxy_cfg_file)
-    if updated_conf is None:
-        return None
 
     return haproxy_cfg_file
 
@@ -118,14 +130,16 @@ def _get_lbaas_pid(conf_file):
     return pid
 
 def _stop_haproxy_daemon(loadbalancer_id, conf_file):
+    log_msg = log_levels['MSG']
     last_pid = _get_lbaas_pid(conf_file)
     if last_pid:
         cmd_list = shlex.split('kill -9 ' + last_pid)
         subprocess.Popen(cmd_list)
         msg = "Stopping haproxy for Loadbalancer-ID %s" %loadbalancer_id
-        logging.info(msg)
+        logging.log(log_msg['value'], msg)
 
 def _start_haproxy_daemon(pool_id, netns, conf_file):
+    log_msg = log_levels['MSG']
     loadbalancer_id = pool_id
     last_pid = _get_lbaas_pid(conf_file)
     if last_pid:
@@ -136,7 +150,7 @@ def _start_haproxy_daemon(pool_id, netns, conf_file):
         sf_opt = ''
 
     pid_file = get_pid_file_from_conf_file(conf_file)
-    logging.info(msg)
+    logging.log(log_msg['value'], msg)
 
     cmd = 'ip netns exec %s haproxy -f %s -p %s %s' % \
         (netns, conf_file, pid_file, sf_opt)