From 72348304b14047452726e6940f452bfd2e45ac60 Mon Sep 17 00:00:00 2001 From: Yuvaraja Mariappan Date: Fri, 6 May 2016 15:29:43 -0700 Subject: [PATCH] SSL parameter setting in haproxy 1. fixed haproxy launch issue when /etc/contrail/contrail-barbican-auth.conf is not present for not https protocol 2. Added custom log levels to log Starting/Stopping/Updating haproxy process Change-Id: Id3fa720fbc663d05967988612698fa6063e126ef Partial-Bug: 1569033 --- .../cert_mgr/barbican_cert_manager.py | 11 +++----- .../haproxy_process.py | 26 ++++++++++++++----- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/cert_mgr/barbican_cert_manager.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/cert_mgr/barbican_cert_manager.py index 0d05066031e..2fd15300096 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/cert_mgr/barbican_cert_manager.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/cert_mgr/barbican_cert_manager.py @@ -197,17 +197,14 @@ def create_pem_file(barbican, url, dest_dir): f.close() return pem_file_name -def update_ssl_conf(file): +def update_ssl_conf(haproxy_conf, dest_dir): barb_auth = BarbicanKeystoneSession() sess = barb_auth.get_session() if sess is None: return None barbican = client.Client(session=sess) - dest_dir = os.path.dirname(file) - with open(file) as f: - conf = f.read() - updated_conf = conf - for line in conf.split('\n'): + updated_conf = haproxy_conf + for line in haproxy_conf.split('\n'): if 'ssl crt http' in line: try: url_list = filter(lambda x: x.startswith('http:'), line.split(' ')) @@ -219,6 +216,4 @@ def update_ssl_conf(file): return None updated_conf = updated_conf.replace(url, pem_file_name) - with open(file, "w") as f: - conf = f.write(updated_conf) return updated_conf diff --git a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py index ff256c87c6f..f768375dc79 100644 --- a/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py +++ b/src/vnsw/opencontrail-vrouter-netns/opencontrail_vrouter_netns/haproxy_process.py @@ -15,6 +15,15 @@ format='%(asctime)s %(levelname)-8s %(message)s', datefmt='%m/%d/%Y %H:%M:%S', filename=LOG_FILE) +log_levels = { + 'MSG': { + 'name': 'MSG', + 'value': 35, + }, +} +for log_level_key in log_levels.keys(): + log_level = log_levels[log_level_key] + logging.addLevelName(log_level['value'], log_level['name']) def delete_haproxy_dir(base_dir, loadbalancer_id): dir_name = base_dir + "/" + loadbalancer_id @@ -41,12 +50,15 @@ def get_haproxy_config_file(cfg_file, dir_name): if (KeyValue[0] == 'haproxy_config'): break; haproxy_cfg_file = dir_name + "/" + HAPROXY_PROCESS_CONF + haproxy_conf = KeyValue[1] + if 'ssl crt http' in haproxy_conf: + haproxy_conf = barbican_cert_mgr.update_ssl_conf(haproxy_conf, dir_name) + if haproxy_conf is None: + return None + f = open(haproxy_cfg_file, 'w+') - f.write(KeyValue[1]) + f.write(haproxy_conf) f.close() - updated_conf = barbican_cert_mgr.update_ssl_conf(haproxy_cfg_file) - if updated_conf is None: - return None return haproxy_cfg_file @@ -118,14 +130,16 @@ def _get_lbaas_pid(conf_file): return pid def _stop_haproxy_daemon(loadbalancer_id, conf_file): + log_msg = log_levels['MSG'] last_pid = _get_lbaas_pid(conf_file) if last_pid: cmd_list = shlex.split('kill -9 ' + last_pid) subprocess.Popen(cmd_list) msg = "Stopping haproxy for Loadbalancer-ID %s" %loadbalancer_id - logging.info(msg) + logging.log(log_msg['value'], msg) def _start_haproxy_daemon(pool_id, netns, conf_file): + log_msg = log_levels['MSG'] loadbalancer_id = pool_id last_pid = _get_lbaas_pid(conf_file) if last_pid: @@ -136,7 +150,7 @@ def _start_haproxy_daemon(pool_id, netns, conf_file): sf_opt = '' pid_file = get_pid_file_from_conf_file(conf_file) - logging.info(msg) + logging.log(log_msg['value'], msg) cmd = 'ip netns exec %s haproxy -f %s -p %s %s' % \ (netns, conf_file, pid_file, sf_opt)