From 17e4b51d18583a4ed8124c4cc1214ea26a48b68d Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 8 Sep 2014 20:45:36 -0600 Subject: [PATCH 1/3] Testing out dummy config --- gns3server/server.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/gns3server/server.py b/gns3server/server.py index 49223790..85365e56 100644 --- a/gns3server/server.py +++ b/gns3server/server.py @@ -140,6 +140,17 @@ class Server(object): JSONRPCWebSocket.register_destination(destination, instance.name) instance.start() # starts the new process + def _dummy_cloud_config(self): + + config = configparser.ConfigParser() + config["CLOUD_SERVER"] = { + "WEB_AUTH_ENABLED" : "no", + "WEB_USERNAME" : "", + "WEB_PASSWORD" : "", + "SSL_ENABLED" : "no", + } + + return config["CLOUD_SERVER"] def run(self): """ @@ -147,7 +158,10 @@ class Server(object): """ # FIXME: debug mode! - cloud_config = Config.instance().get_section_config("CLOUD_SERVER") + try: + cloud_config = Config.instance().get_section_config("CLOUD_SERVER") + except KeyError: + cloud_config = self._dummy_cloud_config() settings = { "debug":True, From 4fa87005bc7066c42ad4c94d15e0faa63162ac7e Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 8 Sep 2014 21:51:56 -0600 Subject: [PATCH 2/3] Enabled HTTP Auth, SSL and DMS disabling based on cloud.conf availability --- gns3server/handlers/auth_handler.py | 6 +++ gns3server/modules/deadman/__init__.py | 19 ++++++++-- gns3server/server.py | 52 +++++++++++++------------- 3 files changed, 47 insertions(+), 30 deletions(-) diff --git a/gns3server/handlers/auth_handler.py b/gns3server/handlers/auth_handler.py index f136ab02..3d8cf331 100644 --- a/gns3server/handlers/auth_handler.py +++ b/gns3server/handlers/auth_handler.py @@ -29,6 +29,9 @@ log = logging.getLogger(__name__) class GNS3BaseHandler(tornado.web.RequestHandler): def get_current_user(self): + if 'required_user' not in self.settings: + return "FakeUser" + user = self.get_secure_cookie("user") if not user: return None @@ -38,6 +41,9 @@ class GNS3BaseHandler(tornado.web.RequestHandler): class GNS3WebSocketBaseHandler(tornado.websocket.WebSocketHandler): def get_current_user(self): + if 'required_user' not in self.settings: + return "FakeUser" + user = self.get_secure_cookie("user") if not user: return None diff --git a/gns3server/modules/deadman/__init__.py b/gns3server/modules/deadman/__init__.py index 86f97363..6fd30baa 100644 --- a/gns3server/modules/deadman/__init__.py +++ b/gns3server/modules/deadman/__init__.py @@ -54,6 +54,16 @@ class DeadMan(IModule): if 'heartbeat_file' in kwargs: self._heartbeat_file = kwargs['heartbeat_file'] + self._is_enabled = False + try: + cloud_config = Config.instance().get_section_config("CLOUD_SERVER") + instance_id = cloud_config["instance_id"] + cloud_user_name = cloud_config["cloud_user_name"] + cloud_api_key = cloud_config["cloud_api_key"] + self._is_enabled = True + except KeyError: + log.critical("Missing cloud.conf - disabling Deadman Switch") + self._deadman_process = None self.heartbeat() self.start() @@ -73,7 +83,7 @@ class DeadMan(IModule): cmd.append("--file") cmd.append("%s" % (self._heartbeat_file)) cmd.append("--background") - log.debug("Deadman: Running %s"%(cmd)) + log.debug("Deadman: Running command: %s"%(cmd)) process = subprocess.Popen(cmd, stderr=subprocess.STDOUT, shell=False) return process @@ -87,7 +97,7 @@ class DeadMan(IModule): cmd.append("gns3dms") cmd.append("-k") - log.debug("Deadman: Running %s"%(cmd)) + log.debug("Deadman: Running command: %s"%(cmd)) process = subprocess.Popen(cmd, shell=False) return process @@ -116,8 +126,9 @@ class DeadMan(IModule): Start the deadman process on the server """ - self._deadman_process = self._start_deadman_process() - log.debug("Deadman: Process is starting") + if self._is_enabled: + self._deadman_process = self._start_deadman_process() + log.debug("Deadman: Process is starting") @IModule.route("deadman.reset") def reset(self, request=None): diff --git a/gns3server/server.py b/gns3server/server.py index 85365e56..3f8b41bc 100644 --- a/gns3server/server.py +++ b/gns3server/server.py @@ -140,37 +140,43 @@ class Server(object): JSONRPCWebSocket.register_destination(destination, instance.name) instance.start() # starts the new process - def _dummy_cloud_config(self): - - config = configparser.ConfigParser() - config["CLOUD_SERVER"] = { - "WEB_AUTH_ENABLED" : "no", - "WEB_USERNAME" : "", - "WEB_PASSWORD" : "", - "SSL_ENABLED" : "no", - } - - return config["CLOUD_SERVER"] def run(self): """ Starts the Tornado web server and ZeroMQ server. """ - # FIXME: debug mode! - try: - cloud_config = Config.instance().get_section_config("CLOUD_SERVER") - except KeyError: - cloud_config = self._dummy_cloud_config() - settings = { "debug":True, "cookie_secret": base64.b64encode(uuid.uuid4().bytes + uuid.uuid4().bytes), "login_url": "/login", - "required_user" : cloud_config['WEB_USERNAME'], - "required_pass" : cloud_config['WEB_PASSWORD'], } + ssl_options = {} + + try: + cloud_config = Config.instance().get_section_config("CLOUD_SERVER") + + cloud_settings = { + + "required_user" : cloud_config['WEB_USERNAME'], + "required_pass" : cloud_config['WEB_PASSWORD'], + } + + settings.update(cloud_settings) + + if cloud_config["SSL_ENABLED"] == "yes": + ssl_options = { + "certfile" : cloud_config["SSL_CRT"], + "keyfile" : cloud_config["SSL_KEY"], + } + + log.info("Certs found - starting in SSL mode") + + except KeyError: + log.info("Missing cloud.conf - disabling HTTP auth and SSL") + + router = self._create_zmq_router() # Add our JSON-RPC Websocket handler to Tornado self.handlers.extend([(r"/", JSONRPCWebSocket, dict(zmq_router=router))]) @@ -190,13 +196,7 @@ class Server(object): zmq.zmq_version())) kwargs = {"address": self._host} - if cloud_config["SSL_ENABLED"] == "yes": - ssl_options = { - "certfile" : cloud_config["SSL_CRT"], - "keyfile" : cloud_config["SSL_KEY"], - } - - log.info("Certs found - starting in SSL mode") + if ssl_options: kwargs["ssl_options"] = ssl_options if parse_version(tornado.version) >= parse_version("3.1"): From 6c6c9200e46cfc529f1cbc533f3651601eaca9cf Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 8 Sep 2014 22:07:33 -0600 Subject: [PATCH 3/3] Add CN support to cert as command line arg --- gns3server/cert_utils/create_cert.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gns3server/cert_utils/create_cert.sh b/gns3server/cert_utils/create_cert.sh index 5b2c8e28..92f6edfb 100755 --- a/gns3server/cert_utils/create_cert.sh +++ b/gns3server/cert_utils/create_cert.sh @@ -62,7 +62,7 @@ C=CA ST=Alberta O=GNS3 localityName=Calgary -commonName=gns3server.localdomain.com +commonName=$DOMAIN organizationalUnitName=GNS3Server emailAddress=gns3cert@gns3.com "