From 0d5f9280a8a16e6c774ceb2517a5f13c74befe62 Mon Sep 17 00:00:00 2001 From: Michal Opala Date: Mon, 14 Nov 2022 20:48:30 +0100 Subject: [PATCH] F #5973: Add OneGate proxy service (#2281) * Update install_gems (async.io, etc, rb-inotify) - make install_gems script more verbose - slightly refactor/simplify update_locks script - add async.io, etc and rb-inotify gems - update gem locks for: AlmaLinux8/9, CentOS8 - update gem locks for: Debian10/11, Ubuntu1804/2004/2204 * onegate-proxy: - ruby code and default config (169.254.16.9 to avoid conflicts) - install.sh script - logrotate and systemd onegate-proxy configs - onecfg configs --- install.sh | 56 +++- share/etc/oned.conf | 2 +- share/install_gems/AlmaLinux8/Gemfile.lock | 49 ++- share/install_gems/AlmaLinux9/Gemfile.lock | 57 ++-- share/install_gems/CentOS8/Gemfile.lock | 49 ++- share/install_gems/Debian10/Gemfile.lock | 49 ++- share/install_gems/Debian11/Gemfile.lock | 57 ++-- share/install_gems/Gemfile | 4 + share/install_gems/Ubuntu1804/Gemfile.lock | 49 ++- share/install_gems/Ubuntu2004/Gemfile.lock | 61 ++-- share/install_gems/Ubuntu2204/Gemfile.lock | 61 ++-- share/install_gems/install_gems | 2 +- share/install_gems/update_locks | 2 +- share/pkgs/logrotate/opennebula-gate-proxy | 11 + .../systemd/opennebula-gate-proxy.service | 15 + src/cli/one_helper/onehost_helper.rb | 22 +- src/im_mad/im_exec/one_im_exec.rb | 50 +-- src/mad/ruby/HostSyncManager.rb | 90 ++++++ src/onecfg/share/etc/files.yaml | 6 + src/onegate-proxy/bin/onegate-proxy | 122 +++++++ src/onegate-proxy/etc/onegate-proxy.conf | 27 ++ src/onegate-proxy/onegate-proxy.rb | 303 ++++++++++++++++++ 22 files changed, 936 insertions(+), 208 deletions(-) create mode 100644 share/pkgs/logrotate/opennebula-gate-proxy create mode 100644 share/pkgs/services/systemd/opennebula-gate-proxy.service create mode 100644 src/mad/ruby/HostSyncManager.rb create mode 100755 src/onegate-proxy/bin/onegate-proxy create mode 100644 src/onegate-proxy/etc/onegate-proxy.conf create mode 100644 src/onegate-proxy/onegate-proxy.rb diff --git a/install.sh b/install.sh index fc2a9a5e52..a981c59425 100755 --- a/install.sh +++ b/install.sh @@ -30,7 +30,7 @@ usage() { echo echo "Usage: install.sh [-u install_user] [-g install_group] [-k keep conf]" echo " [-d ONE_LOCATION] [-c cli|ec2] [-r]" - echo " [-s] [-p] [-G] [-f] [-l] [-e] [-h]" + echo " [-s] [-p] [-G] [-6] [-f] [-l] [-e] [-h]" echo echo "-u: user that will run opennebula, defaults to user executing install.sh" echo "-g: group of the user that will run opennebula, defaults to user" @@ -46,6 +46,7 @@ usage() { echo "-F: install OpenNebula FireEdge" echo "-P: do not install OpenNebula FireEdge non-minified files" echo "-G: install only OpenNebula Gate" + echo "-6: install only OpenNebula Gate Proxy" echo "-f: install only OpenNebula Flow" echo "-r: remove Opennebula, only useful if -d was not specified, otherwise" echo " rm -rf \$ONE_LOCATION would do the job" @@ -55,13 +56,14 @@ usage() { } #------------------------------------------------------------------------------- -PARAMETERS=":u:g:d:ehkrlcspFPorlfG" +PARAMETERS=":u:g:d:ehkrlcspFPorlfG6" INSTALL_ETC="yes" UNINSTALL="no" LINK="no" CLIENT="no" ONEGATE="no" +ONEGATE_PROXY="no" SUNSTONE="no" SUNSTONE_DEV="yes" FIREEDGE="no" @@ -81,6 +83,7 @@ while getopts $PARAMETERS opt; do l) LINK="yes" ;; c) CLIENT="yes"; INSTALL_ETC="no" ;; G) ONEGATE="yes" ;; + 6) ONEGATE_PROXY="yes" ;; s) SUNSTONE="yes" ;; p) SUNSTONE_DEV="no" ;; F) FIREEDGE="yes" ;; @@ -109,6 +112,7 @@ if [ -z "$ROOT" ] ; then LOG_LOCATION="/var/log/one" VAR_LOCATION="/var/lib/one" ONEGATE_LOCATION="$LIB_LOCATION/onegate" + ONEGATE_PROXY_LOCATION="$LIB_LOCATION/onegate-proxy" SUNSTONE_LOCATION="$LIB_LOCATION/sunstone" FIREEDGE_LOCATION="$LIB_LOCATION/fireedge" ONEFLOW_LOCATION="$LIB_LOCATION/oneflow" @@ -151,6 +155,13 @@ if [ -z "$ROOT" ] ; then DELETE_DIRS="$MAKE_DIRS" + CHOWN_DIRS="" + elif [ "$ONEGATE_PROXY" = "yes" ]; then + MAKE_DIRS="$BIN_LOCATION $LIB_LOCATION $VAR_LOCATION \ + $ONEGATE_PROXY_LOCATION $ETC_LOCATION" + + DELETE_DIRS="$MAKE_DIRS" + CHOWN_DIRS="" elif [ "$ONEFLOW" = "yes" ]; then MAKE_DIRS="$BIN_LOCATION $LIB_LOCATION $VAR_LOCATION $ONEFLOW_LOCATION \ @@ -170,7 +181,7 @@ if [ -z "$ROOT" ] ; then $INCLUDE_LOCATION $SHARE_LOCATION $DOCS_LOCATION \ $LOG_LOCATION $RUN_LOCATION $LOCK_LOCATION \ $SYSTEM_DS_LOCATION $DEFAULT_DS_LOCATION $MAN_LOCATION \ - $VM_LOCATION $ONEGATE_LOCATION $ONEFLOW_LOCATION \ + $VM_LOCATION $ONEGATE_LOCATION $ONEGATE_PROXY_LOCATION $ONEFLOW_LOCATION \ $SUNSTONE_MAIN_JS_LOCATION $ONEHEM_LOCATION" DELETE_DIRS="$LIB_LOCATION $ETC_LOCATION $LOG_LOCATION $VAR_LOCATION \ @@ -188,6 +199,7 @@ else RUN_LOCATION="$VAR_LOCATION/run" LOCK_LOCATION="$VAR_LOCATION/lock" ONEGATE_LOCATION="$LIB_LOCATION/onegate" + ONEGATE_PROXY_LOCATION="$LIB_LOCATION/onegate-proxy" SUNSTONE_LOCATION="$LIB_LOCATION/sunstone" FIREEDGE_LOCATION="$LIB_LOCATION/fireedge" ONEFLOW_LOCATION="$LIB_LOCATION/oneflow" @@ -210,6 +222,11 @@ else MAKE_DIRS="$BIN_LOCATION $LIB_LOCATION $VAR_LOCATION \ $ONEGATE_LOCATION $ETC_LOCATION" + DELETE_DIRS="$MAKE_DIRS" + elif [ "$ONEGATE_PROXY" = "yes" ]; then + MAKE_DIRS="$BIN_LOCATION $LIB_LOCATION $VAR_LOCATION \ + $ONEGATE_PROXY_LOCATION $ETC_LOCATION" + DELETE_DIRS="$MAKE_DIRS" elif [ "$SUNSTONE" = "yes" ]; then MAKE_DIRS="$BIN_LOCATION $LIB_LOCATION $VAR_LOCATION \ @@ -234,7 +251,7 @@ else MAKE_DIRS="$BIN_LOCATION $SBIN_LOCATION $LIB_LOCATION $ETC_LOCATION $VAR_LOCATION \ $INCLUDE_LOCATION $SHARE_LOCATION $SYSTEM_DS_LOCATION \ $DEFAULT_DS_LOCATION $MAN_LOCATION $DOCS_LOCATION \ - $VM_LOCATION $ONEGATE_LOCATION $ONEFLOW_LOCATION \ + $VM_LOCATION $ONEGATE_LOCATION $ONEGATE_PROXY_LOCATION $ONEFLOW_LOCATION \ $SUNSTONE_MAIN_JS_LOCATION $ONEHEM_LOCATION $LOCK_LOCATION $RUN_LOCATION" DELETE_DIRS="$MAKE_DIRS" @@ -556,6 +573,8 @@ if [ "$CLIENT" = "yes" ]; then $ETC_LOCATION" elif [ "$ONEGATE" = "yes" ]; then MAKE_DIRS="$MAKE_DIRS $LIB_OCA_CLIENT_DIRS" +elif [ "$ONEGATE_PROXY" = "yes" ]; then + MAKE_DIRS="$MAKE_DIRS $LIB_OCA_CLIENT_DIRS" elif [ "$SUNSTONE" = "yes" ]; then if [ "$SUNSTONE_DEV" = "no" ]; then MAKE_DIRS="$MAKE_DIRS $SUNSTONE_DIRS $SUNSTONE_MINIFIED_DIRS $LIB_OCA_CLIENT_DIRS" @@ -919,6 +938,16 @@ INSTALL_ONEGATE_ETC_FILES=( ONEGATE_ETC_FILES:$ETC_LOCATION ) +INSTALL_ONEGATE_PROXY_FILES=( + ONEGATE_PROXY_FILES:$ONEGATE_PROXY_LOCATION + ONEGATE_PROXY_BIN_FILES:$BIN_LOCATION +) + +INSTALL_ONEGATE_PROXY_ETC_FILES=( + ONEGATE_PROXY_ETC_FILES:$ETC_LOCATION + ONEGATE_PROXY_REMOTES_ETC_FILES:$VAR_LOCATION/remotes/etc +) + INSTALL_ONEFLOW_FILES=( ONEFLOW_FILES:$ONEFLOW_LOCATION ONEFLOW_BIN_FILES:$BIN_LOCATION @@ -1016,6 +1045,7 @@ RUBY_LIB_FILES="src/mad/ruby/ActionManager.rb \ src/mad/ruby/OpenNebulaDriver.rb \ src/mad/ruby/VirtualMachineDriver.rb \ src/mad/ruby/PublicCloudDriver.rb \ + src/mad/ruby/HostSyncManager.rb \ src/mad/ruby/DriverExecHelper.rb \ src/mad/ruby/ssh_stream.rb \ src/vnm_mad/one_vnm.rb \ @@ -2923,6 +2953,18 @@ ONEGATE_BIN_FILES="src/onegate/bin/onegate-server" ONEGATE_ETC_FILES="src/onegate/etc/onegate-server.conf" +#----------------------------------------------------------------------------- +# OneGateProxy files +#----------------------------------------------------------------------------- + +ONEGATE_PROXY_FILES="src/onegate-proxy/onegate-proxy.rb" + +ONEGATE_PROXY_BIN_FILES="src/onegate-proxy/bin/onegate-proxy" + +ONEGATE_PROXY_ETC_FILES="src/onegate-proxy/etc/onegate-proxy.conf" + +ONEGATE_PROXY_REMOTES_ETC_FILES="$ONEGATE_PROXY_ETC_FILES" + #----------------------------------------------------------------------------- # OneFlow files #----------------------------------------------------------------------------- @@ -3170,6 +3212,8 @@ if [ "$CLIENT" = "yes" ]; then INSTALL_SET=${INSTALL_CLIENT_FILES[@]} elif [ "$ONEGATE" = "yes" ]; then INSTALL_SET="${INSTALL_ONEGATE_FILES[@]}" +elif [ "$ONEGATE_PROXY" = "yes" ]; then + INSTALL_SET="${INSTALL_ONEGATE_PROXY_FILES[@]}" elif [ "$SUNSTONE" = "yes" ]; then if [ "$SUNSTONE_DEV" = "no" ]; then INSTALL_SET="${INSTALL_SUNSTONE_RUBY_FILES[@]} \ @@ -3212,6 +3256,7 @@ else ${INSTALL_SUNSTONE_FILES[@]} ${INSTALL_SUNSTONE_PUBLIC_DEV_DIR[@]}\ ${INSTALL_FIREEDGE_FILES[@]} ${INSTALL_FIREEDGE_DEV_DIRS[@]}\ ${INSTALL_ONEGATE_FILES[@]} \ + ${INSTALL_ONEGATE_PROXY_FILES[@]} \ ${INSTALL_ONEFLOW_FILES[@]} \ ${INSTALL_ONEHEM_FILES[@]} \ ${INSTALL_ONEPROVISION_FILES[@]} \ @@ -3236,6 +3281,8 @@ if [ "$INSTALL_ETC" = "yes" ] ; then INSTALL_ETC_SET="${INSTALL_FIREEDGE_ETC_FILES[@]}" elif [ "$ONEGATE" = "yes" ]; then INSTALL_ETC_SET="${INSTALL_ONEGATE_ETC_FILES[@]}" + elif [ "$ONEGATE_PROXY" = "yes" ]; then + INSTALL_ETC_SET="${INSTALL_ONEGATE_PROXY_ETC_FILES[@]}" elif [ "$ONEFLOW" = "yes" ]; then INSTALL_ETC_SET="${INSTALL_ONEFLOW_ETC_FILES[@]}" else @@ -3243,6 +3290,7 @@ if [ "$INSTALL_ETC" = "yes" ] ; then ${INSTALL_SUNSTONE_ETC_FILES[@]} \ ${INSTALL_FIREEDGE_ETC_FILES[@]} \ ${INSTALL_ONEGATE_ETC_FILES[@]} \ + ${INSTALL_ONEGATE_PROXY_ETC_FILES[@]} \ ${INSTALL_ONEHEM_ETC_FILES[@]} \ ${INSTALL_ONEFLOW_ETC_FILES[@]}" fi diff --git a/share/etc/oned.conf b/share/etc/oned.conf index 52048e2e33..d59de06a57 100644 --- a/share/etc/oned.conf +++ b/share/etc/oned.conf @@ -789,7 +789,7 @@ DEFAULT_UMASK = 177 # MUST be consistent with the values in onegate-server.conf #******************************************************************************* -#ONEGATE_ENDPOINT = "http://frontend:5030" +#ONEGATE_ENDPOINT = "http://169.254.16.9:5030" #******************************************************************************* # VM Operations Permissions diff --git a/share/install_gems/AlmaLinux8/Gemfile.lock b/share/install_gems/AlmaLinux8/Gemfile.lock index ef55d5ff8a..5c32239ca3 100644 --- a/share/install_gems/AlmaLinux8/Gemfile.lock +++ b/share/install_gems/AlmaLinux8/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.645.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.160.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.341.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.15.3) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -125,6 +135,7 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) + nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) @@ -143,13 +154,15 @@ GEM rack (2.2.4) rack-protection (2.2.2) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) nokogiri (~> 1.10) optimist (~> 3.0) rchardet (1.8.0) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -157,7 +170,7 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) + sequel (5.62.0) sinatra (2.2.2) mustermann (~> 2.0) rack (~> 2.2) @@ -171,6 +184,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -214,6 +228,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -226,6 +241,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -245,6 +261,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rotp rqrcode diff --git a/share/install_gems/AlmaLinux9/Gemfile.lock b/share/install_gems/AlmaLinux9/Gemfile.lock index 300028f582..f9b161d89d 100644 --- a/share/install_gems/AlmaLinux9/Gemfile.lock +++ b/share/install_gems/AlmaLinux9/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.645.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.160.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.341.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.16.2) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -124,7 +134,8 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) - nokogiri (1.13.8) + nio4r (2.5.8) + nokogiri (1.13.9) mini_portile2 (~> 2.8.0) racc (~> 1.4) openssl (3.0.1) @@ -139,8 +150,10 @@ GEM public_suffix (5.0.0) racc (1.6.0) rack (2.2.4) - rack-protection (3.0.2) + rack-protection (3.0.3) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) @@ -148,7 +161,7 @@ GEM optimist (~> 3.0) rchardet (1.8.0) rexml (3.2.5) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -156,11 +169,11 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) - sinatra (3.0.2) + sequel (5.62.0) + sinatra (3.0.3) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.2) + rack-protection (= 3.0.3) tilt (~> 2.0) sqlite3 (1.5.3) mini_portile2 (~> 2.8.0) @@ -171,6 +184,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -214,6 +228,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -226,6 +241,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -245,6 +261,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rexml rotp diff --git a/share/install_gems/CentOS8/Gemfile.lock b/share/install_gems/CentOS8/Gemfile.lock index ef55d5ff8a..5c32239ca3 100644 --- a/share/install_gems/CentOS8/Gemfile.lock +++ b/share/install_gems/CentOS8/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.645.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.160.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.341.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.15.3) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -125,6 +135,7 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) + nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) @@ -143,13 +154,15 @@ GEM rack (2.2.4) rack-protection (2.2.2) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) nokogiri (~> 1.10) optimist (~> 3.0) rchardet (1.8.0) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -157,7 +170,7 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) + sequel (5.62.0) sinatra (2.2.2) mustermann (~> 2.0) rack (~> 2.2) @@ -171,6 +184,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -214,6 +228,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -226,6 +241,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -245,6 +261,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rotp rqrcode diff --git a/share/install_gems/Debian10/Gemfile.lock b/share/install_gems/Debian10/Gemfile.lock index c14e9a6d9b..1365954142 100644 --- a/share/install_gems/Debian10/Gemfile.lock +++ b/share/install_gems/Debian10/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.645.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.160.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.341.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.15.3) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -125,6 +135,7 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) + nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) @@ -143,13 +154,15 @@ GEM rack (2.2.4) rack-protection (2.2.2) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) nokogiri (~> 1.10) optimist (~> 3.0) rchardet (1.8.0) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -157,7 +170,7 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) + sequel (5.62.0) sinatra (2.2.2) mustermann (~> 2.0) rack (~> 2.2) @@ -171,6 +184,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -214,6 +228,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -226,6 +241,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -245,6 +261,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rotp rqrcode diff --git a/share/install_gems/Debian11/Gemfile.lock b/share/install_gems/Debian11/Gemfile.lock index de1d2cd8fb..a36137c0f5 100644 --- a/share/install_gems/Debian11/Gemfile.lock +++ b/share/install_gems/Debian11/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.645.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.160.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.341.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.16.2) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -124,7 +134,8 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) - nokogiri (1.13.8) + nio4r (2.5.8) + nokogiri (1.13.9) mini_portile2 (~> 2.8.0) racc (~> 1.4) openssl (3.0.1) @@ -139,15 +150,17 @@ GEM public_suffix (5.0.0) racc (1.6.0) rack (2.2.4) - rack-protection (3.0.2) + rack-protection (3.0.3) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) nokogiri (~> 1.10) optimist (~> 3.0) rchardet (1.8.0) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -155,11 +168,11 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) - sinatra (3.0.2) + sequel (5.62.0) + sinatra (3.0.3) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.2) + rack-protection (= 3.0.3) tilt (~> 2.0) sqlite3 (1.5.3) mini_portile2 (~> 2.8.0) @@ -170,6 +183,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -213,6 +227,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -225,6 +240,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -244,6 +260,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rotp rqrcode diff --git a/share/install_gems/Gemfile b/share/install_gems/Gemfile index 7d18c60ca2..5355686c33 100644 --- a/share/install_gems/Gemfile +++ b/share/install_gems/Gemfile @@ -38,6 +38,10 @@ if ruby_version >= Gem::Version.new('3.0.0') gem 'rexml' end +gem 'async-io', '= 1.32.1' +gem 'etc' +gem 'rb-inotify' + ################################################################################ # gems groups ################################################################################ diff --git a/share/install_gems/Ubuntu1804/Gemfile.lock b/share/install_gems/Ubuntu1804/Gemfile.lock index 963bb96768..d3335da0af 100644 --- a/share/install_gems/Ubuntu1804/Gemfile.lock +++ b/share/install_gems/Ubuntu1804/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.645.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.160.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.341.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.15.3) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -125,6 +135,7 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) + nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) @@ -143,13 +154,15 @@ GEM rack (2.2.4) rack-protection (2.2.2) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) nokogiri (~> 1.10) optimist (~> 3.0) rchardet (1.8.0) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -157,7 +170,7 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) + sequel (5.62.0) sinatra (2.2.2) mustermann (~> 2.0) rack (~> 2.2) @@ -171,6 +184,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -214,6 +228,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -226,6 +241,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -245,6 +261,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rotp rqrcode diff --git a/share/install_gems/Ubuntu2004/Gemfile.lock b/share/install_gems/Ubuntu2004/Gemfile.lock index e53d24776b..aae2913b51 100644 --- a/share/install_gems/Ubuntu2004/Gemfile.lock +++ b/share/install_gems/Ubuntu2004/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.641.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.158.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.340.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.16.2) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -124,7 +134,8 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) - nokogiri (1.13.8) + nio4r (2.5.8) + nokogiri (1.13.9) mini_portile2 (~> 2.8.0) racc (~> 1.4) openssl (3.0.1) @@ -133,21 +144,23 @@ GEM optimist (3.0.1) ox (2.14.11) parse-cron (0.1.4) - pg (1.4.3) + pg (1.4.4) polyglot (0.3.5) prometheus-client (4.0.0) public_suffix (5.0.0) racc (1.6.0) rack (2.2.4) - rack-protection (3.0.2) + rack-protection (3.0.3) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) nokogiri (~> 1.10) optimist (~> 3.0) rchardet (1.8.0) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -155,13 +168,13 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) - sinatra (3.0.2) + sequel (5.62.0) + sinatra (3.0.3) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.2) + rack-protection (= 3.0.3) tilt (~> 2.0) - sqlite3 (1.5.2) + sqlite3 (1.5.3) mini_portile2 (~> 2.8.0) thin (1.8.1) daemons (~> 1.0, >= 1.0.9) @@ -170,6 +183,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -213,6 +227,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -225,6 +240,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -244,6 +260,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rotp rqrcode diff --git a/share/install_gems/Ubuntu2204/Gemfile.lock b/share/install_gems/Ubuntu2204/Gemfile.lock index be1780e469..b5425cd451 100644 --- a/share/install_gems/Ubuntu2204/Gemfile.lock +++ b/share/install_gems/Ubuntu2204/Gemfile.lock @@ -9,26 +9,32 @@ GEM addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) android_key_attestation (0.3.0) + async (1.30.3) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-io (1.32.1) + async (~> 1.14) augeas (0.6.4) awrence (1.2.1) aws-eventstream (1.2.0) - aws-partitions (1.641.0) - aws-sdk-cloudwatch (1.67.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-partitions (1.660.0) + aws-sdk-cloudwatch (1.68.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.158.0) + aws-sdk-core (3.167.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) - aws-sigv4 (~> 1.1) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.340.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-ec2 (1.349.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.58.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (1.59.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.114.0) - aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-s3 (1.117.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) @@ -43,13 +49,15 @@ GEM ms_rest_azure (~> 0.12.0) azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bindata (2.4.12) + bindata (2.4.14) builder (3.2.4) cbor (0.5.9.6) chunky_png (1.4.0) concurrent-ruby (1.1.10) configparser (0.1.7) - cose (1.2.1) + console (1.16.2) + fiber-local + cose (1.3.0) cbor (~> 0.5.9) openssl-signature_algorithm (~> 1.0) curb (1.0.1) @@ -57,6 +65,7 @@ GEM dalli (2.7.11) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + etc (1.3.0) eventmachine (1.2.7) faraday (1.10.2) faraday-em_http (~> 1.0) @@ -91,6 +100,7 @@ GEM ffi-rzmq-core (>= 1.0.7) ffi-rzmq-core (1.0.7) ffi + fiber-local (1.0.0) git (1.12.0) addressable (~> 2.8) rchardet (~> 1.8) @@ -124,7 +134,8 @@ GEM ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) net-ldap (0.17.1) - nokogiri (1.13.8) + nio4r (2.5.8) + nokogiri (1.13.9) mini_portile2 (~> 2.8.0) racc (~> 1.4) openssl (3.0.1) @@ -133,14 +144,16 @@ GEM optimist (3.0.1) ox (2.14.11) parse-cron (0.1.4) - pg (1.4.3) + pg (1.4.4) polyglot (0.3.5) prometheus-client (4.0.0) public_suffix (5.0.0) racc (1.6.0) rack (2.2.4) - rack-protection (3.0.2) + rack-protection (3.0.3) rack + rb-inotify (0.10.1) + ffi (~> 1.0) rbvmomi (3.0.0) builder (~> 3.2) json (~> 2.3) @@ -148,7 +161,7 @@ GEM optimist (~> 3.0) rchardet (1.8.0) rexml (3.2.5) - rotp (6.2.0) + rotp (6.2.1) rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) @@ -156,13 +169,13 @@ GEM ruby2_keywords (0.0.5) safety_net_attestation (0.4.0) jwt (~> 2.0) - sequel (5.61.0) - sinatra (3.0.2) + sequel (5.62.0) + sinatra (3.0.3) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.2) + rack-protection (= 3.0.3) tilt (~> 2.0) - sqlite3 (1.5.2) + sqlite3 (1.5.3) mini_portile2 (~> 2.8.0) thin (1.8.1) daemons (~> 1.0, >= 1.0.9) @@ -171,6 +184,7 @@ GEM thread_safe (0.3.6) tilt (2.0.11) timeliness (0.3.10) + timers (4.3.5) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) @@ -214,6 +228,7 @@ PLATFORMS DEPENDENCIES activesupport (~> 4.2) addressable + async-io (= 1.32.1) augeas (~> 0.6) aws-sdk-cloudwatch aws-sdk-ec2 (>= 1.151) @@ -226,6 +241,7 @@ DEPENDENCIES configparser curb dalli (< 3.0) + etc faraday_middleware (~> 1.2.0) ffi-rzmq (~> 2.0.7) git (~> 1.5) @@ -245,6 +261,7 @@ DEPENDENCIES prometheus-client public_suffix rack + rb-inotify rbvmomi (~> 3.0.0) rexml rotp diff --git a/share/install_gems/install_gems b/share/install_gems/install_gems index 78a8c64e84..d873682b95 100755 --- a/share/install_gems/install_gems +++ b/share/install_gems/install_gems @@ -119,7 +119,7 @@ for GEMFILE in \ "/usr/share/one/Gemfile" do if [ -f "${GEMFILE}" ]; then - bundle install --system --gemfile="${GEMFILE}" >/dev/null + bundle install --system --gemfile="${GEMFILE}" echo 'Successfully done!' exit 0 diff --git a/share/install_gems/update_locks b/share/install_gems/update_locks index ef582254d0..3c2634ecd4 100755 --- a/share/install_gems/update_locks +++ b/share/install_gems/update_locks @@ -68,7 +68,7 @@ for DIR in $DIRS; do echo "--- Platform ${TARGET} (${DOCKER_IMAGE}:${DOCKER_TAG})" - cat - </dev/null;" \ - " mkdir -p '#{remote_dir}' 2>/dev/null &&" \ - " scp -rp #{REMOTES_LOCATION}/*" \ - " #{host['NAME']}:#{remote_dir} 2> /dev/null" - else - sync_cmd = "rsync -Laz --delete #{REMOTES_LOCATION}/" \ - " #{host['NAME']}:#{remote_dir}/" - end - retries = 3 begin - `#{sync_cmd} 2>/dev/null` + copy_method = options[:ssh] ? :ssh : :rsync + rc = sync_manager.update_remotes(host['NAME'], + nil, + copy_method) rescue IOError # Workaround for broken Ruby 2.5 # https://github.com/OpenNebula/one/issues/3229 @@ -387,7 +379,7 @@ class OneHostHelper < OpenNebulaHelper::OneHelper end end - if $CHILD_STATUS.nil? || !$CHILD_STATUS.success? + if rc != 0 error_lock.synchronize do host_errors << host['NAME'] end diff --git a/src/im_mad/im_exec/one_im_exec.rb b/src/im_mad/im_exec/one_im_exec.rb index 73f48a10de..890f670cd1 100755 --- a/src/im_mad/im_exec/one_im_exec.rb +++ b/src/im_mad/im_exec/one_im_exec.rb @@ -52,6 +52,7 @@ end $LOAD_PATH << RUBY_LIB_LOCATION +require 'HostSyncManager' require 'OpenNebulaDriver' require 'getoptlong' require 'zlib' @@ -76,6 +77,8 @@ class InformationManagerDriver < OpenNebulaDriver # register actions register_action(:START_MONITOR, method('start_monitor')) register_action(:STOP_MONITOR, method('stop_monitor')) + + @sync_manager = HostSyncManager.new end def start_monitor(_not_used, _hostid, _timestamp, zaction64) @@ -84,10 +87,16 @@ class InformationManagerDriver < OpenNebulaDriver return if rc == -1 if !action_is_local?(:START_MONITOR) - rc = update_remotes(:START_MONITOR, input[:host_id], - input[:hostname]) + rc = @sync_manager.update_remotes(input[:hostname], + log_method(input[:host_id])) - return if rc == -1 + if rc != 0 + write_respond(:START_MONITOR, + RESULT[:failure], + input[:host_id], + 'Could not update remotes') + return + end end result, info = do_action(input[:im_mad], @@ -150,41 +159,6 @@ class InformationManagerDriver < OpenNebulaDriver [-1, {}] end - def update_remotes(action, hostid, hostname) - # Recreate dir for remote scripts - mkdir_cmd = "mkdir -p #{@remote_scripts_base_path}" - - cmd = SSHCommand.run(mkdir_cmd, hostname, log_method(hostid)) - - if cmd.code != 0 - write_respond(action, - RESULT[:failure], - hostid, - 'Could not update remotes') - return -1 - end - - # Use SCP to sync: - #sync_cmd = "scp -r #{@local_scripts_base_path}/* " \ - # "#{hostname}:#{@remote_scripts_base_path}" - - # Use rsync to sync: - sync_cmd = "rsync -Laz --delete #{@local_scripts_base_path}/" \ - " #{hostname}:#{@remote_scripts_base_path}/" - - cmd = LocalCommand.run(sync_cmd, log_method(hostid)) - - if cmd.code != 0 - write_respond(action, - RESULT[:failure], - hostid, - 'Could not update remotes') - return -1 - end - - 0 - end - # Sends a log message to ONE. The +message+ can be multiline, it will # be automatically splitted by lines. def log(id, message, not_used=true) diff --git a/src/mad/ruby/HostSyncManager.rb b/src/mad/ruby/HostSyncManager.rb new file mode 100644 index 0000000000..186c983f0d --- /dev/null +++ b/src/mad/ruby/HostSyncManager.rb @@ -0,0 +1,90 @@ +# -------------------------------------------------------------------------- # +# Copyright 2002-2022, OpenNebula Project, OpenNebula Systems # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +# -------------------------------------------------------------------------- # + +# rubocop:disable Lint/MissingCopEnableDirective +# rubocop:disable Layout/FirstArgumentIndentation +# rubocop:disable Layout/FirstHashElementIndentation +# rubocop:disable Layout/HashAlignment +# rubocop:disable Layout/HeredocIndentation +# rubocop:disable Layout/IndentationWidth +# rubocop:disable Style/HashSyntax +# rubocop:disable Style/ParallelAssignment + +require 'CommandManager' + +# This helper module introduces a common routine that synchronizes +# the "remotes". +class HostSyncManager + + def initialize(one_config = nil) + one_location = ENV['ONE_LOCATION']&.delete("'") + if one_location.nil? + @one_config_path = '/var/lib/one/config' + @local_scripts_base_path = '/var/lib/one/remotes' + else + @one_config_path = one_location + '/var/config' + @local_scripts_base_path = one_location + '/var/remotes' + end + + # Do a simple parsing of the config file unless the values + # are already provided. NOTE: We don't care about "arrays" here.. + one_config ||= File.read(@one_config_path).lines.each_with_object({}) \ + do |line, object| + key, value = line.split('=').map(&:strip) + object[key.upcase] = value + end + + @remote_scripts_base_path = one_config['SCRIPTS_REMOTE_DIR'] + @remote_scripts_base_path&.delete!("'") + end + + def update_remotes(hostname, logger = nil, copy_method = :rsync) + assemble_cmd = lambda do |steps| + "exec 2>/dev/null; #{steps.join(' && ')}" + end + + case copy_method + when :ssh + mkdir_cmd = assemble_cmd.call [ + "rm -rf '#{@remote_scripts_base_path}'/", + "mkdir -p '#{@remote_scripts_base_path}'/" + ] + + sync_cmd = assemble_cmd.call [ + "scp -rp '#{@local_scripts_base_path}'/* " \ + "'#{hostname}':'#{@remote_scripts_base_path}'/" + ] + when :rsync + mkdir_cmd = assemble_cmd.call [ + "mkdir -p '#{@remote_scripts_base_path}'/" + ] + + sync_cmd = assemble_cmd.call [ + "rsync -Laz --delete '#{@local_scripts_base_path}'/ " \ + "'#{hostname}':'#{@remote_scripts_base_path}'/" + ] + end + + cmd = SSHCommand.run(mkdir_cmd, hostname, logger) + return cmd.code if cmd.code != 0 + + cmd = LocalCommand.run(sync_cmd, logger) + return cmd.code if cmd.code != 0 + + 0 + end + +end diff --git a/src/onecfg/share/etc/files.yaml b/src/onecfg/share/etc/files.yaml index 7d5801f537..edd6901deb 100644 --- a/src/onecfg/share/etc/files.yaml +++ b/src/onecfg/share/etc/files.yaml @@ -320,6 +320,12 @@ group: oneadmin mode: '0640' +- name: /var/lib/one/remotes/etc/onegate-proxy.conf + class: Yaml + owner: oneadmin + group: oneadmin + mode: '0640' + - name: /var/lib/one/remotes/etc/tm/fs_lvm/fs_lvm.conf class: Augeas::Shell owner: oneadmin diff --git a/src/onegate-proxy/bin/onegate-proxy b/src/onegate-proxy/bin/onegate-proxy new file mode 100755 index 0000000000..ff78a7e038 --- /dev/null +++ b/src/onegate-proxy/bin/onegate-proxy @@ -0,0 +1,122 @@ +#!/bin/bash + +# -------------------------------------------------------------------------- # +# Copyright 2002-2022, OpenNebula Project, OpenNebula Systems # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +if [ -z "$ONE_LOCATION" ]; then + ONEGATE_PROXY_PID=/var/run/one/onegate-proxy.pid + ONEGATE_PROXY_SERVER=/usr/lib/one/onegate-proxy/onegate-proxy.rb + ONEGATE_PROXY_LOCK_FILE=/var/lock/one/.onegate-proxy.lock + ONEGATE_PROXY_LOG=/var/log/one/onegate-proxy.log + ONEGATE_PROXY_LOG_ERROR=/var/log/one/onegate-proxy.error + ONEGATE_PROXY_CONF=/etc/one/onegate-proxy.conf +else + ONEGATE_PROXY_PID=$ONE_LOCATION/var/onegate-proxy.pid + ONEGATE_PROXY_SERVER=$ONE_LOCATION/lib/onegate-proxy/onegate-proxy.rb + ONEGATE_PROXY_LOCK_FILE=$ONE_LOCATION/var/.onegate-proxy.lock + ONEGATE_PROXY_LOG=$ONE_LOCATION/var/onegate-proxy.log + ONEGATE_PROXY_LOG_ERROR=$ONE_LOCATION/var/onegate-proxy.error + ONEGATE_PROXY_CONF=$ONE_LOCATION/etc/onegate-proxy.conf +fi + +setup() +{ + if [ -f $ONEGATE_PROXY_LOCK_FILE ]; then + if [ -f $ONEGATE_PROXY_PID ]; then + ONEGATEPID=`cat $ONEGATE_PROXY_PID` + ps $ONEGATEPID &> /dev/null + if [ $? -eq 0 ]; then + echo -n "OneGate Server is still running (PID:$ONEGATEPID). Please " + echo "try 'onegate-proxy stop' first." + exit 1 + fi + fi + echo "Stale .lock detected. Erasing it." + rm $ONEGATE_PROXY_LOCK_FILE + fi +} + + +start() +{ + if [ ! -f "$ONEGATE_PROXY_SERVER" ]; then + echo "Cannot find $ONEGATE_PROXY_SERVER." + exit 1 + fi + + # Start the onegate daemon + touch $ONEGATE_PROXY_LOCK_FILE + ruby $ONEGATE_PROXY_SERVER > $ONEGATE_PROXY_LOG 2>$ONEGATE_PROXY_LOG_ERROR & + LASTPID=$! + + if [ $? -ne 0 ]; then + echo "Error executing onegate-proxy." + echo "Check $ONEGATE_PROXY_LOG_ERROR and $ONEGATE_PROXY_LOG for more information" + exit 1 + else + echo $LASTPID > $ONEGATE_PROXY_PID + fi + + sleep 1 + ps $LASTPID &> /dev/null + + if [ $? -ne 0 ]; then + echo "Error executing onegate-proxy." + echo "Check $ONEGATE_PROXY_LOG_ERROR and $ONEGATE_PROXY_LOG for more information" + exit 1 + fi + + echo "onegate-proxy started" +} + +# +# Function that stops the daemon/service +# +stop() +{ + if [ ! -f $ONEGATE_PROXY_PID ]; then + echo "Couldn't find onegate-proxy process pid." + exit 1 + fi + + # Kill the onegate daemon + kill -INT `cat $ONEGATE_PROXY_PID` &> /dev/null + + # Remove pid files + rm -f $ONEGATE_PROXY_LOCK_FILE &> /dev/null + rm -f $ONEGATE_PROXY_PID &> /dev/null + + echo "onegate-proxy stopped" +} + +case "$1" in + start) + setup + start + ;; + stop) + stop + ;; + restart) + stop + setup + start + ;; + *) + echo "Usage: onegate-proxy {start|stop|restart}" >&2 + exit 3 + ;; +esac diff --git a/src/onegate-proxy/etc/onegate-proxy.conf b/src/onegate-proxy/etc/onegate-proxy.conf new file mode 100644 index 0000000000..52ef30d884 --- /dev/null +++ b/src/onegate-proxy/etc/onegate-proxy.conf @@ -0,0 +1,27 @@ +# -------------------------------------------------------------------------- # +# Copyright 2002-2022, OpenNebula Project, OpenNebula Systems # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +# Log debug level: 0 = ERROR, 1 = WARNING, 2 = INFO, 3 = DEBUG +#:debug_level: 2 + +#:process_owner: 'oneadmin' + +# The address and port are supposed to be provided during onehost sync +# operation inside the '/var/tmp/one/etc/onegate-proxy.conf' file. +#:onegate_addr: 'localhost' +#:onegate_port: '5030' + +#:service_addr: '169.254.16.9' diff --git a/src/onegate-proxy/onegate-proxy.rb b/src/onegate-proxy/onegate-proxy.rb new file mode 100644 index 0000000000..4db7033a2b --- /dev/null +++ b/src/onegate-proxy/onegate-proxy.rb @@ -0,0 +1,303 @@ +#!/usr/bin/env ruby +# -------------------------------------------------------------------------- # +# Copyright 2002-2022, OpenNebula Project, OpenNebula Systems # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +# frozen_string_literal: true + +# rubocop:disable Lint/MissingCopEnableDirective +# rubocop:disable Lint/RedundantRequireStatement +# rubocop:disable Layout/FirstHashElementIndentation +# rubocop:disable Layout/HashAlignment +# rubocop:disable Layout/HeredocIndentation +# rubocop:disable Layout/IndentationWidth +# rubocop:disable Style/HashSyntax +# rubocop:disable Style/ParallelAssignment + +ONE_LOCATION = ENV['ONE_LOCATION'] + +if !ONE_LOCATION + RUBY_LIB_LOCATION = '/usr/lib/one/ruby' + GEMS_LOCATION = '/usr/share/one/gems' + ETC_LOCATION = '/etc/one' + REMOTES_LOCATION = '/var/tmp/one' +else + RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' + GEMS_LOCATION = ONE_LOCATION + '/share/gems' + ETC_LOCATION = ONE_LOCATION + '/etc' + REMOTES_LOCATION = ONE_LOCATION + '/var/remotes' +end + +CONFIGURATION_FILE = ETC_LOCATION + '/onegate-proxy.conf' +DYNAMIC_CONFIGURATION_FILE = REMOTES_LOCATION + '/etc/onegate-proxy.conf' + +# %%RUBYGEMS_SETUP_BEGIN%% +if File.directory?(GEMS_LOCATION) + real_gems_path = File.realpath(GEMS_LOCATION) + if !defined?(Gem) || Gem.path != [real_gems_path] + $LOAD_PATH.reject! {|p| p =~ /vendor_ruby/ } + + # Suppress warnings from Rubygems + # https://github.com/OpenNebula/one/issues/5379 + begin + verb = $VERBOSE + $VERBOSE = nil + require 'rubygems' + Gem.use_paths(real_gems_path) + ensure + $VERBOSE = verb + end + end +end +# %%RUBYGEMS_SETUP_END%% + +$LOAD_PATH << RUBY_LIB_LOCATION + +require 'async/io' +require 'async/io/stream' +require 'async/io/trap' +require 'etc' +require 'pp' +require 'rb-inotify' +require 'socket' +require 'yaml' + +$stdout.sync = true +$stderr.sync = true + +DEFAULT_OPTIONS = { + :debug_level => 2, # 0 = ERROR, 1 = WARNING, 2 = INFO, 3 = DEBUG + :process_owner => 'oneadmin', + :onegate_addr => '127.0.0.1', + :onegate_port => '5030', + :service_addr => '169.254.16.9' +}.freeze + +# Proxy-class for converting log levels between OpenNebula and +# the socketry/console library. It also splits specific log levels +# into separate stdout and stderr loggers. +class Logger + + LOG_LEVEL_MAP = { + 0 => '3', # ERROR + 1 => '2', # WARN + 2 => '1', # INFO + 3 => '0' # DEBUG + }.freeze + + def initialize(log_level = 2) + @out = Console::Logger.default_logger $stdout, { + 'CONSOLE_LEVEL' => LOG_LEVEL_MAP[log_level] + } + @err = Console::Logger.default_logger $stderr, { + 'CONSOLE_LEVEL' => LOG_LEVEL_MAP[log_level] + } + end + + def error(*args, &block) + @err.error(*args, &block) + end + + def warn(*args, &block) + @err.warn(*args, &block) + end + + def info(*args, &block) + @out.info(*args, &block) + end + + def debug(*args, &block) + @err.debug(*args, &block) + end + +end + +# Class that implements a classic two-way TCP socket proxy (async). +class OneGateProxy + + def initialize(options = {}) + @options = DEFAULT_OPTIONS.dup.merge! options + @options.each {|k, v| instance_variable_set("@#{k}", v) } + + @logger = Logger.new options[:debug_level] + + @sigint = Async::IO::Trap.new :INT + @sigint.install! + + @inotify = setup_inotify + @inotify_io = Async::IO::Generic.new @inotify.to_io + + @proxy_ep = Async::IO::Endpoint.socket setup_socket + end + + def run + # NOTE: At this point all config should be set in stone, + # we can drop root privileges.. + drop_privileges + + Async do |task| + # Make CTRL-C work.. + task.async do + @sigint.wait { exit 0 } + end + + # Handle filesystem notifications.. + task.async do + @inotify.process while @inotify_io.wait_readable + end + + glue_peers task + end + end + + private + + def drop_privileges + new_gid, new_uid = Etc.getpwnam(@process_owner).gid, + Etc.getpwnam(@process_owner).uid + + @logger.info(self) do + "Drop root privileges -> #{@process_owner}" + end + + Process::Sys.setgid new_gid + Process::Sys.setuid new_uid + end + + def setup_inotify + inotify = INotify::Notifier.new + inotify.watch(DYNAMIC_CONFIGURATION_FILE, :modify) do + @logger.info(self) do + "#{DYNAMIC_CONFIGURATION_FILE} has been just updated, exiting.." + end + # We assume here that the service will be restarted by + # the service manager. + exit 0 + end + inotify + end + + def setup_service_addr + # NOTE: We need the service_addr to be defined on one of the interfaces + # inside the host, one natural choice is the loopback interface (lo). + # Effectively we set it once, subsequent restarts of the service should + # honor the idempotence. + ip_address_add_cmd = lambda do |cidr_host, nic_device| + check = "[ -n \"$(ip a s to '#{cidr_host}' dev '#{nic_device}')\" ]" + apply = "ip a a '#{cidr_host}' dev '#{nic_device}'" + "#{check.strip} >/dev/null 2>&1 || #{apply.strip}" + end + system ip_address_add_cmd.call "#{@service_addr}/32", 'lo' + end + + def setup_socket(listen = Socket::SOMAXCONN) + # NOTE: Must be executed before calling bind(), otherwise it fails.. + setup_service_addr + + sock = Socket.new Socket::AF_INET, Socket::SOCK_STREAM, 0 + sock.setsockopt Socket::SOL_SOCKET, Socket::SO_REUSEADDR, 1 + + @logger.info(self) do + "Bind #{Addrinfo.tcp(@service_addr, @onegate_port).inspect}" + end + + sock.bind Socket.pack_sockaddr_in(@onegate_port, @service_addr) + sock.listen listen + sock + end + + def glue_streams(stream1, stream2, task) + Async do + concurrent = [] + concurrent << task.async do + while (chunk = stream1.read_partial) + stream2.write chunk + stream2.flush + end + end + concurrent << task.async do + while (chunk = stream2.read_partial) + stream1.write chunk + stream1.flush + end + end + concurrent.each(&:wait) + end + end + + def glue_peers(task) + @proxy_ep.accept do |vm_peer| + @logger.debug(self) do + "Accept #{vm_peer.remote_address.inspect}" + end + + begin + gate_ep = Async::IO::Endpoint.tcp @onegate_addr, + @onegate_port + gate_ep.connect do |gate_peer| + vm_stream, gate_stream = Async::IO::Stream.new(vm_peer), + Async::IO::Stream.new(gate_peer) + + glue_streams(vm_stream, gate_stream, task).wait + + @logger.debug(self) do + "Close #{gate_peer.remote_address.inspect}" + end + + gate_peer.close + end + rescue Errno::ECONNREFUSED, + Errno::ECONNRESET, + Errno::EHOSTUNREACH, + Errno::ETIMEDOUT => e + @logger.error(self) do + e.message + end + end + + @logger.debug(self) do + "Close #{vm_peer.remote_address.inspect}" + end + + vm_peer.close + end + end + +end + +if caller.empty? + # NOTE: The "DYNAMIC_CONFIGURATION_FILE" is copied during the host + # sync procedure and should just contain OneGate's address and port. + # Contacting OpenNebula's API in this simple service looks like + # an overkill.. + options = DEFAULT_OPTIONS.dup + [CONFIGURATION_FILE, DYNAMIC_CONFIGURATION_FILE].each do |path| + options.merge!(YAML.load_file(path) || {}) if File.exist?(path) + rescue StandardError => e + warn "Error parsing config file #{path}: #{e.message}" + exit 1 + end + + puts <<~HEADER + -------------------------------------- + Proxy configuration + -------------------------------------- + #{options.pretty_inspect.strip} + -------------------------------------- + HEADER + + service = OneGateProxy.new options + service.run +end