[STATSD] Add SSL Gearman support

New options for giving SSL key and cert file. Requires an SSL enabled python-gearman library. Change-Id: I4a1444570d62b90d75a169bd7d092f16a3f907aa
2013-06-26 16:15:26 -04:00
parent a179ae97d9
commit 88e14732e0
3 changed files with 39 additions and 1 deletions
--- a/doc/statsd/config.rst
+++ b/doc/statsd/config.rst
@@ -25,6 +25,18 @@ Command Line Options
      driver.  Can be specified multiple times for multiple servers.  This
      option is also used for the hp_rest alerting driver.

+   .. option:: --gearman_ssl_ca <PATH>
+
+      The path for the Gearman SSL Certificate Authority.
+
+   .. option:: --gearman_ssl_cert <PATH>
+
+      The path for the Gearman SSL certificate.
+
+   .. option:: --gearman_ssl_key <PATH>
+
+      The path for the Gearman SSL key.
+
   .. option:: --server <HOST:PORT>

      Used to specify the Gearman job server hostname and port. This option
--- a/libra/statsd/main.py
+++ b/libra/statsd/main.py
@@ -49,6 +49,18 @@ def main():
        choices=known_drivers.keys(), default='dummy',
        help='type of device to use'
    )
+    options.parser.add_argument(
+        '--gearman_ssl_ca', dest='gearman_ssl_ca', metavar='FILE',
+        help='Gearman SSL certificate authority'
+    )
+    options.parser.add_argument(
+        '--gearman_ssl_cert', dest='gearman_ssl_cert', metavar='FILE',
+        help='Gearman SSL certificate'
+    )
+    options.parser.add_argument(
+        '--gearman_ssl_key', dest='gearman_ssl_key', metavar='FILE',
+        help='Gearman SSL key'
+    )
    options.parser.add_argument(
        '--server', dest='server', action='append', metavar='HOST:PORT',
        default=[],
--- a/libra/statsd/statsd_gearman.py
+++ b/libra/statsd/statsd_gearman.py
@@ -21,7 +21,21 @@ class GearJobs(object):
        self.logger = logger
        self.poll_timeout = args.poll_timeout
        self.poll_timeout_retry = args.poll_timeout_retry
-        self.gm_client = JSONGearmanClient(args.server)
+
+        if all([args.gearman_ssl_ca, args.gearman_ssl_cert,
+                args.gearman_ssl_key]):
+            # Use SSL connections to each Gearman job server.
+            ssl_server_list = []
+            for server in args.server:
+                host, port = server.split(':')
+                ssl_server_list.append({'host': host,
+                                        'port': port,
+                                        'keyfile': args.gearman_ssl_key,
+                                        'certfile': args.gearman_ssl_cert,
+                                        'ca_certs': args.gearman_ssl_ca})
+            self.gm_client = JSONGearmanClient(ssl_server_list)
+        else:
+            self.gm_client = JSONGearmanClient(args.server)

    def send_pings(self, node_list):
        # TODO: lots of duplicated code that needs cleanup