[API] Add SSL Gearman support

New options for giving SSL key and cert file. Change-Id: I2f7fff6ad16b1e934042458d17e5d27fc53eae50
2013-06-26 13:34:42 -04:00
parent bd5afdd172
commit a66aba4e7c
3 changed files with 43 additions and 2 deletions
--- a/doc/api/config.rst
+++ b/doc/api/config.rst
@@ -84,6 +84,18 @@ Command Line Options
      Used to specify the Gearman job server hostname and port. This option
      can be used multiple times to specify multiple job servers.

+   .. option:: --gearman_ssl_ca <PATH>
+
+      The path for the Gearman SSL Certificate Authority
+
+   .. option:: --gearman_ssl_cert <PATH>
+
+      The path for the Gearman SSL certificate
+
+   .. option:: --gearman_ssl_key <PATH>
+
+      The path for the Gearman SSL key
+
   .. option:: --keystone_module <MODULE:CLASS>

      A colon separated module and class to use as the keystone authentication
--- a/libra/api/app.py
+++ b/libra/api/app.py
@@ -62,7 +62,10 @@ def setup_app(pecan_config, args):
        'swift_endpoint': args.swift_endpoint
    }
    config['gearman'] = {
-        'server': args.gearman
+        'server': args.gearman,
+        'ssl_key': args.gearman_ssl_key,
+        'ssl_cert': args.gearman_ssl_cert,
+        'ssl_ca': args.gearman_ssl_ca
    }
    if args.debug:
        config['wsme'] = {'debug': True}
@@ -145,6 +148,18 @@ def main():
        '--gearman', action='append', metavar='HOST:PORT', default=[],
        help='Gearman job servers'
    )
+    options.parser.add_argument(
+        '--gearman_ssl_ca', metavar='FILE',
+        help='Gearman SSL certificate authority'
+    )
+    options.parser.add_argument(
+        '--gearman_ssl_cert', metavar='FILE',
+        help='Gearman SSL certificate'
+    )
+    options.parser.add_argument(
+        '--gearman_ssl_key', metavar='FILE',
+        help='Gearman SSL key'
+    )
    options.parser.add_argument(
        '--keystone_module',
        default='keystoneclient.middleware.auth_token:AuthProtocol',
--- a/libra/api/library/gearman_client.py
+++ b/libra/api/library/gearman_client.py
@@ -54,7 +54,21 @@ class GearmanClientThread(object):
        self.logger = logger
        self.host = host
        self.lbid = lbid
-        self.gearman_client = JSONGearmanClient(conf.gearman.server)
+
+        if all([conf.gearman.ssl_key, conf.gearman.ssl_cert,
+                conf.gearman.ssl_ca]):
+            # Use SSL connections to each Gearman job server.
+            ssl_server_list = []
+            for server in conf.gearman:
+                ghost, gport = server.split(':')
+                ssl_server_list.append({'host': ghost,
+                                        'port': gport,
+                                        'keyfile': conf.gearman.ssl_key,
+                                        'certfile': conf.gearman.ssl_cert,
+                                        'ca_certs': conf.gearman.ssl_ca})
+            self.gearman_client = JSONGearmanClient(ssl_server_list)
+        else:
+            self.gearman_client = JSONGearmanClient(conf.gearman.server)

    def send_delete(self, data):
        with db_session() as session: