2016-04-06 20:26:08 +02:00
|
|
|
#!/usr/bin/python3.4
|
|
|
|
|
|
|
|
import os
|
|
|
|
import signal
|
|
|
|
import logging
|
|
|
|
import time
|
|
|
|
import hashlib
|
|
|
|
|
|
|
|
cert_path='/data/haproxy'
|
|
|
|
cert_file='/data/haproxy/cert.pem'
|
|
|
|
pid_file='/haproxy.pid'
|
|
|
|
|
|
|
|
|
|
|
|
def hash_cert_file():
|
2016-04-07 08:03:13 +02:00
|
|
|
"""Creates the sha256 hash of the certifcate file for haproxy. If the file
|
|
|
|
does not exist, an empty string is returned.
|
|
|
|
"""
|
2016-04-06 20:26:08 +02:00
|
|
|
if not os.path.isfile(cert_file):
|
|
|
|
return ''
|
|
|
|
aFile = open(cert_file, 'rb')
|
|
|
|
hasher = hashlib.sha256()
|
|
|
|
buf = aFile.read(65536)
|
|
|
|
while len(buf) > 0:
|
|
|
|
hasher.update(buf)
|
|
|
|
buf = aFile.read(65536)
|
|
|
|
return hasher.digest()
|
|
|
|
|
|
|
|
def setup_logging():
|
|
|
|
"""Sets up logging with a nice format"""
|
|
|
|
logging.basicConfig(format='%(asctime)s [%(levelname)s]: %(message)s', level=logging.INFO)
|
|
|
|
|
|
|
|
def get_pid():
|
|
|
|
"""This function reads the process id from the given file and returns as int."""
|
|
|
|
with open(pid_file, 'r') as file:
|
|
|
|
return int(file.read())
|
|
|
|
|
|
|
|
def kill_haproxy():
|
|
|
|
"""Stops the currently running instance of haproxy by issueing a kill signal to its pid."""
|
|
|
|
logging.info('killing haproxy')
|
|
|
|
try:
|
|
|
|
os.kill(get_pid(), signal.SIGKILL)
|
|
|
|
except OSError:
|
|
|
|
pass
|
|
|
|
|
|
|
|
def start_haproxy_ssl():
|
|
|
|
logging.info('starting haproxy SSL')
|
|
|
|
os.system('/usr/sbin/haproxy -f /haproxy_ssl.conf -p /haproxy.pid')
|
|
|
|
|
|
|
|
def start_haproxy():
|
|
|
|
logging.info('starting haproxy NON SSL')
|
|
|
|
os.system('/usr/sbin/haproxy -f /haproxy.conf -p /haproxy.pid')
|
|
|
|
|
|
|
|
def is_haproxy_running():
|
|
|
|
try:
|
|
|
|
os.kill(get_pid(), 0)
|
|
|
|
return True
|
|
|
|
except OSError:
|
|
|
|
return False
|
|
|
|
|
|
|
|
def ssl_possible():
|
|
|
|
"""Check if a certificate is available."""
|
|
|
|
if not os.path.exists(cert_path):
|
|
|
|
logging.info('creating cert_path path: %s', cert_path)
|
|
|
|
os.mkdir(cert_path)
|
|
|
|
|
|
|
|
if not os.path.isfile(cert_file):
|
|
|
|
return False
|
|
|
|
else:
|
|
|
|
return True
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
setup_logging()
|
|
|
|
|
|
|
|
logging.info('starting')
|
|
|
|
|
|
|
|
cert_file_hash = ''
|
|
|
|
|
|
|
|
if ssl_possible():
|
|
|
|
logging.info('try in SSL mode')
|
|
|
|
start_haproxy_ssl()
|
|
|
|
cert_file_hash = hash_cert_file()
|
|
|
|
if is_haproxy_running():
|
|
|
|
SSL_RUNNING=True
|
|
|
|
else:
|
|
|
|
logging.info('SSL mode failed')
|
|
|
|
if not is_haproxy_running() or not ssl_possible():
|
|
|
|
logging.info('try in NON SSL mode')
|
|
|
|
start_haproxy()
|
|
|
|
SSL_RUNNING=False
|
|
|
|
|
|
|
|
while True:
|
|
|
|
time.sleep(10)
|
|
|
|
if ssl_possible() and not SSL_RUNNING:
|
|
|
|
kill_haproxy()
|
|
|
|
start_haproxy_ssl()
|
|
|
|
if is_haproxy_running():
|
|
|
|
cert_file_hash = hash_cert_file()
|
|
|
|
logging.info('NON SSL -> SSL')
|
|
|
|
SSL_RUNNING=True
|
|
|
|
else:
|
|
|
|
start_haproxy()
|
|
|
|
SSL_RUNNING=False
|
|
|
|
if SSL_RUNNING and cert_file_hash != hash_cert_file():
|
|
|
|
logging.info('cert has changed')
|
|
|
|
kill_haproxy()
|
|
|
|
start_haproxy_ssl()
|
|
|
|
if is_haproxy_running():
|
|
|
|
cert_file_hash = hash_cert_file()
|
|
|
|
logging.info('SSL -> SSL')
|
|
|
|
SSL_RUNNING=True
|
|
|
|
else:
|
|
|
|
start_haproxy()
|
|
|
|
logging.info('SSL -> NON SSL')
|
|
|
|
SSL_RUNNING=False
|