docker_ssl_endpoint/start.py

#!/usr/bin/python3.4

import os
import signal
import logging
import time
import hashlib

cert_path='/data/haproxy'
cert_file='/data/haproxy/cert.pem'
pid_file='/haproxy.pid'


def hash_cert_file():
    """Creates the sha256 hash of the certifcate file for haproxy. If the file
    does not exist, an empty string is returned.
    """
    if not os.path.isfile(cert_file):
        return ''
    aFile = open(cert_file, 'rb')
    hasher = hashlib.sha256()
    buf = aFile.read(65536)
    while len(buf) > 0:
        hasher.update(buf)
        buf = aFile.read(65536)
    return hasher.digest()

def setup_logging():
    """Sets up logging with a nice format"""
    logging.basicConfig(format='%(asctime)s [%(levelname)s]: %(message)s', level=logging.INFO)

def get_pid():
    """This function reads the process id from the given file and returns as int."""
    with open(pid_file, 'r') as file:
        return int(file.read())

def kill_haproxy():
    """Stops the currently running instance of haproxy by issueing a kill signal to its pid."""
    logging.info('killing haproxy')
    try:
        os.kill(get_pid(), signal.SIGKILL)
    except OSError:
        pass

def start_haproxy_ssl():
    logging.info('starting haproxy SSL')
    os.system('/usr/sbin/haproxy -f /haproxy_ssl.conf -p /haproxy.pid')

def start_haproxy():
    logging.info('starting haproxy NON SSL')
    os.system('/usr/sbin/haproxy -f /haproxy.conf -p /haproxy.pid')

def is_haproxy_running():
    try:
        os.kill(get_pid(), 0)
        return True
    except OSError:
        return False

def ssl_possible():
    """Check if a certificate is available."""
    if not os.path.exists(cert_path):
        logging.info('creating cert_path path: %s', cert_path)
        os.mkdir(cert_path)

    if not os.path.isfile(cert_file):
        return False
    else:
        return True

if __name__ == '__main__':
    setup_logging()

    logging.info('starting')

    cert_file_hash = ''

    if ssl_possible():
        logging.info('try in SSL mode')
        start_haproxy_ssl()
        cert_file_hash = hash_cert_file()
        if is_haproxy_running():
            SSL_RUNNING=True
        else:
            logging.info('SSL mode failed')
    if not is_haproxy_running() or not ssl_possible():
        logging.info('try in NON SSL mode')
        start_haproxy()
        SSL_RUNNING=False

    while True:
        time.sleep(10)
        if ssl_possible() and not SSL_RUNNING:
            kill_haproxy()
            start_haproxy_ssl()
            if is_haproxy_running():
                cert_file_hash = hash_cert_file()
                logging.info('NON SSL -> SSL')
                SSL_RUNNING=True
            else:
                start_haproxy()
                SSL_RUNNING=False
        if SSL_RUNNING and cert_file_hash != hash_cert_file():
            logging.info('cert has changed')
            kill_haproxy()
            start_haproxy_ssl()
            if is_haproxy_running():
                cert_file_hash = hash_cert_file()
                logging.info('SSL -> SSL')
                SSL_RUNNING=True
            else:
                start_haproxy()
                logging.info('SSL -> NON SSL')
                SSL_RUNNING=False