Sergiusz Bazanski | e08e6da | 2018-08-27 20:40:10 +0100 | [diff] [blame] | 1 | package main |
| 2 | |
| 3 | import ( |
| 4 | "context" |
| 5 | "crypto/tls" |
| 6 | "crypto/x509" |
| 7 | "fmt" |
| 8 | "io/ioutil" |
| 9 | "net" |
| 10 | "net/http" |
| 11 | |
| 12 | "github.com/golang/glog" |
| 13 | "github.com/q3k/statusz" |
| 14 | "golang.org/x/net/trace" |
| 15 | "google.golang.org/grpc" |
| 16 | "google.golang.org/grpc/credentials" |
| 17 | "google.golang.org/grpc/reflection" |
| 18 | |
| 19 | pb "code.hackerspace.pl/q3k/arista-proxy/proto" |
| 20 | ) |
| 21 | |
| 22 | type serverOpts struct { |
| 23 | listenAddress string |
| 24 | debugAddress string |
| 25 | tlsCAPath string |
| 26 | tlsCertificatePath string |
| 27 | tlsKeyPath string |
| 28 | pkiRealm string |
| 29 | } |
| 30 | |
| 31 | type server struct { |
| 32 | arista *aristaClient |
| 33 | opts *serverOpts |
| 34 | |
| 35 | grpc struct { |
| 36 | listen net.Listener |
| 37 | server *grpc.Server |
| 38 | } |
| 39 | http struct { |
| 40 | listen net.Listener |
| 41 | server *http.Server |
| 42 | } |
| 43 | } |
| 44 | |
| 45 | func newServer(opts *serverOpts, arista *aristaClient) (*server, error) { |
| 46 | return &server{ |
| 47 | opts: opts, |
| 48 | arista: arista, |
| 49 | }, nil |
| 50 | } |
| 51 | |
| 52 | func (s *server) trace(ctx context.Context, f string, args ...interface{}) { |
| 53 | tr, ok := trace.FromContext(ctx) |
| 54 | if !ok { |
| 55 | fmtd := fmt.Sprintf(f, args...) |
| 56 | glog.Warningf("No trace in %v: %s", ctx, fmtd) |
| 57 | return |
| 58 | } |
| 59 | tr.LazyPrintf(f, args...) |
| 60 | } |
| 61 | |
| 62 | func (s *server) setupGRPC(options ...grpc.ServerOption) error { |
| 63 | serverCert, err := tls.LoadX509KeyPair(s.opts.tlsCertificatePath, s.opts.tlsKeyPath) |
| 64 | if err != nil { |
| 65 | return fmt.Errorf("while loading keypair: %v", err) |
| 66 | } |
| 67 | |
| 68 | certPool := x509.NewCertPool() |
| 69 | ca, err := ioutil.ReadFile(s.opts.tlsCAPath) |
| 70 | if err != nil { |
| 71 | return fmt.Errorf("while loading ca certificate: %v", err) |
| 72 | } |
| 73 | if ok := certPool.AppendCertsFromPEM(ca); !ok { |
| 74 | return fmt.Errorf("while appending ca certificate to pool: %v", err) |
| 75 | } |
| 76 | |
| 77 | lis, err := net.Listen("tcp", s.opts.listenAddress) |
| 78 | if err != nil { |
| 79 | return fmt.Errorf("while listening on main port: %v", err) |
| 80 | } |
| 81 | |
| 82 | creds := credentials.NewTLS(&tls.Config{ |
| 83 | ClientAuth: tls.RequireAndVerifyClientCert, |
| 84 | Certificates: []tls.Certificate{serverCert}, |
| 85 | ClientCAs: certPool, |
| 86 | }) |
| 87 | |
| 88 | s.grpc.listen = lis |
| 89 | options = append([]grpc.ServerOption{grpc.Creds(creds)}, options...) |
| 90 | s.grpc.server = grpc.NewServer(options...) |
| 91 | |
| 92 | return nil |
| 93 | } |
| 94 | |
| 95 | func (s *server) setupDebugHTTP(mux http.Handler) error { |
| 96 | lis, err := net.Listen("tcp", s.opts.debugAddress) |
| 97 | if err != nil { |
| 98 | return fmt.Errorf("while listening on main port: %v", err) |
| 99 | } |
| 100 | |
| 101 | s.http.listen = lis |
| 102 | s.http.server = &http.Server{ |
| 103 | Addr: s.opts.debugAddress, |
| 104 | Handler: mux, |
| 105 | } |
| 106 | |
| 107 | return nil |
| 108 | } |
| 109 | |
| 110 | func (s *server) serveForever() { |
| 111 | grpc.EnableTracing = true |
| 112 | |
| 113 | if err := s.setupGRPC(grpc.UnaryInterceptor(s.unaryInterceptor)); err != nil { |
| 114 | glog.Exitf("Could not setup GRPC server: %v", err) |
| 115 | } |
| 116 | pb.RegisterAristaProxyServer(s.grpc.server, s) |
| 117 | reflection.Register(s.grpc.server) |
| 118 | |
| 119 | go func() { |
| 120 | if err := s.grpc.server.Serve(s.grpc.listen); err != nil { |
| 121 | glog.Exitf("Could not start GRPC server: %v", err) |
| 122 | } |
| 123 | }() |
| 124 | glog.Infof("Listening for GRPC on %v", s.opts.listenAddress) |
| 125 | |
Sergiusz Bazanski | b27d528 | 2018-08-27 21:07:23 +0100 | [diff] [blame^] | 126 | if s.opts.debugAddress == "" { |
| 127 | glog.Info("Disabling debug HTTP server") |
| 128 | } else { |
| 129 | httpMux := http.NewServeMux() |
| 130 | httpMux.HandleFunc("/debug/status", statusz.StatusHandler) |
| 131 | httpMux.HandleFunc("/debug/requests", trace.Traces) |
| 132 | httpMux.HandleFunc("/", statusz.StatusHandler) |
Sergiusz Bazanski | e08e6da | 2018-08-27 20:40:10 +0100 | [diff] [blame] | 133 | |
Sergiusz Bazanski | b27d528 | 2018-08-27 21:07:23 +0100 | [diff] [blame^] | 134 | if err := s.setupDebugHTTP(httpMux); err != nil { |
| 135 | glog.Exitf("Could not setup HTTP server: %v", err) |
Sergiusz Bazanski | e08e6da | 2018-08-27 20:40:10 +0100 | [diff] [blame] | 136 | } |
Sergiusz Bazanski | b27d528 | 2018-08-27 21:07:23 +0100 | [diff] [blame^] | 137 | |
| 138 | go func() { |
| 139 | if err := s.http.server.Serve(s.http.listen); err != nil { |
| 140 | glog.Exitf("Could not start HTTP server: %v", err) |
| 141 | } |
| 142 | }() |
| 143 | glog.Infof("Listening for HTTP on %v", s.opts.debugAddress) |
| 144 | } |
Sergiusz Bazanski | e08e6da | 2018-08-27 20:40:10 +0100 | [diff] [blame] | 145 | |
| 146 | select {} |
| 147 | } |