Class: Puppet::Network::HTTP::WEBrick

Inherits:

Object

• Object
• Puppet::Network::HTTP::WEBrick

Defined in:

lib/puppet/network/http/webrick.rb

Constant Summary

CIPHERS =

"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"

Instance Method Summary

• #create_server(address, port) ⇒ Object private
• #initialize ⇒ WEBrick constructor

  A new instance of WEBrick.

• #listen(address, port) ⇒ Object
• #listening? ⇒ Boolean
• #setup_logger ⇒ Object

  Configure our http log file.

• #setup_ssl ⇒ Object

  Add all of the ssl cert information.

• #unlisten ⇒ Object
• #wait_for_shutdown ⇒ Object

Constructor Details

#initialize ⇒ WEBrick

Returns a new instance of WEBrick.

# File 'lib/puppet/network/http/webrick.rb', line 13

def initialize
  @listening = false
end

Instance Method Details

#create_server(address, port) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/network/http/webrick.rb', line 56

def create_server(address, port)
  arguments = {:BindAddress => address, :Port => port, :DoNotReverseLookup => true}
  arguments.merge!(setup_logger)
  arguments.merge!(setup_ssl)

  BasicSocket.do_not_reverse_lookup = true

  server = WEBrick::HTTPServer.new(arguments)
  server.ssl_context.ciphers = CIPHERS
  server
end

#listen(address, port) ⇒ Object

# File 'lib/puppet/network/http/webrick.rb', line 17

def listen(address, port)
  @server = create_server(address, port)

  @server.listeners.each { |l| l.start_immediately = false }

  @server.mount('/', Puppet::Network::HTTP::WEBrickREST)

  raise _("WEBrick server is already listening") if @listening
  @listening = true
  @thread = Thread.new do
    @server.start do |sock|
      timeout = 10.0
      if ! IO.select([sock],nil,nil,timeout)
        raise _("Client did not send data within %.1f seconds of connecting") % timeout
      end
      sock.accept
      @server.run(sock)
    end
  end
  sleep 0.1 until @server.status == :Running
end

#listening? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/puppet/network/http/webrick.rb', line 47

def listening?
  @listening
end

#setup_logger ⇒ Object

Configure our http log file.

# File 'lib/puppet/network/http/webrick.rb', line 69

def setup_logger
  # Make sure the settings are all ready for us.
  Puppet.settings.use(:main, :ssl, :application)

  file = Puppet[:masterhttplog]

  # open the log manually to prevent file descriptor leak
  # webrick logged strings may contain UTF-8
  file_io = ::File.open(file, "a+:UTF-8")
  file_io.sync = true
  if defined?(Fcntl::FD_CLOEXEC)
    file_io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
  end

  args = [file_io]
  args << WEBrick::Log::DEBUG if Puppet::Util::Log.level == :debug

  logger = WEBrick::Log.new(*args)
  return :Logger => logger, :AccessLog => [
    [logger, WEBrick::AccessLog::COMMON_LOG_FORMAT ],
    [logger, WEBrick::AccessLog::REFERER_LOG_FORMAT ]
  ]
end

#setup_ssl ⇒ Object

Add all of the ssl cert information.

Raises:

• (Puppet::Error)

# File 'lib/puppet/network/http/webrick.rb', line 94

def setup_ssl
  results = {}

  # Get the cached copy.  We know it's been generated, too.
  host = Puppet::SSL::Host.localhost

  raise Puppet::Error, _("Could not retrieve certificate for %{host} and not running on a valid certificate authority") % { value0: host.name } unless host.certificate

  results[:SSLPrivateKey] = host.key.content
  results[:SSLCertificate] = host.certificate.content
  results[:SSLStartImmediately] = true
  results[:SSLEnable] = true
  results[:SSLOptions] = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3

  raise Puppet::Error, _("Could not find CA certificate") unless Puppet::SSL::Certificate.indirection.find(Puppet::SSL::CA_NAME)

  results[:SSLCACertificateFile] = ssl_configuration.ca_auth_file
  results[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER

  results[:SSLCertificateStore] = host.ssl_store

  results
end

#unlisten ⇒ Object

# File 'lib/puppet/network/http/webrick.rb', line 39

def unlisten
  raise _("WEBrick server is not listening") unless @listening
  @server.shutdown
  wait_for_shutdown
  @server = nil
  @listening = false
end

#wait_for_shutdown ⇒ Object

# File 'lib/puppet/network/http/webrick.rb', line 51

def wait_for_shutdown
  @thread.join
end