Skip to content
Permalink
Browse files

- Implement registration sharing

  + Registration sharing allows two completely independently configured
    SMT servers to be configured as sibling servers. The sibling servers
    share registration information effectively creating an redundant
    setup. Code that can be implemented in the client can detect if the
    SMT server that it registered to is available, if not it can fail
    over to the sibling server and get access to the repositories with
    the same registration credentials.
  • Loading branch information...
rjschwei committed Apr 22, 2016
1 parent 6b9df3c commit 7f826e35f07ba9707b0f51f71efc76d478dd27ca
@@ -54,6 +54,7 @@ install:
ln -s smt-setup-custom-repos $(DESTDIR)/usr/sbin/smt-setup-custom-catalogs
install -m 644 www/perl-lib/NU/*.pm $(DESTDIR)/srv/www/perl-lib/NU/
install -m 644 www/perl-lib/SMT/Registration.pm $(DESTDIR)/srv/www/perl-lib/SMT/
install -m 644 www/perl-lib/SMT/RegistrationSharing.pm $(DESTDIR)$(PERLMODDIR)/SMT/
install -m 644 www/perl-lib/SMT/Support.pm $(DESTDIR)/srv/www/perl-lib/SMT/
install -m 644 www/perl-lib/SMT/Utils.pm $(DESTDIR)$(PERLMODDIR)/SMT/
install -m 644 www/perl-lib/SMT/Mirror/*.pm /$(DESTDIR)$(PERLMODDIR)/SMT/Mirror/
@@ -94,6 +95,7 @@ install:
install -m 755 db/smt-schema-upgrade $(DESTDIR)/usr/bin/
install -m 755 script/changeSMTUserPermissions.sh $(DESTDIR)/usr/lib/SMT/bin/
install -m 755 script/reschedule-sync.sh $(DESTDIR)/usr/lib/SMT/bin/
install -m 755 tests/SMT/shareRegistration.pl $(DESTDIR)/usr/lib/SMT/bin/
install -m 755 script/clientSetup4SMT.sh $(DESTDIR)/srv/www/htdocs/repo/tools/
install -m 644 www/repo/res-signingkeys.key $(DESTDIR)/srv/www/htdocs/repo/keys/
install -m 644 cron/novell.com-smt $(DESTDIR)/etc/cron.d/
@@ -187,6 +189,7 @@ dist: clean
@cp doc/README-SCC $(NAME)-$(VERSION)/doc/

@cp tests/*.pl $(NAME)-$(VERSION)/tests/
@cp tests/SMT/shareRegistration.pl $(NAME)-$(VERSION)/tests/SMT
@cp tests/SMT/Mirror/*.pl $(NAME)-$(VERSION)/tests/SMT/Mirror/
@cp -r tests/testdata/regdatatest/* $(NAME)-$(VERSION)/tests/testdata/regdatatest/
@cp script/* $(NAME)-$(VERSION)/script/
@@ -1,3 +1,25 @@
-------------------------------------------------------------------
Sat Apr 30 08:05:19 EDT 2016 - rjschwei@suse.com

- SMT HA functionality for Cloud setup
+ Enable registration sharing between SMT servers that are configured
as sibling servers
+ New configuration options
~ cloudGuestVerify - enables a verification plugin to check if access
should be granted
~ acceptRegistrationSharing - set IP or DNS name indicating from
which server sharing requests should be
accepted
~ shareRegistrations - set IP or DNS name indicating the servers that
should receive shared registration requests
~ siblingCertDir - location where the sibling certs may be stored
+ Example implementation of verification code
+ Support deletion of registrations on the sibling server(s) in
smt-delete-registration
+ HA functionality is encapsulated in -ha sub-package
+ Implement plugin mechanism to allow cloud specific functionality
to be maintained separately

-------------------------------------------------------------------
Tue Apr 26 16:27:45 CEST 2016 - mc@suse.de

@@ -63,6 +63,36 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
This package provide everything you need to get a local NU and
registration proxy.

%package ha
Summary: SMT HA setup
Group: Productivity/Networking/Web/Proxy
PreReq: smt = %version
Requires: perl-File-Touch
Requires: perl-File-Slurp
Requires: perl-XML-LibXML

%description ha
This package extends the basic SMT functionality with registration sharing
capabilities. This allows 2 or more SMT servers running at the same time to
share the registrations they receive. The following smt.conf options are
used.

#
# This string is used to verify that any sender trying to share a
# registration is allowed to do so. Provide a comma separated list of
# names or IP addresses.
acceptRegistrationSharing=
#
# This string is used to set the host names and or IP addresses of sibling
# SMT servers to which the registration data should be sent. For multiple
# siblings provide a comma separated list.
shareRegistrations=
#
# This string provides information for SSL verification of teh siblings.
# Certificates for the siblings should reside in the given directory.
# If not defined siblings are assumed to have the same CA as this server
siblingCertDir=

%package -n res-signingkeys
Summary: Signing Key for RES
Group: Productivity/Security
@@ -225,6 +255,7 @@ fi
%exclude %{_sysconfdir}/apache2/conf.d/smt_support.conf
%config %{_sysconfdir}/cron.d/novell.com-smt
%config %{_sysconfdir}/logrotate.d/smt
%exclude %{perl_vendorlib}/SMT/RegistrationSharing.pm
%{perl_vendorlib}/SMT.pm
%{perl_vendorlib}/SMT/*.pm
%{perl_vendorlib}/SMT/Job/*.pm
@@ -236,12 +267,15 @@ fi
%{perl_vendorarch}/auto/Sys/GRP/*.so
/srv/www/perl-lib/NU/*.pm
/srv/www/perl-lib/SMT/*.pm
%exclude /srv/www/perl-lib/SMT/Client/exampleVerify.pm
/srv/www/perl-lib/SMT/Client/*.pm
%exclude /srv/www/perl-lib/SMT/Support.pm
%{_sbindir}/smt-*
%exclude %{_sbindir}/smt-support
%exclude /usr/sbin/smt-sibling-sync
%{_sbindir}/smt
%{_libexecdir}/SMT/bin/*
%exclude %{_libexecdir}/SMT/bin/shareRegistration.pl
%{_bindir}/smt*
%{_libexecdir}/systemd/system/smt.target
%{_libexecdir}/systemd/system/smt.service
@@ -254,6 +288,13 @@ fi
%exclude %{_mandir}/man1/smt-support.1.gz
%doc %{_docdir}/smt/*

%files ha
%defattr(-,root,root)
/srv/www/perl-lib/SMT/Client/exampleVerify.pm
/usr/lib/SMT/bin/shareRegistration.pl
%{perl_vendorlib}/SMT/RegistrationSharing.pm
%{_sbindir}/smt-sibling-sync

%files -n res-signingkeys
%defattr(-,root,root)
%dir %attr(755, smt, www)/srv/www/htdocs/repo/keys
@@ -0,0 +1,91 @@
#!/usr/bin/perl

###############################################################################
## Copyright (c) 2016 SUSE LLC
###############################################################################

use strict;
use warnings;
use Getopt::Long;
use SMT::Utils;
use SMT::RegistrationSharing;

if(!SMT::Utils::dropPrivileges())
{
print STDERR __("Unable to drop privileges. Abort!\n");
exit 1;
}

my $help = 0;
my $logfile = "/dev/null";

my $optres = GetOptions ("logfile|L=s" => \$logfile,
"help|h" => \$help
);

if($help) {
print basename($0) . __(" [OPTIONS]\n");
print __("Sync this SMT server with its configured siblings\n");
print "\n";
print __("Options:\n");
print " --logfile (-L) <file> : " . __("Path to logfile")."\n";
exit 0;
}

my $log = SMT::Utils::openLog($logfile);

my $dbh = SMT::Utils::db_connect();
my $statement = 'SELECT GUID from Registration';
my $guids = $dbh->selectcol_arrayref($statement);

if (! $guids) {
print "This server has no registrations, nothing to do\n";
exit 0;
}

for my $guid (@{$guids}) {
SMT::RegistrationSharing::shareRegistration($guid, $log);
}

#
# Manpage
#

=head1 NAME
smt-sibling-sync
=head1 SYNOPSIS
smt-sibling-sync
=head1 DESCRIPTION
I<smt-sibling-sync> syncs all registered clients with the configured sibling SMT server(s). The sibling SMT server(s) are configured with the shareRegistrations configuration option.
=head1 OPTIONS
None
=head1 AUTHORS and CONTRIBUTORS
Robert Schweikert
=head1 LICENSE
Copyright (c) 2016 SUSE LLC
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 675 Mass
Ave, Cambridge, MA 02139, USA.
=cut
@@ -0,0 +1,84 @@
#!/usr/bin/perl
use warnings;
use strict;

use Data::Dumper;
use Config::IniFiles;
use Getopt::Long;
use SMT::Utils;
use WWW::Curl::Easy;

my $smtHost;
my $config;
GetOptions ('config=s' => \$config,
'host=s' => \$smtHost);

if (! $smtHost && ! $config) {
my $msg = 'Must specify the target SMT server with --host or config '
. "file with --config.\n";
print $msg;
exit 1;
}

if ($config && ! -f $config) {
print "could not find configuration file '$config'\n";
exit 1;
}

my $regInfo = "<?xml version='1.0' encoding='UTF-8'?>"
. "<registrationData>"
. "<tableData table='Clients'>"
. "<entry comulmnName='NAMESPACE' value=''/>"
. "<entry comulmnName='HOSTNAME' value='smt-client'/>"
. "<entry comulmnName='TARGET' value='sle-11-x86_64'/>"
. "<entry comulmnName='GUID' value='03a8f41f176d4776aed0ea2263ea82c4'/>"
. "<entry comulmnName='SECRET' value='efaf1ed2f80a4548b4904dc5888f9958'/>"
. "<entry comulmnName='DESCRIPTION' value=''/>"
. "<entry comulmnName='REGTYPE' value='SR'/>"
. "<entry comulmnName='LASTCONTACT' value='2014-08-27 13:41:11'/>"
. "</tableData>"
. "<tableData table='Registration'>"
. "<entry comulmnName='REGDATE' value='2014-08-26 09:58:15'/>"
. "<entry comulmnName='NCCREGERROR' value='0'/>"
. "<entry comulmnName='NCCREGDATE' value=''/>"
. "<entry comulmnName='GUID' value='03a8f41f176d4776aed0ea2263ea82c4'/>"
. "<entry comulmnName='PRODUCTID' value='100550'/>"
. "</tableData>"
. "</registrationData>";

my $shareRegDataTargets;
my $certPath;

if ($config) {
my $cfg = new Config::IniFiles( -file => $config );
$shareRegDataTargets = $cfg->val('LOCAL', 'shareRegistrations');
if (! $shareRegDataTargets) {
print "No registration sharing configured in '$config'\n";
exit 1;
}
$certPath = $cfg->val('LOCAL', 'siblingCertDir');
}
else {
$shareRegDataTargets = $smtHost;
}

my @smtSiblings = split /,/, $shareRegDataTargets;
for my $smtServer (@smtSiblings) {
my $ua = SMT::Utils::createUserAgent();
if ($certPath) {
$ua->setopt(CURLOPT_CAPATH, $certPath);
}
my $url = "https://$smtServer/center/regsvc"
. '?command=shareregistration'
. '&lang=en-US&version=1.0';
my $response = $ua->post($url, Content=>$regInfo);

if (! $response->is_success) {
my $dd = Data::Dumper->new([ $response ]);
print $dd->Dump();
print "Test FAILED for host '$smtServer'\n";
}
else {
print "SUCCESS for host '$smtServer'\n";
}
}
@@ -13,7 +13,26 @@ sub verifyGuest {
my $regroot = shift;
# Insert code to connect to cloud framework and verify the guest
# return 1 for successful verification, undef for verification failure
# $r -> the request, i.e an Apache request object
# http://perl.apache.org/docs/2.0/api/Apache2/RequestRec.html
# $regroot -> HASHREF containing information sent by the client.
return 1;
}

sub verifySCCGuest {

my $self = shift;
my $r = shift;
my $clntData = shift;
my $result = shift;
# Insert code to connect to cloud framework and verify the guest
# return the result HASHREF for successful verification, undef for
# verification failure
# $r -> the request, i.e an Apache request object
# http://perl.apache.org/docs/2.0/api/Apache2/RequestRec.html
# $clntData -> data received from the client
# $result -> HASHREF of results of various previous operations
return $result;
}

1;
Oops, something went wrong.

0 comments on commit 7f826e3

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.