From 7663c48d9d2189aa211c98d3bc1ea3341b7908d7 Mon Sep 17 00:00:00 2001 From: royrusso Date: Thu, 14 Nov 2019 10:57:28 -0500 Subject: [PATCH 1/2] - v3.5.7 rel. Fixes #479 --- elastichq/config/settings.py | 4 +- elastichq/service/ConnectionService.py | 39 ++++++++++++++---- example/docker-compose-local-dev.yml | 57 ++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 11 deletions(-) create mode 100644 example/docker-compose-local-dev.yml diff --git a/elastichq/config/settings.py b/elastichq/config/settings.py index af0f32c4..be7004ea 100644 --- a/elastichq/config/settings.py +++ b/elastichq/config/settings.py @@ -62,7 +62,7 @@ class TestSettings(BaseSettings): # static HQ_SITE_URL = 'http://elastichq.org' HQ_GH_URL = 'https://github.com/ElasticHQ/elasticsearch-HQ' - API_VERSION = 'v3.5.6' + API_VERSION = 'v3.5.7' ES_TEST_INDEX_NAME = 'cars' @@ -105,7 +105,7 @@ class ProdSettings(BaseSettings): # static HQ_SITE_URL = 'http://elastichq.org' HQ_GH_URL = 'https://github.com/ElasticHQ/elasticsearch-HQ' - API_VERSION = '3.5.6' + API_VERSION = '3.5.7' SERVER_NAME = None # cluster settings: specific settings for each cluster and how HQ should handle it. diff --git a/elastichq/service/ConnectionService.py b/elastichq/service/ConnectionService.py index dd69c5e2..33d4ccf8 100644 --- a/elastichq/service/ConnectionService.py +++ b/elastichq/service/ConnectionService.py @@ -38,7 +38,8 @@ def ping(self, ip, port, scheme='http'): def create_connection(self, ip, port, scheme='http', username=None, password=None, fail_on_exception=False, enable_ssl=False, ca_certs=None, verify_certs=True, client_cert=None, client_key=None): """ - Creates a connection with a cluster and place the connection inside of a connection pool, using the cluster_name as an alias. + Creates a connection with a cluster and place the connection inside of a connection pool, using the + cluster_name as an alias. :param client_cert: :param client_key: :param verify_certs: @@ -46,12 +47,16 @@ def create_connection(self, ip, port, scheme='http', username=None, password=Non :param port: :param scheme: :param fail_on_exception: If we should raise an exception on a failed connection - :param ca_certs: Frome the requests docs: "verify: (optional) Either a boolean, in which case it controls whether we verify + :param ca_certs: Frome the requests docs: "verify: (optional) Either a boolean, in which case it controls + whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use. Defaults to ``True``." :return: """ try: + LOG.info('Verify: ' + str(verify_certs)) + LOG.info('Cert File: ' + str(ca_certs)) + is_basic_auth = False # clean the params @@ -64,13 +69,19 @@ def create_connection(self, ip, port, scheme='http', username=None, password=Non client_cert_credentials = None if client_cert is None or client_key is None else (client_cert, client_key) - # determine version first if is_basic_auth is True: LOG.info("Basic Auth is True") if enable_ssl: LOG.info("SSL enabled") - response = requests.get(scheme + "://" + ip + ":" + port, auth=(username, password), - timeout=REQUEST_TIMEOUT, verify=ca_certs, cert=client_cert_credentials) + if verify_certs is False: + LOG.info("Verify Certs is False") + response = requests.get(scheme + "://" + ip + ":" + port, auth=(username, password), + timeout=REQUEST_TIMEOUT, verify=verify_certs, + cert=client_cert_credentials) + else: + LOG.info("Verify Certs is True") + response = requests.get(scheme + "://" + ip + ":" + port, auth=(username, password), + timeout=REQUEST_TIMEOUT, verify=ca_certs, cert=client_cert_credentials) else: LOG.info("SSL disabled") response = requests.get(scheme + "://" + ip + ":" + port, auth=(username, password), @@ -79,13 +90,21 @@ def create_connection(self, ip, port, scheme='http', username=None, password=Non LOG.info("Basic Auth is False") if enable_ssl: LOG.info("SSL enabled") - response = requests.get(scheme + "://" + ip + ":" + port, timeout=REQUEST_TIMEOUT, verify=ca_certs, cert=client_cert_credentials) + if verify_certs is False: + LOG.info("Verify Certs is False") + response = requests.get(scheme + "://" + ip + ":" + port, timeout=REQUEST_TIMEOUT, + verify=verify_certs, cert=client_cert_credentials) + else: + LOG.info("Verify Certs is True") + response = requests.get(scheme + "://" + ip + ":" + port, timeout=REQUEST_TIMEOUT, + verify=ca_certs, cert=client_cert_credentials) else: LOG.info("SSL disabled") response = requests.get(scheme + "://" + ip + ":" + port, timeout=REQUEST_TIMEOUT) if response.status_code == 401: - message = "Unable to create connection! Server returned 401 - UNAUTHORIZED: " + scheme + "://" + ip + ":" + port + message = "Unable to create connection! Server returned 401 - UNAUTHORIZED: " + scheme + "://" + ip +\ + ":" + port raise ConnectionNotAuthorized(message=message) content = json.loads(response.content.decode('utf-8')) @@ -156,10 +175,12 @@ def get_connections(self, create_if_missing=True): def get_connection(self, cluster_name, create_if_missing=True): """ - Interface for cluster connection pool object. If a connection does not exist, it will attempt to create it, using what is stored in the database. If it cannot find the connection + Interface for cluster connection pool object. If a connection does not exist, it will attempt to create it, + using what is stored in the database. If it cannot find the connection or cannot create one from the database, it will throw a ConnectionNotFoundException :param cluster_name: - :param create_if_missing: Will create the connection in the connection pool AND the persistence layer if it does not exist. + :param create_if_missing: Will create the connection in the connection pool AND the persistence layer if it + does not exist. :return: """ try: diff --git a/example/docker-compose-local-dev.yml b/example/docker-compose-local-dev.yml new file mode 100644 index 00000000..9898f814 --- /dev/null +++ b/example/docker-compose-local-dev.yml @@ -0,0 +1,57 @@ +################################################################################################################ +# Use this file to build from local source. Note you have to 'docker system prune -a' on code changes. +# Sample docker-compose file that will allow for connecting ES and HQ between separate containers +# Note that the container_name (elasticsearch) is used as a default connection url in the HQ settings. +################################################################################################################ + +version: '3' +services: + elastichq: + build: + context: ../ + dockerfile: Dockerfile + container_name: elastichq + environment: + - HQ_DEFAULT_URL=http://elasticsearch:9200 + - HQ_DEBUG=True +# - HQ_ENABLE_SSL=True +# - HQ_VERIFY_CERTS=False +# - HQ_CA_CERTS=/usr/local/share/ca-certificates/MYCA.crt + ports: + - 5000:5000 + networks: + - esnet + + elasticsearch: + image: elasticsearch:2.4.6 + container_name: elasticsearch + environment: + - cluster.name=elasticsearch + - node.name=node_1 + - network.host=0.0.0.0 + - network.publish_host=0.0.0.0 + - bootstrap.memory_lock=true + - http.cors.enabled=true + - http.cors.allow-origin=* + - http.host=0.0.0.0 + - transport.host=0.0.0.0 + - bootstrap.system_call_filter=false + - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + volumes: + - esdata1:/usr/share/elasticsearch/data + ports: + - 9200:9200 + - 9300:9300 + ulimits: + memlock: + soft: -1 + hard: -1 + networks: + - esnet + +volumes: + esdata1: + driver: local +networks: + esnet: + driver: bridge \ No newline at end of file From 3e43c7ed9124c53a5c3e029089ebf3bdb47bb0ea Mon Sep 17 00:00:00 2001 From: royrusso Date: Thu, 14 Nov 2019 10:59:11 -0500 Subject: [PATCH 2/2] - v3.5.7 rel. Fixes #479 --- example/docker-compose-local-dev.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/example/docker-compose-local-dev.yml b/example/docker-compose-local-dev.yml index 9898f814..505764ae 100644 --- a/example/docker-compose-local-dev.yml +++ b/example/docker-compose-local-dev.yml @@ -1,5 +1,5 @@ ################################################################################################################ -# Use this file to build from local source. Note you have to 'docker system prune -a' on code changes. +# Use this file to build from local source. Note you have to 'docker system prune -a' on code changes or 'docker-compose build' # Sample docker-compose file that will allow for connecting ES and HQ between separate containers # Note that the container_name (elasticsearch) is used as a default connection url in the HQ settings. ################################################################################################################ @@ -14,9 +14,9 @@ services: environment: - HQ_DEFAULT_URL=http://elasticsearch:9200 - HQ_DEBUG=True -# - HQ_ENABLE_SSL=True -# - HQ_VERIFY_CERTS=False -# - HQ_CA_CERTS=/usr/local/share/ca-certificates/MYCA.crt + # - HQ_ENABLE_SSL=True + # - HQ_VERIFY_CERTS=False + # - HQ_CA_CERTS=/usr/local/share/ca-certificates/MYCA.crt ports: - 5000:5000 networks: