1
0
mirror of https://github.com/GNS3/gns3-server synced 2024-12-01 04:38:12 +00:00

Fix SSL support for controller and local compute. Fixes #1826

This commit is contained in:
grossmj 2020-10-27 23:25:19 +10:30
parent 5dab0c2587
commit b6a021dabd
3 changed files with 26 additions and 9 deletions

View File

@ -81,16 +81,23 @@ class Controller:
name = "Main server" name = "Main server"
computes = self._load_controller_settings() computes = self._load_controller_settings()
from gns3server.web.web_server import WebServer
ssl_context = WebServer.instance().ssl_context()
protocol = server_config.get("protocol", "http")
if ssl_context and protocol != "https":
log.warning("Protocol changed to 'https' for local compute because SSL is enabled".format(port))
protocol = "https"
try: try:
self._local_server = await self.add_compute(compute_id="local", self._local_server = await self.add_compute(compute_id="local",
name=name, name=name,
protocol=server_config.get("protocol", "http"), protocol=protocol,
host=host, host=host,
console_host=console_host, console_host=console_host,
port=port, port=port,
user=server_config.get("user", ""), user=server_config.get("user", ""),
password=server_config.get("password", ""), password=server_config.get("password", ""),
force=True) force=True,
ssl_context=ssl_context)
except aiohttp.web.HTTPConflict: except aiohttp.web.HTTPConflict:
log.fatal("Cannot access to the local server, make sure something else is not running on the TCP port {}".format(port)) log.fatal("Cannot access to the local server, make sure something else is not running on the TCP port {}".format(port))
sys.exit(1) sys.exit(1)

View File

@ -57,7 +57,8 @@ class Compute:
A GNS3 compute. A GNS3 compute.
""" """
def __init__(self, compute_id, controller=None, protocol="http", host="localhost", port=3080, user=None, password=None, name=None, console_host=None): def __init__(self, compute_id, controller=None, protocol="http", host="localhost",
port=3080, user=None, password=None, name=None, console_host=None, ssl_context=None):
self._http_session = None self._http_session = None
assert controller is not None assert controller is not None
log.info("Create compute %s", compute_id) log.info("Create compute %s", compute_id)
@ -81,6 +82,7 @@ class Compute:
self._cpu_usage_percent = None self._cpu_usage_percent = None
self._memory_usage_percent = None self._memory_usage_percent = None
self._last_error = None self._last_error = None
self._ssl_context = ssl_context
self._capabilities = { self._capabilities = {
"version": None, "version": None,
"node_types": [] "node_types": []
@ -92,7 +94,9 @@ class Compute:
def _session(self): def _session(self):
if self._http_session is None or self._http_session.closed is True: if self._http_session is None or self._http_session.closed is True:
self._http_session = aiohttp.ClientSession(connector=aiohttp.TCPConnector(limit=None, force_close=True)) self._http_session = aiohttp.ClientSession(connector=aiohttp.TCPConnector(limit=None,
force_close=True,
ssl_context=self._ssl_context))
return self._http_session return self._http_session
#def __del__(self): #def __del__(self):

View File

@ -64,6 +64,7 @@ class WebServer:
self._start_time = time.time() self._start_time = time.time()
self._running = False self._running = False
self._closing = False self._closing = False
self._ssl_context = None
@staticmethod @staticmethod
def instance(host=None, port=None): def instance(host=None, port=None):
@ -88,7 +89,6 @@ class WebServer:
return False return False
return True return True
async def reload_server(self): async def reload_server(self):
""" """
Reload the server. Reload the server.
@ -96,7 +96,6 @@ class WebServer:
await Controller.instance().reload() await Controller.instance().reload()
async def shutdown_server(self): async def shutdown_server(self):
""" """
Cleanly shutdown the server. Cleanly shutdown the server.
@ -147,6 +146,13 @@ class WebServer:
self._loop.stop() self._loop.stop()
def ssl_context(self):
"""
Returns the SSL context for the server.
"""
return self._ssl_context
def _signal_handling(self): def _signal_handling(self):
def signal_handler(signame, *args): def signal_handler(signame, *args):
@ -255,12 +261,12 @@ class WebServer:
server_config = Config.instance().get_section_config("Server") server_config = Config.instance().get_section_config("Server")
ssl_context = None self._ssl_context = None
if server_config.getboolean("ssl"): if server_config.getboolean("ssl"):
if sys.platform.startswith("win"): if sys.platform.startswith("win"):
log.critical("SSL mode is not supported on Windows") log.critical("SSL mode is not supported on Windows")
raise SystemExit raise SystemExit
ssl_context = self._create_ssl_context(server_config) self._ssl_context = self._create_ssl_context(server_config)
self._loop = asyncio.get_event_loop() self._loop = asyncio.get_event_loop()
@ -307,7 +313,7 @@ class WebServer:
log.info("Starting server on {}:{}".format(self._host, self._port)) log.info("Starting server on {}:{}".format(self._host, self._port))
self._handler = self._app.make_handler() self._handler = self._app.make_handler()
if self._run_application(self._handler, ssl_context) is False: if self._run_application(self._handler, self._ssl_context) is False:
self._loop.stop() self._loop.stop()
sys.exit(1) sys.exit(1)