Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support starting Tarantool server with SSL
Browse files Browse the repository at this point in the history 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up #22
@DifferentialOrange
DifferentialOrange committed Aug 24, 2022
1 parent 8b72969 commit 6f934fc
Showing 1 changed file with 42 additions and 1 deletion.
43 changes: 42 additions & 1 deletion asynctnt/instance.py
View file
Original file line number Diff line number Diff line change
@@ -26,6 +26,7 @@
)

from asynctnt.utils import get_running_loop
from asynctnt.const import Transport

VERSION_STRING_REGEX = re.compile(r'\s*([\d.]+).*')

@@ -90,6 +91,11 @@ class TarantoolInstance(metaclass=abc.ABCMeta):
def __init__(self, *,
host='127.0.0.1',
port=3301,
transport=Transport.DEFAULT,
ssl_key_file=None,
ssl_cert_file=None,
ssl_ca_file=None,
ssl_ciphers=None,
console_host=None,
console_port=3302,
replication_source=None,
@@ -113,6 +119,22 @@ def __init__(self, *,
to be listening on (default = 127.0.0.1)
:param port: The port which Tarantool instance is going
to be listening on (default = 3301)
:param transport:
This parameter can be used to configure traffic encryption.
Pass ``asynctnt.Transport.SSL`` value to enable SSL
encryption (by default there is no encryption)
:param str ssl_key_file:
A path to a private SSL key file.
Mandatory if server uses SSL encryption
:param str ssl_cert_file:
A path to an SSL certificate file.
Mandatory if server uses SSL encryption
:param str ssl_ca_file:
A path to a trusted certificate authorities (CA) file.
Optional
:param str ssl_ciphers:
A colon-separated (:) list of SSL cipher suites
the server can use. Optional
:param console_host: The host which Tarantool console is going
to be listening on (to execute admin commands)
(default = host)
@@ -147,6 +169,11 @@ def __init__(self, *,

self._host = host
self._port = port
self._parameter_transport = transport
self._ssl_key_file = ssl_key_file
self._ssl_cert_file = ssl_cert_file
self._ssl_ca_file = ssl_ca_file
self._ssl_ciphers = ssl_ciphers
self._console_host = console_host or host
self._console_port = console_port
self._replication_source = replication_source
@@ -248,7 +275,7 @@ def _create_initlua_template(self):
return check_version_internal(expected, version)
end
local cfg = {
listen = "${host}:${port}",
listen = "${host}:${port}${listen_params}",
wal_mode = "${wal_mode}",
custom_proc_title = "${custom_proc_title}",
slab_alloc_arena = ${slab_alloc_arena},
@@ -289,9 +316,23 @@ def _render_initlua(self):
if self._specify_work_dir:
work_dir = '"' + self._root + '"'

listen_params = ''
if self._parameter_transport == Transport.SSL:
listen_params = "?transport=ssl&"
if self._ssl_key_file:
listen_params += "ssl_key_file={}&".format(self._ssl_key_file)
if self._ssl_cert_file:
listen_params += "ssl_cert_file={}&".format(self._ssl_cert_file)
if self._ssl_ca_file:
listen_params += "ssl_ca_file={}&".format(self._ssl_ca_file)
if self._ssl_ciphers:
listen_params += "ssl_ciphers={}&".format(self._ssl_ciphers)
listen_params = listen_params[:-1]

d = {
'host': self._host,
'port': self._port,
'listen_params': listen_params,
'console_host': self._console_host,
'console_port': self._console_port,
'wal_mode': self._wal_mode,

0 comments on commit 6f934fc

Please sign in to comment.