openstack/ironic-inspector
Code Issues Proposed changes
master
ironic-inspector/ironic_inspector/wsgi_service.py
Dmitry Tantsur 3ebfdf05e1 Support listening on a Unix socket 
When using nginx to terminate TLS (like it's done in Bifrost), it's more
secure to use a Unix socket for communication, so that local users
cannot access plain text communication.

Change-Id: I37b762cca035b5855deb92635c29e8eb97a87c20
2022-02-01 10:30:11 +01:00

76 lines
2.4 KiB
Python
Raw Permalink Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import socket
from ironic_lib import utils as il_utils
from oslo_config import cfg
from oslo_log import log
from oslo_service import service
from oslo_service import wsgi
from ironic_inspector import main
LOG = log.getLogger(__name__)
CONF = cfg.CONF
class WSGIService(service.Service):
"""Provides ability to launch API from wsgi app."""
def __init__(self):
self.app = main.get_app()
if CONF.listen_unix_socket:
il_utils.unlink_without_raise(CONF.listen_unix_socket)
self.server = wsgi.Server(CONF, 'ironic_inspector',
self.app,
socket_family=socket.AF_UNIX,
socket_file=CONF.listen_unix_socket,
socket_mode=CONF.listen_unix_socket_mode,
use_ssl=CONF.use_ssl)
else:
self.server = wsgi.Server(CONF, 'ironic_inspector',
self.app,
host=CONF.listen_address,
port=CONF.listen_port,
use_ssl=CONF.use_ssl)
def start(self):
"""Start serving this service using loaded configuration.
:returns: None
"""
self.server.start()
def stop(self):
"""Stop serving this API.
:returns: None
"""
self.server.stop()
if CONF.listen_unix_socket:
il_utils.unlink_without_raise(CONF.listen_unix_socket)
def wait(self):
"""Wait for the service to stop serving this API.
:returns: None
"""
self.server.wait()
def reset(self):
"""Reset server greenpool size to default.
:returns: None
"""
self.server.reset()
View Git Blame Copy Permalink