Revision 040da586
Added by Anna Vitova almost 3 years ago
| config/settings.d/tftp.yml.example | ||
|---|---|---|
|
# Defines the default dns timeout in seconds needed to download tftp artifacts
|
||
|
# like initrd and vmlinuz. Default value 10 seconds
|
||
|
#:tftp_dns_timeout: 10
|
||
|
|
||
|
# Defines the default certificate action for certificate checking.
|
||
|
# When false, the argument --no-check-certificate will be used.
|
||
|
#:verify_server_cert: true
|
||
| lib/proxy/http_download.rb | ||
|---|---|---|
|
DEFAULT_CONNECT_TIMEOUT = 10
|
||
|
DEFAULT_DNS_TIMEOUT = 10
|
||
|
|
||
|
def initialize(src, dst, read_timeout = nil, connect_timeout = nil, dns_timeout = nil)
|
||
|
def initialize(src, dst, read_timeout = nil, connect_timeout = nil, dns_timeout = nil, verify_server_cert = false)
|
||
|
@dst = dst
|
||
|
wget = which("wget")
|
||
|
read_timeout ||= DEFAULT_READ_TIMEOUT
|
||
|
dns_timeout ||= DEFAULT_CONNECT_TIMEOUT
|
||
|
connect_timeout ||= DEFAULT_DNS_TIMEOUT
|
||
|
|
||
|
super([wget,
|
||
|
"--connect-timeout=#{connect_timeout}",
|
||
|
"--dns-timeout=#{dns_timeout}",
|
||
|
"--read-timeout=#{read_timeout}",
|
||
|
"--tries=3",
|
||
|
"--no-check-certificate",
|
||
|
"-nv", "-c", src.to_s, "-O", dst.to_s])
|
||
|
args = [wget, "--connect-timeout=#{connect_timeout}",
|
||
|
"--dns-timeout=#{dns_timeout}",
|
||
|
"--read-timeout=#{read_timeout}",
|
||
|
"--tries=3", "-nv", "-c", src.to_s, "-O", dst.to_s]
|
||
|
args << "--no-check-certificate" unless verify_server_cert
|
||
|
super(args)
|
||
|
end
|
||
|
|
||
|
def start
|
||
| modules/tftp/server.rb | ||
|---|---|---|
|
destination.to_s,
|
||
|
Proxy::TFTP::Plugin.settings.tftp_read_timeout,
|
||
|
Proxy::TFTP::Plugin.settings.tftp_connect_timeout,
|
||
|
Proxy::TFTP::Plugin.settings.tftp_dns_timeout).start
|
||
|
Proxy::TFTP::Plugin.settings.tftp_dns_timeout,
|
||
|
Proxy::TFTP::Plugin.settings.verify_server_cert).start
|
||
|
|
||
|
when 'nfs'
|
||
|
logger.debug "NFS as a protocol for installation medium detected."
|
||
|
else
|
||
| modules/tftp/tftp_plugin.rb | ||
|---|---|---|
|
default_settings :tftproot => '/var/lib/tftpboot',
|
||
|
:tftp_read_timeout => 60,
|
||
|
:tftp_connect_timeout => 10,
|
||
|
:tftp_dns_timeout => 10
|
||
|
:tftp_dns_timeout => 10,
|
||
|
:verify_server_cert => true
|
||
|
|
||
|
expose_setting :tftp_servername
|
||
|
end
|
||
| test/http_download_test.rb | ||
|---|---|---|
|
"--connect-timeout=#{default_connect}",
|
||
|
"--dns-timeout=#{default_dns}",
|
||
|
"--read-timeout=#{default_read}",
|
||
|
"--tries=3", "--no-check-certificate", "-nv", "-c", "src", "-O", "dst"]
|
||
|
"--tries=3", "-nv", "-c", "src", "-O", "dst", "--no-check-certificate"]
|
||
|
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
|
assert_equal expected, Proxy::HttpDownload.new('src', 'dst').command
|
||
|
end
|
||
|
|
||
|
def test_should_construct_escaped_wget_command_true
|
||
|
default_read = Proxy::HttpDownload::DEFAULT_READ_TIMEOUT
|
||
|
default_connect = Proxy::HttpDownload::DEFAULT_CONNECT_TIMEOUT
|
||
|
default_dns = Proxy::HttpDownload::DEFAULT_DNS_TIMEOUT
|
||
|
|
||
|
expected = ["/wget",
|
||
|
"--connect-timeout=#{default_connect}",
|
||
|
"--dns-timeout=#{default_dns}",
|
||
|
"--read-timeout=#{default_read}",
|
||
|
"--tries=3", "-nv", "-c", "src", "-O", "dst"]
|
||
|
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
|
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', nil, nil, nil, true).command
|
||
|
end
|
||
|
|
||
|
def test_should_construct_escaped_wget_command_only_read
|
||
|
default_connect = Proxy::HttpDownload::DEFAULT_CONNECT_TIMEOUT
|
||
|
default_dns = Proxy::HttpDownload::DEFAULT_DNS_TIMEOUT
|
||
| ... | ... | |
|
"--connect-timeout=#{default_connect}",
|
||
|
"--dns-timeout=#{default_dns}",
|
||
|
"--read-timeout=#{read_timeout}",
|
||
|
"--tries=3", "--no-check-certificate", "-nv", "-c", "src", "-O", "dst"]
|
||
|
"--tries=3", "-nv", "-c", "src", "-O", "dst", "--no-check-certificate"]
|
||
|
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
|
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, nil, nil).command
|
||
|
end
|
||
|
|
||
|
def test_should_construct_escaped_wget_command_only_read_true
|
||
|
default_connect = Proxy::HttpDownload::DEFAULT_CONNECT_TIMEOUT
|
||
|
default_dns = Proxy::HttpDownload::DEFAULT_DNS_TIMEOUT
|
||
|
|
||
|
read_timeout = 1000
|
||
|
expected = ["/wget",
|
||
|
"--connect-timeout=#{default_connect}",
|
||
|
"--dns-timeout=#{default_dns}",
|
||
|
"--read-timeout=#{read_timeout}",
|
||
|
"--tries=3", "-nv", "-c", "src", "-O", "dst"]
|
||
|
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
|
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, nil, nil, true).command
|
||
|
end
|
||
|
|
||
|
def test_should_construct_escaped_wget_command_all_timeout_options
|
||
|
read_timeout = 1000
|
||
|
connect_timeout = 99
|
||
| ... | ... | |
|
"--connect-timeout=#{connect_timeout}",
|
||
|
"--dns-timeout=#{dns_timeout}",
|
||
|
"--read-timeout=#{read_timeout}",
|
||
|
"--tries=3", "--no-check-certificate", "-nv", "-c", "src", "-O", "dst"]
|
||
|
"--tries=3", "-nv", "-c", "src", "-O", "dst", "--no-check-certificate"]
|
||
|
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
|
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, connect_timeout, dns_timeout).command
|
||
|
end
|
||
|
|
||
|
def test_should_construct_escaped_wget_command_all_timeout_options_true
|
||
|
read_timeout = 1000
|
||
|
connect_timeout = 99
|
||
|
dns_timeout = 27
|
||
|
expected = ["/wget",
|
||
|
"--connect-timeout=#{connect_timeout}",
|
||
|
"--dns-timeout=#{dns_timeout}",
|
||
|
"--read-timeout=#{read_timeout}",
|
||
|
"--tries=3", "-nv", "-c", "src", "-O", "dst"]
|
||
|
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
|
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, connect_timeout, dns_timeout, true).command
|
||
|
end
|
||
|
|
||
|
def test_should_skip_download_if_one_is_in_progress
|
||
|
locked = Proxy::FileLock.try_locking(tmp('other'))
|
||
|
assert_equal false, Proxy::HttpDownload.new('src', locked.path).start
|
||
| test/tftp/tftp_test.rb | ||
|---|---|---|
|
tftp_read_timeout = "1000"
|
||
|
tftp_connect_timeout = "40"
|
||
|
tftp_dns_timeout = "14300"
|
||
|
verify_server_cert = false
|
||
|
Proxy::TFTP::Plugin.load_test_settings(
|
||
|
:tftp_read_timeout => tftp_read_timeout,
|
||
|
:tftp_connect_timeout => tftp_connect_timeout,
|
||
|
:tftp_dns_timeout => tftp_dns_timeout
|
||
|
:tftp_dns_timeout => tftp_dns_timeout,
|
||
|
:verify_server_cert => verify_server_cert
|
||
|
)
|
||
|
|
||
|
::Proxy::HttpDownload.expects(:new).returns(stub('tftp', :start => true)).
|
||
|
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout)
|
||
|
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout, verify_server_cert)
|
||
|
|
||
|
Proxy::TFTP.choose_protocol_and_fetch src, dst
|
||
|
end
|
||
| ... | ... | |
|
src = "https://proxy.test"
|
||
|
dst = "/destination"
|
||
|
tftp_read_timeout = "1000"
|
||
|
verify_server_cert = true
|
||
|
tftp_connect_timeout = Proxy::TFTP::Plugin.settings.tftp_connect_timeout
|
||
|
tftp_dns_timeout = Proxy::TFTP::Plugin.settings.tftp_dns_timeout
|
||
|
|
||
|
Proxy::TFTP::Plugin.load_test_settings(:tftp_read_timeout => tftp_read_timeout)
|
||
|
|
||
|
::Proxy::HttpDownload.expects(:new).returns(stub('tftp', :start => true)).
|
||
|
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout)
|
||
|
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout, verify_server_cert)
|
||
|
|
||
|
Proxy::TFTP.choose_protocol_and_fetch src, dst
|
||
|
end
|
||
Also available in: Unified diff
fixes #18936 - Check server certs in the TFTP module