Revision 040da586
Added by Anna Vitova almost 3 years ago
config/settings.d/tftp.yml.example | ||
---|---|---|
# Defines the default dns timeout in seconds needed to download tftp artifacts
|
||
# like initrd and vmlinuz. Default value 10 seconds
|
||
#:tftp_dns_timeout: 10
|
||
|
||
# Defines the default certificate action for certificate checking.
|
||
# When false, the argument --no-check-certificate will be used.
|
||
#:verify_server_cert: true
|
lib/proxy/http_download.rb | ||
---|---|---|
DEFAULT_CONNECT_TIMEOUT = 10
|
||
DEFAULT_DNS_TIMEOUT = 10
|
||
|
||
def initialize(src, dst, read_timeout = nil, connect_timeout = nil, dns_timeout = nil)
|
||
def initialize(src, dst, read_timeout = nil, connect_timeout = nil, dns_timeout = nil, verify_server_cert = false)
|
||
@dst = dst
|
||
wget = which("wget")
|
||
read_timeout ||= DEFAULT_READ_TIMEOUT
|
||
dns_timeout ||= DEFAULT_CONNECT_TIMEOUT
|
||
connect_timeout ||= DEFAULT_DNS_TIMEOUT
|
||
|
||
super([wget,
|
||
"--connect-timeout=#{connect_timeout}",
|
||
"--dns-timeout=#{dns_timeout}",
|
||
"--read-timeout=#{read_timeout}",
|
||
"--tries=3",
|
||
"--no-check-certificate",
|
||
"-nv", "-c", src.to_s, "-O", dst.to_s])
|
||
args = [wget, "--connect-timeout=#{connect_timeout}",
|
||
"--dns-timeout=#{dns_timeout}",
|
||
"--read-timeout=#{read_timeout}",
|
||
"--tries=3", "-nv", "-c", src.to_s, "-O", dst.to_s]
|
||
args << "--no-check-certificate" unless verify_server_cert
|
||
super(args)
|
||
end
|
||
|
||
def start
|
modules/tftp/server.rb | ||
---|---|---|
destination.to_s,
|
||
Proxy::TFTP::Plugin.settings.tftp_read_timeout,
|
||
Proxy::TFTP::Plugin.settings.tftp_connect_timeout,
|
||
Proxy::TFTP::Plugin.settings.tftp_dns_timeout).start
|
||
Proxy::TFTP::Plugin.settings.tftp_dns_timeout,
|
||
Proxy::TFTP::Plugin.settings.verify_server_cert).start
|
||
|
||
when 'nfs'
|
||
logger.debug "NFS as a protocol for installation medium detected."
|
||
else
|
modules/tftp/tftp_plugin.rb | ||
---|---|---|
default_settings :tftproot => '/var/lib/tftpboot',
|
||
:tftp_read_timeout => 60,
|
||
:tftp_connect_timeout => 10,
|
||
:tftp_dns_timeout => 10
|
||
:tftp_dns_timeout => 10,
|
||
:verify_server_cert => true
|
||
|
||
expose_setting :tftp_servername
|
||
end
|
test/http_download_test.rb | ||
---|---|---|
"--connect-timeout=#{default_connect}",
|
||
"--dns-timeout=#{default_dns}",
|
||
"--read-timeout=#{default_read}",
|
||
"--tries=3", "--no-check-certificate", "-nv", "-c", "src", "-O", "dst"]
|
||
"--tries=3", "-nv", "-c", "src", "-O", "dst", "--no-check-certificate"]
|
||
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
assert_equal expected, Proxy::HttpDownload.new('src', 'dst').command
|
||
end
|
||
|
||
def test_should_construct_escaped_wget_command_true
|
||
default_read = Proxy::HttpDownload::DEFAULT_READ_TIMEOUT
|
||
default_connect = Proxy::HttpDownload::DEFAULT_CONNECT_TIMEOUT
|
||
default_dns = Proxy::HttpDownload::DEFAULT_DNS_TIMEOUT
|
||
|
||
expected = ["/wget",
|
||
"--connect-timeout=#{default_connect}",
|
||
"--dns-timeout=#{default_dns}",
|
||
"--read-timeout=#{default_read}",
|
||
"--tries=3", "-nv", "-c", "src", "-O", "dst"]
|
||
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', nil, nil, nil, true).command
|
||
end
|
||
|
||
def test_should_construct_escaped_wget_command_only_read
|
||
default_connect = Proxy::HttpDownload::DEFAULT_CONNECT_TIMEOUT
|
||
default_dns = Proxy::HttpDownload::DEFAULT_DNS_TIMEOUT
|
||
... | ... | |
"--connect-timeout=#{default_connect}",
|
||
"--dns-timeout=#{default_dns}",
|
||
"--read-timeout=#{read_timeout}",
|
||
"--tries=3", "--no-check-certificate", "-nv", "-c", "src", "-O", "dst"]
|
||
"--tries=3", "-nv", "-c", "src", "-O", "dst", "--no-check-certificate"]
|
||
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, nil, nil).command
|
||
end
|
||
|
||
def test_should_construct_escaped_wget_command_only_read_true
|
||
default_connect = Proxy::HttpDownload::DEFAULT_CONNECT_TIMEOUT
|
||
default_dns = Proxy::HttpDownload::DEFAULT_DNS_TIMEOUT
|
||
|
||
read_timeout = 1000
|
||
expected = ["/wget",
|
||
"--connect-timeout=#{default_connect}",
|
||
"--dns-timeout=#{default_dns}",
|
||
"--read-timeout=#{read_timeout}",
|
||
"--tries=3", "-nv", "-c", "src", "-O", "dst"]
|
||
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, nil, nil, true).command
|
||
end
|
||
|
||
def test_should_construct_escaped_wget_command_all_timeout_options
|
||
read_timeout = 1000
|
||
connect_timeout = 99
|
||
... | ... | |
"--connect-timeout=#{connect_timeout}",
|
||
"--dns-timeout=#{dns_timeout}",
|
||
"--read-timeout=#{read_timeout}",
|
||
"--tries=3", "--no-check-certificate", "-nv", "-c", "src", "-O", "dst"]
|
||
"--tries=3", "-nv", "-c", "src", "-O", "dst", "--no-check-certificate"]
|
||
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, connect_timeout, dns_timeout).command
|
||
end
|
||
|
||
def test_should_construct_escaped_wget_command_all_timeout_options_true
|
||
read_timeout = 1000
|
||
connect_timeout = 99
|
||
dns_timeout = 27
|
||
expected = ["/wget",
|
||
"--connect-timeout=#{connect_timeout}",
|
||
"--dns-timeout=#{dns_timeout}",
|
||
"--read-timeout=#{read_timeout}",
|
||
"--tries=3", "-nv", "-c", "src", "-O", "dst"]
|
||
Proxy::HttpDownload.any_instance.stubs(:which).returns('/wget')
|
||
assert_equal expected, Proxy::HttpDownload.new('src', 'dst', read_timeout, connect_timeout, dns_timeout, true).command
|
||
end
|
||
|
||
def test_should_skip_download_if_one_is_in_progress
|
||
locked = Proxy::FileLock.try_locking(tmp('other'))
|
||
assert_equal false, Proxy::HttpDownload.new('src', locked.path).start
|
test/tftp/tftp_test.rb | ||
---|---|---|
tftp_read_timeout = "1000"
|
||
tftp_connect_timeout = "40"
|
||
tftp_dns_timeout = "14300"
|
||
verify_server_cert = false
|
||
Proxy::TFTP::Plugin.load_test_settings(
|
||
:tftp_read_timeout => tftp_read_timeout,
|
||
:tftp_connect_timeout => tftp_connect_timeout,
|
||
:tftp_dns_timeout => tftp_dns_timeout
|
||
:tftp_dns_timeout => tftp_dns_timeout,
|
||
:verify_server_cert => verify_server_cert
|
||
)
|
||
|
||
::Proxy::HttpDownload.expects(:new).returns(stub('tftp', :start => true)).
|
||
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout)
|
||
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout, verify_server_cert)
|
||
|
||
Proxy::TFTP.choose_protocol_and_fetch src, dst
|
||
end
|
||
... | ... | |
src = "https://proxy.test"
|
||
dst = "/destination"
|
||
tftp_read_timeout = "1000"
|
||
verify_server_cert = true
|
||
tftp_connect_timeout = Proxy::TFTP::Plugin.settings.tftp_connect_timeout
|
||
tftp_dns_timeout = Proxy::TFTP::Plugin.settings.tftp_dns_timeout
|
||
|
||
Proxy::TFTP::Plugin.load_test_settings(:tftp_read_timeout => tftp_read_timeout)
|
||
|
||
::Proxy::HttpDownload.expects(:new).returns(stub('tftp', :start => true)).
|
||
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout)
|
||
with(src, dst, tftp_read_timeout, tftp_connect_timeout, tftp_dns_timeout, verify_server_cert)
|
||
|
||
Proxy::TFTP.choose_protocol_and_fetch src, dst
|
||
end
|
Also available in: Unified diff
fixes #18936 - Check server certs in the TFTP module