Skip to content

Commit

Permalink
Support starting Tarantool server with SSL
Browse files Browse the repository at this point in the history
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
  • Loading branch information
DifferentialOrange committed Aug 16, 2022
1 parent 4663bf1 commit dccc4a1
Showing 1 changed file with 42 additions and 1 deletion.
43 changes: 42 additions & 1 deletion asynctnt/instance.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
)

from asynctnt.utils import get_running_loop
from asynctnt.const import Transport

VERSION_STRING_REGEX = re.compile(r'\s*([\d.]+).*')

Expand Down Expand Up @@ -90,6 +91,11 @@ class TarantoolInstance(metaclass=abc.ABCMeta):
def __init__(self, *,
host='127.0.0.1',
port=3301,
transport=Transport.DEFAULT,
ssl_key_file=None,
ssl_cert_file=None,
ssl_ca_file=None,
ssl_ciphers=None,
console_host=None,
console_port=3302,
replication_source=None,
Expand All @@ -113,6 +119,22 @@ def __init__(self, *,
to be listening on (default = 127.0.0.1)
:param port: The port which Tarantool instance is going
to be listening on (default = 3301)
:param transport:
This parameter can be used to configure traffic encryption.
Pass ``asynctnt.Transport.SSL`` value to enable SSL
encryption (by default there is no encryption)
:param str ssl_key_file:
A path to a private SSL key file.
Mandatory if server uses SSL encryption
:param str ssl_cert_file:
A path to an SSL certificate file.
Mandatory if server uses SSL encryption
:param str ssl_ca_file:
A path to a trusted certificate authorities (CA) file.
Optional
:param str ssl_ciphers:
A colon-separated (:) list of SSL cipher suites
the server can use. Optional
:param console_host: The host which Tarantool console is going
to be listening on (to execute admin commands)
(default = host)
Expand Down Expand Up @@ -147,6 +169,11 @@ def __init__(self, *,

self._host = host
self._port = port
self._parameter_transport = transport
self._ssl_key_file = ssl_key_file
self._ssl_cert_file = ssl_cert_file
self._ssl_ca_file = ssl_ca_file
self._ssl_ciphers = ssl_ciphers
self._console_host = console_host or host
self._console_port = console_port
self._replication_source = replication_source
Expand Down Expand Up @@ -248,7 +275,7 @@ def _create_initlua_template(self):
return check_version_internal(expected, version)
end
local cfg = {
listen = "${host}:${port}",
listen = "${host}:${port}${listen_params}",
wal_mode = "${wal_mode}",
custom_proc_title = "${custom_proc_title}",
slab_alloc_arena = ${slab_alloc_arena},
Expand Down Expand Up @@ -289,9 +316,23 @@ def _render_initlua(self):
if self._specify_work_dir:
work_dir = '"' + self._root + '"'

listen_params = ''
if self._parameter_transport == Transport.SSL:
listen_params = "?transport=ssl&"
if self._ssl_key_file:
listen_params += "ssl_key_file={}&".format(self._ssl_key_file)
if self._ssl_cert_file:
listen_params += "ssl_cert_file={}&".format(self._ssl_cert_file)
if self._ssl_ca_file:
listen_params += "ssl_ca_file={}&".format(self._ssl_ca_file)
if self._ssl_ciphers:
listen_params += "ssl_ciphers={}&".format(self._ssl_ciphers)
listen_params = listen_params[:-1]

d = {
'host': self._host,
'port': self._port,
'listen_params': listen_params,
'console_host': self._console_host,
'console_port': self._console_port,
'wal_mode': self._wal_mode,
Expand Down

0 comments on commit dccc4a1

Please sign in to comment.