This task to add support for the secure form of HTTP for VES events. To begin with only the server identity will be checked as part of sending a POST to the VES collector.
Issue-Id: SMO-17
Signed-off-by: Arif Hussain <arif.hussain@xoriant.com>
Change-Id: I9923ed00168ea8af4f7f500e80101aa2625e7c5d
Signed-off-by: Arif Hussain <arif.hussain@xoriant.com>
There are two scripts in this folder. A ves-start.sh script
which starts the VES collector and other parts. A ves-stop.sh script
can be used to stop the collector.
+
+
+Following steps are required for self-signed certificate.
+ # Create ves-certificate directory on the host system using command "mkdir ~/ves-certificate".
+ # Go to ves-certificate directory and use below commands to create self-signed certificate files.
+
+ openssl genrsa -out vescertificate.key 2048
+ openssl req -new -key vescertificate.key -out vescertificate.csr
+ openssl x509 -req -days 365 -in vescertificate.csr -signkey vescertificate.key -out vescertificate.crt
+
+**Note**: Third party certificates can be installed by overwriting the file vescertificate.csr, vescertificate.key, and vescertficate.crt in ~/ves-certificate directory of the host system.
+
python3 python3-pip pkg-config git build-essential libpthread-stubs0-dev \
libssl-dev libsasl2-dev liblz4-dev libz-dev
RUN pip3 install kafka-python pyaml
+RUN pip3 install --upgrade certifi
RUN mkdir /opt/ves/barometer
ADD barometer /opt/ves/barometer
import base64
import logging
import argparse
+import ssl
+from socket import timeout
try:
import configparser
request.add_header('Content-Type', 'application/json')
event_str = json.dumps(event).encode()
logging.debug("Sending {} to {}".format(event_str, server_url))
- url.urlopen(request, event_str, timeout=1)
+ ssl._create_default_https_context = ssl._create_unverified_context
+ url.urlopen(request, event_str, timeout=1).read().decode('utf-8')
logging.debug("Sent data to {} successfully".format(server_url))
- except url.HTTPError as e:
- logging.error('Vendor Event Listener exception: {}'.format(e))
- except url.URLError as e:
- logging.error(
- 'Vendor Event Listener is is not reachable: {}'.format(e))
+ except (HTTPError, URLError) as e:
+ logging.error('Vendor Event Listener is is not reachable: {}'.format(e))
+ except timeout:
+ logging.error('Timed out - URL %s', url)
except Exception as e:
- logging.error('Vendor Event Listener error: {}'.format(e))
-
+ logging.error('Vendor Event Listener error: {}'.format(e))
+
def config(self, config):
"""VES option configuration"""
for key, value in config.items('config'):
RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y git curl python3 python3-pip
-RUN pip3 install requests jsonschema elasticsearch kafka-python
+RUN pip3 install requests jsonschema elasticsearch kafka-python gevent
-RUN mkdir /opt/ves
+RUN mkdir -p /opt/ves/certs
# Clone VES Collector
RUN mkdir /opt/ves/evel-test-collector
from json import dumps
import datetime
import time
+from gevent import pywsgi
monitor_mode = "f"
vdu_id = ['', '', '', '', '', '']
dispatcher.register('POST', test_control_url, test_control_listener)
dispatcher.register('GET', test_control_url, test_control_listener)
- httpd = make_server('', int(vel_port), vendor_event_listener)
+ httpd = pywsgi.WSGIServer(('', int(vel_port)), vendor_event_listener, keyfile='/opt/ves/certs/vescertificate.key', certfile='/opt/ves/certs/vescertificate.crt')
logger.info('Serving on port {0}...'.format(vel_port))
httpd.serve_forever()
- ves-net
ports:
- 9999:9999
+ volumes:
+ - ~/ves-certificate:/opt/ves/certs
environment:
ves_influxdb_host: "ves-influxdb"
ves_influxdb_port: "8086"
ves_port: "9999"
ves_path: ""
ves_topic: "events"
- ves_https: "False"
+ ves_https: "True"
ves_user: "user"
ves_pass: "password"
ves_interval: "10"