update

Author: lework

python/supervisor_healthCheck.py

@@ -810,8 +810,8 @@ def start(self):
             for i,t in enumerate(threads):
                 if not t.isAlive():
                     thread_name = t.getName()
-                    self.log('[ERROR] Exception in %s (catch by main): %s' % (thread_name, t.get_exception()))
-                    self.log('[ERROR] Create new Thread!')
+                    self.log('ERROR', 'Exception in %s (catch by main): %s' % (thread_name, t.get_exception()))
+                    self.log('ERROR', 'Create new Thread!')
                     t = WorkerThread(target=self.check, args=(threads_data[thread_name],), name=thread_name)
                     t.setDaemon(True)
                     t.start()

shell/cfssl.sh

@@ -0,0 +1,205 @@
+#!/bin/bash
+# 
+# Author: lework
+# Desc:   Use cfssl tool to conveniently generate self-signed certificates.
+# Date:   2020/07/01
+
+set -o errexit          # Exit on most errors (see the manual)
+set -o errtrace         # Make sure any error trap is inherited
+set -o nounset          # Disallow expansion of unset variables
+set -o pipefail         # Use last non-zero exit code in a pipeline
+
+
+######################################################################################################
+# environment configuration
+######################################################################################################
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[0;33m'
+BLUE='\033[0;36m'
+PLAIN='\033[0m'
+
+
+CFSSL_VERSION="1.4.1"
+
+
+######################################################################################################
+# function
+######################################################################################################
+
+echo_title() {
+  echo -e "${GREEN}$1${PLAIN}"
+}
+
+function check() {  
+  for bin in cfssl cfssl-certinfo cfssljson
+  do
+    if ! $(command -v ${bin} > /dev/null 2>&1);then
+      echo_title "[Installing] $bin..."
+      curl -sSL https://github.com/cloudflare/cfssl/releases/download/v${CFSSL_VERSION}/{$bin}_${CFSSL_VERSION}_linux_amd64 > /tmp/${bin}
+      sudo install /tmp/${bin} /usr/local/bin/${bin}
+    fi
+  done
+  
+  if ! $(command -v openssl > /dev/null 2>&1);then
+      echo_title "[Installing] openssl..."
+      command -v yum > /dev/null 2>&1 && yum -y install openssl
+      command -v apt-get > /dev/null 2>&1 && apt-get install openssl -y
+  fi
+}
+
+
+function ca() {
+  project=${1:-demo}
+  server_hostname="${2:-server.${project}.com}"
+  client_hostname="${3:-client.${project}.com}"
+  
+  [ ! -d "${project}_ca" ] && mkdir "${project}_ca"
+  cd "${project}_ca"
+  
+  echo_title "\n[Generating] cfssl config..."
+  cat << EOF > cfssl-config.json
+{
+    "signing": {
+        "default": {
+            "expiry": "87600h",
+            "usages": [
+                    "signing",
+                    "digital signature",
+                    "key encipherment",
+                    "server auth",
+                    "client auth"
+            ]
+        },
+        "profiles": {
+            "peer": {
+                "expiry": "87600h",
+                "usages": [
+                    "signing",
+                    "digital signature",
+                    "key encipherment",
+                    "server auth",
+                    "client auth"
+                ]
+            },
+            "server": {
+                "expiry": "87600h",
+                "usages": [
+                    "signing",
+                    "digital signature",
+                    "key encipherment",
+                    "server auth"
+                ]
+            },
+            "client": {
+                "expiry": "87600h",
+                "usages": [
+                    "signing",
+                    "digital signature",
+                    "key encipherment",
+                    "client auth"
+                ]
+            }
+        }
+    }
+}
+EOF
+
+  echo_title "\n[Generating] ca csr..."
+  cat << EOF > ca-csr.json
+{
+    "CN": "${project^^} CA",
+    "key": {
+        "algo": "ecdsa",
+        "size": 256
+    },
+    "names": [
+        {
+            "C": "CN",
+            "ST": "Shanghai",
+            "L": "Shanghai",
+            "O": "${project}",
+            "OU": "${project^^} Service"
+        }
+    ]
+}
+EOF
+
+  echo_title "\n[Generating] csr..."
+  cat << EOF > csr.json
+{
+    "key": {
+        "algo": "ecdsa",
+        "size": 256
+    },
+    "names": [
+        {
+            "C": "CN",
+            "ST": "Shanghai",
+            "L": "Shanghai",
+            "O": "${project}",
+            "OU": "${project^^} Service"
+        }
+    ]
+}
+EOF
+  
+  echo_title "\n[Generating] certificate authority..."
+  cfssl gencert -initca ca-csr.json | cfssljson -bare ca
+  
+  echo_title "\n[Generating] server certificate..."
+  cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \
+		-hostname="${server_hostname},localhost,127.0.0.1" csr.json  \
+		| cfssljson -bare server
+
+  echo_title "\n[Generating] client certificate..."
+  cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \
+		-hostname="${client_hostname},localhost,127.0.0.1" csr.json  \
+		| cfssljson -bare client
+        
+  echo_title "\n[Generating] server and client node certificate..."
+  cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \
+		-hostname="${server_hostname},${client_hostname},localhost,127.0.0.1" csr.json  \
+		| cfssljson -bare dev
+        
+  echo_title "\n[Generating] user certificates..."
+  cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \
+		-profile=client csr.json  | cfssljson -bare user
+  openssl pkcs12 -export -inkey user-key.pem -in user.pem -out user.pfx -password pass:
+
+  echo_title "\n[Generating] The $(pwd) directory file list..."
+  ls -al .
+}
+
+
+usage_help() {
+  cat <<EOM
+
+Use cfssl tool to conveniently generate self-signed certificates.
+ 
+  Usage:
+    $(basename $0) [ -h | --help ] [project_name server_hostname client_hostname]
+
+  Example:
+    $(basename $0)           # Generate demo self-signed certificate
+    $(basename $0) -h        # View help.
+    $(basename $0) project web-server.project.com,api-server.project.com rpc-client.project.com,api-client.project.com
+EOM
+ exit 1
+}
+
+
+
+######################################################################################################
+# main 
+######################################################################################################
+
+
+case ${1-} in
+    -h | --help )           usage_help
+                            ;;
+    * )                     check
+                            ca $@
+esac

shell/ip.sh

@@ -1,6 +1,15 @@
 #!/bin/bash
 
 
+get_addr () {
+    local if_name=$1
+    local uri_template=$2
+    ip addr show dev $if_name | awk -v uri=$uri_template '/\s*inet\s/ { \
+      ip=gensub(/(.+)\/.+/, "\\1", "g", $2); \
+      print gensub(/^(.+:\/\/).+(:.+)$/, "\\1" ip "\\2", "g", uri); \
+      exit}'
+}
+
 # converts IPv4 as "A.B.C.D" to integer
 ip4_to_int() {
   IFS=. read -r i j k l <<EOF