Skip to content

Commit 0712a5a

Browse files
DifferentialOrangeDifferentialOrange
committed
Support starting Tarantool server with SSL
SSL encrypted server could be started with Tarantool Enterprise 2.10 or newer. To configure encryption, additional listen params must be passed. ssl_key_file and ssl_cert_file are mandatory if transport is asynctnt.Transport.SSL . Follows up igorcoding#22
1 parent 6fbefb8 commit 0712a5a

File tree

1 file changed

+42
-1
lines changed

1 file changed

+42
-1
lines changed

asynctnt/instance.py

Lines changed: 42 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
)
2727

2828
from asynctnt.utils import get_running_loop
29+
from asynctnt.const import Transport
2930

3031
VERSION_STRING_REGEX = re.compile(r'\s*([\d.]+).*')
3132

@@ -90,6 +91,11 @@ class TarantoolInstance(metaclass=abc.ABCMeta):
9091
def __init__(self, *,
9192
host='127.0.0.1',
9293
port=3301,
94+
transport=Transport.DEFAULT,
95+
ssl_key_file=None,
96+
ssl_cert_file=None,
97+
ssl_ca_file=None,
98+
ssl_ciphers=None,
9399
console_host=None,
94100
console_port=3302,
95101
replication_source=None,
@@ -113,6 +119,22 @@ def __init__(self, *,
113119
to be listening on (default = 127.0.0.1)
114120
:param port: The port which Tarantool instance is going
115121
to be listening on (default = 3301)
122+
:param transport:
123+
This parameter can be used to configure traffic encryption.
124+
Pass ``asynctnt.Transport.SSL`` value to enable SSL
125+
encryption (by default there is no encryption)
126+
:param str ssl_key_file:
127+
A path to a private SSL key file.
128+
Mandatory if server uses SSL encryption
129+
:param str ssl_cert_file:
130+
A path to an SSL certificate file.
131+
Mandatory if server uses SSL encryption
132+
:param str ssl_ca_file:
133+
A path to a trusted certificate authorities (CA) file.
134+
Optional
135+
:param str ssl_ciphers:
136+
A colon-separated (:) list of SSL cipher suites
137+
the server can use. Optional
116138
:param console_host: The host which Tarantool console is going
117139
to be listening on (to execute admin commands)
118140
(default = host)
@@ -147,6 +169,11 @@ def __init__(self, *,
147169

148170
self._host = host
149171
self._port = port
172+
self._parameter_transport = transport
173+
self._ssl_key_file = ssl_key_file
174+
self._ssl_cert_file = ssl_cert_file
175+
self._ssl_ca_file = ssl_ca_file
176+
self._ssl_ciphers = ssl_ciphers
150177
self._console_host = console_host or host
151178
self._console_port = console_port
152179
self._replication_source = replication_source
@@ -248,7 +275,7 @@ def _create_initlua_template(self):
248275
return check_version_internal(expected, version)
249276
end
250277
local cfg = {
251-
listen = "${host}:${port}",
278+
listen = "${host}:${port}${listen_params}",
252279
wal_mode = "${wal_mode}",
253280
custom_proc_title = "${custom_proc_title}",
254281
slab_alloc_arena = ${slab_alloc_arena},
@@ -289,9 +316,23 @@ def _render_initlua(self):
289316
if self._specify_work_dir:
290317
work_dir = '"' + self._root + '"'
291318

319+
listen_params = ''
320+
if self._parameter_transport == Transport.SSL:
321+
listen_params = "?transport=ssl&"
322+
if self._ssl_key_file:
323+
listen_params += "ssl_key_file={}&".format(self._ssl_key_file)
324+
if self._ssl_cert_file:
325+
listen_params += "ssl_cert_file={}&".format(self._ssl_cert_file)
326+
if self._ssl_ca_file:
327+
listen_params += "ssl_ca_file={}&".format(self._ssl_ca_file)
328+
if self._ssl_ciphers:
329+
listen_params += "ssl_ciphers={}&".format(self._ssl_ciphers)
330+
listen_params = listen_params[:-1]
331+
292332
d = {
293333
'host': self._host,
294334
'port': self._port,
335+
'listen_params': listen_params,
295336
'console_host': self._console_host,
296337
'console_port': self._console_port,
297338
'wal_mode': self._wal_mode,

0 commit comments

Comments
 (0)