2020-12-26 12:51

Emulated vault

What does this PR (Pull Request) do?

  • [x] This PR is not related to any issue

The PR introduces the emulated_vault module which supplies a HTTP server mimicking RIAK behavior for usage as Traffic Vault. It may be used in order to replace RIAK-based Traffic Vault, as it is much more simple to install. The server may use different type of persistent storage (e.g. file-system), using the proper adapter. The resiliency of the stored keys is derived from the resiliency of the underlying storage.

Which Traffic Control components are affected by this PR?

None by default. It introduces a module that may replace the RIAK-based Traffic Vault.

What is the best way to verify this PR?

Install the emulated vault as described below, and add it to a running Traffic Ops instance instead of the standard RIAK-based Traffic Vault. Run url-signing and SSL based scenarios. Note: you would probably want to work on a fresh TC deployment, or somehow copy the RIAK vault to the emulated one...

The following criteria are ALL met by this PR

  • [x] This PR contains tests or I have explained why tests are unnecessary
  • [x] This PR contains documentation or I have explained why tests are unnecessary
  • [x] This PR includes an update to CHANGELOG.md
  • [x] This PR includes any and all required license headers
  • [x] This PR does not include a database migration
  • [x] This PR DOES NOT FIX A SERIOUS SECURITY VULNERABILITY (see the Apache Software Foundation's security guidelines for details)

Tests are not included in the PR as it is still under experimental. Would be a must if/when the code goes to production.

Additional Information - Installation

Basic requirements: Centos ver >= 7; Python >= 2.7

In order to install the module on a server please: 1. Copy the module files to the server's root 2. Add the certificate and key to your favorite path 3. Adjust /opt/emulated_vault/conf/cfg.json - pointing at your certificate and key 4. "systemctl enable" the service

Logs may be found under /opt/emulated_vault/var/log

Additional Information - Developer's Notes

If you just want to play around with the module, you may of course run the server script on its own. Before doing that, you would probably need to adjust the opt/emulated_vault/conf/cfg.json: 1. Changing the db-path to one you have access to 2. Disable ssl (just to make it easier)

Additionally, the vault-cmd script is also available to work against the DB with command line. It is mostly useful when developing a new adapter.


  • 点赞
  • 回答
  • 收藏
  • 复制链接分享