// BuildGrpcServer creates a new, unstarted grpc.Server and returns it. // It also returns a net.Listener to start it on. func BuildGrpcServer(port int, cache *Cache, keyFile, certFile, caCertFile, readonlyKeys, writableKeys string) (*grpc.Server, net.Listener) { lis, err := net.Listen("tcp", fmt.Sprintf(":%d", port)) if err != nil { log.Fatalf("Failed to listen on port %d: %v", port, err) } s := serverWithAuth(keyFile, certFile, caCertFile) r := &RpcCacheServer{cache: cache} if writableKeys != "" { r.writableKeys = loadKeys(writableKeys) } if readonlyKeys != "" { r.readonlyKeys = loadKeys(readonlyKeys) if len(r.readonlyKeys) > 0 { // This saves duplication when checking later; writable keys are implicitly readable too. for k, v := range r.writableKeys { if _, present := r.readonlyKeys[k]; !present { r.readonlyKeys[k] = v } } } } pb.RegisterRpcCacheServer(s, r) healthserver := health.NewServer() healthserver.SetServingStatus("plz-rpc-cache", healthpb.HealthCheckResponse_SERVING) healthpb.RegisterHealthServer(s, healthserver) return s, lis }
// set up the GRPC server func setupGRPCServer(signerConfig signer.Config) (*grpc.Server, net.Listener, error) { //RPC server setup kms := &api.KeyManagementServer{ CryptoServices: signerConfig.CryptoServices, } ss := &api.SignerServer{ CryptoServices: signerConfig.CryptoServices, } hs := ghealth.NewServer() lis, err := net.Listen("tcp", signerConfig.GRPCAddr) if err != nil { return nil, nil, fmt.Errorf("grpc server failed to listen on %s: %v", signerConfig.GRPCAddr, err) } creds := credentials.NewTLS(signerConfig.TLSConfig) opts := []grpc.ServerOption{grpc.Creds(creds)} grpcServer := grpc.NewServer(opts...) pb.RegisterKeyManagementServer(grpcServer, kms) pb.RegisterSignerServer(grpcServer, ss) healthpb.RegisterHealthServer(grpcServer, hs) // Set status for both of the grpc service "KeyManagement" and "Signer", these are // the only two we have at present, if we add more grpc service in the future, // we should add a new line for that service here as well. hs.SetServingStatus(notary.HealthCheckKeyManagement, healthpb.HealthCheckResponse_SERVING) hs.SetServingStatus(notary.HealthCheckSigner, healthpb.HealthCheckResponse_SERVING) return grpcServer, lis, nil }
func (s *Server) ListenGRPC() error { grpcPort := s.Config.GetGrpcPortString() //Listen lis, err := net.Listen("tcp", grpcPort) if err != nil { return fmt.Errorf("server.go: failed to listen: %v", err) } var opts []grpc.ServerOption if s.Config.TlsCertFile != "" && s.Config.TlsKeyFile != "" { creds, err := credentials.NewServerTLSFromFile(s.Config.TlsCertFile, s.Config.TlsKeyFile) if err != nil { log.Fatalf("server.go: Failed to generate credentials %v", err) } opts = []grpc.ServerOption{grpc.Creds(creds)} s.tlsCheck = tlscheck.New(s.Config.TlsCertFile, s.Config.TlsKeyFile, time.Hour*24*16) } h := health.New(s, s.Storage) grpcServer := grpc.NewServer(opts...) catalogGrpc := &catalogGrpcServer{ server: s, } pb.RegisterCatalogServiceServer(grpcServer, catalogGrpc) grpc_health_v1.RegisterHealthServer(grpcServer, h) go http.ListenAndServe(s.Config.GetHealthPortString(), h) log.Infof("server.go: Binding %s for grpc", grpcPort) //Serve return grpcServer.Serve(lis) }
func (s *Server) ListenGRPC() error { grpcPort := s.Config.GetGrpcPortString() //Listen lis, err := net.Listen("tcp", grpcPort) if err != nil { return fmt.Errorf("server.go: failed to listen, %v", err) } var opts []grpc.ServerOption if s.Config.TlsCertFile != "" && s.Config.TlsKeyFile != "" { creds, err := credentials.NewServerTLSFromFile(s.Config.TlsCertFile, s.Config.TlsKeyFile) if err != nil { return fmt.Errorf("server.go: Failed to generate credentials %v", err) } opts = []grpc.ServerOption{grpc.Creds(creds)} } s.checker = health.New(s, s.DB) grpcServer := grpc.NewServer(opts...) man := newABManager(s) s.ab = man ab := &abTestServer{m: man, s: s} registryGrpc := &RegistryServer{server: s} otsimopb.RegisterRegistryServiceServer(grpcServer, registryGrpc) otsimopb.RegisterABTestServer(grpcServer, ab) grpc_health_v1.RegisterHealthServer(grpcServer, s.checker) log.Infof("server.go: Binding %s for grpc", grpcPort) return grpcServer.Serve(lis) }
func main() { var ( caCert = flag.String("ca-cert", withConfigDir("ca.pem"), "Trusted CA certificate.") debugListenAddr = flag.String("debug-listen-addr", "127.0.0.1:7901", "HTTP listen address.") listenAddr = flag.String("listen-addr", "0.0.0.0:7900", "HTTP listen address.") tlsCert = flag.String("tls-cert", withConfigDir("cert.pem"), "TLS server certificate.") tlsKey = flag.String("tls-key", withConfigDir("key.pem"), "TLS server key.") jwtPublicKey = flag.String("jwt-public-key", withConfigDir("jwt.pem"), "The RSA public key to use for validating JWTs") ) flag.Parse() log.Println("Hello service starting...") cert, err := tls.LoadX509KeyPair(*tlsCert, *tlsKey) if err != nil { log.Fatal(err) } rawCaCert, err := ioutil.ReadFile(*caCert) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(rawCaCert) creds := credentials.NewTLS(&tls.Config{ Certificates: []tls.Certificate{cert}, ClientCAs: caCertPool, ClientAuth: tls.RequireAndVerifyClientCert, }) gs := grpc.NewServer(grpc.Creds(creds)) hs, err := NewHelloServer(*jwtPublicKey) if err != nil { log.Fatal(err) } pb.RegisterHelloServer(gs, hs) healthServer := health.NewHealthServer() healthServer.SetServingStatus("grpc.health.v1.helloservice", 1) healthpb.RegisterHealthServer(gs, healthServer) ln, err := net.Listen("tcp", *listenAddr) if err != nil { log.Fatal(err) } go gs.Serve(ln) trace.AuthRequest = func(req *http.Request) (any, sensitive bool) { return true, true } log.Println("Hello service started successfully.") log.Fatal(http.ListenAndServe(*debugListenAddr, nil)) }
func getStubbedHealthServer(hs *health.Server) *grpc.Server { s := stubServer{healthServer: hs} gServer := grpc.NewServer() pb.RegisterKeyManagementServer(gServer, s) pb.RegisterSignerServer(gServer, s) if s.healthServer != nil { healthpb.RegisterHealthServer(gServer, s.healthServer) } return gServer }
func (server *Server) ListenAndServe() error { port := server.Config.GetPortString() //Listen lis, err := net.Listen("tcp", port) if err != nil { return err } grpcServer := grpc.NewServer() pb.RegisterNotificationServiceServer(grpcServer, server) hs := health.New(server) grpc_health_v1.RegisterHealthServer(grpcServer, hs) go http.ListenAndServe(server.Config.GetHealthPortString(), hs) log.Infoln("server.go: Listening", port) //Serve return grpcServer.Serve(lis) }
func (s *Server) ListenGRPC() error { grpcPort := s.Config.GetGrpcPortString() //Listen lis, err := net.Listen("tcp", grpcPort) if err != nil { return fmt.Errorf("server.go: failed to listen, %v", err) } hs := health.New() var opts []grpc.ServerOption if s.Config.TlsCertFile != "" && s.Config.TlsKeyFile != "" { creds, err := credentials.NewServerTLSFromFile(s.Config.TlsCertFile, s.Config.TlsKeyFile) if err != nil { return fmt.Errorf("server.go: Failed to generate credentials %v", err) } opts = []grpc.ServerOption{grpc.Creds(creds)} s.tlsCheck = tls.New(s.Config.TlsCertFile, s.Config.TlsKeyFile, time.Hour*24*19) hs.Checks = append(hs.Checks, s.tlsCheck) } grpcServer := grpc.NewServer(opts...) watchGrpc := &watchGrpcServer{ server: s, } pb.RegisterWatchServiceServer(grpcServer, watchGrpc) grpc_health_v1.RegisterHealthServer(grpcServer, hs) if !s.Config.NoRedis { cl, err := NewRedisClient(s.Config) if err != nil { return fmt.Errorf("failed to create redis client, %v", err) } s.Redis = cl hs.Checks = append(hs.Checks, s.Redis) } log.Infof("server.go: Binding %s for grpc and :%d for health", grpcPort, s.Config.HealthPort) go http.ListenAndServe(s.Config.GetHealthPortString(), hs) go h.run() return grpcServer.Serve(lis) }
func startServer(protocol, address string, sv *supervisor.Supervisor) (*grpc.Server, error) { // TODO: We should use TLS. // TODO: Add an option for the SocketGroup. sockets, err := listeners.Init(protocol, address, "", nil) if err != nil { return nil, err } if len(sockets) != 1 { return nil, fmt.Errorf("incorrect number of listeners") } l := sockets[0] s := grpc.NewServer() types.RegisterAPIServer(s, server.NewServer(sv)) healthServer := health.NewServer() grpc_health_v1.RegisterHealthServer(s, healthServer) go func() { logrus.Debugf("containerd: grpc api on %s", address) if err := s.Serve(l); err != nil { logrus.WithField("error", err).Fatal("containerd: serve grpc") } }() return s, nil }
// RegisterHealthServer registers the component's health status to the gRPC server func (c *Component) RegisterHealthServer(srv *grpc.Server) { c.healthServer = health.NewServer() healthpb.RegisterHealthServer(srv, c.healthServer) }
func main() { var ( dbUser = flag.String("db-user", "auth", "Auth database username.") dbPasswd = flag.String("db-pass", "", "Auth database password.") dbHost = flag.String("db-host", "", "Auth database host.") dbPort = flag.String("db-port", "3306", "Auth database port.") dbServerName = flag.String("db-server-name", "", "Auth database server name.") dbServerCACert = flag.String("db-server-ca-cert", "/etc/auth/db-server-ca.pem", "Database server ca certificate") dbClientCert = flag.String("db-client-cert", "/etc/auth/db-client-cert.pem", "Database client certificate.") dbClientKey = flag.String("db-client-key", "/etc/auth/db-client-key.pem", "Database client key.") debugListenAddr = flag.String("debug-listen-addr", "127.0.0.1:7801", "HTTP listen address.") listenAddr = flag.String("listen-addr", "127.0.0.1:7800", "HTTP listen address.") tlsCert = flag.String("tls-cert", "/etc/auth/cert.pem", "TLS server certificate.") tlsKey = flag.String("tls-key", "/etc/auth/key.pem", "TLS server key.") jwtPrivateKey = flag.String("jwt-private-key", "/etc/auth/jwt-key.pem", "The RSA private key to use for signing JWTs") ) flag.Parse() var err error log.Println("Auth service starting...") certPool := x509.NewCertPool() pem, err := ioutil.ReadFile(*dbServerCACert) if err != nil { log.Fatal(err) } if ok := certPool.AppendCertsFromPEM(pem); !ok { log.Fatal("Failed to append PEM.") } clientCert := make([]tls.Certificate, 0, 1) certs, err := tls.LoadX509KeyPair(*dbClientCert, *dbClientKey) if err != nil { log.Fatal(err) } clientCert = append(clientCert, certs) mysql.RegisterTLSConfig("custom", &tls.Config{ ServerName: *dbServerName, RootCAs: certPool, Certificates: clientCert, }) dbAddr := net.JoinHostPort(*dbHost, *dbPort) dbConfig := mysql.Config{ User: *dbUser, Passwd: *dbPasswd, Net: "tcp", Addr: dbAddr, DBName: "auth", TLSConfig: "custom", } for { db, err = sql.Open("mysql", dbConfig.FormatDSN()) if err != nil { goto dberror } err = db.Ping() if err != nil { goto dberror } break dberror: log.Println(err) log.Println("error connecting to the auth database, retrying in 5 secs.") time.Sleep(5 * time.Second) } ta, err := credentials.NewServerTLSFromFile(*tlsCert, *tlsKey) if err != nil { log.Fatal(err) } gs := grpc.NewServer(grpc.Creds(ta)) as, err := NewAuthServer(*jwtPrivateKey) if err != nil { log.Fatal(err) } pb.RegisterAuthServer(gs, as) hs := health.NewHealthServer() hs.SetServingStatus("grpc.health.v1.authservice", 1) healthpb.RegisterHealthServer(gs, hs) ln, err := net.Listen("tcp", *listenAddr) if err != nil { log.Fatal(err) } go gs.Serve(ln) trace.AuthRequest = func(req *http.Request) (any, sensitive bool) { return true, true } log.Println("Auth service started successfully.") log.Fatal(http.ListenAndServe(*debugListenAddr, nil)) }