# HG changeset patch # User Ronan Bignaux # Date 1428073693 -7200 # Node ID 4ba27ed51e4814b031bd9ab403fa0fd7222dffdf # Parent 29b02164e65dab1b44a29181a6c04e0b9e4f05da add pyrossl client side diff -r 29b02164e65d -r 4ba27ed51e48 connectors/PYRO/__init__.py --- a/connectors/PYRO/__init__.py Tue Mar 24 14:06:28 2015 +0100 +++ b/connectors/PYRO/__init__.py Fri Apr 03 17:08:13 2015 +0200 @@ -1,32 +1,33 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- # -#Copyright (C) 2007: Edouard TISSERANT and Laurent BESSARD +# Copyright (C) 2007: Edouard TISSERANT and Laurent BESSARD # -#See COPYING file for copyrights details. +# See COPYING file for copyrights details. # -#This library is free software; you can redistribute it and/or -#modify it under the terms of the GNU General Public -#License as published by the Free Software Foundation; either -#version 2.1 of the License, or (at your option) any later version. +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. # -#This library is distributed in the hope that it will be useful, -#but WITHOUT ANY WARRANTY; without even the implied warranty of -#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -#General Public License for more details. +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -#You should have received a copy of the GNU General Public -#License along with this library; if not, write to the Free Software -#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -import Pyro.core as pyro +# You should have received a copy of the GNU General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +import Pyro +import Pyro.core +import Pyro.util from Pyro.errors import PyroError -import Pyro.util import traceback from time import sleep import copy import socket service_type = '_PYRO._tcp.local.' - +import os.path # this module attribute contains a list of DNS-SD (Zeroconf) service types # supported by this connector confnode. # @@ -37,51 +38,84 @@ """ This returns the connector to Pyro style PLCobject """ - confnodesroot.logger.write(_("PYRO connecting to URI : %s\n")%uri) + confnodesroot.logger.write(_("PYRO connecting to URI : %s\n") % uri) servicetype, location = uri.split("://") + if servicetype == "PYROS": + schemename = "PYROLOCSSL" + # Protect against name->IP substitution in Pyro3 + Pyro.config.PYRO_DNS_URI = True + # Beware Pyro lib need str path, not unicode + # don't rely on PYRO_STORAGE ! see documentation + Pyro.config.PYROSSL_CERTDIR = os.path.abspath(str(confnodesroot.ProjectPath) + '/certs') + if not os.path.exists(Pyro.config.PYROSSL_CERTDIR): + confnodesroot.logger.write_error( + 'Error : the directory %s is missing for SSL certificates (certs_dir).' + 'Please fix it in your project.\n' % Pyro.config.PYROSSL_CERTDIR) + return None + else: + confnodesroot.logger.write(_("PYRO using certificates in '%s' \n") + % (Pyro.config.PYROSSL_CERTDIR)) + Pyro.config.PYROSSL_CERT = "client.crt" + Pyro.config.PYROSSL_KEY = "client.key" + # Ugly Monkey Patching + def _gettimeout(self): + return self.timeout + + def _settimeout(self, timeout): + self.timeout = timeout + from M2Crypto.SSL import Connection + Connection.timeout = None + Connection.gettimeout = _gettimeout + Connection.settimeout = _settimeout + # M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not + # match host, expected 127.0.0.1, got server + Connection.clientPostConnectionCheck = None + else: + schemename = "PYROLOC" if location.find(service_type) != -1: - try : + try: from util.Zeroconf import Zeroconf r = Zeroconf() - i=r.getServiceInfo(service_type, location) - if i is None : raise Exception, "'%s' not found"%location + i = r.getServiceInfo(service_type, location) + if i is None: + raise Exception("'%s' not found" % location) ip = str(socket.inet_ntoa(i.getAddress())) port = str(i.getPort()) - newlocation = ip+':'+port - confnodesroot.logger.write(_("'%s' is located at %s\n")%(location, newlocation)) + newlocation = ip + ':' + port + confnodesroot.logger.write(_("'%s' is located at %s\n") % (location, newlocation)) location = newlocation r.close() except Exception, msg: - confnodesroot.logger.write_error(_("MDNS resolution failure for '%s'\n")%location) + confnodesroot.logger.write_error(_("MDNS resolution failure for '%s'\n") % location) confnodesroot.logger.write_error(traceback.format_exc()) return None # Try to get the proxy object - try : - RemotePLCObjectProxy = pyro.getAttrProxyForURI("PYROLOC://"+location+"/PLCObject") + try: + RemotePLCObjectProxy = Pyro.core.getAttrProxyForURI(schemename + "://" + location + "/PLCObject") except Exception, msg: - confnodesroot.logger.write_error(_("Connection to '%s' failed.\n")%location) + confnodesroot.logger.write_error(_("Connection to '%s' failed.\n") % location) confnodesroot.logger.write_error(traceback.format_exc()) return None def PyroCatcher(func, default=None): """ - A function that catch a pyro exceptions, write error to logger - and return defaul value when it happen + A function that catch a Pyro exceptions, write error to logger + and return default value when it happen """ - def catcher_func(*args,**kwargs): + def catcher_func(*args, **kwargs): try: - return func(*args,**kwargs) + return func(*args, **kwargs) except Pyro.errors.ConnectionClosedError, e: confnodesroot.logger.write_error("Connection lost!\n") confnodesroot._SetConnector(None) except Pyro.errors.ProtocolError, e: - confnodesroot.logger.write_error("Pyro exception: "+str(e)+"\n") - except Exception,e: - #confnodesroot.logger.write_error(traceback.format_exc()) + confnodesroot.logger.write_error("Pyro exception: " + str(e) + "\n") + except Exception, e: + # confnodesroot.logger.write_error(traceback.format_exc()) errmess = ''.join(Pyro.util.getPyroTraceback(e)) - confnodesroot.logger.write_error(errmess+"\n") + confnodesroot.logger.write_error(errmess + "\n") print errmess confnodesroot._SetConnector(None) return default @@ -89,15 +123,14 @@ # Check connection is effective. # lambda is for getattr of GetPLCstatus to happen inside catcher - if PyroCatcher(lambda:RemotePLCObjectProxy.GetPLCstatus())() is None: + if PyroCatcher(lambda: RemotePLCObjectProxy.GetPLCstatus())() is None: confnodesroot.logger.write_error(_("Cannot get PLC status - connection failed.\n")) return None - class PyroProxyProxy(object): """ A proxy proxy class to handle Beremiz Pyro interface specific behavior. - And to put pyro exception catcher in between caller and pyro proxy + And to put Pyro exception catcher in between caller and Pyro proxy """ def __init__(self): # for safe use in from debug thread, must create a copy @@ -133,7 +166,6 @@ return confnodesroot._connector.GetPyroProxy().StartPLC(*args, **kwargs) StartPLC = PyroCatcher(_PyroStartPLC, False) - def _PyroGetTraceVariables(self): """ for safe use in from debug thread, must use the copy @@ -141,11 +173,11 @@ if self.RemotePLCObjectProxyCopy is None: self.RemotePLCObjectProxyCopy = copy.copy(confnodesroot._connector.GetPyroProxy()) return self.RemotePLCObjectProxyCopy.GetTraceVariables() - GetTraceVariables = PyroCatcher(_PyroGetTraceVariables,("Broken",None)) + GetTraceVariables = PyroCatcher(_PyroGetTraceVariables, ("Broken", None)) def _PyroGetPLCstatus(self): return RemotePLCObjectProxy.GetPLCstatus() - GetPLCstatus = PyroCatcher(_PyroGetPLCstatus, ("Broken",None)) + GetPLCstatus = PyroCatcher(_PyroGetPLCstatus, ("Broken", None)) def _PyroRemoteExec(self, script, **kwargs): return RemotePLCObjectProxy.RemoteExec(script, **kwargs) @@ -154,12 +186,10 @@ def __getattr__(self, attrName): member = self.__dict__.get(attrName, None) if member is None: - def my_local_func(*args,**kwargs): - return RemotePLCObjectProxy.__getattr__(attrName)(*args,**kwargs) + def my_local_func(*args, **kwargs): + return RemotePLCObjectProxy.__getattr__(attrName)(*args, **kwargs) member = PyroCatcher(my_local_func, None) self.__dict__[attrName] = member return member return PyroProxyProxy() - - diff -r 29b02164e65d -r 4ba27ed51e48 connectors/__init__.py --- a/connectors/__init__.py Tue Mar 24 14:06:28 2015 +0100 +++ b/connectors/__init__.py Fri Apr 03 17:08:13 2015 +0200 @@ -1,23 +1,23 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- # -#Copyright (C) 2007: Edouard TISSERANT and Laurent BESSARD +# Copyright (C) 2007: Edouard TISSERANT and Laurent BESSARD # -#See COPYING file for copyrights details. +# See COPYING file for copyrights details. # -#This library is free software; you can redistribute it and/or -#modify it under the terms of the GNU General Public -#License as published by the Free Software Foundation; either -#version 2.1 of the License, or (at your option) any later version. +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. # -#This library is distributed in the hope that it will be useful, -#but WITHOUT ANY WARRANTY; without even the implied warranty of -#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -#General Public License for more details. +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -#You should have received a copy of the GNU General Public -#License along with this library; if not, write to the Free Software -#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Package initialisation @@ -28,13 +28,14 @@ def _GetLocalConnectorClassFactory(name): - return lambda:getattr(__import__(name,globals(),locals()), name + "_connector_factory") + return lambda: getattr(__import__(name, globals(), locals()), name + "_connector_factory") connectors = {name:_GetLocalConnectorClassFactory(name) for name in listdir(_base_path) if path.isdir(path.join(_base_path, name)) and not name.startswith("__")} + def ConnectorFactory(uri, confnodesroot): """ Return a connector corresponding to the URI @@ -48,15 +49,14 @@ servicetype = "PYRO" runtime_port = confnodesroot.AppFrame.StartLocalRuntime( taskbaricon=True) - uri="PYRO://127.0.0.1:"+str(runtime_port) + uri = "PYROLOC://127.0.0.1:" + str(runtime_port) elif servicetype in connectors: pass - elif servicetype[-1]=='S' and servicetype[:-1] in connectors: + elif servicetype[-1] == 'S' and servicetype[:-1] in connectors: servicetype = servicetype[:-1] - else : + else: return None # import module according to uri type connectorclass = connectors[servicetype]() return connectorclass(uri, confnodesroot) - diff -r 29b02164e65d -r 4ba27ed51e48 doc/manual/connectors.rst --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/manual/connectors.rst Fri Apr 03 17:08:13 2015 +0200 @@ -0,0 +1,107 @@ +Beremiz and Beremiz_service connectors +====================================== + +To connect a PLC, Beremiz provides 2 types of connectors : + * a Pyro connector + * a WAMP connector + +To configure the connection, you have to set the *URI_location* in your project Config tab according to this documentation. + +The Pyro connector +---------------------------- + +Pyro is an advanced and powerful Distributed Object Technology system written entirely in Python. +Beremiz_service spawns a Pyro server, serving a PLCObject (see runtime/PLCObject.py). Therefore, Beremiz acts as a Pyro client. + +TODO:: link to PLCObject API documentation + +URI_location : + * LOCAL:// is a facility that starts the PLC service locally and connect Beremiz to it via Pyro. + This is intended for use in development stage. + * PYRO:// normal connection to a remote PLC. PLC default port is 3000. + * PYROS:// SSL connection to a remote PLC, see below. + +more information about Pyro can be found on http://pythonhosted.org//Pyro/1-intro.html + +=========================== +Setup a Pyro SSL connection +=========================== + +Pyro v3 has a limited TLS/SSL support based on m2crypto. Pyro v4 had dropped it. +In order to have a full and reliable SSL, we recommand to use a TLS/SSL wrapper as nginx, stub or stunnel. + +-------------------- +TLS-PSK with stunnel +-------------------- + +In this example, we setup a simple TLS-PSK connection according to rfc4279. +This ciphersuite avoid the need for public key operations and certificate management. +It is perfect for a performance-constrained environments with limited CPU power as a PLC. + + +Needed : + * stunnel >= 5.09 + +verify openssl support for PSK cipher:: + + openssl ciphers -v 'PSK' + +---------------------- +Client setup (Beremiz) +---------------------- + +You need to choose an identity for your client, here *client1*. +generate a valid and strong key:: + + $ echo client1:$(openssl rand -base64 48) > pskclient1.txt + +write a stunnel client configuration file *stunnel-client.conf*:: + + output = stunnel-client.log + client = yes + + [beremiz] + accept = 3002 + connect = [PLC]:3001 + PSKidentity = client1 + PSKsecrets = pskclient1.txt + +start stunnel client side:: + + stunnel stunnel-client.conf + +You could now connect beremiz with classic URI_location = PYRO://127.0.0.1:3002 + +-------------------- +Server setup (PLC) +-------------------- + +import the client key in a keyfile psk.txt, concatening all client key. + +write a stunnel server configuration file *stunnel-server.conf*:: + + output = stunnel-server.log + + [beremiz] + accept = 3001 + connect = 127.0.0.1:3000 + PSKsecrets = psk.txt + +start stunnel server side:: + + stunnel stunnel-server.conf + +more documentation on stunnel http://www.stunnel.org/docs.html + +The WAMP connector +------------------ + +WAMP is an open standard WebSocket subprotocol that provides two application messaging +patterns in one unified protocol: Remote Procedure Calls + Publish & Subscribe. + +Beremiz WAMP connector implementation uses Autobahn and crossbar. + +URI_location : + * WAMP://127.0.0.1:8888#Automation#2534667845 + +more information about WAMP can be found on http://wamp.ws/ diff -r 29b02164e65d -r 4ba27ed51e48 doc/manual/index.rst --- a/doc/manual/index.rst Tue Mar 24 14:06:28 2015 +0100 +++ b/doc/manual/index.rst Fri Apr 03 17:08:13 2015 +0200 @@ -10,7 +10,5 @@ start edit build + connectors debug - - -