Entirely refactoring http keep-alive. There's now

a central module responsible for managing the http pool
(Puppet::Network::HttpPool), and it also handles
setting certificate information.  This gets rid of
what were otherwise long chains of method calls,
and it makes the code paths much clearer.

1 files changed, 92 insertions, 0 deletions

diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb
new file mode 100644
index 000000000..f6038f189
--- /dev/null
+++ b/lib/puppet/network/http_pool.rb
@@ -0,0 +1,92 @@
+require 'puppet/sslcertificates/support'
+require 'net/https'
+
+# Manage Net::HTTP instances for keep-alive.
+module Puppet::Network::HttpPool
+    # This handles reading in the key and such-like.
+    extend Puppet::SSLCertificates::Support
+    @http_cache = {}
+
+    # Clear our http cache, closing all connections.
+    def self.clear_http_instances
+        @http_cache.each do |name, connection|
+            connection.finish if connection.started?
+        end
+        @http_cache.clear
+        @cert = nil
+        @key = nil
+    end
+
+    # Make sure we set the driver up when we read the cert in.
+    def self.read_cert
+        if val = super # This calls read_cert from the Puppet::SSLCertificates::Support module.
+            # Clear out all of our connections, since they previously had no cert and now they
+            # should have them.
+            clear_http_instances
+            return val
+        else
+            return false
+        end
+    end
+
+    # Use cert information from a Puppet client to set up the http object.
+    def self.cert_setup(http)
+        # Just no-op if we don't have certs.
+        return false unless (defined?(@cert) and @cert) or self.read_cert
+
+        store = OpenSSL::X509::Store.new
+        store.add_file Puppet[:localcacert]
+        store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
+
+        http.cert_store = store
+        http.ca_file = Puppet[:localcacert]
+        http.cert = self.cert
+        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        http.key = self.key
+    end
+
+    # Retrieve a cached http instance of caching is enabled, else return
+    # a new one.
+    def self.http_instance(host, port, reset = false)
+        # We overwrite the uninitialized @http here with a cached one.
+        key = "%s:%s" % [host, port]
+
+        # Return our cached instance if keepalive is enabled and we've got
+        # a cache, as long as we're not resetting the instance.
+        return @http_cache[key] if ! reset and Puppet[:http_keepalive] and @http_cache[key]
+
+        # Clean up old connections if we have them.
+        if http = @http_cache[key]
+            @http_cache.delete(key)
+            http.finish if http.started?
+        end
+
+        args = [host, port]
+        if Puppet[:http_proxy_host] == "none"
+            args << nil << nil
+        else
+            args << Puppet[:http_proxy_host] << Puppet[:http_proxy_port]
+        end
+        http = Net::HTTP.new(*args)
+
+        # Pop open the http client a little; older versions of Net::HTTP(s) didn't
+        # give us a reader for ca_file... Grr...
+        class << http; attr_accessor :ca_file; end
+
+        http.use_ssl = true
+        http.read_timeout = 120
+        http.open_timeout = 120
+        # JJM Configurable fix for #896.
+        if Puppet[:http_enable_post_connection_check]
+            http.enable_post_connection_check = true
+        else
+            http.enable_post_connection_check = false
+        end
+
+        cert_setup(http)
+
+        @http_cache[key] = http if Puppet[:http_keepalive]
+
+        return http
+    end
+end