stackoom
  简体   繁体   中英

How can I securely gain programmatic access to supervisord via xmlrpc?

 原文  2011-10-21 20:30:12       python/ linux/ security/ xml-rpc/ supervisord

Question

I need to be able to manage the supervisord setup programmatically. Furthermore, not any user on the system should be able to to gain access to configuration of supervisord. For this reason, communication needs to be secured somehow.

I know that supervisord offers programmatic access in the form of XML-RPC. I read the documentation and attempted to work with it in several ways, but I keep running into problems.

  1. On the Introduction page , the documentation recommends running an HTTP server for the XML-RPC interface and using the Python standard library xmlrpclib to communicate with it. There are two problems here:

    • The inet_http_server directive for supervisord.conf only includes username, password, and port as settings. There is no option to encrypt the connection.
    • xmlrpclib doesn't even support usernames and passwords. When I use the syntax username:password@host:port , I get IOError: unsupported XML-RPC protocol . As you can see in the example on the documentation page, no authentication occurs.

  2. Since UNIX sockets are secure, I figured that connecting to the [unix_http_server] with xmlrpclib would be a good idea. Still, I don't know how authentication would work, and furthermore, xmlrpclib only supports network HTTP/HTTPS servers.

  3. Another page in the documentation mentions a supervisor.rpcinterface module. I have no access to such a thing in Python, though. To glean more information as to why that is, I re-installed supervisord with Pip. sudo pip install --upgrade supervisor . In the pip output, I see the line Skipping installation of /usr/local/lib/python2.6/dist-packages/supervisor/__init__.py (namespace package) . I don't know why it would skip installation of the namespace package.

How am I supposed to communicate programmatically and securely with supervisord?

1 answers

solution1
 1  2011-10-28 16:32:55

Supervisor supports options to set permissions on the Unix domain socket.

http://supervisord.org/configuration.html#unix-http-server-section-example

I don't know the details but you should be able to call the xmlrpc interface over UNIX domain socket the same way that supervisorctl.py does. It's calling options.getServerProxy() to get an xmlrpclib.ServerProxy object.

https://github.com/Supervisor/supervisor/blob/master/supervisor/supervisorctl.py#L188

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Talking to supervisord over xmlrpc How to attach file via “Bugzilla XMLRPC access module” How can I binary read a file in TCL and send it via XMLRPC to a server that is written in Python? How to gain an Access Token How can I set the PATH for supervisord so it finds the executables How can I securely access and store a master security key that is being used in an active python file? How can I transfer binary data over xmlrpc (python)? How can i customize xmlrpc response and request in python How do I request data securely via Google OAuth? Why can't xmlrpc client append item to list accessable via xmlrpc server procedure?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM