Services
TARDIS
provides the possibility to start-up dedicated services along with its main process. Those services must
be decorated with the service
decorator implemented in the cobald.daemon
module. In order to allow dynamic
creation of those services
via yaml
tags, the service needs to be decorated with the
@yaml_tag(eager=True)
decorator as well. The services are then dynamically created and started during the
yaml
parsing of the configuration. All services are configured within the Services
section of the
TARDIS
configuration using yaml
tags. Using multiple services is supported by using a separate yaml
MappingNode per service.
Example implementation
from cobald.daemon import service
from cobald.daemon.plugins import yaml_tag
@service(flavour=asyncio)
@yaml_tag(eager=True)
class ExampleService(object):
def __init__(option_1):
...
async def run():
...
Example configuration
Services:
ExampleService:
!ExampleService
option_1: my_option_1
Service_2:
!TardisService2
option_123: my_option_123
REST Service
The RestService
provides a REST API to access the information stored about managed
Drones
inside the SqliteRegistry
plugin. Currently access is read
only and limited to either list all managed resources or to get the state of a particular resource. All supported
REST API calls and their parameters are described in REST API documentation available on
http://<hostname>:<port>/docs
after starting the service. The REST service is using JSON Web Token (JWT) and
OAuth2 scopes for authentication and authorization.
Note
The REST service currently supports only read access to the
SqliteRegistry
using the resources:get
OAuth2 scope. However,
this could be extended in the future to support also DB updates and deletions using resources:put
and
resources:delete
OAuth2 scopes. In addition, plans exist to store the TARDIS
configuration in a
database as well and allow to use the REST service to perform configuration updates at run time.
Warning
In order to enable the RestService
, the
SqliteRegistry
plugin has to be enabled as well.
Available configuration options
Option |
Short Description |
Requirement |
---|---|---|
host |
Hostname or IP the REST Service is listening on |
Required |
port |
Port the REST Service is listening on |
Required |
users |
List of user entries allowed to use the REST service. (see below) |
Required |
Option |
Short Description |
Requirement |
---|---|---|
user_name |
The name of the user |
Required |
hashed_password |
The |
Required |
scopes |
List of scopes the user is allowed to request. |
Required |
Example configuration
Services:
restapi:
!TardisRestApi
host: 127.0.0.1
port: 1234
users:
- user_name: tardis
hashed_password: $2b$12$c9SSllh1U6tOhIo37sDWF.kdRIU5RQAAOHL9bVYMs2.HluyFE43Uq
scopes:
- resources:get
Plugins:
SqliteRegistry:
db_file: drone_registry.db
Available logging configuration options
The REST service uses uvicorn
as ASGI server, which provides some additional logging functionality. By default
the access and errors logs are written into the regular TARDIS
logfile. However, it can be configured to write
both access and error logs into a separate file. Therefore, an uvicorn
logger needs to be configured. See the
example logging configuration.
Example logging configuration
logging:
version: 1
loggers:
root:
level: DEBUG
handlers: [console, file]
uvicorn:
level: INFO
handlers: [ uvicorn_file ]
propagate: False
formatters:
precise:
format: '%(name)s: %(asctime)s %(message)s'
datefmt: '%Y-%m-%d %H:%M:%S'
handlers:
console:
class : logging.StreamHandler
formatter: precise
stream : ext://sys.stdout
file:
class : logging.handlers.RotatingFileHandler
formatter: precise
filename: tardis.log
maxBytes: 10485760
backupCount: 3
uvicorn_file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: uvicorn.log
maxBytes: 10485760
backupCount: 3
Convenience Tools
Hash Credentials
The hash_credentials
command provides an easy way to create password hashes using bcrypt to be used in the
REST service configuration (see above).
Argument |
Short Description |
Requirement |
---|---|---|
password |
The password to be hashed using bcrypt |
Required |
Examples
hash_credentials TopSecretPassword
#alternatively
python -m tardis.rest.hash_credentials TopSecretPassword