From 09c375379ddae2d85ce9549bb6a58860c53bfecd Mon Sep 17 00:00:00 2001 From: John Kinsella Date: Sun, 9 Mar 2014 13:46:57 -0700 Subject: [PATCH] CLOUDSTACK-6204: removing realhostip dependency Moving default transport for console proxy, SSVM to http. See https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes for more info. jlk ported Amogh's patch for 4.3 to master - code base is different enough that patch has multiple issues. Author: Amogh Vasekar Signed-off-by: John Kinsella 1394398017 -0700 --- core/src/com/cloud/info/ConsoleProxyInfo.java | 19 ++++++++++--------- .../storage/image/TemplateServiceImpl.java | 13 +++++++++++-- .../CloudStackImageStoreDriverImpl.java | 12 ++++++++---- .../src/com/cloud/configuration/Config.java | 4 ++-- .../consoleproxy/ConsoleProxyManagerImpl.java | 11 +++++++++-- .../SecondaryStorageManagerImpl.java | 7 +++++++ setup/db/db/schema-421to430.sql | 4 ++++ systemvm/conf/consoleproxy.properties | 2 +- 8 files changed, 52 insertions(+), 20 deletions(-) diff --git a/core/src/com/cloud/info/ConsoleProxyInfo.java b/core/src/com/cloud/info/ConsoleProxyInfo.java index 9a94474efda..0e57b7551fc 100644 --- a/core/src/com/cloud/info/ConsoleProxyInfo.java +++ b/core/src/com/cloud/info/ConsoleProxyInfo.java @@ -32,16 +32,17 @@ public class ConsoleProxyInfo { this.sslEnabled = sslEnabled; if (sslEnabled) { - StringBuffer sb = new StringBuffer(proxyIpAddress); - for (int i = 0; i < sb.length(); i++) - if (sb.charAt(i) == '.') - sb.setCharAt(i, '-'); - if (consoleProxyUrlDomain != null && consoleProxyUrlDomain.length() > 0) { - sb.append("."); + StringBuffer sb = new StringBuffer(); + if (consoleProxyUrlDomain.startsWith("*")) { + sb.append(proxyIpAddress); + for (int i = 0; i < proxyIpAddress.length(); i++) + if (sb.charAt(i) == '.') + sb.setCharAt(i, '-'); + sb.append(consoleProxyUrlDomain.substring(1));//skip the * + } else { + //LB address sb.append(consoleProxyUrlDomain); - } else - sb.append(".realhostip.com"); - + } proxyAddress = sb.toString(); proxyPort = port; this.proxyUrlPort = proxyUrlPort; diff --git a/engine/storage/image/src/org/apache/cloudstack/storage/image/TemplateServiceImpl.java b/engine/storage/image/src/org/apache/cloudstack/storage/image/TemplateServiceImpl.java index 166b523e387..4e6ab6ba300 100644 --- a/engine/storage/image/src/org/apache/cloudstack/storage/image/TemplateServiceImpl.java +++ b/engine/storage/image/src/org/apache/cloudstack/storage/image/TemplateServiceImpl.java @@ -777,12 +777,21 @@ public class TemplateServiceImpl implements TemplateService { String scheme = "http"; boolean _sslCopy = false; String sslCfg = _configDao.getValue(Config.SecStorageEncryptCopy.toString()); + String _ssvmUrlDomain = _configDao.getValue("secstorage.ssl.cert.domain"); if (sslCfg != null) { _sslCopy = Boolean.parseBoolean(sslCfg); } + if(_sslCopy && (_ssvmUrlDomain == null || _ssvmUrlDomain.isEmpty())){ + s_logger.warn("Empty secondary storage url domain, ignoring SSL"); + _sslCopy = false; + } if (_sslCopy) { - hostname = ipAddress.replace(".", "-"); - hostname = hostname + ".realhostip.com"; + if(_ssvmUrlDomain.startsWith("*")) { + hostname = ipAddress.replace(".", "-"); + hostname = hostname + _ssvmUrlDomain.substring(1); + } else { + hostname = _ssvmUrlDomain; + } scheme = "https"; } return scheme + "://" + hostname + "/copy/SecStorage/" + dir + "/" + path; diff --git a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackImageStoreDriverImpl.java b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackImageStoreDriverImpl.java index d6e1a01b49c..c2e26d52f65 100644 --- a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackImageStoreDriverImpl.java +++ b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/driver/CloudStackImageStoreDriverImpl.java @@ -93,12 +93,16 @@ public class CloudStackImageStoreDriverImpl extends BaseImageStoreDriverImpl { if (sslCfg != null) { _sslCopy = Boolean.parseBoolean(sslCfg); } + if(_sslCopy && (_ssvmUrlDomain == null || _ssvmUrlDomain.isEmpty())){ + s_logger.warn("Empty secondary storage url domain, ignoring SSL"); + _sslCopy = false; + } if (_sslCopy) { - hostname = ipAddress.replace(".", "-"); - if (_ssvmUrlDomain != null && _ssvmUrlDomain.length() > 0) { - hostname = hostname + "." + _ssvmUrlDomain; + if(_ssvmUrlDomain.startsWith("*")) { + hostname = ipAddress.replace(".", "-"); + hostname = hostname + _ssvmUrlDomain.substring(1); } else { - hostname = hostname + ".realhostip.com"; + hostname = _ssvmUrlDomain; } scheme = "https"; } diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 98e5d3424a2..f2fe68a78a9 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -439,7 +439,7 @@ public enum Config { "Console proxy command port that is used to communicate with management server", null), ConsoleProxyRestart("Console Proxy", AgentManager.class, Boolean.class, "consoleproxy.restart", "true", "Console proxy restart flag, defaulted to true", null), - ConsoleProxyUrlDomain("Console Proxy", AgentManager.class, String.class, "consoleproxy.url.domain", "realhostip.com", "Console proxy url domain", null), + ConsoleProxyUrlDomain("Console Proxy", AgentManager.class, String.class, "consoleproxy.url.domain", "", "Console proxy url domain", null), ConsoleProxyLoadscanInterval( "Console Proxy", AgentManager.class, @@ -782,7 +782,7 @@ public enum Config { ManagementServer.class, String.class, "secstorage.ssl.cert.domain", - "realhostip.com", + "", "SSL certificate used to encrypt copy traffic between zones", null), SecStorageCapacityStandby( diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index 3e4c57e6852..05120963961 100755 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -233,6 +233,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy private int _proxySessionTimeoutValue = DEFAULT_PROXY_SESSION_TIMEOUT; private boolean _sslEnabled = true; + private String _consoleProxyUrlDomain; // global load picture at zone basis private SystemVmLoadScanner _loadScanner; @@ -384,9 +385,9 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy assert (ksVo != null); if (_staticPublicIp == null) { - return new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(), _consoleProxyPort, proxy.getPort(), ksVo.getDomainSuffix()); + return new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(), _consoleProxyPort, proxy.getPort(), _consoleProxyUrlDomain); } else { - return new ConsoleProxyInfo(proxy.isSslEnabled(), _staticPublicIp, _consoleProxyPort, _staticPort, ksVo.getDomainSuffix()); + return new ConsoleProxyInfo(proxy.isSslEnabled(), _staticPublicIp, _consoleProxyPort, _staticPort, _consoleProxyUrlDomain); } } @@ -1191,6 +1192,12 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy _sslEnabled = true; } + _consoleProxyUrlDomain = configs.get(Config.ConsoleProxyUrlDomain.key()); + if( _sslEnabled && (_consoleProxyUrlDomain == null || _consoleProxyUrlDomain.isEmpty())) { + s_logger.warn("Empty console proxy domain, explicitly disabling SSL"); + _sslEnabled = false; + } + value = configs.get(Config.ConsoleProxyCapacityScanInterval.key()); _capacityScanInterval = NumbersUtil.parseLong(value, DEFAULT_CAPACITY_SCAN_INTERVAL); diff --git a/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java b/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java index dd0c26774d2..f8edefa39a1 100755 --- a/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java +++ b/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java @@ -807,6 +807,13 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar _useSSlCopy = true; } + //default to HTTP in case of missing domain + String ssvmUrlDomain = _configDao.getValue("secstorage.ssl.cert.domain"); + if(_useSSlCopy && (ssvmUrlDomain == null || ssvmUrlDomain.isEmpty())){ + s_logger.warn("Empty secondary storage url domain, explicitly disabling SSL"); + _useSSlCopy = false; + } + _allowedInternalSites = _configDao.getValue("secstorage.allowed.internal.sites"); String value = configs.get("secstorage.capacityscan.interval"); diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql index b49fd965fb7..3f2ad023d26 100644 --- a/setup/db/db/schema-421to430.sql +++ b/setup/db/db/schema-421to430.sql @@ -110,6 +110,10 @@ CREATE TABLE `cloud`.`async_job_join_map` ( INDEX `i_async_job_join_map__expiration`(`expiration`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +#realhostip changes, before changing table and adding default value +UPDATE `cloud`.`configuration` SET value = CONCAT("*.",(SELECT `temptable`.`value` FROM (SELECT * FROM `cloud`.`configuration` WHERE `name`="consoleproxy.url.domain") AS `temptable` WHERE `temptable`.`name`="consoleproxy.url.domain")) WHERE `name`="consoleproxy.url.domain"; +UPDATE `cloud`.`configuration` SET `value` = CONCAT("*.",(SELECT `temptable`.`value` FROM (SELECT * FROM `cloud`.`configuration` WHERE `name`="secstorage.ssl.cert.domain") AS `temptable` WHERE `temptable`.`name`="secstorage.ssl.cert.domain")) WHERE `name`="secstorage.ssl.cert.domain"; + ALTER TABLE `cloud`.`configuration` ADD COLUMN `default_value` VARCHAR(4095) COMMENT 'Default value for a configuration parameter'; ALTER TABLE `cloud`.`configuration` ADD COLUMN `updated` datetime COMMENT 'Time this was updated by the server. null means this row is obsolete.'; ALTER TABLE `cloud`.`configuration` ADD COLUMN `scope` VARCHAR(255) DEFAULT NULL COMMENT 'Can this parameter be scoped'; diff --git a/systemvm/conf/consoleproxy.properties b/systemvm/conf/consoleproxy.properties index bb452f5823c..a3cddbcab96 100644 --- a/systemvm/conf/consoleproxy.properties +++ b/systemvm/conf/consoleproxy.properties @@ -16,7 +16,7 @@ # under the License. consoleproxy.tcpListenPort=0 -consoleproxy.httpListenPort=8088 +consoleproxy.httpListenPort=80 consoleproxy.httpCmdListenPort=8001 consoleproxy.jarDir=./applet/ consoleproxy.viewerLinger=180