mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
Merge remote-tracking branch 'origin/4.11' into 4.12
This commit is contained in:
Rohit Yadav
commit
73fd62a89d
@ -16,11 +16,6 @@
|
|||||||
// under the License.
|
// under the License.
|
||||||
package org.apache.cloudstack.api.command.admin.direct.download;
|
package org.apache.cloudstack.api.command.admin.direct.download;
|
||||||
|
|
||||||
import com.cloud.exception.ConcurrentOperationException;
|
|
||||||
import com.cloud.exception.InsufficientCapacityException;
|
|
||||||
import com.cloud.exception.ResourceAllocationException;
|
|
||||||
import com.cloud.exception.ResourceUnavailableException;
|
|
||||||
import com.cloud.exception.NetworkRuleConflictException;
|
|
||||||
import org.apache.cloudstack.acl.RoleType;
|
import org.apache.cloudstack.acl.RoleType;
|
||||||
import org.apache.cloudstack.api.APICommand;
|
import org.apache.cloudstack.api.APICommand;
|
||||||
import org.apache.cloudstack.api.ApiConstants;
|
import org.apache.cloudstack.api.ApiConstants;
|
||||||
@ -62,15 +57,15 @@ public class UploadTemplateDirectDownloadCertificateCmd extends BaseCmd {
|
|||||||
private String hypervisor;
|
private String hypervisor;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
|
public void execute() {
|
||||||
if (!hypervisor.equalsIgnoreCase("kvm")) {
|
if (!hypervisor.equalsIgnoreCase("kvm")) {
|
||||||
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Currently supporting KVM hosts only");
|
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Currently supporting KVM hosts only");
|
||||||
}
|
}
|
||||||
|
|
||||||
SuccessResponse response = new SuccessResponse(getCommandName());
|
|
||||||
try {
|
try {
|
||||||
LOG.debug("Uploading certificate " + name + " to agents for Direct Download");
|
LOG.debug("Uploading certificate " + name + " to agents for Direct Download");
|
||||||
boolean result = directDownloadManager.uploadCertificateToHosts(certificate, name, hypervisor);
|
boolean result = directDownloadManager.uploadCertificateToHosts(certificate, name, hypervisor);
|
||||||
|
SuccessResponse response = new SuccessResponse(getCommandName());
|
||||||
response.setSuccess(result);
|
response.setSuccess(result);
|
||||||
setResponseObject(response);
|
setResponseObject(response);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
|||||||
@ -38,9 +38,6 @@ if [ -z "${KS_PASS// }" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Use a new keystore file
|
|
||||||
NEW_KS_FILE="$KS_FILE.new"
|
|
||||||
|
|
||||||
# Import certificate
|
# Import certificate
|
||||||
if [ ! -z "${CERT// }" ]; then
|
if [ ! -z "${CERT// }" ]; then
|
||||||
echo "$CERT" > "$CERT_FILE"
|
echo "$CERT" > "$CERT_FILE"
|
||||||
@ -54,8 +51,8 @@ fi
|
|||||||
# Import cacerts into the keystore
|
# Import cacerts into the keystore
|
||||||
awk '/-----BEGIN CERTIFICATE-----?/{n++}{print > "cloudca." n }' "$CACERT_FILE"
|
awk '/-----BEGIN CERTIFICATE-----?/{n++}{print > "cloudca." n }' "$CACERT_FILE"
|
||||||
for caChain in $(ls cloudca.*); do
|
for caChain in $(ls cloudca.*); do
|
||||||
keytool -delete -noprompt -alias "$caChain" -keystore "$NEW_KS_FILE" -storepass "$KS_PASS" > /dev/null 2>&1 || true
|
keytool -delete -noprompt -alias "$caChain" -keystore "$KS_FILE" -storepass "$KS_PASS" > /dev/null 2>&1 || true
|
||||||
keytool -import -noprompt -storepass "$KS_PASS" -trustcacerts -alias "$caChain" -file "$caChain" -keystore "$NEW_KS_FILE" > /dev/null 2>&1
|
keytool -import -noprompt -storepass "$KS_PASS" -trustcacerts -alias "$caChain" -file "$caChain" -keystore "$KS_FILE" > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
rm -f cloudca.*
|
rm -f cloudca.*
|
||||||
|
|
||||||
@ -63,21 +60,19 @@ rm -f cloudca.*
|
|||||||
if [ ! -z "${PRIVKEY// }" ]; then
|
if [ ! -z "${PRIVKEY// }" ]; then
|
||||||
echo "$PRIVKEY" > "$PRIVKEY_FILE"
|
echo "$PRIVKEY" > "$PRIVKEY_FILE"
|
||||||
# Re-initialize keystore when private key is provided
|
# Re-initialize keystore when private key is provided
|
||||||
keytool -delete -noprompt -alias "$ALIAS" -keystore "$NEW_KS_FILE" -storepass "$KS_PASS" 2>/dev/null || true
|
keytool -delete -noprompt -alias "$ALIAS" -keystore "$KS_FILE" -storepass "$KS_PASS" 2>/dev/null || true
|
||||||
openssl pkcs12 -export -name "$ALIAS" -in "$CERT_FILE" -inkey "$PRIVKEY_FILE" -out "$NEW_KS_FILE.p12" -password pass:"$KS_PASS" > /dev/null 2>&1
|
openssl pkcs12 -export -name "$ALIAS" -in "$CERT_FILE" -inkey "$PRIVKEY_FILE" -out "$KS_FILE.p12" -password pass:"$KS_PASS" > /dev/null 2>&1
|
||||||
keytool -importkeystore -srckeystore "$NEW_KS_FILE.p12" -destkeystore "$NEW_KS_FILE" -srcstoretype PKCS12 -alias "$ALIAS" -deststorepass "$KS_PASS" -destkeypass "$KS_PASS" -srcstorepass "$KS_PASS" -srckeypass "$KS_PASS" > /dev/null 2>&1
|
keytool -importkeystore -srckeystore "$KS_FILE.p12" -destkeystore "$KS_FILE" -srcstoretype PKCS12 -alias "$ALIAS" -deststorepass "$KS_PASS" -destkeypass "$KS_PASS" -srcstorepass "$KS_PASS" -srckeypass "$KS_PASS" > /dev/null 2>&1
|
||||||
else
|
else
|
||||||
# Import certificate into the keystore
|
# Import certificate into the keystore
|
||||||
keytool -import -storepass "$KS_PASS" -alias "$ALIAS" -file "$CERT_FILE" -keystore "$NEW_KS_FILE" > /dev/null 2>&1 || true
|
keytool -import -storepass "$KS_PASS" -alias "$ALIAS" -file "$CERT_FILE" -keystore "$KS_FILE" > /dev/null 2>&1 || true
|
||||||
# Export private key from keystore
|
# Export private key from keystore
|
||||||
rm -f "$PRIVKEY_FILE"
|
rm -f "$PRIVKEY_FILE"
|
||||||
keytool -importkeystore -srckeystore "$NEW_KS_FILE" -destkeystore "$NEW_KS_FILE.p12" -deststoretype PKCS12 -srcalias "$ALIAS" -deststorepass "$KS_PASS" -destkeypass "$KS_PASS" -srcstorepass "$KS_PASS" -srckeypass "$KS_PASS" > /dev/null 2>&1
|
keytool -importkeystore -srckeystore "$KS_FILE" -destkeystore "$KS_FILE.p12" -deststoretype PKCS12 -srcalias "$ALIAS" -deststorepass "$KS_PASS" -destkeypass "$KS_PASS" -srcstorepass "$KS_PASS" -srckeypass "$KS_PASS" > /dev/null 2>&1
|
||||||
openssl pkcs12 -in "$NEW_KS_FILE.p12" -nodes -nocerts -nomac -password pass:"$KS_PASS" 2>/dev/null | openssl rsa -out "$PRIVKEY_FILE" > /dev/null 2>&1
|
openssl pkcs12 -in "$KS_FILE.p12" -nodes -nocerts -nomac -password pass:"$KS_PASS" 2>/dev/null | openssl rsa -out "$PRIVKEY_FILE" > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Commit the new keystore
|
rm -f "$KS_FILE.p12"
|
||||||
rm -f "$NEW_KS_FILE.p12"
|
|
||||||
mv -f "$NEW_KS_FILE" "$KS_FILE"
|
|
||||||
|
|
||||||
# Secure libvirtd on cert import
|
# Secure libvirtd on cert import
|
||||||
if [ -f "$LIBVIRTD_FILE" ]; then
|
if [ -f "$LIBVIRTD_FILE" ]; then
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
PROPS_FILE="$1"
|
PROPS_FILE="$1"
|
||||||
KS_FILE="$2.new"
|
KS_FILE="$2"
|
||||||
KS_PASS="$3"
|
KS_PASS="$3"
|
||||||
KS_VALIDITY="$4"
|
KS_VALIDITY="$4"
|
||||||
CSR_FILE="$5"
|
CSR_FILE="$5"
|
||||||
@ -35,8 +35,10 @@ if [ -f "$PROPS_FILE" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Generate keystore
|
if [ -f "$KS_FILE" ]; then
|
||||||
rm -f "$KS_FILE"
|
keytool -delete -noprompt -alias "$ALIAS" -keystore "$KS_FILE" -storepass "$KS_PASS" > /dev/null 2>&1 || true
|
||||||
|
fi
|
||||||
|
|
||||||
CN=$(hostname --fqdn)
|
CN=$(hostname --fqdn)
|
||||||
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" > /dev/null 2>&1
|
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" > /dev/null 2>&1
|
||||||
|
|
||||||
|
|||||||
@ -85,17 +85,17 @@ public class DirectDownloadManagerImpl extends ManagerBase implements DirectDown
|
|||||||
protected final static String LINE_SEPARATOR = "\n";
|
protected final static String LINE_SEPARATOR = "\n";
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
VMTemplateDao vmTemplateDao;
|
private VMTemplateDao vmTemplateDao;
|
||||||
@Inject
|
@Inject
|
||||||
PrimaryDataStoreDao primaryDataStoreDao;
|
private PrimaryDataStoreDao primaryDataStoreDao;
|
||||||
@Inject
|
@Inject
|
||||||
HostDao hostDao;
|
private HostDao hostDao;
|
||||||
@Inject
|
@Inject
|
||||||
AgentManager agentManager;
|
private AgentManager agentManager;
|
||||||
@Inject
|
@Inject
|
||||||
VMTemplatePoolDao vmTemplatePoolDao;
|
private VMTemplatePoolDao vmTemplatePoolDao;
|
||||||
@Inject
|
@Inject
|
||||||
DataStoreManager dataStoreManager;
|
private DataStoreManager dataStoreManager;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Class<?>> getCommands() {
|
public List<Class<?>> getCommands() {
|
||||||
@ -366,6 +366,10 @@ public class DirectDownloadManagerImpl extends ManagerBase implements DirectDown
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean uploadCertificateToHosts(String certificateCer, String alias, String hypervisor) {
|
public boolean uploadCertificateToHosts(String certificateCer, String alias, String hypervisor) {
|
||||||
|
if (alias != null && (alias.equalsIgnoreCase("cloud") || alias.startsWith("cloudca"))) {
|
||||||
|
throw new CloudRuntimeException("Please provide a different alias name for the certificate");
|
||||||
|
}
|
||||||
|
|
||||||
HypervisorType hypervisorType = HypervisorType.getType(hypervisor);
|
HypervisorType hypervisorType = HypervisorType.getType(hypervisor);
|
||||||
List<HostVO> hosts = getRunningHostsToUploadCertificate(hypervisorType);
|
List<HostVO> hosts = getRunningHostsToUploadCertificate(hypervisorType);
|
||||||
|
|
||||||
@ -373,6 +377,7 @@ public class DirectDownloadManagerImpl extends ManagerBase implements DirectDown
|
|||||||
certificateSanity(certificatePem);
|
certificateSanity(certificatePem);
|
||||||
|
|
||||||
s_logger.info("Attempting to upload certificate: " + alias + " to " + hosts.size() + " hosts");
|
s_logger.info("Attempting to upload certificate: " + alias + " to " + hosts.size() + " hosts");
|
||||||
|
int hostCount = 0;
|
||||||
if (CollectionUtils.isNotEmpty(hosts)) {
|
if (CollectionUtils.isNotEmpty(hosts)) {
|
||||||
for (HostVO host : hosts) {
|
for (HostVO host : hosts) {
|
||||||
if (!uploadCertificate(certificatePem, alias, host.getId())) {
|
if (!uploadCertificate(certificatePem, alias, host.getId())) {
|
||||||
@ -380,8 +385,10 @@ public class DirectDownloadManagerImpl extends ManagerBase implements DirectDown
|
|||||||
s_logger.error(msg);
|
s_logger.error(msg);
|
||||||
throw new CloudRuntimeException(msg);
|
throw new CloudRuntimeException(msg);
|
||||||
}
|
}
|
||||||
|
hostCount++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
s_logger.info("Certificate was successfully uploaded to " + hostCount + " hosts");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -389,6 +396,7 @@ public class DirectDownloadManagerImpl extends ManagerBase implements DirectDown
|
|||||||
* Upload and import certificate to hostId on keystore
|
* Upload and import certificate to hostId on keystore
|
||||||
*/
|
*/
|
||||||
protected boolean uploadCertificate(String certificate, String certificateName, long hostId) {
|
protected boolean uploadCertificate(String certificate, String certificateName, long hostId) {
|
||||||
|
s_logger.debug("Uploading certificate: " + certificateName + " to host " + hostId);
|
||||||
SetupDirectDownloadCertificateCommand cmd = new SetupDirectDownloadCertificateCommand(certificate, certificateName);
|
SetupDirectDownloadCertificateCommand cmd = new SetupDirectDownloadCertificateCommand(certificate, certificateName);
|
||||||
Answer answer = agentManager.easySend(hostId, cmd);
|
Answer answer = agentManager.easySend(hostId, cmd);
|
||||||
if (answer == null || !answer.getResult()) {
|
if (answer == null || !answer.getResult()) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user