apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

security: increase keystore setup/import timeout (#3076)

Browse Source 
This increases and uses a default 15mins timeout for VR scripts and for
KVM agent increases timeout from 60s to 5mins. The timeout can
specifically occur when keystore does not get enough entropy from CPU
and script gets killed due to timeout. This is a very specific corner
case and generally should not happen on baremetal/prod environment, but
sometimes seen in nested/test environments.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2018-12-04 01:28:24 +05:30 committed by GitHub
parent 17097929b6
commit 89c567add8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/src/com/cloud/agent/Agent.java
View File

@ -729,7 +729,7 @@ public class Agent implements HandlerFactory, IAgentControl {
_shell.setPersistentProperty(null, KeyStoreUtils.KS_PASSPHRASE_PROPERTY, storedPassword);
}
Script script = new Script(_keystoreSetupPath, 60000, s_logger);
Script script = new Script(_keystoreSetupPath, 300000, s_logger);
script.add(agentFile.getAbsolutePath());
script.add(keyStoreFile);
script.add(storedPassword);
@ -773,7 +773,7 @@ public class Agent implements HandlerFactory, IAgentControl {
throw new CloudRuntimeException("Unable to save received agent client and ca certificates", e);
}
Script script = new Script(_keystoreCertImportPath, 60000, s_logger);
Script script = new Script(_keystoreCertImportPath, 300000, s_logger);
script.add(agentFile.getAbsolutePath());
script.add(keyStoreFile);
script.add(KeyStoreUtils.AGENT_MODE);

4
core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
View File

@ -161,7 +161,7 @@ public class VirtualRoutingResource {
cmd.getKeystorePassword(),
cmd.getValidityDays(),
KeyStoreUtils.CSR_FILENAME);
ExecutionResult result = _vrDeployer.executeInVR(cmd.getRouterAccessIp(), KeyStoreUtils.KS_SETUP_SCRIPT, args);
ExecutionResult result = _vrDeployer.executeInVR(cmd.getRouterAccessIp(), KeyStoreUtils.KS_SETUP_SCRIPT, args, Duration.standardMinutes(15));
return new SetupKeystoreAnswer(result.getDetails());
}
@ -179,7 +179,7 @@ public class VirtualRoutingResource {
cmd.getEncodedCaCertificates(),
KeyStoreUtils.PKEY_FILENAME,
cmd.getEncodedPrivateKey());
ExecutionResult result = _vrDeployer.executeInVR(cmd.getRouterAccessIp(), KeyStoreUtils.KS_IMPORT_SCRIPT, args);
ExecutionResult result = _vrDeployer.executeInVR(cmd.getRouterAccessIp(), KeyStoreUtils.KS_IMPORT_SCRIPT, args, Duration.standardMinutes(15));
return new SetupCertificateAnswer(result.isSuccess());
}