apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-04 00:02:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

ca: Fixes #2877 mgmt server cert should have all addrs of default nic (#2879)

Browse Source 
This fixes the default RootCA provider implementation to initiate
and issue certificate for mgmt server on startup for all the IP addresses
on the default nic of that host.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2018-10-07 21:07:10 +05:30 committed by GitHub
parent 5db65a6363
commit f430f41edd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/ca/root-ca/src/org/apache/cloudstack/ca/provider/RootCAProvider.java
View File

@ -359,7 +359,7 @@ public final class RootCAProvider extends AdapterBase implements CAProvider, Con
return true; return true;
} }
final Certificate serverCertificate = issueCertificate(Collections.singletonList(NetUtils.getHostName()), final Certificate serverCertificate = issueCertificate(Collections.singletonList(NetUtils.getHostName()),
Collections.singletonList(NetUtils.getDefaultHostIp()), getCaValidityDays()); NetUtils.getAllDefaultNicIps(), getCaValidityDays());
if (serverCertificate == null || serverCertificate.getPrivateKey() == null) { if (serverCertificate == null || serverCertificate.getPrivateKey() == null) {
throw new CloudRuntimeException("Failed to generate management server certificate and load management server keystore"); throw new CloudRuntimeException("Failed to generate management server certificate and load management server keystore");
} }

21
utils/src/main/java/com/cloud/utils/net/NetUtils.java
View File

@ -225,6 +225,27 @@ public class NetUtils {
} }
} }
public static List<String> getAllDefaultNicIps() {
final List<String> addrs = new ArrayList<>();
final String pubNic = getDefaultEthDevice();
if (pubNic == null) {
return addrs;
}
NetworkInterface nic = null;
try {
nic = NetworkInterface.getByName(pubNic);
} catch (final SocketException e) {
return addrs;
}
for (InterfaceAddress address : nic.getInterfaceAddresses()) {
addrs.add(address.getAddress().getHostAddress().split("%")[0]);
}
return addrs;
}
public static String getDefaultEthDevice() { public static String getDefaultEthDevice() {
if (SystemUtils.IS_OS_MAC) { if (SystemUtils.IS_OS_MAC) {
final String defDev = Script.runSimpleBashScript("/sbin/route -n get default 2> /dev/null | grep interface | awk '{print $2}'"); final String defDev = Script.runSimpleBashScript("/sbin/route -n get default 2> /dev/null | grep interface | awk '{print $2}'");

6
utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
View File

@ -678,4 +678,10 @@ public class NetUtilsTest {
assertFalse(NetUtils.isValidPort(-1)); assertFalse(NetUtils.isValidPort(-1));
assertFalse(NetUtils.isValidPort(65536)); assertFalse(NetUtils.isValidPort(65536));
} }
@Test
public void testAllIpsOfDefaultNic() {
final String defaultHostIp = NetUtils.getDefaultHostIp();
assertTrue(NetUtils.getAllDefaultNicIps().stream().anyMatch(defaultHostIp::contains));
}
} }