apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bug 12771 - management-server.log displays ipmi related credentials in plain text

Browse Source 
status 12771: resolved fixed
This commit is contained in:
frank 2012-01-09 14:41:46 -08:00
parent adaea570e4
commit f449cd7350
5 changed files with 92 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/src/com/cloud/baremetal/BareMetalDiscoverer.java
View File

@ -54,6 +54,8 @@ import com.cloud.resource.UnableDeleteHostException;
import com.cloud.utils.component.Inject; import com.cloud.utils.component.Inject;
import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.script.Script; import com.cloud.utils.script.Script;
import com.cloud.utils.script.Script2;
import com.cloud.utils.script.Script2.ParamType;
import com.cloud.vm.VMInstanceVO; import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.VirtualMachine.State;
import com.cloud.vm.dao.VMInstanceDao; import com.cloud.vm.dao.VMInstanceDao;
@ -127,14 +129,14 @@ public class BareMetalDiscoverer extends DiscovererBase implements Discoverer, R
+ injectScript); + injectScript);
} }
final Script command = new Script(scriptPath, s_logger); final Script2 command = new Script2(scriptPath, s_logger);
command.add("ping"); command.add("ping");
command.add("hostname="+ipmiIp); command.add("hostname="+ipmiIp);
command.add("usrname="+username); command.add("usrname="+username);
command.add("password="+password); command.add("password="+password, ParamType.PASSWORD);
final String result = command.execute(); final String result = command.execute();
if (result != null) { if (result != null) {
s_logger.warn(String.format("Can not set up ipmi connection(ip=%1$s, username=%2$s, password=%3$s, args) because %4$s", ipmiIp, username, password, result)); s_logger.warn(String.format("Can not set up ipmi connection(ip=%1$s, username=%2$s, password=%3$s, args) because %4$s", ipmiIp, username, "******", result));
return null; return null;
} }
@ -180,7 +182,7 @@ public class BareMetalDiscoverer extends DiscovererBase implements Discoverer, R
_dcDao.update(zone.getId(), zone); _dcDao.update(zone.getId(), zone);
s_logger.debug(String.format("Discover Bare Metal host successfully(ip=%1$s, username=%2$s, password=%3%s," + s_logger.debug(String.format("Discover Bare Metal host successfully(ip=%1$s, username=%2$s, password=%3%s," +
"cpuNum=%4$s, cpuCapacity-%5$s, memCapacity=%6$s)", ipmiIp, username, password, cpuNum, cpuCapacity, memCapacity)); "cpuNum=%4$s, cpuCapacity-%5$s, memCapacity=%6$s)", ipmiIp, username, "******", cpuNum, cpuCapacity, memCapacity));
return resources; return resources;
} catch (Exception e) { } catch (Exception e) {
s_logger.warn("Can not set up bare metal agent", e); s_logger.warn("Can not set up bare metal agent", e);

56
server/src/com/cloud/baremetal/BareMetalResourceBase.java
View File

@ -63,6 +63,8 @@ import com.cloud.resource.ServerResource;
import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.script.OutputInterpreter; import com.cloud.utils.script.OutputInterpreter;
import com.cloud.utils.script.Script; import com.cloud.utils.script.Script;
import com.cloud.utils.script.Script2;
import com.cloud.utils.script.Script2.ParamType;
import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.VirtualMachine.State;
@ -83,15 +85,15 @@ public class BareMetalResourceBase implements ServerResource {
protected String _password; protected String _password;
protected String _ip; protected String _ip;
protected IAgentControl _agentControl; protected IAgentControl _agentControl;
protected Script _pingCommand; protected Script2 _pingCommand;
protected Script _setPxeBootCommand; protected Script2 _setPxeBootCommand;
protected Script _setDiskBootCommand; protected Script2 _setDiskBootCommand;
protected Script _rebootCommand; protected Script2 _rebootCommand;
protected Script _getStatusCommand; protected Script2 _getStatusCommand;
protected Script _powerOnCommand; protected Script2 _powerOnCommand;
protected Script _powerOffCommand; protected Script2 _powerOffCommand;
protected Script _forcePowerOffCommand; protected Script2 _forcePowerOffCommand;
protected Script _bootOrRebootCommand; protected Script2 _bootOrRebootCommand;
protected String _vmName; protected String _vmName;
private void changeVmState(String vmName, VirtualMachine.State state) { private void changeVmState(String vmName, VirtualMachine.State state) {
@ -158,64 +160,64 @@ public class BareMetalResourceBase implements ServerResource {
if (scriptPath == null) { if (scriptPath == null) {
throw new ConfigurationException("Cannot find ping script " + scriptPath); throw new ConfigurationException("Cannot find ping script " + scriptPath);
} }
_pingCommand = new Script(scriptPath, s_logger); _pingCommand = new Script2(scriptPath, s_logger);
_pingCommand.add("ping"); _pingCommand.add("ping");
_pingCommand.add("hostname="+_ip); _pingCommand.add("hostname="+_ip);
_pingCommand.add("usrname="+_username); _pingCommand.add("usrname="+_username);
_pingCommand.add("password="+_password); _pingCommand.add("password="+_password, ParamType.PASSWORD);
_setPxeBootCommand = new Script(scriptPath, s_logger); _setPxeBootCommand = new Script2(scriptPath, s_logger);
_setPxeBootCommand.add("boot_dev"); _setPxeBootCommand.add("boot_dev");
_setPxeBootCommand.add("hostname="+_ip); _setPxeBootCommand.add("hostname="+_ip);
_setPxeBootCommand.add("usrname="+_username); _setPxeBootCommand.add("usrname="+_username);
_setPxeBootCommand.add("password="+_password); _setPxeBootCommand.add("password="+_password, ParamType.PASSWORD);
_setPxeBootCommand.add("dev=pxe"); _setPxeBootCommand.add("dev=pxe");
_setDiskBootCommand = new Script(scriptPath, s_logger); _setDiskBootCommand = new Script2(scriptPath, s_logger);
_setDiskBootCommand.add("boot_dev"); _setDiskBootCommand.add("boot_dev");
_setDiskBootCommand.add("hostname="+_ip); _setDiskBootCommand.add("hostname="+_ip);
_setDiskBootCommand.add("usrname="+_username); _setDiskBootCommand.add("usrname="+_username);
_setDiskBootCommand.add("password="+_password); _setDiskBootCommand.add("password="+_password, ParamType.PASSWORD);
_setDiskBootCommand.add("dev=disk"); _setDiskBootCommand.add("dev=disk");
_rebootCommand = new Script(scriptPath, s_logger); _rebootCommand = new Script2(scriptPath, s_logger);
_rebootCommand.add("reboot"); _rebootCommand.add("reboot");
_rebootCommand.add("hostname="+_ip); _rebootCommand.add("hostname="+_ip);
_rebootCommand.add("usrname="+_username); _rebootCommand.add("usrname="+_username);
_rebootCommand.add("password="+_password); _rebootCommand.add("password="+_password, ParamType.PASSWORD);
_getStatusCommand = new Script(scriptPath, s_logger); _getStatusCommand = new Script2(scriptPath, s_logger);
_getStatusCommand.add("ping"); _getStatusCommand.add("ping");
_getStatusCommand.add("hostname="+_ip); _getStatusCommand.add("hostname="+_ip);
_getStatusCommand.add("usrname="+_username); _getStatusCommand.add("usrname="+_username);
_getStatusCommand.add("password="+_password); _getStatusCommand.add("password="+_password, ParamType.PASSWORD);
_powerOnCommand = new Script(scriptPath, s_logger); _powerOnCommand = new Script2(scriptPath, s_logger);
_powerOnCommand.add("power"); _powerOnCommand.add("power");
_powerOnCommand.add("hostname="+_ip); _powerOnCommand.add("hostname="+_ip);
_powerOnCommand.add("usrname="+_username); _powerOnCommand.add("usrname="+_username);
_powerOnCommand.add("password="+_password); _powerOnCommand.add("password="+_password, ParamType.PASSWORD);
_powerOnCommand.add("action=on"); _powerOnCommand.add("action=on");
_powerOffCommand = new Script(scriptPath, s_logger); _powerOffCommand = new Script2(scriptPath, s_logger);
_powerOffCommand.add("power"); _powerOffCommand.add("power");
_powerOffCommand.add("hostname="+_ip); _powerOffCommand.add("hostname="+_ip);
_powerOffCommand.add("usrname="+_username); _powerOffCommand.add("usrname="+_username);
_powerOffCommand.add("password="+_password); _powerOffCommand.add("password="+_password, ParamType.PASSWORD);
_powerOffCommand.add("action=soft"); _powerOffCommand.add("action=soft");
_forcePowerOffCommand = new Script(scriptPath, s_logger); _forcePowerOffCommand = new Script2(scriptPath, s_logger);
_forcePowerOffCommand.add("power"); _forcePowerOffCommand.add("power");
_forcePowerOffCommand.add("hostname=" + _ip); _forcePowerOffCommand.add("hostname=" + _ip);
_forcePowerOffCommand.add("usrname=" + _username); _forcePowerOffCommand.add("usrname=" + _username);
_forcePowerOffCommand.add("password=" + _password); _forcePowerOffCommand.add("password=" + _password, ParamType.PASSWORD);
_forcePowerOffCommand.add("action=off"); _forcePowerOffCommand.add("action=off");
_bootOrRebootCommand = new Script(scriptPath, s_logger); _bootOrRebootCommand = new Script2(scriptPath, s_logger);
_bootOrRebootCommand.add("boot_or_reboot"); _bootOrRebootCommand.add("boot_or_reboot");
_bootOrRebootCommand.add("hostname="+_ip); _bootOrRebootCommand.add("hostname="+_ip);
_bootOrRebootCommand.add("usrname="+_username); _bootOrRebootCommand.add("usrname="+_username);
_bootOrRebootCommand.add("password="+_password); _bootOrRebootCommand.add("password="+_password, ParamType.PASSWORD);
return true; return true;
} }

4
server/src/com/cloud/baremetal/DhcpdResource.java Normal file → Executable file
View File

@ -40,11 +40,11 @@ public class DhcpdResource extends ExternalDhcpResourceBase {
com.trilead.ssh2.Connection sshConnection = null; com.trilead.ssh2.Connection sshConnection = null;
try { try {
super.configure(name, params); super.configure(name, params);
s_logger.debug(String.format("Trying to connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s)", _ip, _username, _password)); s_logger.debug(String.format("Trying to connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s)", _ip, _username, "******"));
sshConnection = SSHCmdHelper.acquireAuthorizedConnection(_ip, _username, _password); sshConnection = SSHCmdHelper.acquireAuthorizedConnection(_ip, _username, _password);
if (sshConnection == null) { if (sshConnection == null) {
throw new ConfigurationException( throw new ConfigurationException(
String.format("Cannot connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password)); String.format("Cannot connect to DHCP server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, "******"));
} }
if (!SSHCmdHelper.sshExecuteCmd(sshConnection, "[ -f '/usr/sbin/dhcpd' ]")) { if (!SSHCmdHelper.sshExecuteCmd(sshConnection, "[ -f '/usr/sbin/dhcpd' ]")) {

4
server/src/com/cloud/baremetal/PingPxeServerResource.java Normal file → Executable file
View File

@ -87,13 +87,13 @@ public class PingPxeServerResource extends PxeServerResourceBase {
com.trilead.ssh2.Connection sshConnection = new com.trilead.ssh2.Connection(_ip, 22); com.trilead.ssh2.Connection sshConnection = new com.trilead.ssh2.Connection(_ip, 22);
s_logger.debug(String.format("Trying to connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, _password)); s_logger.debug(String.format("Trying to connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, "******"));
try { try {
sshConnection.connect(null, 60000, 60000); sshConnection.connect(null, 60000, 60000);
if (!sshConnection.authenticateWithPassword(_username, _password)) { if (!sshConnection.authenticateWithPassword(_username, _password)) {
s_logger.debug("SSH Failed to authenticate"); s_logger.debug("SSH Failed to authenticate");
throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username, throw new ConfigurationException(String.format("Cannot connect to PING PXE server(IP=%1$s, username=%2$s, password=%3$s", _ip, _username,
_password)); "******"));
} }
String cmd = String.format("[ -f /%1$s/pxelinux.0 ] && [ -f /%2$s/kernel ] && [ -f /%3$s/initrd.gz ] ", _tftpDir, _tftpDir, _tftpDir); String cmd = String.format("[ -f /%1$s/pxelinux.0 ] && [ -f /%2$s/kernel ] && [ -f /%3$s/initrd.gz ] ", _tftpDir, _tftpDir, _tftpDir);

53
utils/src/com/cloud/utils/script/Script2.java Executable file
View File

@ -0,0 +1,53 @@
package com.cloud.utils.script;
import java.util.HashMap;
import org.apache.log4j.Logger;
public class Script2 extends Script {
HashMap<String, ParamType> _params = new HashMap<String, ParamType>();
public static enum ParamType {
NORMAL,
PASSWORD,
}
public Script2(String command, Logger logger) {
this(command, 0, logger);
}
public Script2(String command, long timeout, Logger logger) {
super(command, timeout, logger);
}
public void add(String param, ParamType type) {
_params.put(param, type);
super.add(param);
}
@Override
public void add(String param) {
add(param, ParamType.NORMAL);
}
private ParamType getType(String cmd) {
return _params.get(cmd);
}
@Override
protected String buildCommandLine(String[] command) {
StringBuilder builder = new StringBuilder();
for (int i = 0; i < command.length; i++) {
String cmd = command[i];
ParamType type = getType(cmd);
if (type == ParamType.PASSWORD) {
builder.append("******").append(" ");
} else {
builder.append(command[i]).append(" ");
}
}
return builder.toString();
}
}