Prevent regenerating keystore and add background task to upload certi…

…ficates

api/src/org/apache/cloudstack/api/command/admin/direct/download/UploadTemplateDirectDownloadCertificate.java → api/src/org/apache/cloudstack/api/command/admin/direct/download/UploadTemplateDirectDownloadCertificateCmd.java

@@ -16,11 +16,6 @@
 // under the License.
 package org.apache.cloudstack.api.command.admin.direct.download;
 
-import com.cloud.exception.ConcurrentOperationException;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.exception.NetworkRuleConflictException;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
@@ -29,25 +24,26 @@
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.direct.download.DirectDownloadManager;
 import org.apache.log4j.Logger;
 
 import javax.inject.Inject;
 
-@APICommand(name = UploadTemplateDirectDownloadCertificate.APINAME,
+@APICommand(name = UploadTemplateDirectDownloadCertificateCmd.APINAME,
         description = "Upload a certificate for HTTPS direct template download on KVM hosts",
         responseObject = SuccessResponse.class,
         requestHasSensitiveInfo = true,
-        responseHasSensitiveInfo = true,
+        responseHasSensitiveInfo = false,
         since = "4.11.0",
         authorized = {RoleType.Admin})
-public class UploadTemplateDirectDownloadCertificate extends BaseCmd {
+public class UploadTemplateDirectDownloadCertificateCmd extends BaseCmd {
 
     @Inject
     DirectDownloadManager directDownloadManager;
 
-    private static final Logger LOG = Logger.getLogger(UploadTemplateDirectDownloadCertificate.class);
+    private static final Logger LOG = Logger.getLogger(UploadTemplateDirectDownloadCertificateCmd.class);
     public static final String APINAME = "uploadTemplateDirectDownloadCertificate";
 
     @Parameter(name = ApiConstants.CERTIFICATE, type = BaseCmd.CommandType.STRING, required = true, length = 65535,
@@ -61,16 +57,24 @@ public class UploadTemplateDirectDownloadCertificate extends BaseCmd {
     @Parameter(name = ApiConstants.HYPERVISOR, type = BaseCmd.CommandType.STRING, required = true, description = "Hypervisor type")
     private String hypervisor;
 
+    @Parameter(name = ApiConstants.ZONE_ID, type = CommandType.UUID, entityType = ZoneResponse.class,
+            description = "Zone to upload certificate", required = true)
+    private Long zoneId;
+
     @Override
-    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+    public void execute() {
         if (!hypervisor.equalsIgnoreCase("kvm")) {
             throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Currently supporting KVM hosts only");
         }
 
-        SuccessResponse response = new SuccessResponse(getCommandName());
+        if (name.equalsIgnoreCase("cloud")) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Please provide a different alias name for the certificate");
+        }
+
         try {
             LOG.debug("Uploading certificate " + name + " to agents for Direct Download");
-            boolean result = directDownloadManager.uploadCertificateToHosts(certificate, name, hypervisor);
+            boolean result = directDownloadManager.uploadCertificateToHosts(certificate, name, hypervisor, zoneId);
+            SuccessResponse response = new SuccessResponse(getCommandName());
             response.setSuccess(result);
             setResponseObject(response);
         } catch (Exception e) {

api/src/org/apache/cloudstack/direct/download/DirectDownloadCertificate.java

@@ -0,0 +1,29 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.direct.download;
+
+import com.cloud.hypervisor.Hypervisor;
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+public interface DirectDownloadCertificate extends InternalIdentity, Identity {
+
+    String getCertificate();
+    String getAlias();
+    Hypervisor.HypervisorType getHypervisorType();
+
+}

api/src/org/apache/cloudstack/direct/download/DirectDownloadManager.java

@@ -19,7 +19,14 @@
 
 import com.cloud.utils.component.PluggableService;
 import org.apache.cloudstack.framework.agent.direct.download.DirectDownloadService;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
 
-public interface DirectDownloadManager extends DirectDownloadService, PluggableService {
+public interface DirectDownloadManager extends DirectDownloadService, PluggableService, Configurable {
 
+    ConfigKey<Long> DirectDownloadCertificateUploadInterval = new ConfigKey<>("Advanced", Long.class,
+            "direct.download.certificate.background.task.interval",
+            "24",
+            "The Direct Download framework background interval in hours.",
+            true);
 }

engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml

@@ -356,4 +356,6 @@
   <bean id="outOfBandManagementDaoImpl" class="org.apache.cloudstack.outofbandmanagement.dao.OutOfBandManagementDaoImpl" />
   <bean id="GuestOsDetailsDaoImpl" class="org.apache.cloudstack.resourcedetail.dao.GuestOsDetailsDaoImpl" />
   <bean id="annotationDaoImpl" class="org.apache.cloudstack.annotation.dao.AnnotationDaoImpl" />
+  <bean id="directDownloadCertificateDaoImpl" class="org.apache.cloudstack.direct.download.DirectDownloadCertificateDaoImpl" />
+  <bean id="directDownloadCertificateHostMapDaoImpl" class="org.apache.cloudstack.direct.download.DirectDownloadCertificateHostMapDaoImpl" />
 </beans>

engine/schema/resources/META-INF/db/schema-41120to41130.sql

@@ -0,0 +1,44 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--   http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied.  See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+--;
+-- Schema upgrade from 4.11.2.0 to 4.11.3.0
+--;
+
+CREATE TABLE `cloud`.`direct_download_certificate` (
+     `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+     `uuid` varchar(40) NOT NULL,
+     `alias` varchar(255) NOT NULL,
+     `certificate` text NOT NULL,
+     `hypervisor_type` varchar(45) NOT NULL,
+     `zone_id` bigint(20) unsigned NOT NULL,
+     PRIMARY KEY (`id`),
+     KEY `i_direct_download_certificate_alias` (`alias`),
+     KEY `fk_direct_download_certificate__zone_id` (`zone_id`),
+     CONSTRAINT `fk_direct_download_certificate__zone_id` FOREIGN KEY (`zone_id`) REFERENCES `data_center` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`direct_download_certificate_host_map` (
+    `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
+    `certificate_id` bigint(20) unsigned NOT NULL,
+    `host_id` bigint(20) unsigned NOT NULL,
+    PRIMARY KEY (`id`),
+    KEY `fk_direct_download_certificate_host_map__host_id` (`host_id`),
+    KEY `fk_direct_download_certificate_host_map__certificate_id` (`certificate_id`),
+    CONSTRAINT `fk_direct_download_certificate_host_map__host_id` FOREIGN KEY (`host_id`) REFERENCES `host` (`id`) ON DELETE CASCADE,
+    CONSTRAINT `fk_direct_download_certificate_host_map__certificate_id` FOREIGN KEY (`certificate_id`) REFERENCES `direct_download_certificate` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;

engine/schema/src/com/cloud/host/dao/HostDao.java

@@ -107,4 +107,6 @@ public interface HostDao extends GenericDao<HostVO, Long>, StateDao<Status, Stat
      * Side note: this method is currently only used in XenServerGuru; therefore, it was designed to meet XenServer deployment scenarios requirements.
      */
     HostVO findHostInZoneToExecuteCommand(long zoneId, HypervisorType hypervisorType);
+
+    List<HostVO> listAllHostsUpByZoneAndHypervisor(long zoneId, HypervisorType hypervisorType);
 }

engine/schema/src/com/cloud/host/dao/HostDaoImpl.java

@@ -26,6 +26,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.TimeZone;
+import java.util.stream.Collectors;
 
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
@@ -1192,6 +1193,15 @@ public HostVO findHostInZoneToExecuteCommand(long zoneId, HypervisorType hypervi
         }
     }
 
+    @Override
+    public List<HostVO> listAllHostsUpByZoneAndHypervisor(long zoneId, HypervisorType hypervisorType) {
+        return listByDataCenterIdAndHypervisorType(zoneId, hypervisorType)
+                .stream()
+                .filter(x -> x.getStatus().equals(Status.Up) &&
+                        x.getType() == Host.Type.Routing)
+                .collect(Collectors.toList());
+    }
+
     private ResultSet executeSqlGetResultsetForMethodFindHostInZoneToExecuteCommand(HypervisorType hypervisorType, long zoneId, TransactionLegacy tx, String sql) throws SQLException {
         PreparedStatement pstmt = tx.prepareAutoCloseStatement(sql);
         pstmt.setString(1, Objects.toString(hypervisorType));

engine/schema/src/org/apache/cloudstack/direct/download/DirectDownloadCertificateDao.java

@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.direct.download;
+
+import com.cloud.hypervisor.Hypervisor;
+import com.cloud.utils.db.GenericDao;
+
+import java.util.List;
+
+public interface DirectDownloadCertificateDao extends GenericDao<DirectDownloadCertificateVO, Long> {
+    DirectDownloadCertificateVO findByAlias(String alias);
+    List<DirectDownloadCertificateVO> listByHypervisorType(Hypervisor.HypervisorType hypervisorType);
+    List<DirectDownloadCertificateVO> listByZone(long zoneId);
+}

engine/schema/src/org/apache/cloudstack/direct/download/DirectDownloadCertificateDaoImpl.java

@@ -0,0 +1,58 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.direct.download;
+
+import com.cloud.hypervisor.Hypervisor;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+import java.util.List;
+
+public class DirectDownloadCertificateDaoImpl extends GenericDaoBase<DirectDownloadCertificateVO, Long> implements DirectDownloadCertificateDao {
+
+    private final SearchBuilder<DirectDownloadCertificateVO> certificateSearchBuilder;
+
+    public DirectDownloadCertificateDaoImpl() {
+        certificateSearchBuilder = createSearchBuilder();
+        certificateSearchBuilder.and("alias", certificateSearchBuilder.entity().getAlias(), SearchCriteria.Op.EQ);
+        certificateSearchBuilder.and("hypervisor_type", certificateSearchBuilder.entity().getHypervisorType(), SearchCriteria.Op.EQ);
+        certificateSearchBuilder.and("zone_id", certificateSearchBuilder.entity().getZoneId(), SearchCriteria.Op.EQ);
+        certificateSearchBuilder.done();
+    }
+
+    @Override
+    public DirectDownloadCertificateVO findByAlias(String alias) {
+        SearchCriteria<DirectDownloadCertificateVO> sc = certificateSearchBuilder.create();
+        sc.setParameters("alias", alias);
+        return findOneBy(sc);
+    }
+
+    @Override
+    public List<DirectDownloadCertificateVO> listByHypervisorType(Hypervisor.HypervisorType hypervisorType) {
+        SearchCriteria<DirectDownloadCertificateVO> sc = certificateSearchBuilder.create();
+        sc.setParameters("hypervisor_type", hypervisorType);
+        return listBy(sc);
+    }
+
+    @Override
+    public List<DirectDownloadCertificateVO> listByZone(long zoneId) {
+        SearchCriteria<DirectDownloadCertificateVO> sc = certificateSearchBuilder.create();
+        sc.setParameters("zone_id", zoneId);
+        return listBy(sc);
+    }
+}

engine/schema/src/org/apache/cloudstack/direct/download/DirectDownloadCertificateHostMapDao.java

@@ -0,0 +1,23 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.direct.download;
+
+import com.cloud.utils.db.GenericDao;
+
+public interface DirectDownloadCertificateHostMapDao extends GenericDao<DirectDownloadCertificateHostMapVO, Long> {
+    DirectDownloadCertificateHostMapVO findByCertificateAndHost(long certificateId, long hostId);
+}

engine/schema/src/org/apache/cloudstack/direct/download/DirectDownloadCertificateHostMapDaoImpl.java

@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.direct.download;
+
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+public class DirectDownloadCertificateHostMapDaoImpl extends GenericDaoBase<DirectDownloadCertificateHostMapVO, Long> implements DirectDownloadCertificateHostMapDao {
+    private final SearchBuilder<DirectDownloadCertificateHostMapVO> mapSearchBuilder;
+
+    public DirectDownloadCertificateHostMapDaoImpl() {
+        mapSearchBuilder = createSearchBuilder();
+        mapSearchBuilder.and("certificate_id", mapSearchBuilder.entity().getCertificateId(), SearchCriteria.Op.EQ);
+        mapSearchBuilder.and("host_id", mapSearchBuilder.entity().getHostId(), SearchCriteria.Op.EQ);
+        mapSearchBuilder.done();
+    }
+    @Override
+    public DirectDownloadCertificateHostMapVO findByCertificateAndHost(long certificateId, long hostId) {
+        SearchCriteria<DirectDownloadCertificateHostMapVO> sc = mapSearchBuilder.create();
+        sc.setParameters("certificate_id", certificateId);
+        sc.setParameters("host_id", hostId);
+        return findOneBy(sc);
+    }
+}