Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

merge 3.0.2 fixes

  • Loading branch information...
commit 19dfea476004dc380afddc3e0dd61a5955ff171a 2 parents fe7ef84 + c641794
@grze grze authored
View
2  clc/modules/bootstrap/src/main/native/arguments.ggo.in
@@ -35,13 +35,11 @@ option "remote-dns" - "eucalyptus-cloud will not try to bind port 5
option "remote-cloud" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
option "remote-walrus" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
option "remote-storage" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
-option "remote-vmwarebroker" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
option "disable-iscsi" - "Disable ISCSI support for dynamic block storage." flag off # TODO: this needs to be removed
option "disable-cloud" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
option "disable-walrus" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
option "disable-dns" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
option "disable-storage" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
-option "disable-vmwarebroker" - "DEPRECATED DO NOT USE. IT DOES NOTHING." flag off hidden # DEPRECATED
###### # # # # # # #
###### long-opt # short # description # type # type desc. # default value # req. # extras...
section "Java Options" # # # # # # #
View
98 clc/modules/bootstrap/src/main/native/eucalyptus-opts.c
@@ -1,5 +1,5 @@
/*
- File autogenerated by gengetopt version 2.22.4
+ File autogenerated by gengetopt version 2.22.5
generated with the following command:
gengetopt --input=arguments.ggo --file-name=eucalyptus-opts --func-name=arguments --arg-struct-name=eucalyptus_opts
@@ -61,18 +61,16 @@ const char *eucalyptus_opts_full_help[] = {
" --remote-cloud DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
" --remote-walrus DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
" --remote-storage DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
- " --remote-vmwarebroker DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
" --disable-iscsi Disable ISCSI support for dynamic block \n storage. (default=off)",
" --disable-cloud DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
" --disable-walrus DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
" --disable-dns DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
" --disable-storage DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
- " --disable-vmwarebroker DEPRECATED DO NOT USE. IT DOES NOTHING. \n (default=off)",
"\nJava Options:",
" -j, --java-home=DIRECTORY Alternative way to specify JAVA_HOME. \n (default=`/bzr/packages/jdk1.6.0_26/')",
" --jvm-name=JVMNAME Which JVM type to run (see jvm.cfg). \n (default=`-server')",
" -X, --jvm-args=STRING Arguments to pass to the JVM.",
- " --jmx Launch with JMX enabled. (default=on)",
+ " --jmx Launch with JMX enabled. (default=off)",
" -d, --debug Launch with debugger enabled. (default=off)",
" -v, --verbose Launch the JVM w/ verbose output flags. \n (default=off)",
" --debug-port=INT Set the port to use for the debugger. \n (default=`5005')",
@@ -112,16 +110,16 @@ init_help_array(void)
eucalyptus_opts_help[22] = eucalyptus_opts_full_help[23];
eucalyptus_opts_help[23] = eucalyptus_opts_full_help[24];
eucalyptus_opts_help[24] = eucalyptus_opts_full_help[25];
- eucalyptus_opts_help[25] = eucalyptus_opts_full_help[30];
- eucalyptus_opts_help[26] = eucalyptus_opts_full_help[36];
- eucalyptus_opts_help[27] = eucalyptus_opts_full_help[37];
- eucalyptus_opts_help[28] = eucalyptus_opts_full_help[39];
- eucalyptus_opts_help[29] = eucalyptus_opts_full_help[40];
- eucalyptus_opts_help[30] = eucalyptus_opts_full_help[41];
- eucalyptus_opts_help[31] = eucalyptus_opts_full_help[42];
- eucalyptus_opts_help[32] = eucalyptus_opts_full_help[43];
- eucalyptus_opts_help[33] = eucalyptus_opts_full_help[44];
- eucalyptus_opts_help[34] = eucalyptus_opts_full_help[45];
+ eucalyptus_opts_help[25] = eucalyptus_opts_full_help[29];
+ eucalyptus_opts_help[26] = eucalyptus_opts_full_help[34];
+ eucalyptus_opts_help[27] = eucalyptus_opts_full_help[35];
+ eucalyptus_opts_help[28] = eucalyptus_opts_full_help[37];
+ eucalyptus_opts_help[29] = eucalyptus_opts_full_help[38];
+ eucalyptus_opts_help[30] = eucalyptus_opts_full_help[39];
+ eucalyptus_opts_help[31] = eucalyptus_opts_full_help[40];
+ eucalyptus_opts_help[32] = eucalyptus_opts_full_help[41];
+ eucalyptus_opts_help[33] = eucalyptus_opts_full_help[42];
+ eucalyptus_opts_help[34] = eucalyptus_opts_full_help[43];
eucalyptus_opts_help[35] = 0;
}
@@ -178,13 +176,11 @@ void clear_given (struct eucalyptus_opts *args_info)
args_info->remote_cloud_given = 0 ;
args_info->remote_walrus_given = 0 ;
args_info->remote_storage_given = 0 ;
- args_info->remote_vmwarebroker_given = 0 ;
args_info->disable_iscsi_given = 0 ;
args_info->disable_cloud_given = 0 ;
args_info->disable_walrus_given = 0 ;
args_info->disable_dns_given = 0 ;
args_info->disable_storage_given = 0 ;
- args_info->disable_vmwarebroker_given = 0 ;
args_info->java_home_given = 0 ;
args_info->jvm_name_given = 0 ;
args_info->jvm_args_given = 0 ;
@@ -236,20 +232,18 @@ void clear_args (struct eucalyptus_opts *args_info)
args_info->remote_cloud_flag = 0;
args_info->remote_walrus_flag = 0;
args_info->remote_storage_flag = 0;
- args_info->remote_vmwarebroker_flag = 0;
args_info->disable_iscsi_flag = 0;
args_info->disable_cloud_flag = 0;
args_info->disable_walrus_flag = 0;
args_info->disable_dns_flag = 0;
args_info->disable_storage_flag = 0;
- args_info->disable_vmwarebroker_flag = 0;
args_info->java_home_arg = NULL;
args_info->java_home_orig = NULL;
args_info->jvm_name_arg = gengetopt_strdup ("-server");
args_info->jvm_name_orig = NULL;
args_info->jvm_args_arg = NULL;
args_info->jvm_args_orig = NULL;
- args_info->jmx_flag = 1;
+ args_info->jmx_flag = 0;
args_info->debug_flag = 0;
args_info->verbose_flag = 0;
args_info->debug_port_arg = 5005;
@@ -301,29 +295,27 @@ void init_args_info(struct eucalyptus_opts *args_info)
args_info->remote_cloud_help = eucalyptus_opts_full_help[26] ;
args_info->remote_walrus_help = eucalyptus_opts_full_help[27] ;
args_info->remote_storage_help = eucalyptus_opts_full_help[28] ;
- args_info->remote_vmwarebroker_help = eucalyptus_opts_full_help[29] ;
- args_info->disable_iscsi_help = eucalyptus_opts_full_help[30] ;
- args_info->disable_cloud_help = eucalyptus_opts_full_help[31] ;
- args_info->disable_walrus_help = eucalyptus_opts_full_help[32] ;
- args_info->disable_dns_help = eucalyptus_opts_full_help[33] ;
- args_info->disable_storage_help = eucalyptus_opts_full_help[34] ;
- args_info->disable_vmwarebroker_help = eucalyptus_opts_full_help[35] ;
- args_info->java_home_help = eucalyptus_opts_full_help[37] ;
+ args_info->disable_iscsi_help = eucalyptus_opts_full_help[29] ;
+ args_info->disable_cloud_help = eucalyptus_opts_full_help[30] ;
+ args_info->disable_walrus_help = eucalyptus_opts_full_help[31] ;
+ args_info->disable_dns_help = eucalyptus_opts_full_help[32] ;
+ args_info->disable_storage_help = eucalyptus_opts_full_help[33] ;
+ args_info->java_home_help = eucalyptus_opts_full_help[35] ;
args_info->java_home_min = 0;
args_info->java_home_max = 0;
- args_info->jvm_name_help = eucalyptus_opts_full_help[38] ;
- args_info->jvm_args_help = eucalyptus_opts_full_help[39] ;
+ args_info->jvm_name_help = eucalyptus_opts_full_help[36] ;
+ args_info->jvm_args_help = eucalyptus_opts_full_help[37] ;
args_info->jvm_args_min = 0;
args_info->jvm_args_max = 0;
- args_info->jmx_help = eucalyptus_opts_full_help[40] ;
- args_info->debug_help = eucalyptus_opts_full_help[41] ;
- args_info->verbose_help = eucalyptus_opts_full_help[42] ;
- args_info->debug_port_help = eucalyptus_opts_full_help[43] ;
- args_info->debug_noha_help = eucalyptus_opts_full_help[44] ;
- args_info->debug_suspend_help = eucalyptus_opts_full_help[45] ;
- args_info->profile_help = eucalyptus_opts_full_help[46] ;
- args_info->profiler_home_help = eucalyptus_opts_full_help[47] ;
- args_info->agentlib_help = eucalyptus_opts_full_help[48] ;
+ args_info->jmx_help = eucalyptus_opts_full_help[38] ;
+ args_info->debug_help = eucalyptus_opts_full_help[39] ;
+ args_info->verbose_help = eucalyptus_opts_full_help[40] ;
+ args_info->debug_port_help = eucalyptus_opts_full_help[41] ;
+ args_info->debug_noha_help = eucalyptus_opts_full_help[42] ;
+ args_info->debug_suspend_help = eucalyptus_opts_full_help[43] ;
+ args_info->profile_help = eucalyptus_opts_full_help[44] ;
+ args_info->profiler_home_help = eucalyptus_opts_full_help[45] ;
+ args_info->agentlib_help = eucalyptus_opts_full_help[46] ;
}
@@ -571,8 +563,6 @@ arguments_dump(FILE *outfile, struct eucalyptus_opts *args_info)
write_into_file(outfile, "remote-walrus", 0, 0 );
if (args_info->remote_storage_given)
write_into_file(outfile, "remote-storage", 0, 0 );
- if (args_info->remote_vmwarebroker_given)
- write_into_file(outfile, "remote-vmwarebroker", 0, 0 );
if (args_info->disable_iscsi_given)
write_into_file(outfile, "disable-iscsi", 0, 0 );
if (args_info->disable_cloud_given)
@@ -583,8 +573,6 @@ arguments_dump(FILE *outfile, struct eucalyptus_opts *args_info)
write_into_file(outfile, "disable-dns", 0, 0 );
if (args_info->disable_storage_given)
write_into_file(outfile, "disable-storage", 0, 0 );
- if (args_info->disable_vmwarebroker_given)
- write_into_file(outfile, "disable-vmwarebroker", 0, 0 );
write_multiple_into_file(outfile, args_info->java_home_given, "java-home", args_info->java_home_orig, 0);
if (args_info->jvm_name_given)
write_into_file(outfile, "jvm-name", args_info->jvm_name_orig, 0);
@@ -1216,13 +1204,11 @@ arguments_internal (
{ "remote-cloud", 0, NULL, 0 },
{ "remote-walrus", 0, NULL, 0 },
{ "remote-storage", 0, NULL, 0 },
- { "remote-vmwarebroker", 0, NULL, 0 },
{ "disable-iscsi", 0, NULL, 0 },
{ "disable-cloud", 0, NULL, 0 },
{ "disable-walrus", 0, NULL, 0 },
{ "disable-dns", 0, NULL, 0 },
{ "disable-storage", 0, NULL, 0 },
- { "disable-vmwarebroker", 0, NULL, 0 },
{ "java-home", 1, NULL, 'j' },
{ "jvm-name", 1, NULL, 0 },
{ "jvm-args", 1, NULL, 'X' },
@@ -1574,18 +1560,6 @@ arguments_internal (
goto failure;
}
- /* DEPRECATED DO NOT USE. IT DOES NOTHING.. */
- else if (strcmp (long_options[option_index].name, "remote-vmwarebroker") == 0)
- {
-
-
- if (update_arg((void *)&(args_info->remote_vmwarebroker_flag), 0, &(args_info->remote_vmwarebroker_given),
- &(local_args_info.remote_vmwarebroker_given), optarg, 0, 0, ARG_FLAG,
- check_ambiguity, override, 1, 0, "remote-vmwarebroker", '-',
- additional_error))
- goto failure;
-
- }
/* Disable ISCSI support for dynamic block storage.. */
else if (strcmp (long_options[option_index].name, "disable-iscsi") == 0)
{
@@ -1646,18 +1620,6 @@ arguments_internal (
goto failure;
}
- /* DEPRECATED DO NOT USE. IT DOES NOTHING.. */
- else if (strcmp (long_options[option_index].name, "disable-vmwarebroker") == 0)
- {
-
-
- if (update_arg((void *)&(args_info->disable_vmwarebroker_flag), 0, &(args_info->disable_vmwarebroker_given),
- &(local_args_info.disable_vmwarebroker_given), optarg, 0, 0, ARG_FLAG,
- check_ambiguity, override, 1, 0, "disable-vmwarebroker", '-',
- additional_error))
- goto failure;
-
- }
/* Which JVM type to run (see jvm.cfg).. */
else if (strcmp (long_options[option_index].name, "jvm-name") == 0)
{
View
10 clc/modules/bootstrap/src/main/native/eucalyptus-opts.h
@@ -1,6 +1,6 @@
/** @file eucalyptus-opts.h
* @brief The header file for the command line option parser
- * generated by GNU Gengetopt version 2.22.4
+ * generated by GNU Gengetopt version 2.22.5
* http://www.gnu.org/software/gengetopt.
* DO NOT modify this file, since it can be overwritten
* @author GNU Gengetopt by Lorenzo Bettini */
@@ -102,8 +102,6 @@ struct eucalyptus_opts
const char *remote_walrus_help; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. help description. */
int remote_storage_flag; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. (default=off). */
const char *remote_storage_help; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. help description. */
- int remote_vmwarebroker_flag; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. (default=off). */
- const char *remote_vmwarebroker_help; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. help description. */
int disable_iscsi_flag; /**< @brief Disable ISCSI support for dynamic block storage. (default=off). */
const char *disable_iscsi_help; /**< @brief Disable ISCSI support for dynamic block storage. help description. */
int disable_cloud_flag; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. (default=off). */
@@ -114,8 +112,6 @@ struct eucalyptus_opts
const char *disable_dns_help; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. help description. */
int disable_storage_flag; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. (default=off). */
const char *disable_storage_help; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. help description. */
- int disable_vmwarebroker_flag; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. (default=off). */
- const char *disable_vmwarebroker_help; /**< @brief DEPRECATED DO NOT USE. IT DOES NOTHING. help description. */
char ** java_home_arg; /**< @brief Alternative way to specify JAVA_HOME. (default='/bzr/packages/jdk1.6.0_26/'). */
char ** java_home_orig; /**< @brief Alternative way to specify JAVA_HOME. original value given at command line. */
unsigned int java_home_min; /**< @brief Alternative way to specify JAVA_HOME.'s minimum occurreces */
@@ -129,7 +125,7 @@ struct eucalyptus_opts
unsigned int jvm_args_min; /**< @brief Arguments to pass to the JVM.'s minimum occurreces */
unsigned int jvm_args_max; /**< @brief Arguments to pass to the JVM.'s maximum occurreces */
const char *jvm_args_help; /**< @brief Arguments to pass to the JVM. help description. */
- int jmx_flag; /**< @brief Launch with JMX enabled. (default=on). */
+ int jmx_flag; /**< @brief Launch with JMX enabled. (default=off). */
const char *jmx_help; /**< @brief Launch with JMX enabled. help description. */
int debug_flag; /**< @brief Launch with debugger enabled. (default=off). */
const char *debug_help; /**< @brief Launch with debugger enabled. help description. */
@@ -177,13 +173,11 @@ struct eucalyptus_opts
unsigned int remote_cloud_given ; /**< @brief Whether remote-cloud was given. */
unsigned int remote_walrus_given ; /**< @brief Whether remote-walrus was given. */
unsigned int remote_storage_given ; /**< @brief Whether remote-storage was given. */
- unsigned int remote_vmwarebroker_given ; /**< @brief Whether remote-vmwarebroker was given. */
unsigned int disable_iscsi_given ; /**< @brief Whether disable-iscsi was given. */
unsigned int disable_cloud_given ; /**< @brief Whether disable-cloud was given. */
unsigned int disable_walrus_given ; /**< @brief Whether disable-walrus was given. */
unsigned int disable_dns_given ; /**< @brief Whether disable-dns was given. */
unsigned int disable_storage_given ; /**< @brief Whether disable-storage was given. */
- unsigned int disable_vmwarebroker_given ; /**< @brief Whether disable-vmwarebroker was given. */
unsigned int java_home_given ; /**< @brief Whether java-home was given. */
unsigned int jvm_name_given ; /**< @brief Whether jvm-name was given. */
unsigned int jvm_args_given ; /**< @brief Whether jvm-args was given. */
View
6 clc/modules/msgs/src/main/java/com/eucalyptus/bootstrap/SystemBootstrapper.java
@@ -81,6 +81,7 @@
import com.eucalyptus.records.EventRecord;
import com.eucalyptus.records.EventType;
import com.eucalyptus.records.Logs;
+import com.eucalyptus.scripting.Groovyness;
import com.eucalyptus.system.Threads;
import com.eucalyptus.util.Internets;
import com.google.common.base.Functions;
@@ -182,6 +183,11 @@ public void uncaughtException( Thread t, Throwable e ) {
OrderedShutdown.initialize( );
BootstrapArgs.init( );
Security.addProvider( new BouncyCastleProvider( ) );
+ try {//GRZE:HACK: need to remove the nss add-on in deb based distros as it breaks ssl.
+ Groovyness.eval( "import sun.security.jca.*; Providers.setProviderList( ProviderList.remove( Providers.@providerList,\"SunPKCS11-NSS\") );" );
+ } catch ( Exception ex ) {
+ LOG.error( ex , ex );
+ }
try {
if ( !BootstrapArgs.isInitializeSystem( ) ) {
Bootstrap.init( );
View
94 clc/modules/msgs/src/main/java/com/eucalyptus/component/Topology.java
@@ -83,6 +83,8 @@
import com.eucalyptus.bootstrap.Host;
import com.eucalyptus.bootstrap.Hosts;
import com.eucalyptus.component.Component.State;
+import com.eucalyptus.configurable.ConfigurableClass;
+import com.eucalyptus.configurable.ConfigurableField;
import com.eucalyptus.empyrean.DestroyServiceType;
import com.eucalyptus.empyrean.Empyrean;
import com.eucalyptus.empyrean.ServiceId;
@@ -99,6 +101,7 @@
import com.eucalyptus.util.TypeMappers;
import com.eucalyptus.util.async.AsyncRequests;
import com.eucalyptus.util.async.Futures;
+import com.eucalyptus.util.fsm.ExistingTransitionException;
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.base.Predicate;
@@ -112,11 +115,17 @@
import com.google.common.primitives.Ints;
import edu.ucsb.eucalyptus.msgs.BaseMessage;
+@ConfigurableClass( root = "bootstrap.topology",
+ description = "Properties controlling the handling of service topology" )
public class Topology {
- private static Logger LOG = Logger.getLogger( Topology.class );
- private static Topology singleton = null; //TODO:GRZE:handle differently for remote case?
- private Integer currentEpoch = 0; //TODO:GRZE: get the right initial epoch value from membership bootstrap
- private final ConcurrentMap<ServiceKey, ServiceConfiguration> services = new ConcurrentSkipListMap<Topology.ServiceKey, ServiceConfiguration>( );
+ private static Logger LOG = Logger.getLogger( Topology.class );
+ private static Topology singleton = null; //TODO:GRZE:handle differently for remote case?
+ private Integer currentEpoch = 0; //TODO:GRZE: get the right initial epoch value from membership bootstrap
+ @ConfigurableField( description = "Backoff between service state checks (in seconds)." )
+ public static Integer COORDINATOR_CHECK_BACKOFF_SECS = 10;
+ @ConfigurableField( description = "Backoff between service state checks (in seconds)." )
+ public static Integer LOCAL_CHECK_BACKOFF_SECS = 10;
+ private final ConcurrentMap<ServiceKey, ServiceConfiguration> services = new ConcurrentSkipListMap<Topology.ServiceKey, ServiceConfiguration>( );
private enum Queue implements Function<Callable, Future> {
INTERNAL( 1 ) {
@@ -168,14 +177,15 @@ public Future apply( final Callable call ) {
private enum TopologyTimer implements EventListener<ClockTick> {
INSTANCE;
private static final AtomicInteger counter = new AtomicInteger( 0 );
- private static final AtomicBoolean busy = new AtomicBoolean( false );
+ private static final AtomicBoolean busy = new AtomicBoolean( false );
@Override
public void fireEvent( final ClockTick event ) {
+ final int backoff = Hosts.isCoordinator( ) ? COORDINATOR_CHECK_BACKOFF_SECS : LOCAL_CHECK_BACKOFF_SECS;
Callable<Object> call = new Callable<Object>( ) {
public Object call( ) {
try {
- TimeUnit.SECONDS.sleep( 10 );
+ TimeUnit.SECONDS.sleep( backoff );
return RunChecks.INSTANCE.call( );
} catch ( InterruptedException ex ) {
return Exceptions.maybeInterrupted( ex );
@@ -190,7 +200,7 @@ public Object call( ) {
} catch ( Exception ex ) {
busy.set( false );
}
- } else if ( counter.incrementAndGet( ) % 3 == 0 && busy.compareAndSet( false, true ) ) {
+ } else if ( counter.incrementAndGet( ) % 5 == 0 && busy.compareAndSet( false, true ) ) {
try {
Queue.INTERNAL.enqueue( call );
} catch ( Exception ex ) {
@@ -201,6 +211,10 @@ public Object call( ) {
}
+ private Topology( ) {
+ this( 0 );
+ }
+
private Topology( final int i ) {
super( );
this.currentEpoch = i;
@@ -397,7 +411,7 @@ public static int epoch( ) {
try {
msg.getServices( ).add( TypeMappers.transform( config, ServiceId.class ) );
for ( Host h : Hosts.list( ) ) {
- if ( !h.isLocalHost( ) && h.hasBootstrapped( ) ) {
+ if ( !h.isLocalHost( ) && h.hasBootstrapped( ) ) {
try {
AsyncRequests.sendSync( ServiceConfigurations.createEphemeral( Empyrean.INSTANCE, h.getBindAddress( ) ), msg );
} catch ( Exception ex ) {
@@ -462,7 +476,9 @@ public boolean nextEpoch( ) {
@Override
public boolean tryEnable( final ServiceConfiguration config ) {
final ServiceKey serviceKey = ServiceKey.create( config );
+ Logs.extreme( ).info( config );
final ServiceConfiguration curr = Topology.this.getServices( ).putIfAbsent( serviceKey, config );
+ Logs.extreme( ).info( "Current ENABLED: " + curr );
if ( ( curr != null ) && !curr.equals( config ) ) {
return false;
} else if ( ( curr != null ) && curr.equals( config ) ) {
@@ -476,6 +492,7 @@ public boolean tryEnable( final ServiceConfiguration config ) {
@Override
public boolean tryDisable( final ServiceConfiguration config ) {
final ServiceKey serviceKey = ServiceKey.create( config );
+ Logs.extreme( ).info( config );
return !config.equals( Topology.this.getServices( ).get( serviceKey ) )
|| ( Topology.this.getServices( ).remove( serviceKey, config ) && this.nextEpoch( ) );
}
@@ -494,7 +511,9 @@ public boolean nextEpoch( ) {
@Override
public boolean tryEnable( final ServiceConfiguration config ) {
final ServiceKey serviceKey = ServiceKey.create( config );
+ Logs.extreme( ).info( config );
final ServiceConfiguration curr = Topology.this.getServices( ).put( serviceKey, config );
+ Logs.extreme( ).info( "Current ENABLED: " + curr );
if ( ( curr != null ) && !curr.equals( config ) ) {
transition( State.DISABLED ).apply( curr );
return false;
@@ -508,6 +527,7 @@ public boolean tryEnable( final ServiceConfiguration config ) {
@Override
public boolean tryDisable( final ServiceConfiguration config ) {
final ServiceKey serviceKey = ServiceKey.create( config );
+ Logs.extreme( ).info( config );
return ( Topology.this.getServices( ).remove( serviceKey, config ) || !config.equals( Topology.this.getServices( ).get( serviceKey ) ) )
&& this.nextEpoch( );
}
@@ -830,13 +850,21 @@ public Exception apply( final Future<ServiceConfiguration> input ) {
return checkedServices;
} else {
/** make promotion decisions **/
- final Predicate<ServiceConfiguration> canPromote = Predicates.and( Predicates.in( checkedServices ), FailoverPredicate.INSTANCE );
+ Predicate<ServiceConfiguration> alwaysTrue = Predicates.alwaysTrue( );
Collections.shuffle( allServices );
+
+ Collection<ServiceConfiguration> doPass1 = Collections2.filter( allServices, Predicates.and( CheckServiceFilter.INSTANCE, Component.State.NOTREADY ) );
+ Collection<ServiceConfiguration> disabledPass1 = submitTransitions( Lists.newArrayList( doPass1 ), alwaysTrue, SubmitDisable.INSTANCE );
+
+ List<ServiceConfiguration> doPass2 = Lists.newArrayList( doPass1 );
+ submitTransitions( doPass2, Predicates.not( Predicates.in( disabledPass1 ) ), SubmitDisable.INSTANCE );
+
+ final Predicate<ServiceConfiguration> canPromote = Predicates.and( Predicates.not( Predicates.in( doPass1 ) ), Component.State.DISABLED, FailoverPredicate.INSTANCE );
final Collection<ServiceConfiguration> promoteServices = Collections2.filter( allServices, canPromote );
List<ServiceConfiguration> result = submitTransitions( allServices, canPromote, SubmitEnable.INSTANCE );
/** advance other components as needed **/
- final Predicate<ServiceConfiguration> proceedToDisableFilter = Predicates.and( Predicates.not( Predicates.in( promoteServices ) ),
+ final Predicate<ServiceConfiguration> proceedToDisableFilter = Predicates.and( Predicates.not( Predicates.in( result ) ),
ProceedToDisabledServiceFilter.INSTANCE );
submitTransitions( allServices, proceedToDisableFilter, SubmitDisable.INSTANCE );
return result;
@@ -883,11 +911,6 @@ public boolean apply( final ServiceConfiguration arg0 ) {
Logs.extreme( ).debug( "FAILOVER-REJECT: " + arg0.getFullName( )
+ ": service is already ENABLED." );
return false;
- } else if ( !Component.State.DISABLED.equals( arg0.lookupState( ) ) ) {
- Logs.extreme( ).debug( "FAILOVER-REJECT: " + arg0.getFullName( )
- + ": service is in an invalid state: "
- + arg0.lookupState( ) );
- return false;
} else if ( !Topology.getInstance( ).getServices( ).containsKey( key ) ) {
Logs.extreme( ).debug( "FAILOVER-ACCEPT: " + arg0.getFullName( )
+ ": service for partition: "
@@ -908,11 +931,11 @@ public static ServiceConfiguration lookup( final Class<? extends ComponentId> co
: null )
: null );
ServiceConfiguration res = Topology.getInstance( ).getServices( ).get( ServiceKey.create( ComponentIds.lookup( compClass ), partition ) );
+ String err = "Failed to lookup ENABLED service of type " + compClass.getSimpleName( ) + ( partition != null ? " in partition " + partition : "." );
if ( res == null ) {
- throw new NoSuchElementException( "Failed to lookup ENABLED service of type "
- + compClass.getSimpleName( )
- + ( partition != null ? " in partition " + partition
- : "." ) );
+ throw new NoSuchElementException( err );
+ } else if ( !Component.State.ENABLED.apply( res ) ) {
+ throw new NoSuchElementException( err + " Service is currently ENABLING." );
} else {
return res;
}
@@ -956,7 +979,8 @@ public String toString( ) {
return Transitions.CHECK;
}
- private static Callable<ServiceConfiguration> callable( final ServiceConfiguration config, final Function<ServiceConfiguration, ServiceConfiguration> function ) {
+ private static Callable<ServiceConfiguration>
+ callable( final ServiceConfiguration config, final Function<ServiceConfiguration, ServiceConfiguration> function ) {
final Long queueStart = System.currentTimeMillis( );
final Callable<ServiceConfiguration> call = new Callable<ServiceConfiguration>( ) {
@@ -994,7 +1018,7 @@ public String toString( ) {
public enum Transitions implements Function<ServiceConfiguration, ServiceConfiguration>, Supplier<Component.State> {
START( Component.State.DISABLED ),
STOP( Component.State.STOPPED ) {
-
+
@Override
public ServiceConfiguration apply( ServiceConfiguration input ) {
return super.tc.apply( input );
@@ -1036,7 +1060,14 @@ public ServiceConfiguration apply( final ServiceConfiguration config ) {
throw Exceptions.toUndeclared( ex );
}
} else {
- throw new IllegalStateException( "Failed to ENABLE " + config.getFullName( ) + " since manyToOne=" + manyToOne + " tryEnable=" + tryEnable + " fsm.isBusy()=" + busy );
+ throw new IllegalStateException( "Failed to ENABLE "
+ + config.getFullName( )
+ + " since manyToOne="
+ + manyToOne
+ + " tryEnable="
+ + tryEnable
+ + " fsm.isBusy()="
+ + busy );
}
}
},
@@ -1119,19 +1150,26 @@ public ServiceConfiguration apply( final ServiceConfiguration input ) {
private ServiceConfiguration doTopologyChange( final ServiceConfiguration input, final State nextState ) throws RuntimeException {
final State initialState = input.lookupState( );
+ boolean enabledEndState = false;
ServiceConfiguration endResult = input;
try {
endResult = ServiceTransitions.pathTo( input, nextState ).get( );
Logs.extreme( ).debug( this.toString( endResult, initialState, nextState ) );
return endResult;
} catch ( final Exception ex ) {
- Exceptions.maybeInterrupted( ex );
- LOG.error( this.toString( input, initialState, nextState, ex ) );
- Logs.extreme( ).error( ex, Throwables.getRootCause( ex ) );
- Logs.extreme( ).error( ex, ex );
- throw Exceptions.toUndeclared( ex );
+ if ( Exceptions.isCausedBy( ex, ExistingTransitionException.class ) ) {
+ LOG.error( this.toString( input, initialState, nextState, ex ) );
+ enabledEndState = true;
+ throw Exceptions.toUndeclared( ex );
+ } else {
+ Exceptions.maybeInterrupted( ex );
+ LOG.error( this.toString( input, initialState, nextState, ex ) );
+ Logs.extreme( ).error( ex, Throwables.getRootCause( ex ) );
+ Logs.extreme( ).error( ex, ex );
+ throw Exceptions.toUndeclared( ex );
+ }
} finally {
- boolean enabledEndState = Component.State.ENABLED.equals( endResult.lookupState( ) );
+ enabledEndState |= Component.State.ENABLED.equals( endResult.lookupState( ) );
if ( Bootstrap.isFinished( ) && !enabledEndState && Topology.getInstance( ).services.containsValue( input ) ) {
Topology.guard( ).tryDisable( endResult );
}
View
18 clc/modules/msgs/src/main/java/com/eucalyptus/configurable/AbstractConfigurableProperty.java
@@ -115,15 +115,21 @@ public AbstractConfigurableProperty( Class definingClass, String entrySetName, F
this.widgetType = widgetType;
this.alias = alias;
this.changeListener = changeListener;
+ Constructor cons = null;
try {
- this.noArgConstructor = this.definingClass.getConstructor( new Class[] {} );
- this.noArgConstructor.setAccessible( true );
+ cons = this.definingClass.getConstructor( new Class[] {} );
+ cons.setAccessible( true );
} catch ( Exception ex ) {
- LOG.debug( "Known declared constructors: " + this.getDefiningClass( ).getDeclaredConstructors( ) );
- LOG.debug( "Known constructors: " + this.getDefiningClass( ).getConstructors( ) );
- LOG.debug( ex, ex );
- throw new RuntimeException( ex );
+ if ( !Modifier.isStatic( field.getModifiers( ) ) ) {
+ LOG.debug( "Known declared constructors: " + this.getDefiningClass( ).getDeclaredConstructors( ) );
+ LOG.debug( "Known constructors: " + this.getDefiningClass( ).getConstructors( ) );
+ LOG.debug( ex, ex );
+ throw new RuntimeException( ex );
+ } else {
+ //that a default no-arg constructor is required indicates there is too much specialized junk in here.
+ }
}
+ this.noArgConstructor = cons;
this.setArgs = new Class[] { this.field.getType( ) };
this.getter = this.getReflectedMethod( "get", this.field );
this.setter = this.getReflectedMethod( "set", this.field, this.setArgs );
View
262 clc/modules/msgs/src/main/java/com/eucalyptus/crypto/util/SslSetup.java
@@ -2,7 +2,9 @@
import java.io.File;
import java.net.Socket;
+import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -11,6 +13,7 @@
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
@@ -23,14 +26,66 @@
import com.eucalyptus.component.ComponentIds;
import com.eucalyptus.component.auth.SystemCredentials;
import com.eucalyptus.component.id.Eucalyptus;
+import com.eucalyptus.configurable.ConfigurableClass;
+import com.eucalyptus.configurable.ConfigurableField;
+import com.eucalyptus.configurable.ConfigurableProperty;
+import com.eucalyptus.configurable.ConfigurablePropertyException;
+import com.eucalyptus.configurable.PropertyChangeListener;
import com.eucalyptus.system.SubDirectory;
+import com.google.common.base.Supplier;
+import com.google.common.base.Suppliers;
+import com.google.common.collect.ObjectArrays;
import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
+@ConfigurableClass( root = "bootstrap.webservices.ssl",
+ description = "Parameters controlling the SSL configuration for the web services endpoint." )
public class SslSetup {
- private static Logger LOG = Logger.getLogger( SslSetup.class );
- private static final String PROTOCOL = "TLS";
- private static SSLContext SERVER_CONTEXT = null;
- private static SSLContext CLIENT_CONTEXT = null;
+ private static Logger LOG = Logger.getLogger( SslSetup.class );
+ private static final String PROTOCOL = "TLS";
+ private static SSLContext SERVER_CONTEXT = null;
+ private static SSLContext CLIENT_CONTEXT = null;
+ @ConfigurableField( description = "Alias of the certificate entry in euca.p12 to use for SSL for webservices.",
+ changeListener = SslCertChangeListener.class )
+ public static String SERVER_ALIAS = ComponentIds.lookup( Eucalyptus.class ).name( );
+ @ConfigurableField( description = "Password of the private key corresponding to the specified certificate for SSL for webservices.",
+ changeListener = SslPasswordChangeListener.class )
+ public static String SERVER_PASSWORD = ComponentIds.lookup( Eucalyptus.class ).name( );
+
+ public static class SslCertChangeListener implements PropertyChangeListener<String> {
+
+ @Override
+ public void fireChange( ConfigurableProperty t, String newValue ) throws ConfigurablePropertyException {
+ if ( SERVER_ALIAS != null && !SERVER_ALIAS.equals( newValue ) ) {
+ try {
+ String oldValue = SERVER_ALIAS;
+ SSLContext newContext = createServerContext( );
+ SERVER_ALIAS = newValue;
+ SERVER_CONTEXT = newContext;
+ } catch ( Exception ex ) {
+ throw new ConfigurablePropertyException( ex );
+ }
+ }
+ }
+
+ }
+
+ public static class SslPasswordChangeListener implements PropertyChangeListener<String> {
+
+ @Override
+ public void fireChange( ConfigurableProperty t, String newValue ) throws ConfigurablePropertyException {
+ if ( SERVER_PASSWORD != null && !SERVER_PASSWORD.equals( newValue ) ) {
+ try {
+ String oldValue = SERVER_PASSWORD;
+ SSLContext newContext = createServerContext( );
+ SERVER_PASSWORD = newValue;
+ SERVER_CONTEXT = newContext;
+ } catch ( Exception ex ) {
+ throw new ConfigurablePropertyException( ex );
+ }
+ }
+ }
+
+ }
static {
SSLContext serverContext = null;
@@ -39,12 +94,11 @@
System.setProperty( "javax.net.ssl.keyStore", SubDirectory.KEYS.toString( ) + File.separator + "euca.p12" );
System.setProperty( "javax.net.ssl.trustStoreType", "PKCS12" );
System.setProperty( "javax.net.ssl.keyStoreType", "PKCS12" );
- System.setProperty( "javax.net.ssl.trustStorePassword", ComponentIds.lookup(Eucalyptus.class).name( ) );
- System.setProperty( "javax.net.ssl.keyStorePassword", ComponentIds.lookup(Eucalyptus.class).name( ) );
+ System.setProperty( "javax.net.ssl.trustStorePassword", ComponentIds.lookup( Eucalyptus.class ).name( ) );
+ System.setProperty( "javax.net.ssl.keyStorePassword", ComponentIds.lookup( Eucalyptus.class ).name( ) );
// System.setProperty( "javax.net.debug", "ssl" );//set this to "ssl" for debugging.
try {
- serverContext = SSLContext.getInstance( "TLS" );
- serverContext.init( SslSetup.SimpleKeyManager.getKeyManagers( ), SslSetup.SimpleTrustManager.getTrustManagers( ), null );
+ serverContext = createServerContext( );
} catch ( Exception e ) {
LOG.debug( e, e );
throw new Error( "Failed to initialize the server-side SSLContext", e );
@@ -52,7 +106,7 @@
try {
clientContext = SSLContext.getInstance( "TLS" );
- clientContext.init( SslSetup.SimpleKeyManager.getKeyManagers( ), SslSetup.SimpleTrustManager.getTrustManagers( ), null );
+ clientContext.init( SslSetup.ClientKeyManager.getKeyManagers( ), SslSetup.ClientTrustManager.getTrustManagers( ), null );
} catch ( Exception e ) {
LOG.debug( e, e );
throw new Error( "Failed to initialize the client-side SSLContext", e );
@@ -62,21 +116,29 @@
CLIENT_CONTEXT = clientContext;
}
+ private static SSLContext createServerContext( ) throws NoSuchAlgorithmException, KeyManagementException {
+ SSLContext serverContext;
+ serverContext = SSLContext.getInstance( "TLS" );
+ serverContext.init( SslSetup.ServerKeyManager.getKeyManagers( ), SslSetup.ServerTrustManager.getTrustManagers( ), null );
+ return serverContext;
+ }
+
public static SSLContext getServerContext( ) {
return SERVER_CONTEXT;
}
-
- public static SSLEngine getServerEngine() {//TODO:GRZE: @Configurability
+
+ public static SSLEngine getServerEngine( ) {//TODO:GRZE: @Configurability
SSLEngine engine = SslSetup.getServerContext( ).createSSLEngine( );
engine.setUseClientMode( false );
return engine;
}
+
public static SSLContext getClientContext( ) {
return CLIENT_CONTEXT;
}
- public static class SimpleKeyManager extends KeyManagerFactorySpi {
- private static KeyManager singleton = new SimplePKCS12KeyManager( );
+ static class ClientKeyManager extends KeyManagerFactorySpi {
+ private static KeyManager singleton = new ClientPKCS12KeyManager( );
public static KeyManager[] getKeyManagers( ) {
return new KeyManager[] { singleton };
@@ -93,21 +155,21 @@ protected void engineInit( ManagerFactoryParameters spec ) throws InvalidAlgorit
@Override
protected void engineInit( KeyStore ks, char[] password ) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {}
- public static class SimplePKCS12KeyManager extends X509ExtendedKeyManager {
+ static class ClientPKCS12KeyManager extends X509ExtendedKeyManager {
@Override
public String chooseClientAlias( String[] arg0, Principal[] arg1, Socket arg2 ) {
- return ComponentIds.lookup(Eucalyptus.class).name( );
+ return ComponentIds.lookup( Eucalyptus.class ).name( );
}
@Override
public String chooseServerAlias( String arg0, Principal[] arg1, Socket arg2 ) {
- return ComponentIds.lookup(Eucalyptus.class).name( );
+ return ComponentIds.lookup( Eucalyptus.class ).name( );
}
@Override
public X509Certificate[] getCertificateChain( String arg0 ) {
- if ( ComponentIds.lookup(Eucalyptus.class).name( ).equals( arg0 ) ) {
+ if ( ComponentIds.lookup( Eucalyptus.class ).name( ).equals( arg0 ) ) {
return trustedCerts;
} else {
return null;
@@ -116,12 +178,12 @@ public String chooseServerAlias( String arg0, Principal[] arg1, Socket arg2 ) {
@Override
public String[] getClientAliases( String arg0, Principal[] arg1 ) {
- return new String[] { ComponentIds.lookup(Eucalyptus.class).name( ) };
+ return new String[] { ComponentIds.lookup( Eucalyptus.class ).name( ) };
}
@Override
public PrivateKey getPrivateKey( String arg0 ) {
- if ( ComponentIds.lookup(Eucalyptus.class).name( ).equals( arg0 ) ) {
+ if ( ComponentIds.lookup( Eucalyptus.class ).name( ).equals( arg0 ) ) {
return trustedKey;
} else {
return null;
@@ -130,25 +192,128 @@ public PrivateKey getPrivateKey( String arg0 ) {
@Override
public String[] getServerAliases( String arg0, Principal[] arg1 ) {
- return new String[] { ComponentIds.lookup(Eucalyptus.class).name( ) };
+ return new String[] { ComponentIds.lookup( Eucalyptus.class ).name( ) };
+ }
+
+ @Override
+ public String chooseEngineClientAlias( String[] keyType, Principal[] issuers, SSLEngine engine ) {
+ return ComponentIds.lookup( Eucalyptus.class ).name( );
+ }
+
+ @Override
+ public String chooseEngineServerAlias( String keyType, Principal[] issuers, SSLEngine engine ) {
+ return ComponentIds.lookup( Eucalyptus.class ).name( );
+ }
+
+ }
+
+ }
+
+ static class ServerKeyManager extends KeyManagerFactorySpi {
+ private static KeyManager singleton = new ServerPKCS12KeyManager( );
+
+ public static KeyManager[] getKeyManagers( ) {
+ return new KeyManager[] { singleton };
+ }
+
+ @Override
+ protected KeyManager[] engineGetKeyManagers( ) {
+ return new KeyManager[] { singleton };
+ }
+
+ @Override
+ protected void engineInit( ManagerFactoryParameters spec ) throws InvalidAlgorithmParameterException {}
+
+ @Override
+ protected void engineInit( KeyStore ks, char[] password ) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {}
+
+ static class ServerPKCS12KeyManager extends X509ExtendedKeyManager {
+
+ @Override
+ public String chooseClientAlias( String[] arg0, Principal[] arg1, Socket arg2 ) {
+ return SslSetup.SERVER_ALIAS;
+ }
+
+ @Override
+ public String chooseServerAlias( String arg0, Principal[] arg1, Socket arg2 ) {
+ return SslSetup.SERVER_ALIAS;
+ }
+
+ @Override
+ public X509Certificate[] getCertificateChain( String arg0 ) {
+ if ( SslSetup.SERVER_ALIAS.equals( arg0 ) ) {
+ return memoizedServerCertSupplier.get( );
+ } else {
+ return null;
+ }
+ }
+
+ @Override
+ public String[] getClientAliases( String arg0, Principal[] arg1 ) {
+ return new String[] { SslSetup.SERVER_ALIAS };
+ }
+
+ @Override
+ public PrivateKey getPrivateKey( String arg0 ) {
+ if ( SslSetup.SERVER_ALIAS.equals( arg0 ) ) {
+ return memoizedPrivateKeySupplier.get( );
+ } else {
+ return null;
+ }
+ }
+
+ @Override
+ public String[] getServerAliases( String arg0, Principal[] arg1 ) {
+ return new String[] { SslSetup.SERVER_ALIAS };
}
@Override
public String chooseEngineClientAlias( String[] keyType, Principal[] issuers, SSLEngine engine ) {
- return ComponentIds.lookup(Eucalyptus.class).name( );
+ return SslSetup.SERVER_ALIAS;
}
@Override
public String chooseEngineServerAlias( String keyType, Principal[] issuers, SSLEngine engine ) {
- return ComponentIds.lookup(Eucalyptus.class).name( );
+ return SslSetup.SERVER_ALIAS;
}
}
}
- private static PrivateKey trustedKey = getTrustedKey( );
- private static X509Certificate[] trustedCerts = getTrustedCertificates( );
+ private static final Supplier<PrivateKey> serverPrivateKeySupplier = new Supplier<PrivateKey>( ) {
+
+ @Override
+ public PrivateKey get( ) {
+ try {
+ return SystemCredentials.getKeyStore( ).getKeyPair(
+ SslSetup.SERVER_ALIAS,
+ SslSetup.SERVER_ALIAS ).getPrivate( );
+ } catch ( GeneralSecurityException ex ) {
+ LOG.error( ex, ex );
+ return null;
+ }
+ }
+ };
+ private static final Supplier<X509Certificate[]> serverCertSupplier = new Supplier<X509Certificate[]>( ) {
+
+ @Override
+ public X509Certificate[] get( ) {
+ X509Certificate[] certs = ObjectArrays.newArray( X509Certificate.class, 1 );
+ try {
+ certs[0] = SystemCredentials.getKeyStore( ).getCertificate(
+ SslSetup.SERVER_ALIAS );
+ return certs;
+ } catch ( GeneralSecurityException ex ) {
+ LOG.error( ex, ex );
+ return certs;
+ }
+ }
+ };
+ private static Supplier<PrivateKey> memoizedPrivateKeySupplier = Suppliers.memoizeWithExpiration( serverPrivateKeySupplier, 15l, TimeUnit.SECONDS );
+ private static Supplier<X509Certificate[]> memoizedServerCertSupplier = Suppliers.memoizeWithExpiration( serverCertSupplier, 15l, TimeUnit.SECONDS );
+ private static PrivateKey trustedKey = getTrustedKey( );
+ private static X509Certificate[] trustedCerts = getTrustedCertificates( );
private static X509Certificate[] getTrustedCertificates( ) {
try {
@@ -168,17 +333,19 @@ private static PrivateKey getTrustedKey( ) {
try {
synchronized ( SslSetup.class ) {
if ( trustedKey == null ) {
- trustedKey = SystemCredentials.getKeyStore( ).getKeyPair( ComponentIds.lookup(Eucalyptus.class).name( ), ComponentIds.lookup(Eucalyptus.class).name( ) ).getPrivate( );
+ trustedKey = SystemCredentials.getKeyStore( ).getKeyPair(
+ ComponentIds.lookup( Eucalyptus.class ).name( ),
+ ComponentIds.lookup( Eucalyptus.class ).name( ) ).getPrivate( );
}
return trustedKey;
}
} catch ( Exception e ) {
LOG.error( e, e );
throw new RuntimeException( e );
- }
+ }
}
- public static class SimpleTrustManager extends TrustManagerFactorySpi {
+ public static class ClientTrustManager extends TrustManagerFactorySpi {
private static final TrustManager singleton = new SimpleX509TrustManager( );
@@ -219,4 +386,45 @@ public void checkServerTrusted( X509Certificate[] arg0, String arg1, String arg2
}
+ static class ServerTrustManager extends TrustManagerFactorySpi {
+
+ private static final TrustManager singleton = new SimpleX509TrustManager( );
+
+ public static TrustManager[] getTrustManagers( ) {
+ return new TrustManager[] { singleton };
+ }
+
+ @Override
+ protected TrustManager[] engineGetTrustManagers( ) {
+ return getTrustManagers( );
+ }
+
+ @Override
+ protected void engineInit( KeyStore keystore ) throws KeyStoreException {}
+
+ @Override
+ protected void engineInit( ManagerFactoryParameters managerFactoryParameters ) throws InvalidAlgorithmParameterException {}
+
+ public static class SimpleX509TrustManager extends X509ExtendedTrustManager {
+
+ @Override
+ public void checkClientTrusted( X509Certificate[] arg0, String arg1 ) throws CertificateException {}
+
+ @Override
+ public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException {}
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers( ) {
+ return serverCertSupplier.get( );
+ }
+
+ @Override
+ public void checkClientTrusted( X509Certificate[] arg0, String arg1, String arg2, String arg3 ) throws CertificateException {}
+
+ @Override
+ public void checkServerTrusted( X509Certificate[] arg0, String arg1, String arg2, String arg3 ) throws CertificateException {}
+ }
+
+ }
+
}
View
23 devel/check_ssl.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+( # get openssl, gnutls, and bouncycastle versions
+ openssl version;
+ gnutls-cli-debug -v;
+ unzip -p /usr/share/eucalyptus/lib/bcprov.jar META-INF/MANIFEST.MF | grep Implementation-Version
+ # check openssl {ssl2,ssl3,tls1} functionality against port 8774 and 8443
+ for p in 8773 8443; do
+ for f in serverpref ssl3 tls1 tls1_2 tls1_1; do
+ (
+ echo -e "======= CHECKING $p WITH $f =======";
+ echo -e 'GET /\n\n' | openssl s_client -connect 127.0.0.1:$p -quiet -$f 2>&1 >/dev/null
+ ) | xargs -i echo "127.0.0.1:$p openssl $f {}"
+ done
+ done
+ # check gnutls functionality against port 8774 and 8443
+ for p in 8773 8443; do
+ (
+ echo -e "======= CHECKING $p WITH gnutls =======";
+ gnutls-cli-debug -p $p 127.0.0.1
+ ) | xargs -i echo "127.0.0.1:$p gnutls {}";
+ done
+)
+
View
15 devel/convergence.sh
@@ -0,0 +1,15 @@
+EGREP="egrep --color=always"
+ip=192.168.51.119
+ssh root@$ip /opt/eucalyptus/etc/init.d/eucalyptus-cloud stop
+while ! euca-describe-services -T vmwarebroker | ${EGREP} NOTREADY; do sleep 1; done
+while ! euca-describe-services -T cluster | ${EGREP} NOTREADY; do sleep 1; done;
+ssh root@$ip /opt/eucalyptus/etc/init.d/eucalyptus-cloud start
+while ! (euca-describe-services -T vmwarebroker; euca-describe-services -T cluster) | ${EGREP} DISABLED; do sleep 1; date; done
+euca-describe-services -T cluster
+euca-describe-services -T vmwarebroker
+while ! euca-describe-services -T vmwarebroker | ${EGREP} ENABLED; do
+ sleep 1
+ euca-describe-services -T cluster
+ euca-describe-services -T vmwarebroker
+ date
+done
Please sign in to comment.
Something went wrong with that request. Please try again.