Permalink
Browse files

bootstrap brings up all the needed system services

  • Loading branch information...
1 parent f444580 commit cdf9ab73cffae9a7fad11dd60f1b4629dd0d1580 @grze grze committed Aug 13, 2009
@@ -18,53 +18,60 @@
import org.hibernate.criterion.MatchMode;
import com.eucalyptus.auth.util.AbstractKeyStore;
+import com.eucalyptus.auth.util.EucaKeyStore;
import com.eucalyptus.auth.util.KeyTool;
import com.eucalyptus.util.EntityWrapper;
import com.eucalyptus.util.EucalyptusCloudException;
import com.eucalyptus.util.EucalyptusProperties;
import com.google.common.collect.Lists;
-
-
public class Credentials {
private static Logger LOG = Logger.getLogger( Credentials.class );
private static String FORMAT = "pkcs12";
private static String KEY_STORE_PASS = "eucalyptus"; //TODO: change the way this is handled
private static String FILENAME = "euca.p12";
public static String DB_NAME = "eucalyptus_auth";
- public static User SYSTEM = getSystemUser();
+ public static User SYSTEM = getSystemUser( );
+
public static void init( ) {
Security.addProvider( new BouncyCastleProvider( ) );
org.apache.xml.security.Init.init( );
- WSSConfig.getDefaultWSConfig( ).addJceProvider( "BC", BouncyCastleProvider.class.getCanonicalName( ) );
- WSSConfig.getDefaultWSConfig( ).setTimeStampStrict( true );
- WSSConfig.getDefaultWSConfig( ).setEnableSignatureConfirmation( true );
+ WSSConfig.getDefaultWSConfig( ).addJceProvider( "BC", BouncyCastleProvider.class.getCanonicalName( ) );
+ WSSConfig.getDefaultWSConfig( ).setTimeStampStrict( true );
+ WSSConfig.getDefaultWSConfig( ).setEnableSignatureConfirmation( true );
}
-
- public static void check() {
+
+ public static boolean checkKeystore( ) {
+ try {
+ return EucaKeyStore.getInstance( ).check( );
+ } catch ( GeneralSecurityException e ) {
+ LOG.debug(e,e);
+ return false;
+ }
+ }
+
+ public static boolean checkAdmin( ) {
try {
getUser( "admin" );
} catch ( NoSuchUserException e ) {
try {
addUser( "admin", Boolean.TRUE );
} catch ( UserExistsException e1 ) {
LOG.fatal( e1, e1 );
+ return false;
}
}
+ return true;
}
-
-
private static User getSystemUser( ) {
- User system = new User();
+ User system = new User( );
system.setUserName( EucalyptusProperties.NAME );
system.setIsAdministrator( Boolean.TRUE );
return system;
}
-
-
public static User getUser( String userName ) throws NoSuchUserException {
User user = null;
EntityWrapper<User> db = getEntityWrapper( );
@@ -102,7 +109,8 @@ public static User addUser( String userName, Boolean isAdmin ) throws UserExists
}
return newUser;
}
- public static <T> EntityWrapper<T> getEntityWrapper() {
+
+ public static <T> EntityWrapper<T> getEntityWrapper( ) {
return new EntityWrapper<T>( Credentials.DB_NAME );
}
@@ -222,7 +230,7 @@ public static String getUserName( X509Certificate cert ) throws GeneralSecurityE
public static String getCertificateAlias( final X509Certificate cert ) throws GeneralSecurityException {
return getCertificateAlias( new String( Hashes.getPemBytes( cert ) ) );
}
-
+
public static void addCertificate( final String userName, final String alias, final X509Certificate cert ) throws GeneralSecurityException {
String certPem = new String( UrlBase64.encode( Hashes.getPemBytes( cert ) ) );
EntityWrapper<User> db = getEntityWrapper( );
@@ -234,7 +242,7 @@ public static void addCertificate( final String userName, final String alias, fi
u.getCertificates( ).add( x509cert );
db.commit( );
} catch ( EucalyptusCloudException e ) {
- LOG.error( e,e );
+ LOG.error( e, e );
LOG.error( "username=" + userName + " \nalias=" + alias + " \ncert=" + cert );
db.rollback( );
throw new GeneralSecurityException( e );
@@ -256,7 +264,8 @@ public static void addCertificate( final String userName, final String alias, fi
}
}
- public static void createSystemKeys( AbstractKeyStore eucaKeyStore ) throws IOException, GeneralSecurityException {
+ protected static void createSystemKeys( ) throws IOException, GeneralSecurityException {
+ AbstractKeyStore eucaKeyStore = EucaKeyStore.getInstance( );
KeyTool keyTool = new KeyTool( );
KeyPair sysKp = keyTool.getKeyPair( );
X509Certificate sysX509 = keyTool.getCertificate( sysKp, EucalyptusProperties.getDName( EucalyptusProperties.NAME ) );
@@ -265,6 +274,9 @@ public static void createSystemKeys( AbstractKeyStore eucaKeyStore ) throws IOEx
eucaKeyStore.addKeyPair( EucalyptusProperties.NAME, sysX509, sysKp.getPrivate( ), EucalyptusProperties.NAME );
eucaKeyStore.addKeyPair( EucalyptusProperties.WWW_NAME, wwwX509, wwwKp.getPrivate( ), EucalyptusProperties.NAME );
eucaKeyStore.store( );
+ if( !eucaKeyStore.check( ) ) {
+ throw new GeneralSecurityException( "Created new keystore, but check still fails. eeek." );
+ }
}
}
@@ -1,12 +1,15 @@
package com.eucalyptus.auth;
-import com.eucalyptus.bootstrap.Bootstrapper;
+import org.apache.log4j.Logger;
-public class CredentialsBootstrapper implements Bootstrapper {
+import com.eucalyptus.auth.util.EucaKeyStore;
+import com.eucalyptus.bootstrap.Bootstrapper;
+public class CredentialsBootstrapper extends Bootstrapper {
+ private static Logger LOG = Logger.getLogger( CredentialsBootstrapper.class );
@Override
public boolean check( ) throws Exception {
- return true;
+ return Credentials.checkKeystore( );
}
@Override
@@ -15,21 +18,20 @@ public boolean destroy( ) throws Exception {
}
@Override
- public String getVersion( ) {
- return "";
- }
-
- @Override
public boolean load( ) throws Exception {
Credentials.init( );
- //TODO: first time start up check
+ if( !Credentials.checkKeystore( ) ) {
+ LOG.info("Looks like this is the first time?");//TODO: need to handle distinction between Cloud and Walrus/EBS here?!
+ LOG.info("Generating system keys.");
+ Credentials.createSystemKeys( );
+ }
return false;
}
@Override
public boolean start( ) throws Exception {
//TODO: this depends on the DB
- Credentials.check( );
+// Credentials.checkAdmin( );
return true;
}
@@ -37,7 +37,6 @@ private EucaKeyStore( ) throws GeneralSecurityException, IOException {
@Override
public boolean check( ) throws GeneralSecurityException {
- final X509Certificate cert = this.getCertificate( EucalyptusProperties.WWW_NAME );
- return cert != null;
+ return (this.getCertificate( EucalyptusProperties.WWW_NAME )!= null)&&(this.getCertificate( EucalyptusProperties.NAME )!=null);
}
}
@@ -49,9 +49,9 @@
<property name="hibernate.show_sql" value="false"/>
<property name="hibernate.format_sql" value="false"/>
<property name="hibernate.connection.driver_class" value="org.hsqldb.jdbcDriver"/>
- <property name="hibernate.connection.url" value="jdbc:hsqldb:file:${euca.var.dir}/db/eucalyptus_auth;shutdown=true"/>
+ <property name="hibernate.connection.url" value="jdbc:hsqldb:hsql://${euca.db.host}:${euca.db.port}/eucalyptus_auth"/>
<property name="hibernate.connection.username" value="sa"/>
- <property name="hibernate.connection.password" value=""/>
+ <property name="hibernate.connection.password" value="eucalyptus"/>
<property name="hibernate.connection.autocommit" value="true"/>
<property name="hibernate.c3p0.min_size" value="16"/>
<property name="hibernate.c3p0.max_size" value="16384"/>
@@ -5,10 +5,12 @@ section "Eucalyptus Configuration & Environment"
option "user" u "User to drop privs to after starting." string typestr="username" default="eucalyptus" no
option "home" h "Eucalyptus home directory." string typestr="directory" default="/" no
option "define" D "Set system properties." string optional multiple
+option "bootstrap-config" c "Use this file as the configuration for early runtime service bootstrapping." string typestr="config.xml" default="eucalyptus-bootstrap.xml" no
option "verbose" v "Verbose console output. Note: log file output is not controlled by this flag." flag off
option "out" o "Redirect standard out to file." string typestr="filename" default="&1" no
option "err" e "Redirect standard error to file." string typestr="filename" default="&2" no
+
section "Eucalyptus Runtime Options"
option "check" C "Check on Eucalyptus." flag off
option "stop" S "Stop Eucalyptus." flag off
@@ -503,6 +503,7 @@ int java_init(euca_opts *args, java_home_t *data) {
int x = -1, i;
opt=(JavaVMOption *)malloc(JVM_MAX_OPTS*sizeof(JavaVMOption));
for(i=0;i<JVM_MAX_OPTS;i++) opt[i].extraInfo=NULL;
+ JVM_ARG(opt[++x],"-Deuca.bootstrap.config=%1$s",GETARG(args,bootstrap_config));
if(args->debug_flag) {
JVM_ARG(opt[++x],"-Xdebug");
JVM_ARG(opt[++x],"-Xrunjdwp:transport=dt_socket,server=y,suspend=%2$s,address=%1$d",GETARG(args,debug_port),(args->debug_suspend_flag?"y":"n"));
@@ -28,27 +28,28 @@ const char *eucalyptus_opts_usage = "Usage: Eucalyptus [OPTIONS]...";
const char *eucalyptus_opts_description = "";
const char *eucalyptus_opts_help[] = {
- " --help Print help and exit",
- " -V, --version Print version and exit",
+ " --help Print help and exit",
+ " -V, --version Print version and exit",
"\nEucalyptus Configuration & Environment:",
- " -u, --user=username User to drop privs to after starting. \n (default=`eucalyptus')",
- " -h, --home=directory Eucalyptus home directory. (default=`/')",
- " -D, --define=STRING Set system properties.",
- " -v, --verbose Verbose console output. Note: log file output is \n not controlled by this flag. (default=off)",
- " -o, --out=filename Redirect standard out to file. (default=`&1')",
- " -e, --err=filename Redirect standard error to file. (default=`&2')",
+ " -u, --user=username User to drop privs to after starting. \n (default=`eucalyptus')",
+ " -h, --home=directory Eucalyptus home directory. (default=`/')",
+ " -D, --define=STRING Set system properties.",
+ " -c, --bootstrap-config=config.xml\n Use this file as the configuration for early \n runtime service bootstrapping. \n (default=`eucalyptus-bootstrap.xml')",
+ " -v, --verbose Verbose console output. Note: log file output \n is not controlled by this flag. \n (default=off)",
+ " -o, --out=filename Redirect standard out to file. (default=`&1')",
+ " -e, --err=filename Redirect standard error to file. \n (default=`&2')",
"\nEucalyptus Runtime Options:",
- " -C, --check Check on Eucalyptus. (default=off)",
- " -S, --stop Stop Eucalyptus. (default=off)",
- " -f, --fork Fork and daemonize Eucalyptus. (default=on)",
- " --pidfile=filename Location for the pidfile. \n (default=`/var/run/eucalyptus-cloud.pid')",
+ " -C, --check Check on Eucalyptus. (default=off)",
+ " -S, --stop Stop Eucalyptus. (default=off)",
+ " -f, --fork Fork and daemonize Eucalyptus. (default=on)",
+ " --pidfile=filename Location for the pidfile. \n (default=`/var/run/eucalyptus-cloud.pid')",
"\nJava VM Options:",
- " -j, --java-home=directory Alternative way to specify JAVA_HOME. \n (default=`/usr/lib/jvm/java-6-openjdk')",
- " -J, --jvm-name=jvm-name Which JVM type to run (see jvm.cfg). \n (default=`-server')",
- " -X, --jvm-args=STRING Arguments to pass to the JVM.",
- " -d, --debug Launch with debugger enabled. (default=off)",
- " --debug-port=INT Set the port to use for the debugger. \n (default=`5005')",
- " --debug-suspend Set the port to use for the debugger. \n (default=off)",
+ " -j, --java-home=directory Alternative way to specify JAVA_HOME. \n (default=`/usr/lib/jvm/java-6-openjdk')",
+ " -J, --jvm-name=jvm-name Which JVM type to run (see jvm.cfg). \n (default=`-server')",
+ " -X, --jvm-args=STRING Arguments to pass to the JVM.",
+ " -d, --debug Launch with debugger enabled. (default=off)",
+ " --debug-port=INT Set the port to use for the debugger. \n (default=`5005')",
+ " --debug-suspend Set the port to use for the debugger. \n (default=off)",
0
};
@@ -81,6 +82,7 @@ void clear_given (struct eucalyptus_opts *args_info)
args_info->user_given = 0 ;
args_info->home_given = 0 ;
args_info->define_given = 0 ;
+ args_info->bootstrap_config_given = 0 ;
args_info->verbose_given = 0 ;
args_info->out_given = 0 ;
args_info->err_given = 0 ;
@@ -105,6 +107,8 @@ void clear_args (struct eucalyptus_opts *args_info)
args_info->home_orig = NULL;
args_info->define_arg = NULL;
args_info->define_orig = NULL;
+ args_info->bootstrap_config_arg = gengetopt_strdup ("eucalyptus-bootstrap.xml");
+ args_info->bootstrap_config_orig = NULL;
args_info->verbose_flag = 0;
args_info->out_arg = gengetopt_strdup ("&1");
args_info->out_orig = NULL;
@@ -140,21 +144,22 @@ void init_args_info(struct eucalyptus_opts *args_info)
args_info->define_help = eucalyptus_opts_help[5] ;
args_info->define_min = 0;
args_info->define_max = 0;
- args_info->verbose_help = eucalyptus_opts_help[6] ;
- args_info->out_help = eucalyptus_opts_help[7] ;
- args_info->err_help = eucalyptus_opts_help[8] ;
- args_info->check_help = eucalyptus_opts_help[10] ;
- args_info->stop_help = eucalyptus_opts_help[11] ;
- args_info->fork_help = eucalyptus_opts_help[12] ;
- args_info->pidfile_help = eucalyptus_opts_help[13] ;
- args_info->java_home_help = eucalyptus_opts_help[15] ;
- args_info->jvm_name_help = eucalyptus_opts_help[16] ;
- args_info->jvm_args_help = eucalyptus_opts_help[17] ;
+ args_info->bootstrap_config_help = eucalyptus_opts_help[6] ;
+ args_info->verbose_help = eucalyptus_opts_help[7] ;
+ args_info->out_help = eucalyptus_opts_help[8] ;
+ args_info->err_help = eucalyptus_opts_help[9] ;
+ args_info->check_help = eucalyptus_opts_help[11] ;
+ args_info->stop_help = eucalyptus_opts_help[12] ;
+ args_info->fork_help = eucalyptus_opts_help[13] ;
+ args_info->pidfile_help = eucalyptus_opts_help[14] ;
+ args_info->java_home_help = eucalyptus_opts_help[16] ;
+ args_info->jvm_name_help = eucalyptus_opts_help[17] ;
+ args_info->jvm_args_help = eucalyptus_opts_help[18] ;
args_info->jvm_args_min = 0;
args_info->jvm_args_max = 0;
- args_info->debug_help = eucalyptus_opts_help[18] ;
- args_info->debug_port_help = eucalyptus_opts_help[19] ;
- args_info->debug_suspend_help = eucalyptus_opts_help[20] ;
+ args_info->debug_help = eucalyptus_opts_help[19] ;
+ args_info->debug_port_help = eucalyptus_opts_help[20] ;
+ args_info->debug_suspend_help = eucalyptus_opts_help[21] ;
}
@@ -282,6 +287,8 @@ arguments_release (struct eucalyptus_opts *args_info)
free_string_field (&(args_info->home_arg));
free_string_field (&(args_info->home_orig));
free_multiple_string_field (args_info->define_given, &(args_info->define_arg), &(args_info->define_orig));
+ free_string_field (&(args_info->bootstrap_config_arg));
+ free_string_field (&(args_info->bootstrap_config_orig));
free_string_field (&(args_info->out_arg));
free_string_field (&(args_info->out_orig));
free_string_field (&(args_info->err_arg));
@@ -340,6 +347,8 @@ arguments_dump(FILE *outfile, struct eucalyptus_opts *args_info)
if (args_info->home_given)
write_into_file(outfile, "home", args_info->home_orig, 0);
write_multiple_into_file(outfile, args_info->define_given, "define", args_info->define_orig, 0);
+ if (args_info->bootstrap_config_given)
+ write_into_file(outfile, "bootstrap-config", args_info->bootstrap_config_orig, 0);
if (args_info->verbose_given)
write_into_file(outfile, "verbose", 0, 0 );
if (args_info->out_given)
@@ -922,6 +931,7 @@ arguments_internal (int argc, char * const *argv, struct eucalyptus_opts *args_i
{ "user", 1, NULL, 'u' },
{ "home", 1, NULL, 'h' },
{ "define", 1, NULL, 'D' },
+ { "bootstrap-config", 1, NULL, 'c' },
{ "verbose", 0, NULL, 'v' },
{ "out", 1, NULL, 'o' },
{ "err", 1, NULL, 'e' },
@@ -938,7 +948,7 @@ arguments_internal (int argc, char * const *argv, struct eucalyptus_opts *args_i
{ NULL, 0, NULL, 0 }
};
- c = getopt_long (argc, argv, "Vu:h:D:vo:e:CSfj:J:X:d", long_options, &option_index);
+ c = getopt_long (argc, argv, "Vu:h:D:c:vo:e:CSfj:J:X:d", long_options, &option_index);
if (c == -1) break; /* Exit from `while (1)' loop. */
@@ -982,6 +992,18 @@ arguments_internal (int argc, char * const *argv, struct eucalyptus_opts *args_i
goto failure;
break;
+ case 'c': /* Use this file as the configuration for early runtime service bootstrapping.. */
+
+
+ if (update_arg( (void *)&(args_info->bootstrap_config_arg),
+ &(args_info->bootstrap_config_orig), &(args_info->bootstrap_config_given),
+ &(local_args_info.bootstrap_config_given), optarg, 0, "eucalyptus-bootstrap.xml", ARG_STRING,
+ check_ambiguity, override, 0, 0,
+ "bootstrap-config", 'c',
+ additional_error))
+ goto failure;
+
+ break;
case 'v': /* Verbose console output. Note: log file output is not controlled by this flag.. */
@@ -45,6 +45,9 @@ struct eucalyptus_opts
unsigned int define_min; /**< @brief Set system properties.'s minimum occurreces */
unsigned int define_max; /**< @brief Set system properties.'s maximum occurreces */
const char *define_help; /**< @brief Set system properties. help description. */
+ char * bootstrap_config_arg; /**< @brief Use this file as the configuration for early runtime service bootstrapping. (default='eucalyptus-bootstrap.xml'). */
+ char * bootstrap_config_orig; /**< @brief Use this file as the configuration for early runtime service bootstrapping. original value given at command line. */
+ const char *bootstrap_config_help; /**< @brief Use this file as the configuration for early runtime service bootstrapping. help description. */
int verbose_flag; /**< @brief Verbose console output. Note: log file output is not controlled by this flag. (default=off). */
const char *verbose_help; /**< @brief Verbose console output. Note: log file output is not controlled by this flag. help description. */
char * out_arg; /**< @brief Redirect standard out to file. (default='&1'). */
@@ -86,6 +89,7 @@ struct eucalyptus_opts
unsigned int user_given ; /**< @brief Whether user was given. */
unsigned int home_given ; /**< @brief Whether home was given. */
unsigned int define_given ; /**< @brief Whether define was given. */
+ unsigned int bootstrap_config_given ; /**< @brief Whether bootstrap-config was given. */
unsigned int verbose_given ; /**< @brief Whether verbose was given. */
unsigned int out_given ; /**< @brief Whether out was given. */
unsigned int err_given ; /**< @brief Whether err was given. */
Oops, something went wrong.

0 comments on commit cdf9ab7

Please sign in to comment.