This is an automated email from the ASF dual-hosted git repository.
nvazquez pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 8f39a049bb agent: enable ssl only for kvm agent (not in system vms)
(#6371)
8f39a049bb is described below
commit 8f39a049bb041ce034778591057f0ea02a86d871
Author: Wei Zhou <[email protected]>
AuthorDate: Thu May 12 12:01:55 2022 +0200
agent: enable ssl only for kvm agent (not in system vms) (#6371)
* agent: enable ssl only for kvm agent (not in system vms)
* Revert "agent: enable ssl only for kvm agent (not in system vms)"
This reverts commit b2d76bad2e9455384c4ac34cee6763014e255eb6.
* Revert "KVM: Enable SSL if keystore exists (#6200)"
This reverts commit 4525f8c8e7ffecf50eff586ccfbc3d498f1b8021.
* KVM: Enable SSL if keystore exists in LibvirtComputingResource.java
---
.../src/main/java/com/cloud/agent/AgentShell.java | 23 ----------------------
.../kvm/resource/LibvirtComputingResource.java | 18 +++++++++++++++++
2 files changed, 18 insertions(+), 23 deletions(-)
diff --git a/agent/src/main/java/com/cloud/agent/AgentShell.java
b/agent/src/main/java/com/cloud/agent/AgentShell.java
index b693ce1b2b..f5920a8e03 100644
--- a/agent/src/main/java/com/cloud/agent/AgentShell.java
+++ b/agent/src/main/java/com/cloud/agent/AgentShell.java
@@ -27,7 +27,6 @@ import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.backoff.BackoffAlgorithm;
import com.cloud.utils.backoff.impl.ConstantTimeBackoff;
import com.cloud.utils.exception.CloudRuntimeException;
-import org.apache.cloudstack.utils.security.KeyStoreUtils;
import org.apache.commons.daemon.Daemon;
import org.apache.commons.daemon.DaemonContext;
import org.apache.commons.daemon.DaemonInitException;
@@ -375,7 +374,6 @@ public class AgentShell implements IAgentShell, Daemon {
loadProperties();
parseCommand(args);
- enableSSL();
if (s_logger.isDebugEnabled()) {
List<String> properties =
Collections.list((Enumeration<String>)_properties.propertyNames());
@@ -399,27 +397,6 @@ public class AgentShell implements IAgentShell, Daemon {
_backoff.configure("ConstantTimeBackoff", new HashMap<String,
Object>());
}
- private void enableSSL() {
- final File agentFile =
PropertiesUtil.findConfigFile("agent.properties");
- if (agentFile == null) {
- s_logger.info("Failed to find agent.properties file");
- return;
- }
- String keystorePass = getProperty(null, "keystore.passphrase");
- if (StringUtils.isBlank(keystorePass)) {
- s_logger.info("Failed to find passphrase for keystore: " +
KeyStoreUtils.KS_FILENAME);
- return;
- }
- final String keyStoreFile = agentFile.getParent() + "/" +
KeyStoreUtils.KS_FILENAME;
- File f = new File(keyStoreFile);
- if (f.exists() && !f.isDirectory()) {
- System.setProperty("javax.net.ssl.trustStore", keyStoreFile);
- System.setProperty("javax.net.ssl.trustStorePassword",
keystorePass);
- } else {
- s_logger.info("Failed to find keystore file: " + keyStoreFile);
- }
- }
-
private void launchAgent() throws ConfigurationException {
String resourceClassNames = getProperty(null, "resource");
s_logger.trace("resource=" + resourceClassNames);
diff --git
a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
index c513be6be2..c743a78582 100644
---
a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
+++
b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
@@ -1020,6 +1020,7 @@ public class LibvirtComputingResource extends
ServerResourceBase implements Serv
}
}
+ enableSSLForKvmAgent(params);
configureLocalStorage(params);
/* Directory to use for Qemu sockets like for the Qemu Guest Agent */
@@ -1282,6 +1283,23 @@ public class LibvirtComputingResource extends
ServerResourceBase implements Serv
return true;
}
+ private void enableSSLForKvmAgent(final Map<String, Object> params) {
+ final File keyStoreFile =
PropertiesUtil.findConfigFile(KeyStoreUtils.KS_FILENAME);
+ if (keyStoreFile == null) {
+ s_logger.info("Failed to find keystore file: " +
KeyStoreUtils.KS_FILENAME);
+ return;
+ }
+ String keystorePass =
(String)params.get(KeyStoreUtils.KS_PASSPHRASE_PROPERTY);
+ if (StringUtils.isBlank(keystorePass)) {
+ s_logger.info("Failed to find passphrase for keystore: " +
KeyStoreUtils.KS_FILENAME);
+ return;
+ }
+ if (keyStoreFile.exists() && !keyStoreFile.isDirectory()) {
+ System.setProperty("javax.net.ssl.trustStore",
keyStoreFile.getAbsolutePath());
+ System.setProperty("javax.net.ssl.trustStorePassword",
keystorePass);
+ }
+ }
+
protected void configureLocalStorage(final Map<String, Object> params)
throws ConfigurationException {
String localStoragePath = (String)params.get(LOCAL_STORAGE_PATH);
if (localStoragePath == null) {
