Alon Bar-Lev has uploaded a new change for review. Change subject: host-deploy: add host ssh fingerprint to registration protocol ......................................................................
host-deploy: add host ssh fingerprint to registration protocol This is required to allow secure call back into node and avoid man in the middle, we can now do this. Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1090168 Change-Id: I1a9af59277b5055453159f002f19046c0051d82f Signed-off-by: Alon Bar-Lev <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RegisterVdsQuery.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/RegisterVdsParameters.java M backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/RegisterServlet.java 3 files changed, 21 insertions(+), 3 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/85/26985/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RegisterVdsQuery.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RegisterVdsQuery.java index 080bd1a..41bc7c7 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RegisterVdsQuery.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RegisterVdsQuery.java @@ -284,6 +284,7 @@ vdsGroupId, Guid.Empty, getParameters().getVdsName(), Config.<Boolean> getValue(ConfigValues.SSLEnabled), VDSType.VDS); + vds.setSshKeyFingerprint(getParameters().getSSHFingerprint()); log.debugFormat( "RegisterVdsQuery::Register - Will try now to add VDS from scratch; Name: {0}, Hostname: {1}, Unique: {2}, VdsPort: {3},Subnet mask: {4}, IsPending: {5} with force synchronize", diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/RegisterVdsParameters.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/RegisterVdsParameters.java index 1181e6e..e88ff43 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/RegisterVdsParameters.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/RegisterVdsParameters.java @@ -77,6 +77,16 @@ privateSSHPort = value; } + String privateSSHFingerprint; + + public String getSSHFingerprint() { + return privateSSHFingerprint; + } + + public void setSSHFingerprint(String hostSSHFingerprint) { + privateSSHFingerprint = hostSSHFingerprint; + } + private String privateSSHUser; public String getSSHUser() { @@ -87,11 +97,12 @@ privateSSHUser = value; } - public RegisterVdsParameters(Guid vdsId, String vds_host_name, int ssh_port, String ssh_user, String vds_name, String vds_unique_id, int vds_port, - Guid vds_group_id) { + public RegisterVdsParameters(Guid vdsId, String vds_host_name, int ssh_port, String ssh_fingerprint, + String ssh_user, String vds_name, String vds_unique_id, int vds_port, Guid vds_group_id) { setVdsId(vdsId); setVdsHostName(vds_host_name); setSSHPort(ssh_port); + setSSHFingerprint(ssh_fingerprint); setSSHUser(ssh_user); setVdsName(vds_name); setVdsUniqueId(vds_unique_id); diff --git a/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/RegisterServlet.java b/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/RegisterServlet.java index 497e8d1..c181a9d 100644 --- a/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/RegisterServlet.java +++ b/backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/RegisterServlet.java @@ -84,6 +84,7 @@ protected void doRegister( String hostAddress, int hostSSHPort, + String hostSSHKeyFingerprint, String hostSSHUser, int hostVdsPort, String hostName, @@ -108,6 +109,7 @@ Guid.Empty, hostAddress, hostSSHPort, + hostSSHKeyFingerprint, hostSSHUser, hostName, hostUniqueId, @@ -167,6 +169,7 @@ hostAddress, SSH_PORT, null, + null, hostVdsPort, hostName, hostUniqueId @@ -184,6 +187,7 @@ String hostAddress = request.getParameter("address"); String hostSSHPortString = request.getParameter("sshPort"); + String hostSSHKeyFingerprint = request.getParameter("sshKeyFingerprint"); String hostSSHUser = request.getParameter("sshUser"); String hostVdsPortString = request.getParameter("vdsPort"); String hostName = request.getParameter("name"); @@ -205,12 +209,13 @@ log.info( String.format( - "Registration request: source='%s', secured='%s', address='%s%s:%s', vdsPort=%s, name='%s', uniqueId='%s'", + "Registration request: source='%s', secured='%s', address='%s%s:%s', sshKeyFingerprint=%s, vdsPort=%s, name='%s', uniqueId='%s'", request.getRemoteHost(), request.isSecure(), hostSSHUser != null ? hostSSHUser + "@" : "", hostAddress, hostSSHPort, + hostSSHKeyFingerprint, hostVdsPort, hostName, hostUniqueId @@ -220,6 +225,7 @@ doRegister( hostAddress, hostSSHPort, + hostSSHKeyFingerprint, hostSSHUser, hostVdsPort, hostName, -- To view, visit http://gerrit.ovirt.org/26985 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1a9af59277b5055453159f002f19046c0051d82f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
