Yaniv Bronhaim has uploaded a new change for review. Change subject: Applying usage for public key authentication method ......................................................................
Applying usage for public key authentication method Due to the picked option via the UI, the authentication to the host will be set and enforced. Change-Id: I54591b2b6cc99114f53124ee5a74c2b35f950304 Signed-off-by: Yaniv Bronhaim <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InstallVdsCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdsOperationActionParameters.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java 5 files changed, 64 insertions(+), 17 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/70/16270/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java index 74e9b7d..bb8e8fc 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java @@ -26,6 +26,8 @@ import org.ovirt.engine.core.common.action.VdcActionType; import org.ovirt.engine.core.common.action.VdcReturnValueBase; import org.ovirt.engine.core.common.action.VdsActionParameters; +import org.ovirt.engine.core.common.action.VdsOperationActionParameters; +import org.ovirt.engine.core.common.action.VdsOperationActionParameters.AuthenticationMethod; import org.ovirt.engine.core.common.businessentities.StoragePool; import org.ovirt.engine.core.common.businessentities.StorageType; import org.ovirt.engine.core.common.businessentities.VDS; @@ -148,6 +150,7 @@ // clients). they are installed as part of the approve process if (Config.<Boolean> GetValue(ConfigValues.InstallVds) && !getParameters().getAddPending()) { final InstallVdsParameters installVdsParameters = new InstallVdsParameters(getVdsId(), getParameters().getPassword()); + installVdsParameters.setAuthMethod(getParameters().getAuthMethod()); installVdsParameters.setOverrideFirewall(getParameters().getOverrideFirewall()); installVdsParameters.setRebootAfterInstallation(getParameters().isRebootAfterInstallation()); Map<String, String> values = new HashMap<String, String>(); @@ -324,6 +327,7 @@ && !EngineEncryptionUtils.haveKey()) { returnValue = failCanDoAction(VdcBllMessages.VDS_TRY_CREATE_SECURE_CERTIFICATE_NOT_FOUND); } else if (!getParameters().getAddPending() + && (getParameters().getAuthMethod() == VdsOperationActionParameters.AuthenticationMethod.Password) && StringUtils.isEmpty(getParameters().getPassword())) { // We block vds installations if it's not a RHEV-H and password is empty // Note that this may override local host SSH policy. See BZ#688718. @@ -365,22 +369,14 @@ TimeUnit.SECONDS.toMillis(Config.<Integer> GetValue(ConfigValues.ConnectToServerTimeoutInSeconds)); EngineSSHClient sshclient = new EngineSSHClient(); - if (getParameters().getvds().getSSHKeyFingerprint().isEmpty()) { - sshclient.setVds(getParameters().getvds()); - try { - getParameters().getvds().setSSHKeyFingerprint(sshclient.getHostFingerprint()); - DbFacade.getInstance().getVdsStaticDao().save(getParameters().getVdsStaticData()); - } catch (Exception e) { - log.warnFormat( - "couldn't set fingerprint for vds", - e); - } - } else { - sshclient.setVds(getParameters().getvds()); - } + sshclient.setVds(getParameters().getvds()); sshclient.setHardTimeout(timeout); sshclient.setSoftTimeout(timeout); - sshclient.setPassword(getParameters().getPassword()); + if (getParameters().getAuthMethod() == AuthenticationMethod.PublicKey) { + sshclient.useDefaultKeyPair(); + } else { + sshclient.setPassword(getParameters().getPassword()); + } return sshclient; } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InstallVdsCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InstallVdsCommand.java index d904301..edd464d 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InstallVdsCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InstallVdsCommand.java @@ -176,7 +176,7 @@ ); } setVdsStatus(VDSStatus.Installing); - installer.execute(); + installer.execute(getParameters().getAuthMethod()); switch (installer.getDeployStatus()) { case Failed: diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java index cc5e7df..465e9f9 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java @@ -17,6 +17,7 @@ import javax.naming.TimeLimitExceededException; import org.apache.commons.lang.StringUtils; +import org.ovirt.engine.core.common.action.VdsOperationActionParameters.AuthenticationMethod; import org.ovirt.engine.core.common.businessentities.VDS; import org.ovirt.engine.core.common.businessentities.VDSGroup; import org.ovirt.engine.core.common.businessentities.VDSType; @@ -835,7 +836,7 @@ * Main method. * Execute the command and initiate the dialog. */ - public void execute() throws Exception { + public void execute(AuthenticationMethod auth) throws Exception { InputStream in = null; try { _dialog.connect(); @@ -848,6 +849,11 @@ _dialog.getHostFingerprint() ) ); + + if (auth == AuthenticationMethod.PublicKey) { + _dialog.useDefaultKeyPair(); + } + _dialog.authenticate(); String command = Config.<String> GetValue(ConfigValues.BootstrapCommand); diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdsOperationActionParameters.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdsOperationActionParameters.java index f169f03..5041302 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdsOperationActionParameters.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdsOperationActionParameters.java @@ -1,5 +1,8 @@ package org.ovirt.engine.core.common.action; +import java.util.HashMap; +import java.util.Map; + import javax.validation.Valid; import org.ovirt.engine.core.common.businessentities.VDS; @@ -20,6 +23,36 @@ */ private boolean rebootAfterInstallation = true; + private AuthenticationMethod _authMethod; + + public enum AuthenticationMethod { + Password(0), + PublicKey(1); + + private int intValue; + private static Map<Integer, AuthenticationMethod> mappings; + + static { + mappings = new HashMap<Integer, AuthenticationMethod>(); + for (AuthenticationMethod error : values()) { + mappings.put(error.getValue(), error); + } + } + + private AuthenticationMethod(int value) { + intValue = value; + } + + public int getValue() { + return intValue; + } + + public static AuthenticationMethod forValue(int value) { + return mappings.get(value); + } + } + + public VdsOperationActionParameters(VdsStatic vdsStatic, String password) { super(vdsStatic.getId()); if ("".equals(vdsStatic.getManagementIp())) { @@ -27,6 +60,7 @@ } _vdsStatic = vdsStatic; _password = password; + _authMethod = AuthenticationMethod.Password; } public VdsOperationActionParameters(VdsStatic vdsStatic) { @@ -45,6 +79,14 @@ _password = value; } + public void setAuthMethod(AuthenticationMethod value) { + _authMethod = value; + } + + public AuthenticationMethod getAuthMethod() { + return _authMethod; + } + public VdsOperationActionParameters() { } diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java index b76aff4..e5e4175 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java @@ -58,7 +58,10 @@ if (_vds != null) { String actual = getHostFingerprint(); String expected = _vds.getSSHKeyFingerprint(); - if (!actual.equals(expected)) { + if (expected == null || expected.isEmpty()) { + _vds.setSSHKeyFingerprint(getHostFingerprint()); + // TODO: decide if db store is needed from here. + } else if (!actual.equals(expected)) { throw new GeneralSecurityException( String.format( "Invalid fingerprint %s, expected %s", -- To view, visit http://gerrit.ovirt.org/16270 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I54591b2b6cc99114f53124ee5a74c2b35f950304 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yaniv Bronhaim <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
