You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sh...@apache.org on 2015/07/08 18:09:36 UTC

airavata git commit: Fixed JSch initialization error with regect HostKey

Repository: airavata
Updated Branches:
  refs/heads/master ab0bf86c5 -> d88488a9a


Fixed JSch initialization error with regect HostKey


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/d88488a9
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/d88488a9
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/d88488a9

Branch: refs/heads/master
Commit: d88488a9a60d4e42d043c3e09690e47d7ca540f1
Parents: ab0bf86
Author: Shameera Rathanyaka <sh...@gmail.com>
Authored: Wed Jul 8 12:09:29 2015 -0400
Committer: Shameera Rathanyaka <sh...@gmail.com>
Committed: Wed Jul 8 12:09:29 2015 -0400

----------------------------------------------------------------------
 .../main/resources/airavata-server.properties   |  9 +++--
 .../authentication/SSHKeyAuthentication.java    | 41 +++++++++++++++++---
 .../org/apache/airavata/gfac/impl/Factory.java  | 23 +++++++----
 .../airavata/gfac/impl/HPCRemoteCluster.java    |  8 +++-
 4 files changed, 62 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index 0b0305f..0045935 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -164,11 +164,14 @@ email.from=airavata@apache.org
 # if user specify both password authentication gets the higher preference
 
 ################# ---------- For ssh key pair authentication ------------------- ################
-#public.ssh.key=/path to public key for ssh
-#private.ssh.key=/path to private key file for ssh
+#ssh.public.key=/path to public key for ssh
+#ssh.private.key=/path to private key file for ssh
 #ssh.keypass=passphrase for the private key
 #ssh.username=username for ssh connection
-### Incase of password authentication. 
+## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
+#ssh.strict.hostKey.checking=yes/no
+#ssh.known.hosts.file=/path to known hosts file
+### Incase of password authentication.
 #ssh.password=Password for ssh connection
 
 ################ ---------- BES Properties ------------------- ###############

http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
index 94beadd..191d7a8 100644
--- a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
+++ b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
@@ -34,28 +34,57 @@ public class SSHKeyAuthentication implements AuthenticationInfo {
 	private String privateKeyFilePath;
 	private String publicKeyFilePath;
 	private String passphrase;
+	private String knownHostsFilePath;
+	private String strictHostKeyChecking; // yes or no
 
-	public SSHKeyAuthentication(String userName, String privateKeyFilePath, String publicKeyFilePath, String
-			passphrase) {
-		this.userName = userName;
-		this.privateKeyFilePath = privateKeyFilePath;
-		this.publicKeyFilePath = publicKeyFilePath;
-		this.passphrase = passphrase;
+	public SSHKeyAuthentication() {
 	}
 
 	public String getUserName() {
 		return userName;
 	}
 
+	public void setUserName(String userName) {
+		this.userName = userName;
+	}
+
 	public String getPrivateKeyFilePath() {
 		return privateKeyFilePath;
 	}
 
+	public void setPrivateKeyFilePath(String privateKeyFilePath) {
+		this.privateKeyFilePath = privateKeyFilePath;
+	}
+
 	public String getPublicKeyFilePath() {
 		return publicKeyFilePath;
 	}
 
+	public void setPublicKeyFilePath(String publicKeyFilePath) {
+		this.publicKeyFilePath = publicKeyFilePath;
+	}
+
 	public String getPassphrase() {
 		return passphrase;
 	}
+
+	public void setPassphrase(String passphrase) {
+		this.passphrase = passphrase;
+	}
+
+	public String getKnownHostsFilePath() {
+		return knownHostsFilePath;
+	}
+
+	public void setKnownHostsFilePath(String knownHostsFilePath) {
+		this.knownHostsFilePath = knownHostsFilePath;
+	}
+
+	public String getStrictHostKeyChecking() {
+		return strictHostKeyChecking;
+	}
+
+	public void setStrictHostKeyChecking(String strictHostKeyChecking) {
+		this.strictHostKeyChecking = strictHostKeyChecking;
+	}
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
index 0727927..c2ce8dc 100644
--- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
+++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
@@ -23,6 +23,7 @@ package org.apache.airavata.gfac.impl;
 import com.google.common.eventbus.EventBus;
 import org.apache.airavata.common.exception.AiravataException;
 import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.ApplicationSettings;
 import org.apache.airavata.common.utils.LocalEventPublisher;
 import org.apache.airavata.common.utils.ServerSettings;
 import org.apache.airavata.gfac.core.GFacEngine;
@@ -178,8 +179,8 @@ public abstract class Factory {
 		if (remoteCluster == null) {
 			String hostName = Factory.getDefaultAppCatalog().getComputeResource().getComputeResource(cRP
 					.getComputeResourceId()).getHostName();
-			ServerInfo serverInfo = new ServerInfo(cRP.getLoginUserName(), hostName);
-
+			// fixme - read login user name from computeResourcePreference
+			ServerInfo serverInfo = new ServerInfo(ServerSettings.getSetting("ssh.username"), hostName);
 			List<JobSubmissionInterface> jobSubmissionInterfaces = Factory.getDefaultAppCatalog().getComputeResource()
 					.getComputeResource(cRP.getComputeResourceId())
 					.getJobSubmissionInterfaces();
@@ -219,12 +220,18 @@ public abstract class Factory {
 	}
 
 	private static SSHKeyAuthentication getSSHKeyAuthentication() throws ApplicationSettingsException {
-		String username = ServerSettings.getSetting("ssh.username");
-		String privateKeyFilePath = ServerSettings.getSetting("private.ssh.key");
-		String publicKeyFilePath = ServerSettings.getSetting("public.ssh.key");
-		String passphrase = ServerSettings.getSetting("ssh.keypass");
-		return new SSHKeyAuthentication(username, privateKeyFilePath,
-				publicKeyFilePath, passphrase);
+		SSHKeyAuthentication sshKA = new SSHKeyAuthentication();
+		sshKA.setUserName(ServerSettings.getSetting("ssh.username"));
+		sshKA.setPassphrase(ServerSettings.getSetting("ssh.keypass"));
+		sshKA.setPrivateKeyFilePath(ServerSettings.getSetting("ssh.private.key"));
+		sshKA.setPublicKeyFilePath(ServerSettings.getSetting("ssh.public.key"));
+		sshKA.setStrictHostKeyChecking(ServerSettings.getSetting("ssh.strict.hostKey.checking", "no"));
+		sshKA.setKnownHostsFilePath(ServerSettings.getSetting("ssh.known.hosts.file", null));
+		if (sshKA.getStrictHostKeyChecking().equals("yes") && sshKA.getKnownHostsFilePath() == null) {
+			throw new ApplicationSettingsException("If ssh scrict hostky checking property is set to yes, you must " +
+					"provid known host file path");
+		}
+		return sshKA;
 	}
 
 	public static JobSubmissionTask getJobSubmissionTask(JobSubmissionProtocol jobSubmissionProtocol) throws

http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
index d847a4d..69cf03e 100644
--- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
+++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
@@ -66,10 +66,14 @@ public class HPCRemoteCluster extends AbstractRemoteCluster{
 			}
 			jSch = new JSch();
 			jSch.addIdentity(authentication.getPrivateKeyFilePath(), authentication.getPublicKeyFilePath(),
-					authentication
-					.getPassphrase().getBytes());
+					authentication.getPassphrase().getBytes());
 			session = jSch.getSession(serverInfo.getUserName(), serverInfo.getHost(), serverInfo.getPort());
 			session.setUserInfo(new DefaultUserInfo(serverInfo.getUserName(), null, authentication.getPassphrase()));
+			if (authentication.getStrictHostKeyChecking().equals("yes")) {
+				jSch.setKnownHosts(authentication.getKnownHostsFilePath());
+			} else {
+				session.setConfig("StrictHostKeyChecking","no");
+			}
 			session.connect(); // 0 connection timeout
 		} catch (JSchException e) {
 			throw new AiravataException("JSch initialization error ", e);