You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sh...@apache.org on 2015/07/08 18:09:36 UTC
airavata git commit: Fixed JSch initialization error with regect
HostKey
Repository: airavata
Updated Branches:
refs/heads/master ab0bf86c5 -> d88488a9a
Fixed JSch initialization error with regect HostKey
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/d88488a9
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/d88488a9
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/d88488a9
Branch: refs/heads/master
Commit: d88488a9a60d4e42d043c3e09690e47d7ca540f1
Parents: ab0bf86
Author: Shameera Rathanyaka <sh...@gmail.com>
Authored: Wed Jul 8 12:09:29 2015 -0400
Committer: Shameera Rathanyaka <sh...@gmail.com>
Committed: Wed Jul 8 12:09:29 2015 -0400
----------------------------------------------------------------------
.../main/resources/airavata-server.properties | 9 +++--
.../authentication/SSHKeyAuthentication.java | 41 +++++++++++++++++---
.../org/apache/airavata/gfac/impl/Factory.java | 23 +++++++----
.../airavata/gfac/impl/HPCRemoteCluster.java | 8 +++-
4 files changed, 62 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index 0b0305f..0045935 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -164,11 +164,14 @@ email.from=airavata@apache.org
# if user specify both password authentication gets the higher preference
################# ---------- For ssh key pair authentication ------------------- ################
-#public.ssh.key=/path to public key for ssh
-#private.ssh.key=/path to private key file for ssh
+#ssh.public.key=/path to public key for ssh
+#ssh.private.key=/path to private key file for ssh
#ssh.keypass=passphrase for the private key
#ssh.username=username for ssh connection
-### Incase of password authentication.
+## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
+#ssh.strict.hostKey.checking=yes/no
+#ssh.known.hosts.file=/path to known hosts file
+### Incase of password authentication.
#ssh.password=Password for ssh connection
################ ---------- BES Properties ------------------- ###############
http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
index 94beadd..191d7a8 100644
--- a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
+++ b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java
@@ -34,28 +34,57 @@ public class SSHKeyAuthentication implements AuthenticationInfo {
private String privateKeyFilePath;
private String publicKeyFilePath;
private String passphrase;
+ private String knownHostsFilePath;
+ private String strictHostKeyChecking; // yes or no
- public SSHKeyAuthentication(String userName, String privateKeyFilePath, String publicKeyFilePath, String
- passphrase) {
- this.userName = userName;
- this.privateKeyFilePath = privateKeyFilePath;
- this.publicKeyFilePath = publicKeyFilePath;
- this.passphrase = passphrase;
+ public SSHKeyAuthentication() {
}
public String getUserName() {
return userName;
}
+ public void setUserName(String userName) {
+ this.userName = userName;
+ }
+
public String getPrivateKeyFilePath() {
return privateKeyFilePath;
}
+ public void setPrivateKeyFilePath(String privateKeyFilePath) {
+ this.privateKeyFilePath = privateKeyFilePath;
+ }
+
public String getPublicKeyFilePath() {
return publicKeyFilePath;
}
+ public void setPublicKeyFilePath(String publicKeyFilePath) {
+ this.publicKeyFilePath = publicKeyFilePath;
+ }
+
public String getPassphrase() {
return passphrase;
}
+
+ public void setPassphrase(String passphrase) {
+ this.passphrase = passphrase;
+ }
+
+ public String getKnownHostsFilePath() {
+ return knownHostsFilePath;
+ }
+
+ public void setKnownHostsFilePath(String knownHostsFilePath) {
+ this.knownHostsFilePath = knownHostsFilePath;
+ }
+
+ public String getStrictHostKeyChecking() {
+ return strictHostKeyChecking;
+ }
+
+ public void setStrictHostKeyChecking(String strictHostKeyChecking) {
+ this.strictHostKeyChecking = strictHostKeyChecking;
+ }
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
index 0727927..c2ce8dc 100644
--- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
+++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java
@@ -23,6 +23,7 @@ package org.apache.airavata.gfac.impl;
import com.google.common.eventbus.EventBus;
import org.apache.airavata.common.exception.AiravataException;
import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.ApplicationSettings;
import org.apache.airavata.common.utils.LocalEventPublisher;
import org.apache.airavata.common.utils.ServerSettings;
import org.apache.airavata.gfac.core.GFacEngine;
@@ -178,8 +179,8 @@ public abstract class Factory {
if (remoteCluster == null) {
String hostName = Factory.getDefaultAppCatalog().getComputeResource().getComputeResource(cRP
.getComputeResourceId()).getHostName();
- ServerInfo serverInfo = new ServerInfo(cRP.getLoginUserName(), hostName);
-
+ // fixme - read login user name from computeResourcePreference
+ ServerInfo serverInfo = new ServerInfo(ServerSettings.getSetting("ssh.username"), hostName);
List<JobSubmissionInterface> jobSubmissionInterfaces = Factory.getDefaultAppCatalog().getComputeResource()
.getComputeResource(cRP.getComputeResourceId())
.getJobSubmissionInterfaces();
@@ -219,12 +220,18 @@ public abstract class Factory {
}
private static SSHKeyAuthentication getSSHKeyAuthentication() throws ApplicationSettingsException {
- String username = ServerSettings.getSetting("ssh.username");
- String privateKeyFilePath = ServerSettings.getSetting("private.ssh.key");
- String publicKeyFilePath = ServerSettings.getSetting("public.ssh.key");
- String passphrase = ServerSettings.getSetting("ssh.keypass");
- return new SSHKeyAuthentication(username, privateKeyFilePath,
- publicKeyFilePath, passphrase);
+ SSHKeyAuthentication sshKA = new SSHKeyAuthentication();
+ sshKA.setUserName(ServerSettings.getSetting("ssh.username"));
+ sshKA.setPassphrase(ServerSettings.getSetting("ssh.keypass"));
+ sshKA.setPrivateKeyFilePath(ServerSettings.getSetting("ssh.private.key"));
+ sshKA.setPublicKeyFilePath(ServerSettings.getSetting("ssh.public.key"));
+ sshKA.setStrictHostKeyChecking(ServerSettings.getSetting("ssh.strict.hostKey.checking", "no"));
+ sshKA.setKnownHostsFilePath(ServerSettings.getSetting("ssh.known.hosts.file", null));
+ if (sshKA.getStrictHostKeyChecking().equals("yes") && sshKA.getKnownHostsFilePath() == null) {
+ throw new ApplicationSettingsException("If ssh scrict hostky checking property is set to yes, you must " +
+ "provid known host file path");
+ }
+ return sshKA;
}
public static JobSubmissionTask getJobSubmissionTask(JobSubmissionProtocol jobSubmissionProtocol) throws
http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
index d847a4d..69cf03e 100644
--- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
+++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java
@@ -66,10 +66,14 @@ public class HPCRemoteCluster extends AbstractRemoteCluster{
}
jSch = new JSch();
jSch.addIdentity(authentication.getPrivateKeyFilePath(), authentication.getPublicKeyFilePath(),
- authentication
- .getPassphrase().getBytes());
+ authentication.getPassphrase().getBytes());
session = jSch.getSession(serverInfo.getUserName(), serverInfo.getHost(), serverInfo.getPort());
session.setUserInfo(new DefaultUserInfo(serverInfo.getUserName(), null, authentication.getPassphrase()));
+ if (authentication.getStrictHostKeyChecking().equals("yes")) {
+ jSch.setKnownHosts(authentication.getKnownHostsFilePath());
+ } else {
+ session.setConfig("StrictHostKeyChecking","no");
+ }
session.connect(); // 0 connection timeout
} catch (JSchException e) {
throw new AiravataException("JSch initialization error ", e);