You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2018/08/24 06:25:49 UTC
[9/9] directory-kerby git commit: Improve the keytab deployment tool.
Improve the keytab deployment tool.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/97c17e85
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/97c17e85
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/97c17e85
Branch: refs/heads/kerby-2.0.0
Commit: 97c17e85e79fb6fd56985be1e01c824fa830bb17
Parents: f4c1e3d
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri Aug 24 14:16:01 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri Aug 24 14:22:08 2018 +0800
----------------------------------------------------------------------
has-project/docs/has-start.md | 27 +--
.../tool/admin/local/AdminLocalTool.java | 13 +-
.../AddPrincipalsAndDeployKeytabsCommand.java | 177 ---------------
.../tool/admin/local/cmd/KeytabCommand.java | 220 +++++++++++++++++++
.../tool/hclient/HasClientLoginTool.java | 4 +-
5 files changed, 239 insertions(+), 202 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/97c17e85/has-project/docs/has-start.md
----------------------------------------------------------------------
diff --git a/has-project/docs/has-start.md b/has-project/docs/has-start.md
index 20cd455..5fa1733 100644
--- a/has-project/docs/has-start.md
+++ b/has-project/docs/has-start.md
@@ -192,22 +192,17 @@ admin.local: exit
```
The admin.keytab file is created by the has-init. In local and remote admin tool, you can type "?" for help.
-#### Get hostRoles list:
-```
-cd kerby-dist/has-dist
-// Start local or remote hadmin tool
-sh bin/admin-local.sh(bin/admin-remote.sh) <conf_dir> -k <keytab>
-admin.local: hostroles
-admin.local: exit
+#### Export and deploy keytabs:
```
+// Start local admin tool
+sh bin/admin-local.sh <conf_dir> -k <keytab>
-#### Export service keytabs:
-```
-cd kerby-dist/has-dist
-// Start local or remote hadmin tool
-sh bin/admin-local.sh(bin/admin-remote.sh) <conf_dir> -k <keytab>
-// An example of exporting keytabs of localhost(hostname):
-admin.local: expkeytabs localhost
+// keytab deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]
+// Where-to-Deploy: The place to store the keytabs
+// UserName: The host user name
+// Password: The host password
+// All the hosts with the same user and password
+admin.local: keytab deploy hosts.txt 22 /etc/has/ username password
admin.local: exit
```
@@ -225,12 +220,12 @@ echo { \
// Start local admin tool
sh bin/admin-local.sh <conf_dir> -k <keytab>
-// deploy_keytabs [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]
+// keytab create_deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]
// Where-to-Deploy: The place to store the keytabs
// UserName: The host user name
// Password: The host password
// All the hosts with the same user and password
-admin.local: deploy_keytabs hosts.txt 22 /etc/has/ username password
+admin.local: keytab create_deploy hosts.txt 22 /etc/has/ username password
admin.local: exit
```
Note: The admin.keytab file is created by the `has-init`. In local admin tool, you can type "?" for help.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/97c17e85/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
index f4cc879..6c787bd 100644
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
@@ -26,7 +26,7 @@ import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
-import org.apache.kerby.kerberos.tool.admin.local.cmd.AddPrincipalsAndDeployKeytabsCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.KeytabCommand;
import org.apache.kerby.kerberos.tool.admin.local.cmd.AddPrincipalsCommand;
import org.apache.kerby.kerberos.tool.admin.local.cmd.DeployHTTPSCertsCommand;
import org.apache.kerby.kerberos.tool.admin.local.cmd.DisableConfigureCommand;
@@ -110,8 +110,8 @@ public class AdminLocalTool {
+ " Enable configure\n"
+ "disable_configure, disable\n"
+ " Disable configure\n"
- + "deploy_keytabs, depkeytabs\n"
- + " Deploy keytabs\n"
+ + "keytab\n"
+ + " Add principals, export keytabs, and deploy keytabs\n"
+ "deploy_https, dephttps\n"
+ " Deploy https\n";
@@ -163,9 +163,8 @@ public class AdminLocalTool {
} else if (cmd.startsWith("disable_configure")
|| cmd.startsWith("disable")) {
hadminExecutor = new DisableConfigureCommand(hadmin);
- } else if (cmd.startsWith("deploy_keytabs")
- || cmd.startsWith("depkeytabs")) {
- hadminExecutor = new AddPrincipalsAndDeployKeytabsCommand(hadmin);
+ } else if (cmd.startsWith("keytab")) {
+ hadminExecutor = new KeytabCommand(hadmin);
} else if (cmd.startsWith("deploy_https")
|| cmd.startsWith("dephttps")) {
hadminExecutor = new DeployHTTPSCertsCommand(hadmin);
@@ -297,7 +296,7 @@ public class AdminLocalTool {
Completer completer = new StringsCompleter("add_principal",
"delete_principal", "rename_principal", "change_password", "list_principals",
"get_principal", "ktadd", "get_hostroles", "export_keytabs", "add_principals",
- "enable_configure", "disable_configure", "deploy_keytabs", "deploy_https");
+ "enable_configure", "disable_configure", "keytab", "deploy_https");
Terminal terminal = null;
try {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/97c17e85/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java
deleted file mode 100644
index 865f1c6..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java
+++ /dev/null
@@ -1,177 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.local.cmd;
-
-
-import com.jcraft.jsch.ChannelSftp;
-import com.jcraft.jsch.JSch;
-import com.jcraft.jsch.JSchException;
-import com.jcraft.jsch.Session;
-import com.jcraft.jsch.SftpException;
-import org.apache.kerby.has.common.HasException;
-import org.apache.kerby.has.server.admin.LocalHadmin;
-import org.codehaus.jettison.json.JSONArray;
-import org.codehaus.jettison.json.JSONException;
-import org.codehaus.jettison.json.JSONObject;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-
-public class AddPrincipalsAndDeployKeytabsCommand extends HadminCommand {
- private static final String USAGE
- = "\nUsage: deploy_keytabs [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
- + "\tExample:\n"
- + "\t\tdeploy_keytabs hostroles.txt /etc/has/ 22 username password\n";
-
- public AddPrincipalsAndDeployKeytabsCommand(LocalHadmin hadmin) {
- super(hadmin);
- }
-
- @Override
- public void execute(String[] items) throws HasException {
-
- if (items.length < 5 || items.length > 6) {
- System.err.println(USAGE);
- return;
- }
-
- File hostfile = new File(items[1]);
- if (!hostfile.exists()) {
- throw new HasException("HostRoles file is not exists.");
- }
- String pathToDeploy = items[2];
- int port = Integer.valueOf(items[3]);
- String username = items[4];
- String password = "";
- if (items.length == 6) {
- password = items[5];
- }
-
- BufferedReader reader;
- try {
- reader = new BufferedReader(new FileReader(hostfile));
- } catch (FileNotFoundException e) {
- throw new HasException("The host roles file: " + hostfile + "is not exist. " + e.getMessage());
- }
- StringBuilder sb = new StringBuilder();
- String tempString;
- try {
- while ((tempString = reader.readLine()) != null) {
- sb.append(tempString);
- }
- } catch (IOException e) {
- throw new HasException("Failed to read file: " + e.getMessage());
- }
- JSONArray hostArray;
- try {
- hostArray = new JSONObject(sb.toString()).optJSONArray("HOSTS");
- } catch (JSONException e) {
- throw new HasException(e.getMessage());
- }
- for (int i = 0; i < hostArray.length(); i++) {
- JSONObject host;
- try {
- host = (JSONObject) hostArray.get(i);
- } catch (JSONException e) {
- throw new HasException(e.getMessage());
- }
- String hostname;
- try {
- hostname = host.getString("name");
- } catch (JSONException e) {
- throw new HasException(e.getMessage());
- }
- String[] roles;
- try {
- roles = host.getString("hostRoles").split(",");
- } catch (JSONException e) {
- throw new HasException(e.getMessage());
- }
- List<File> keytabs = new ArrayList<>();
- for (String role : roles) {
- // Add principal.
- System.out.println(getHadmin().addPrincByRole(hostname,
- role.toUpperCase()));
- // Export keytab
- File keytab = getHadmin().getKeytabByHostAndRole(hostname, role);
-
- keytabs.add(keytab);
- }
-
- JSch jsch = new JSch();
- Session session;
- try {
- session = jsch.getSession(username, hostname, port);
- } catch (JSchException e) {
- throw new HasException(e.getMessage());
- }
- session.setPassword(password);
-
- java.util.Properties config = new java.util.Properties();
- config.put("StrictHostKeyChecking", "no");
- session.setConfig(config);
-
- ChannelSftp channel;
- try {
- session.connect();
- channel = (ChannelSftp) session.openChannel("sftp");
- channel.connect();
- } catch (JSchException e) {
- throw new HasException("Failed to set the session: " + e.getMessage());
- }
- try {
- String path = "";
- String[] paths = pathToDeploy.split("/");
- for (int j = 1; j < paths.length; j++) {
- path = path + "/" + paths[i];
-
- try {
- channel.cd(path);
- } catch (SftpException e) {
- if (e.id == ChannelSftp.SSH_FX_NO_SUCH_FILE) {
- channel.mkdir(path);
- } else {
- throw new HasException(e.getMessage());
- }
- }
- }
- } catch (SftpException e) {
- throw new HasException("Failed to mkdir path: " + e.getMessage());
- }
-
- for (File keytab : keytabs) {
- // Send the keytab to remote
- try {
- channel.put(keytab.getAbsolutePath(), pathToDeploy + keytab.getName());
- } catch (SftpException e) {
- throw new HasException("Failed to send the keytab file: " + keytab.getName());
- }
- }
- channel.disconnect();
- }
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/97c17e85/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/KeytabCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/KeytabCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/KeytabCommand.java
new file mode 100644
index 0000000..09bf0a9
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/KeytabCommand.java
@@ -0,0 +1,220 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local.cmd;
+
+
+import com.jcraft.jsch.ChannelSftp;
+import com.jcraft.jsch.JSch;
+import com.jcraft.jsch.JSchException;
+import com.jcraft.jsch.Session;
+import com.jcraft.jsch.SftpException;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+import org.codehaus.jettison.json.JSONArray;
+import org.codehaus.jettison.json.JSONException;
+import org.codehaus.jettison.json.JSONObject;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class KeytabCommand extends HadminCommand {
+ private static final String KEYTAB_CREATE_USAGE
+ = "\nUsage: keytab create [HostRoles-File]\n"
+ + "\tAdd principals in backend.\n"
+ + "\tExample:\n"
+ + "\t\tkeytab create hostroles.txt\n";
+
+ private static final String KEYTAB_DEPLOY_USAGE
+ = "\nUsage: keytab deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
+ + "\tExport and deploy keytabs.\n"
+ + "\tExample:\n"
+ + "\t\tkeytab deploy hostroles.txt /etc/has/ 22 username password\n";
+
+ private static final String KEYTAB_CREATE_DEPLOY_USAGE
+ = "\nUsage: keytab create_deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
+ + "\tAdd principals, export and deploy keytabs.\n"
+ + "\tExample:\n"
+ + "\t\tkeytab create_deploy hostroles.txt /etc/has/ 22 username password\n";
+
+ public KeytabCommand(LocalHadmin hadmin) {
+ super(hadmin);
+ }
+
+ @Override
+ public void execute(String[] items) throws HasException {
+
+ if (items.length < 3) {
+ System.err.println(KEYTAB_CREATE_USAGE);
+ System.err.println(KEYTAB_DEPLOY_USAGE);
+ System.err.println(KEYTAB_CREATE_DEPLOY_USAGE);
+ return;
+ }
+
+ String cmd = items[1];
+
+ File hostfile = new File(items[2]);
+ if (!hostfile.exists()) {
+ throw new HasException("Host roles file: " + items[2] + " is not exists.");
+ }
+
+ BufferedReader reader;
+ try {
+ reader = new BufferedReader(new FileReader(hostfile));
+ } catch (FileNotFoundException e) {
+ throw new HasException("The host roles file: " + hostfile
+ + " is not exist. " + e.getMessage());
+ }
+ StringBuilder sb = new StringBuilder();
+ String tempString;
+ try {
+ while ((tempString = reader.readLine()) != null) {
+ sb.append(tempString);
+ }
+ } catch (IOException e) {
+ throw new HasException("Failed to read file: " + e.getMessage());
+ }
+ JSONArray hostArray;
+ try {
+ hostArray = new JSONObject(sb.toString()).optJSONArray("HOSTS");
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+
+ for (int i = 0; i < hostArray.length(); i++) {
+ JSONObject host;
+ try {
+ host = (JSONObject) hostArray.get(i);
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+ String hostname;
+ try {
+ hostname = host.getString("name");
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+ String[] roles;
+ try {
+ roles = host.getString("hostRoles").split(",");
+ } catch (JSONException e) {
+ throw new HasException(e.getMessage());
+ }
+
+ if (cmd.equals("create")) {
+ if (items.length != 3) {
+ System.err.println(KEYTAB_CREATE_USAGE);
+ return;
+ }
+ for (String role : roles) {
+ // Add principal.
+ System.out.println(getHadmin().addPrincByRole(hostname,
+ role.toUpperCase()));
+ }
+ } else if (cmd.equals("deploy") || cmd.equals("create_deploy")) {
+ if (items.length < 6 || items.length > 7) {
+ if (cmd.equals("deploy")) {
+ System.err.println(KEYTAB_DEPLOY_USAGE);
+ } else {
+ System.err.println(KEYTAB_CREATE_DEPLOY_USAGE);
+ }
+ return;
+ }
+ String pathToDeploy = items[3];
+ int port = Integer.valueOf(items[4]);
+ String username = items[5];
+ String password = "";
+ if (items.length == 7) {
+ password = items[6];
+ }
+ List<File> keytabs = new ArrayList<>();
+ for (String role : roles) {
+ if (cmd.equals("create_deploy")) {
+ // Add principal.
+ System.out.println(getHadmin().addPrincByRole(hostname,
+ role.toUpperCase()));
+ }
+
+ // Export keytab
+ File keytab = getHadmin().getKeytabByHostAndRole(hostname, role);
+
+ keytabs.add(keytab);
+ }
+
+ JSch jsch = new JSch();
+ Session session;
+ try {
+ session = jsch.getSession(username, hostname, port);
+ } catch (JSchException e) {
+ throw new HasException(e.getMessage());
+ }
+ session.setPassword(password);
+
+ java.util.Properties config = new java.util.Properties();
+ config.put("StrictHostKeyChecking", "no");
+ session.setConfig(config);
+
+ ChannelSftp channel;
+ try {
+ session.connect();
+ channel = (ChannelSftp) session.openChannel("sftp");
+ channel.connect();
+ } catch (JSchException e) {
+ throw new HasException("Failed to set the session: " + e.getMessage());
+ }
+ try {
+ String path = "";
+ String[] paths = pathToDeploy.split("/");
+ for (int j = 1; j < paths.length; j++) {
+ path = path + "/" + paths[i];
+
+ try {
+ channel.cd(path);
+ } catch (SftpException e) {
+ if (e.id == ChannelSftp.SSH_FX_NO_SUCH_FILE) {
+ channel.mkdir(path);
+ } else {
+ throw new HasException(e.getMessage());
+ }
+ }
+ }
+ } catch (SftpException e) {
+ throw new HasException("Failed to mkdir path: " + e.getMessage());
+ }
+
+ for (File keytab : keytabs) {
+ // Send the keytabs to remote
+ try {
+ channel.put(keytab.getAbsolutePath(), pathToDeploy + keytab.getName());
+ } catch (SftpException e) {
+ throw new HasException("Failed to send the keytab file: " + keytab.getName());
+ }
+ }
+ channel.disconnect();
+ }
+ }
+ }
+}
+
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/97c17e85/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/hclient/HasClientLoginTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/hclient/HasClientLoginTool.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/hclient/HasClientLoginTool.java
index de8aed1..99c3dd4 100644
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/hclient/HasClientLoginTool.java
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/hclient/HasClientLoginTool.java
@@ -82,7 +82,7 @@ public class HasClientLoginTool {
subject = JaasKrbUtil.loginUsingKeytab(principalList.get(index),
keytabList.get(index));
} catch (LoginException e) {
- System.err.println("Fail to login using keytab. " + e);
+ System.err.println("Failed to login using keytab. " + e);
}
System.out.println("Login succeeded for user: "
+ subject.getPrincipals().iterator().next());
@@ -179,7 +179,7 @@ public class HasClientLoginTool {
HasAuthAdminClient authHasAdminClient = null;
File confFile = new File(confDir, "admin.conf");
- HasConfig hasConfig = null;
+ HasConfig hasConfig;
try {
hasConfig = HasUtil.getHasConfig(confFile);
} catch (HasException e) {