You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by is...@apache.org on 2015/10/23 11:27:13 UTC

stratos git commit: handling HTTPS loadbalancing in AWS LB extension

Repository: stratos
Updated Branches:
  refs/heads/stratos-4.1.x 27ba632f2 -> 3a2acec71


handling HTTPS loadbalancing in AWS LB extension


Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/3a2acec7
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/3a2acec7
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/3a2acec7

Branch: refs/heads/stratos-4.1.x
Commit: 3a2acec7158c9491bd7d54f1f6f093473ff3985b
Parents: 27ba632
Author: Isuru Haththotuwa <is...@apache.org>
Authored: Fri Oct 23 14:53:59 2015 +0530
Committer: Isuru Haththotuwa <is...@apache.org>
Committed: Fri Oct 23 14:53:59 2015 +0530

----------------------------------------------------------------------
 .../modules/aws-extension/INSTALL.md            |  8 +++++-
 .../aws-extension/src/main/conf/aws.properties  |  6 +++++
 .../apache/stratos/aws/extension/AWSHelper.java | 28 +++++++++++++++++---
 .../apache/stratos/aws/extension/Constants.java |  1 +
 4 files changed, 39 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/INSTALL.md
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/INSTALL.md b/extensions/load-balancer/modules/aws-extension/INSTALL.md
index 0ab671f..4f8a090 100644
--- a/extensions/load-balancer/modules/aws-extension/INSTALL.md
+++ b/extensions/load-balancer/modules/aws-extension/INSTALL.md
@@ -24,7 +24,9 @@ below steps to proceed with the installation:
 
 1. Extract org.apache.stratos.aws.extension-<version>.zip to a desired location: <aws-extension-home>.
 
-2. Open <aws-extension-home>/conf/aws-credentials.conf file in text editor and update AWS access key and secret key information.
+2. Open <aws-extension-home>/conf/aws-credentials.conf file in text editor and update AWS access key and secret key information. 
+   If you are using HTTPS as the FE protocol for the AWS LBs, upload a certificate [1] for the LBs and update 
+   load-balancer-ssl-certificate-id with the ARN [2].
 
 3. Open <aws-extension-home>/bin/aws-extension.sh file in a text editor and update following system properties:
    ```
@@ -43,3 +45,7 @@ below steps to proceed with the installation:
    ```
 5. Run <aws-extension-home>/bin/aws-extension.sh as the root user.
 
+
+[1]. http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html
+
+[2]. http://docs.aws.amazon.com/cli/latest/reference/iam/get-server-certificate.html

http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties b/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
index e0302e6..ebdf614 100644
--- a/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
+++ b/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
@@ -32,3 +32,9 @@ allowed-protocols=tcp
 # statistics-interval denotes the interval in seconds for which statistics are gathered to calculate request in flight count.
 # This must be multiple of 60.
 statistics-interval=60
+# Upload a private key and public certificate to use in the HTTPS Listner of the load balancer
+# After the server certificate is uploaded, you can verify that the information is stored in IAM.
+# Each certificate object has a unique Amazon Resource Name (ARN) and ID.
+# You can request these details for a specific certificate object by referencing the name of the certificate object:
+# aws iam get-server-certificate --server-certificate-name your-certificate-name
+load-balancer-ssl-certificate-id=

http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
index a8164e7..4bdd3e5 100644
--- a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
+++ b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
@@ -66,6 +66,7 @@ public class AWSHelper {
 	private String lbSecurityGroupDescription;
 	private String allowedCidrIpForLBSecurityGroup;
 	private int statisticsInterval;
+	private String sslCertificateId;
 
 	private AtomicInteger lbSequence;
 
@@ -126,6 +127,11 @@ public class AWSHelper {
 						"Invalid load balancer security group name.");
 			}
 
+			// Read the SSL certificate Id. This is mandatory if only we are using HTTPS as the front end protocol.
+			// http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-listenerconfig-quickref.html
+			this.sslCertificateId = properties
+					.getProperty(Constants.LOAD_BALANCER_SSL_CERTIFICATE_ID);
+
 			this.allowedCidrIpForLBSecurityGroup = properties
 					.getProperty(Constants.ALLOWED_CIDR_IP_KEY);
 
@@ -338,8 +344,7 @@ public class AWSHelper {
 	 * @param region
 	 *            of the load balancer
 	 */
-	public void deregisterInstancesFromLoadBalancer(String loadBalancerName,
-			List<Instance> instances, String region) {
+	public void deregisterInstancesFromLoadBalancer(String loadBalancerName, List<Instance> instances, String region) {
 
 		log.info("De-registering following instance(s) from load balancer "
 				+ loadBalancerName);
@@ -841,7 +846,7 @@ public class AWSHelper {
 	 * @param service
 	 * @return list of listeners required for the service
 	 */
-	public List<Listener> getRequiredListeners(Member member) {
+	public List<Listener> getRequiredListeners(Member member) throws LoadBalancerExtensionException {
 		List<Listener> listeners = new ArrayList<Listener>();
 
 		Collection<Port> ports = member.getPorts();
@@ -854,6 +859,19 @@ public class AWSHelper {
 
 			Listener listener = new Listener(protocol, proxyPort, instancePort);
 			listener.setInstanceProtocol(instanceProtocol);
+			if ("HTTPS".equalsIgnoreCase(protocol) || "SSL".equalsIgnoreCase(protocol)) {
+				// if the SSL certificate is not configured in the aws.properties file, can't continue
+				if (getSslCertificateId() == null || getSslCertificateId().isEmpty()) {
+					String errorMsg = "Required property " + Constants.LOAD_BALANCER_SSL_CERTIFICATE_ID + " not provided in configuration";
+					log.error(errorMsg);
+					throw new LoadBalancerExtensionException(errorMsg);
+				}
+				// TODO: make debug?
+				if (log.isInfoEnabled()) {
+					log.info("Listener protocol = " + protocol + ", hence setting the SSL Certificate Id: " + getSslCertificateId());
+				}
+				listener.setSSLCertificateId(getSslCertificateId());
+			}
 
 			listeners.add(listener);
 		}
@@ -923,4 +941,8 @@ public class AWSHelper {
 		} else
 			return null;
 	}
+
+	public String getSslCertificateId() {
+		return sslCertificateId;
+	}
 }

http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
index 30ada5c..626f1ce 100644
--- a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
+++ b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
@@ -53,4 +53,5 @@ public class Constants {
 	public static final String HTTP_RESPONSE_5XX = "HTTPCode_Backend_5XX";
 	public static final String STATISTICS_INTERVAL = "statistics-interval";
 	public static final int STATISTICS_INTERVAL_MULTIPLE_OF = 60;
+	public static final String LOAD_BALANCER_SSL_CERTIFICATE_ID = "load-balancer-ssl-certificate-id";
 }