You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by is...@apache.org on 2015/10/23 11:27:13 UTC
stratos git commit: handling HTTPS loadbalancing in AWS LB extension
Repository: stratos
Updated Branches:
refs/heads/stratos-4.1.x 27ba632f2 -> 3a2acec71
handling HTTPS loadbalancing in AWS LB extension
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/3a2acec7
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/3a2acec7
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/3a2acec7
Branch: refs/heads/stratos-4.1.x
Commit: 3a2acec7158c9491bd7d54f1f6f093473ff3985b
Parents: 27ba632
Author: Isuru Haththotuwa <is...@apache.org>
Authored: Fri Oct 23 14:53:59 2015 +0530
Committer: Isuru Haththotuwa <is...@apache.org>
Committed: Fri Oct 23 14:53:59 2015 +0530
----------------------------------------------------------------------
.../modules/aws-extension/INSTALL.md | 8 +++++-
.../aws-extension/src/main/conf/aws.properties | 6 +++++
.../apache/stratos/aws/extension/AWSHelper.java | 28 +++++++++++++++++---
.../apache/stratos/aws/extension/Constants.java | 1 +
4 files changed, 39 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/INSTALL.md
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/INSTALL.md b/extensions/load-balancer/modules/aws-extension/INSTALL.md
index 0ab671f..4f8a090 100644
--- a/extensions/load-balancer/modules/aws-extension/INSTALL.md
+++ b/extensions/load-balancer/modules/aws-extension/INSTALL.md
@@ -24,7 +24,9 @@ below steps to proceed with the installation:
1. Extract org.apache.stratos.aws.extension-<version>.zip to a desired location: <aws-extension-home>.
-2. Open <aws-extension-home>/conf/aws-credentials.conf file in text editor and update AWS access key and secret key information.
+2. Open <aws-extension-home>/conf/aws-credentials.conf file in text editor and update AWS access key and secret key information.
+ If you are using HTTPS as the FE protocol for the AWS LBs, upload a certificate [1] for the LBs and update
+ load-balancer-ssl-certificate-id with the ARN [2].
3. Open <aws-extension-home>/bin/aws-extension.sh file in a text editor and update following system properties:
```
@@ -43,3 +45,7 @@ below steps to proceed with the installation:
```
5. Run <aws-extension-home>/bin/aws-extension.sh as the root user.
+
+[1]. http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html
+
+[2]. http://docs.aws.amazon.com/cli/latest/reference/iam/get-server-certificate.html
http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties b/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
index e0302e6..ebdf614 100644
--- a/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
+++ b/extensions/load-balancer/modules/aws-extension/src/main/conf/aws.properties
@@ -32,3 +32,9 @@ allowed-protocols=tcp
# statistics-interval denotes the interval in seconds for which statistics are gathered to calculate request in flight count.
# This must be multiple of 60.
statistics-interval=60
+# Upload a private key and public certificate to use in the HTTPS Listner of the load balancer
+# After the server certificate is uploaded, you can verify that the information is stored in IAM.
+# Each certificate object has a unique Amazon Resource Name (ARN) and ID.
+# You can request these details for a specific certificate object by referencing the name of the certificate object:
+# aws iam get-server-certificate --server-certificate-name your-certificate-name
+load-balancer-ssl-certificate-id=
http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
index a8164e7..4bdd3e5 100644
--- a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
+++ b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/AWSHelper.java
@@ -66,6 +66,7 @@ public class AWSHelper {
private String lbSecurityGroupDescription;
private String allowedCidrIpForLBSecurityGroup;
private int statisticsInterval;
+ private String sslCertificateId;
private AtomicInteger lbSequence;
@@ -126,6 +127,11 @@ public class AWSHelper {
"Invalid load balancer security group name.");
}
+ // Read the SSL certificate Id. This is mandatory if only we are using HTTPS as the front end protocol.
+ // http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-listenerconfig-quickref.html
+ this.sslCertificateId = properties
+ .getProperty(Constants.LOAD_BALANCER_SSL_CERTIFICATE_ID);
+
this.allowedCidrIpForLBSecurityGroup = properties
.getProperty(Constants.ALLOWED_CIDR_IP_KEY);
@@ -338,8 +344,7 @@ public class AWSHelper {
* @param region
* of the load balancer
*/
- public void deregisterInstancesFromLoadBalancer(String loadBalancerName,
- List<Instance> instances, String region) {
+ public void deregisterInstancesFromLoadBalancer(String loadBalancerName, List<Instance> instances, String region) {
log.info("De-registering following instance(s) from load balancer "
+ loadBalancerName);
@@ -841,7 +846,7 @@ public class AWSHelper {
* @param service
* @return list of listeners required for the service
*/
- public List<Listener> getRequiredListeners(Member member) {
+ public List<Listener> getRequiredListeners(Member member) throws LoadBalancerExtensionException {
List<Listener> listeners = new ArrayList<Listener>();
Collection<Port> ports = member.getPorts();
@@ -854,6 +859,19 @@ public class AWSHelper {
Listener listener = new Listener(protocol, proxyPort, instancePort);
listener.setInstanceProtocol(instanceProtocol);
+ if ("HTTPS".equalsIgnoreCase(protocol) || "SSL".equalsIgnoreCase(protocol)) {
+ // if the SSL certificate is not configured in the aws.properties file, can't continue
+ if (getSslCertificateId() == null || getSslCertificateId().isEmpty()) {
+ String errorMsg = "Required property " + Constants.LOAD_BALANCER_SSL_CERTIFICATE_ID + " not provided in configuration";
+ log.error(errorMsg);
+ throw new LoadBalancerExtensionException(errorMsg);
+ }
+ // TODO: make debug?
+ if (log.isInfoEnabled()) {
+ log.info("Listener protocol = " + protocol + ", hence setting the SSL Certificate Id: " + getSslCertificateId());
+ }
+ listener.setSSLCertificateId(getSslCertificateId());
+ }
listeners.add(listener);
}
@@ -923,4 +941,8 @@ public class AWSHelper {
} else
return null;
}
+
+ public String getSslCertificateId() {
+ return sslCertificateId;
+ }
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/3a2acec7/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
----------------------------------------------------------------------
diff --git a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
index 30ada5c..626f1ce 100644
--- a/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
+++ b/extensions/load-balancer/modules/aws-extension/src/main/java/org/apache/stratos/aws/extension/Constants.java
@@ -53,4 +53,5 @@ public class Constants {
public static final String HTTP_RESPONSE_5XX = "HTTPCode_Backend_5XX";
public static final String STATISTICS_INTERVAL = "statistics-interval";
public static final int STATISTICS_INTERVAL_MULTIPLE_OF = 60;
+ public static final String LOAD_BALANCER_SSL_CERTIFICATE_ID = "load-balancer-ssl-certificate-id";
}