You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by we...@apache.org on 2013/07/12 11:35:49 UTC
[1/4] git commit: updated refs/heads/4.1 to 3b5bcac
Updated Branches:
refs/heads/4.1 e4d96bd7b -> 3b5bcac81
CLOUDSTACK-2940
Allowing Replacement of realhostip.com with a customized domain for SSVM. Though the config variable was there we were always hardcoding to realhostip.com
Reviewed-by: Abhi
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5174b002
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5174b002
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5174b002
Branch: refs/heads/4.1
Commit: 5174b002bc3e2e0013a580e63bf3ac45c18e5e2a
Parents: e4d96bd
Author: Nitin Mehta <ni...@citrix.com>
Authored: Thu Oct 11 19:38:32 2012 +0530
Committer: Wei Zhou <w....@leaseweb.com>
Committed: Fri Jul 12 11:01:33 2013 +0200
----------------------------------------------------------------------
.../storage/download/DownloadMonitorImpl.java | 20 ++++++++++++--------
.../cloud/storage/upload/UploadMonitorImpl.java | 14 +++++++++-----
2 files changed, 21 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5174b002/server/src/com/cloud/storage/download/DownloadMonitorImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/download/DownloadMonitorImpl.java b/server/src/com/cloud/storage/download/DownloadMonitorImpl.java
index 6f6c9ef..fe0ad8d 100755
--- a/server/src/com/cloud/storage/download/DownloadMonitorImpl.java
+++ b/server/src/com/cloud/storage/download/DownloadMonitorImpl.java
@@ -159,6 +159,7 @@ public class DownloadMonitorImpl extends ManagerBase implements DownloadMonitor
protected ResourceLimitService _resourceLimitMgr;
private Boolean _sslCopy = new Boolean(false);
+ String _ssvmUrlDomain;
private String _copyAuthPasswd;
private String _proxy = null;
protected SearchBuilder<VMTemplateHostVO> ReadyTemplateStatesSearch;
@@ -179,11 +180,8 @@ public class DownloadMonitorImpl extends ManagerBase implements DownloadMonitor
_sslCopy = Boolean.parseBoolean(configs.get("secstorage.encrypt.copy"));
_proxy = configs.get(Config.SecStorageProxy.key());
- String cert = configs.get("secstorage.ssl.cert.domain");
- if (!"realhostip.com".equalsIgnoreCase(cert)) {
- s_logger.warn("Only realhostip.com ssl cert is supported, ignoring self-signed and other certs");
- }
-
+ _ssvmUrlDomain = configs.get("secstorage.ssl.cert.domain");
+
_copyAuthPasswd = configs.get("secstorage.copy.password");
_agentMgr.registerForHostEvents(new DownloadListener(this), true, false, false);
@@ -299,9 +297,15 @@ public class DownloadMonitorImpl extends ManagerBase implements DownloadMonitor
String hostname = ipAddress;
String scheme = "http";
if (_sslCopy) {
- hostname = ipAddress.replace(".", "-");
- hostname = hostname + ".realhostip.com";
- scheme = "https";
+ hostname = ipAddress.replace(".", "-");
+ scheme = "https";
+
+ // Code for putting in custom certificates.
+ if(_ssvmUrlDomain != null && _ssvmUrlDomain.length() > 0){
+ hostname = hostname + "." + _ssvmUrlDomain;
+ }else{
+ hostname = hostname + ".realhostip.com";
+ }
}
return scheme + "://" + hostname + "/copy/SecStorage/" + dir + "/" + path;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5174b002/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
index 77f0d20..31f3e74 100755
--- a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
+++ b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
@@ -106,6 +106,7 @@ public class UploadMonitorImpl extends ManagerBase implements UploadMonitor {
private String _name;
private Boolean _sslCopy = new Boolean(false);
+ private String _ssvmUrlDomain;
private ScheduledExecutorService _executor = null;
Timer _timer;
@@ -329,8 +330,14 @@ public class UploadMonitorImpl extends ManagerBase implements UploadMonitor {
String scheme = "http";
if (_sslCopy) {
hostname = ipAddress.replace(".", "-");
- hostname = hostname + ".realhostip.com";
scheme = "https";
+
+ // Code for putting in custom certificates.
+ if(_ssvmUrlDomain != null && _ssvmUrlDomain.length() > 0){
+ hostname = hostname + "." + _ssvmUrlDomain;
+ }else{
+ hostname = hostname + ".realhostip.com";
+ }
}
return scheme + "://" + hostname + "/userdata/" + uuid;
}
@@ -347,10 +354,7 @@ public class UploadMonitorImpl extends ManagerBase implements UploadMonitor {
final Map<String, String> configs = _configDao.getConfiguration("ManagementServer", params);
_sslCopy = Boolean.parseBoolean(configs.get("secstorage.encrypt.copy"));
- String cert = configs.get("secstorage.secure.copy.cert");
- if ("realhostip.com".equalsIgnoreCase(cert)) {
- s_logger.warn("Only realhostip.com ssl cert is supported, ignoring self-signed and other certs");
- }
+ _ssvmUrlDomain = configs.get("secstorage.ssl.cert.domain");
_agentMgr.registerForHostEvents(new UploadListener(this), true, false, false);
String cleanupInterval = configs.get("extract.url.cleanup.interval");
[2/4] git commit: updated refs/heads/4.1 to 3b5bcac
Posted by we...@apache.org.
CLOUDSTACK-3362: use POST instead of GET and encode/decode cert/key in uploadCustomCertificate
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7b2f68e8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7b2f68e8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7b2f68e8
Branch: refs/heads/4.1
Commit: 7b2f68e8cfaea5f313ff91da90a4ac62e5933afa
Parents: 5174b00
Author: Wei Zhou <w....@leaseweb.com>
Authored: Thu Jul 11 16:06:21 2013 +0200
Committer: Wei Zhou <w....@leaseweb.com>
Committed: Fri Jul 12 11:18:51 2013 +0200
----------------------------------------------------------------------
.../com/cloud/server/ManagementServerImpl.java | 24 ++++++++++++++++----
ui/scripts/ui-custom/physicalResources.js | 7 +++---
2 files changed, 24 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7b2f68e8/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 160015a..9f0000e 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -16,12 +16,14 @@
// under the License.
package com.cloud.server;
+import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
+import java.net.URLDecoder;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
@@ -2808,18 +2810,32 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
}
}
- if (cmd.getPrivateKey() != null && !_ksMgr.validateCertificate(cmd.getCertificate(), cmd.getPrivateKey(), cmd.getDomainSuffix())) {
+ String certificate = cmd.getCertificate();
+ String key = cmd.getPrivateKey();
+ try {
+ if (certificate != null)
+ certificate = URLDecoder.decode(certificate, "UTF-8");
+ if (key != null)
+ key = URLDecoder.decode(key, "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ } finally {
+ }
+
+ if (cmd.getPrivateKey() != null && !_ksMgr.validateCertificate(certificate, key, cmd.getDomainSuffix())) {
throw new InvalidParameterValueException("Failed to pass certificate validation check");
}
if (cmd.getPrivateKey() != null) {
- _ksMgr.saveCertificate(ConsoleProxyManager.CERTIFICATE_NAME, cmd.getCertificate(), cmd.getPrivateKey(), cmd.getDomainSuffix());
+ _ksMgr.saveCertificate(ConsoleProxyManager.CERTIFICATE_NAME, certificate, key, cmd.getDomainSuffix());
} else {
- _ksMgr.saveCertificate(cmd.getAlias(), cmd.getCertificate(), cmd.getCertIndex(), cmd.getDomainSuffix());
+ _ksMgr.saveCertificate(cmd.getAlias(), certificate, cmd.getCertIndex(), cmd.getDomainSuffix());
}
_consoleProxyMgr.setManagementState(ConsoleProxyManagementState.ResetSuspending);
- return "Certificate has been updated, we will stop all running console proxy VMs to propagate the new certificate, please give a few minutes for console access service to be up again";
+ List<SecondaryStorageVmVO> alreadyRunning = _secStorageVmDao.getSecStorageVmListInStates(null, State.Running, State.Migrating, State.Starting);
+ for (SecondaryStorageVmVO ssVmVm : alreadyRunning)
+ _secStorageVmMgr.rebootSecStorageVm(ssVmVm.getId());
+ return "Certificate has been updated, we will stop all running console proxy VMs and secondary storage VMs to propagate the new certificate, please give a few minutes for console access service to be up again";
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7b2f68e8/ui/scripts/ui-custom/physicalResources.js
----------------------------------------------------------------------
diff --git a/ui/scripts/ui-custom/physicalResources.js b/ui/scripts/ui-custom/physicalResources.js
index 69c0295..cb1f8de 100644
--- a/ui/scripts/ui-custom/physicalResources.js
+++ b/ui/scripts/ui-custom/physicalResources.js
@@ -77,10 +77,11 @@
var $loading = $('<div>').addClass('loading-overlay');
$('.system-dashboard-view:visible').prepend($loading);
$.ajax({
+ type: "POST",
url: createURL('uploadCustomCertificate'),
data: {
- certificate: args.data.certificate,
- privatekey: args.data.privatekey,
+ certificate: encodeURIComponent(args.data.certificate),
+ privatekey: encodeURIComponent(args.data.privatekey),
domainsuffix: args.data.domainsuffix
},
dataType: 'json',
@@ -130,4 +131,4 @@
return resourceChart(args);
};
};
-}(cloudStack, jQuery));
\ No newline at end of file
+}(cloudStack, jQuery));
[3/4] git commit: updated refs/heads/4.1 to 3b5bcac
Posted by we...@apache.org.
CLOUDSTACK-3368: clear download URLs when create SSVM and validate download URLs
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2963f047
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2963f047
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2963f047
Branch: refs/heads/4.1
Commit: 2963f0479e81d6202630cbcb99379311790e4981
Parents: 7b2f68e
Author: Wei Zhou <w....@leaseweb.com>
Authored: Thu Jul 11 16:07:48 2013 +0200
Committer: Wei Zhou <w....@leaseweb.com>
Committed: Fri Jul 12 11:31:20 2013 +0200
----------------------------------------------------------------------
.../secondary/SecondaryStorageManagerImpl.java | 7 +++++++
.../cloud/storage/upload/UploadMonitorImpl.java | 21 +++++++++++++++++++-
2 files changed, 27 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2963f047/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
index fca89dc..6be6ecb 100755
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@@ -97,11 +97,13 @@ import com.cloud.service.ServiceOfferingVO;
import com.cloud.service.dao.ServiceOfferingDao;
import com.cloud.storage.SnapshotVO;
import com.cloud.storage.Storage;
+import com.cloud.storage.UploadVO;
import com.cloud.storage.VMTemplateHostVO;
import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
import com.cloud.storage.VMTemplateVO;
import com.cloud.storage.dao.SnapshotDao;
import com.cloud.storage.dao.StoragePoolHostDao;
+import com.cloud.storage.dao.UploadDao;
import com.cloud.storage.dao.VMTemplateDao;
import com.cloud.storage.dao.VMTemplateHostDao;
import com.cloud.storage.resource.DummySecondaryStorageResource;
@@ -117,6 +119,7 @@ import com.cloud.utils.Pair;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.GlobalLock;
import com.cloud.utils.db.SearchCriteria.Op;
+import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.SearchCriteria2;
import com.cloud.utils.db.SearchCriteriaService;
import com.cloud.utils.events.SubscriptionMgr;
@@ -233,6 +236,8 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
protected IPAddressDao _ipAddressDao = null;
@Inject
protected RulesManager _rulesMgr;
+ @Inject
+ UploadDao _uploadDao;
@Inject
KeystoreManager _keystoreMgr;
@@ -664,6 +669,8 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
if (_allocLock.lock(ACQUIRE_GLOBAL_LOCK_TIMEOUT_FOR_SYNC)) {
try {
secStorageVm = startNew(dataCenterId, role);
+ for (UploadVO upload :_uploadDao.listAll())
+ _uploadDao.expunge(upload.getId());
} finally {
_allocLock.unlock();
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2963f047/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
index 31f3e74..e431f15 100755
--- a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
+++ b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java
@@ -216,7 +216,26 @@ public class UploadMonitorImpl extends ManagerBase implements UploadMonitor {
//Check if it already exists.
List<UploadVO> extractURLList = _uploadDao.listByTypeUploadStatus(template.getId(), type, UploadVO.Status.DOWNLOAD_URL_CREATED);
if (extractURLList.size() > 0) {
- return extractURLList.get(0);
+ // do some check here
+ UploadVO upload = extractURLList.get(0);
+ String uploadUrl = extractURLList.get(0).getUploadUrl();
+ String[] token = uploadUrl.split("/");
+ // example: uploadUrl = https://10-11-101-112.realhostip.com/userdata/2fdd9a70-9c4a-4a04-b1d5-1e41c221a1f9.iso
+ // then token[2] = 10-11-101-112.realhostip.com, token[4] = 2fdd9a70-9c4a-4a04-b1d5-1e41c221a1f9.iso
+ String hostname = ssvm.getPublicIpAddress().replace(".", "-") + ".";
+ if ((token != null) && (token.length == 5) && (token[2].equals(hostname + _ssvmUrlDomain))) // ssvm publicip and domain suffix not changed
+ return extractURLList.get(0);
+ else if ((token != null) && (token.length == 5) && (token[2].startsWith(hostname))) { // domain suffix changed
+ String uuid = token[4];
+ uploadUrl = generateCopyUrl(ssvm.getPublicIpAddress(), uuid);
+ UploadVO vo = _uploadDao.createForUpdate();
+ vo.setLastUpdated(new Date());
+ vo.setUploadUrl(uploadUrl);
+ _uploadDao.update(upload.getId(), vo);
+ return _uploadDao.findById(upload.getId(), true);
+ } else { // ssvm publicip changed
+ return null;
+ }
}
// It doesn't exist so create a DB entry.
[4/4] git commit: updated refs/heads/4.1 to 3b5bcac
Posted by we...@apache.org.
CLOUDSTACK-1475: fix RegisterISO error after Update SSL Certificate
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3b5bcac8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3b5bcac8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3b5bcac8
Branch: refs/heads/4.1
Commit: 3b5bcac81a14aa239e172f14f1819bd445063a6a
Parents: 2963f04
Author: Wei Zhou <w....@leaseweb.com>
Authored: Thu Jul 11 16:08:26 2013 +0200
Committer: Wei Zhou <w....@leaseweb.com>
Committed: Fri Jul 12 11:35:15 2013 +0200
----------------------------------------------------------------------
console-proxy/scripts/config_ssl.sh | 9 +++++++++
1 file changed, 9 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3b5bcac8/console-proxy/scripts/config_ssl.sh
----------------------------------------------------------------------
diff --git a/console-proxy/scripts/config_ssl.sh b/console-proxy/scripts/config_ssl.sh
index 8d80c47..e474787 100755
--- a/console-proxy/scripts/config_ssl.sh
+++ b/console-proxy/scripts/config_ssl.sh
@@ -90,6 +90,9 @@ customPrivCert=$(dirname $0)/certs/realhostip.crt
customCertChain=
publicIp=
hostName=
+keyStore=$(dirname $0)/certs/realhostip.keystore
+aliasName="CPVMCertificate"
+storepass="vmops.com"
while getopts 'i:h:k:p:t:c' OPTION
do
case $OPTION in
@@ -162,6 +165,12 @@ then
exit 2
fi
+if [ -f "$customPrivCert" ]
+then
+ keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt
+ keytool -import -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt -file $customPrivCert
+fi
+
if [ -d /etc/apache2 ]
then
config_apache2_conf $publicIp $hostName