You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2018/10/07 15:37:18 UTC
[cloudstack] branch 4.11 updated: ca: Fixes #2877 mgmt server cert
should have all addrs of default nic (#2879)
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch 4.11
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.11 by this push:
new f430f41 ca: Fixes #2877 mgmt server cert should have all addrs of default nic (#2879)
f430f41 is described below
commit f430f41edd32f17143bd9c4b2b9d0168b0d108fb
Author: Rohit Yadav <ro...@apache.org>
AuthorDate: Sun Oct 7 21:07:10 2018 +0530
ca: Fixes #2877 mgmt server cert should have all addrs of default nic (#2879)
This fixes the default RootCA provider implementation to initiate
and issue certificate for mgmt server on startup for all the IP addresses
on the default nic of that host.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
---
.../cloudstack/ca/provider/RootCAProvider.java | 2 +-
.../src/main/java/com/cloud/utils/net/NetUtils.java | 21 +++++++++++++++++++++
.../test/java/com/cloud/utils/net/NetUtilsTest.java | 6 ++++++
3 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/plugins/ca/root-ca/src/org/apache/cloudstack/ca/provider/RootCAProvider.java b/plugins/ca/root-ca/src/org/apache/cloudstack/ca/provider/RootCAProvider.java
index f36d067..d7a9985 100644
--- a/plugins/ca/root-ca/src/org/apache/cloudstack/ca/provider/RootCAProvider.java
+++ b/plugins/ca/root-ca/src/org/apache/cloudstack/ca/provider/RootCAProvider.java
@@ -359,7 +359,7 @@ public final class RootCAProvider extends AdapterBase implements CAProvider, Con
return true;
}
final Certificate serverCertificate = issueCertificate(Collections.singletonList(NetUtils.getHostName()),
- Collections.singletonList(NetUtils.getDefaultHostIp()), getCaValidityDays());
+ NetUtils.getAllDefaultNicIps(), getCaValidityDays());
if (serverCertificate == null || serverCertificate.getPrivateKey() == null) {
throw new CloudRuntimeException("Failed to generate management server certificate and load management server keystore");
}
diff --git a/utils/src/main/java/com/cloud/utils/net/NetUtils.java b/utils/src/main/java/com/cloud/utils/net/NetUtils.java
index 1bd08a3..afe73f1 100644
--- a/utils/src/main/java/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/main/java/com/cloud/utils/net/NetUtils.java
@@ -225,6 +225,27 @@ public class NetUtils {
}
}
+ public static List<String> getAllDefaultNicIps() {
+ final List<String> addrs = new ArrayList<>();
+ final String pubNic = getDefaultEthDevice();
+
+ if (pubNic == null) {
+ return addrs;
+ }
+
+ NetworkInterface nic = null;
+ try {
+ nic = NetworkInterface.getByName(pubNic);
+ } catch (final SocketException e) {
+ return addrs;
+ }
+
+ for (InterfaceAddress address : nic.getInterfaceAddresses()) {
+ addrs.add(address.getAddress().getHostAddress().split("%")[0]);
+ }
+ return addrs;
+ }
+
public static String getDefaultEthDevice() {
if (SystemUtils.IS_OS_MAC) {
final String defDev = Script.runSimpleBashScript("/sbin/route -n get default 2> /dev/null | grep interface | awk '{print $2}'");
diff --git a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
index bec2209..80d25e8 100644
--- a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
@@ -678,4 +678,10 @@ public class NetUtilsTest {
assertFalse(NetUtils.isValidPort(-1));
assertFalse(NetUtils.isValidPort(65536));
}
+
+ @Test
+ public void testAllIpsOfDefaultNic() {
+ final String defaultHostIp = NetUtils.getDefaultHostIp();
+ assertTrue(NetUtils.getAllDefaultNicIps().stream().anyMatch(defaultHostIp::contains));
+ }
}