Yaniv Bronhaim has uploaded a new change for review.
Change subject: Wrap validation of fingerprint in each connect using
EngineSSHClient
......................................................................
Wrap validation of fingerprint in each connect using EngineSSHClient
By setting VDS object to EngineSSHClient, we initialize sshClient
parameters hostname, port and ssh username and can get the stored
fingerprint from the vds object for validation.
Change-Id: Ic01517a153406c8bafc672c20b0bf8686763a2f5
Signed-off-by: Yaniv Bronhaim <ybron...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/OVirtNodeUpgrade.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/gluster/GlusterUtil.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHDialog.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/SSHClient.java
M
backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/gluster/GlusterUtilTest.java
8 files changed, 67 insertions(+), 27 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/26/16126/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java
index 7304670..a8b20bc 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVdsCommand.java
@@ -365,13 +365,24 @@
Long timeout =
TimeUnit.SECONDS.toMillis(Config.<Integer>
GetValue(ConfigValues.ConnectToServerTimeoutInSeconds));
- SSHClient sshclient = new EngineSSHClient();
+ EngineSSHClient sshclient = new EngineSSHClient();
+ if (getParameters().getvds().getSSHKeyFingerprint().isEmpty()) {
+ sshclient.setVds(getParameters().getvds());
+ try {
+
getParameters().getvds().setSSHKeyFingerprint(sshclient.getHostFingerprint());
+
DbFacade.getInstance().getVdsStaticDao().save(getParameters().getVdsStaticData());
+ } catch (Exception e) {
+ log.warnFormat(
+ "couldn't set fingerprint for vds",
+ e);
+ }
+ } else {
+ sshclient.setVds(getParameters().getvds());
+ }
sshclient.setHardTimeout(timeout);
sshclient.setSoftTimeout(timeout);
- sshclient.setHost(getVds().getStaticData().getHostName(),
getVds().getStaticData().getSSHPort());
- sshclient.setUser(getVds().getStaticData().getSSHUsername());
sshclient.setPassword(getParameters().getPassword());
- return sshclient;
+ return (SSHClient) sshclient;
}
/**
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/OVirtNodeUpgrade.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/OVirtNodeUpgrade.java
index 68edfbd..f5076ad 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/OVirtNodeUpgrade.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/OVirtNodeUpgrade.java
@@ -100,6 +100,7 @@
_messages = new InstallerMessages(_vds);
_dialog = new EngineSSHDialog();
+ _dialog.setVds(_vds);
_thread = new Thread(
new Runnable() {
@Override
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java
index 2911332..c3fa117 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java
@@ -784,6 +784,7 @@
_messages = new InstallerMessages(_vds);
_dialog = new EngineSSHDialog();
+ _dialog.setVds(_vds);
_parser = new MachineDialogParser();
_thread = new Thread(
new Runnable() {
@@ -906,7 +907,6 @@
InputStream in = null;
try {
_dialog.setHost(_vds.getHostName(), _vds.getSSHPort());
- setUser(_vds.getSSHUsername());
_dialog.connect();
_messages.post(
InstallerMessages.Severity.INFO,
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/gluster/GlusterUtil.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/gluster/GlusterUtil.java
index 15da4a0..3c3adcc 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/gluster/GlusterUtil.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/gluster/GlusterUtil.java
@@ -17,7 +17,6 @@
import org.ovirt.engine.core.utils.log.Log;
import org.ovirt.engine.core.utils.log.LogFactory;
import org.ovirt.engine.core.utils.ssh.ConstraintByteArrayOutputStream;
-import org.ovirt.engine.core.utils.ssh.EngineSSHClient;
import org.ovirt.engine.core.utils.ssh.SSHClient;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -53,7 +52,7 @@
* If SSH authentication with given root password fails
*/
public Set<String> getPeers(String server, String password) throws
AuthenticationException {
- EngineSSHClient client = null;
+ SSHClient client = null;
try {
client = connect(server);
@@ -97,7 +96,7 @@
*/
public Map<String, String> getPeers(String server, String rootPassword,
String fingerprint)
throws AuthenticationException, IOException {
- EngineSSHClient client = null;
+ SSHClient client = null;
try {
client = connect(server);
@@ -119,8 +118,8 @@
}
}
- protected EngineSSHClient connect(String serverName) {
- EngineSSHClient client = new EngineSSHClient();
+ protected SSHClient connect(String serverName) {
+ SSHClient client = new SSHClient();
Integer timeout = Config.<Integer>
GetValue(ConfigValues.ConnectToServerTimeoutInSeconds) * 1000;
client.setHardTimeout(timeout);
client.setSoftTimeout(timeout);
@@ -160,7 +159,7 @@
}
public String getFingerprint(String hostName) {
- EngineSSHClient client = null;
+ SSHClient client = null;
try {
client = connect(hostName);
return client.getHostFingerprint();
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java
index 8ed5d92..b8cb236 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java
@@ -4,6 +4,7 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -12,11 +13,11 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.ovirt.engine.core.common.businessentities.VDS;
import org.ovirt.engine.core.common.config.Config;
import org.ovirt.engine.core.common.config.ConfigValues;
import org.ovirt.engine.core.utils.EngineLocalConfig;
-import org.ovirt.engine.core.utils.crypt.OpenSSHUtils;
/**
* SSH client to be used with engine defaults
@@ -24,7 +25,7 @@
public class EngineSSHClient extends SSHClient {
private static final Log log = LogFactory.getLog(EngineSSHDialog.class);
-
+ private VDS vdsClient;
/**
* Constructor.
*/
@@ -42,18 +43,23 @@
);
}
- /**
- * Get host fingerprint.
- * @return fingerprint.
- */
- public String getHostFingerprint() throws IOException {
- String fingerprint =
OpenSSHUtils.getKeyFingerprintString(getHostKey());
+ public void setVds(VDS vds) {
+ vdsClient = vds;
+ setHost(vdsClient.getHostName(), vdsClient.getSSHPort());
+ setUser(vdsClient.getSSHUsername());
+ }
- if (fingerprint == null) {
- throw new IOException("Unable to parse host key");
+ @Override
+ public void connect() throws Exception {
+ super.connect();
+ if (vdsClient != null) {
+ String hostfp = getHostFingerprint();
+ if (!vdsClient.getSSHKeyFingerprint().equals(hostfp)) {
+ throw new GeneralSecurityException("Invalid fingerprint got " +
+
vdsClient.getSSHKeyFingerprint() +
+ " exected " + hostfp);
+ }
}
-
- return fingerprint;
}
/**
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHDialog.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHDialog.java
index c79f516..8626a26 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHDialog.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHDialog.java
@@ -5,6 +5,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.ovirt.engine.core.common.businessentities.VDS;
/**
* SSH dialog to be used with engine defaults
@@ -12,9 +13,16 @@
public class EngineSSHDialog extends SSHDialog {
private static final Log log = LogFactory.getLog(EngineSSHDialog.class);
+ private VDS vdsClient;
protected SSHClient _getSSHClient() {
- return new EngineSSHClient();
+ EngineSSHClient client = new EngineSSHClient();
+ client.setVds(vdsClient);
+ return (SSHClient) client;
+ }
+
+ public void setVds(VDS vds) {
+ vdsClient = vds;
}
/**
@@ -22,7 +30,7 @@
* @return fingerprint.
*/
public String getHostFingerprint() throws IOException {
- return ((EngineSSHClient)_client).getHostFingerprint();
+ return _client.getHostFingerprint();
}
/**
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/SSHClient.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/SSHClient.java
index ce839c6..49df146 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/SSHClient.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/SSHClient.java
@@ -32,6 +32,7 @@
import org.apache.sshd.client.ServerKeyVerifier;
import org.apache.sshd.client.future.AuthFuture;
import org.apache.sshd.client.future.ConnectFuture;
+import org.ovirt.engine.core.utils.crypt.OpenSSHUtils;
public class SSHClient {
private static final String COMMAND_FILE_RECEIVE = "test -r '%2$s' &&
md5sum -b '%2$s' | cut -d ' ' -f 1 >&2 && %1$s < '%2$s'";
@@ -377,6 +378,20 @@
}
/**
+ * Get host fingerprint.
+ * @return fingerprint.
+ */
+ public String getHostFingerprint() throws IOException {
+ String fingerprint =
OpenSSHUtils.getKeyFingerprintString(getHostKey());
+
+ if (fingerprint == null) {
+ throw new IOException("Unable to parse host key");
+ }
+
+ return fingerprint;
+ }
+
+ /**
* Disconnect and cleanup.
*
* Must be called when done with client.
diff --git
a/backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/gluster/GlusterUtilTest.java
b/backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/gluster/GlusterUtilTest.java
index dabf60e..5ebbb50 100644
---
a/backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/gluster/GlusterUtilTest.java
+++
b/backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/gluster/GlusterUtilTest.java
@@ -19,7 +19,7 @@
import org.mockito.Mock;
import org.mockito.Spy;
import org.mockito.runners.MockitoJUnitRunner;
-import org.ovirt.engine.core.utils.ssh.EngineSSHClient;
+import org.ovirt.engine.core.utils.ssh.SSHClient;
@RunWith(MockitoJUnitRunner.class)
public class GlusterUtilTest {
@@ -37,7 +37,7 @@
private static final String OUTPUT_XML_NO_PEERS =
"<cliOutput><peerStatus/></cliOutput>";
@Mock
- private EngineSSHClient client;
+ private SSHClient client;
@Spy
private GlusterUtil glusterUtil;
--
To view, visit http://gerrit.ovirt.org/16126
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic01517a153406c8bafc672c20b0bf8686763a2f5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yaniv Bronhaim <ybron...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
