Search in sources :

Example 6 with ClientCertificate

use of com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate in project cloudbreak by hortonworks.

the class ClusterProxyService method clientCertificates.

private ClientCertificate clientCertificates(Stack stack) {
    SecurityConfig securityConfig = securityConfigService.findOneByStack(stack);
    ClientCertificate clientCertificate = null;
    if (securityConfig != null && StringUtils.isNoneBlank(securityConfig.getClientCertVaultSecret(), securityConfig.getClientKeyVaultSecret())) {
        String clientCertRef = vaultPath(securityConfig.getClientCertVaultSecret());
        String clientKeyRef = vaultPath(securityConfig.getClientKeyVaultSecret());
        clientCertificate = new ClientCertificate(clientKeyRef, clientCertRef);
    }
    return clientCertificate;
}
Also used : SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig) ClientCertificate(com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate)

Example 7 with ClientCertificate

use of com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate in project cloudbreak by hortonworks.

the class ClusterProxyService method registerFreeIpa.

private Optional<ConfigRegistrationResponse> registerFreeIpa(Stack stack, List<String> instanceIdsToRegister, boolean bootstrap, boolean waitForGoodHealth) {
    MDCBuilder.buildMdcContext(stack);
    if (!clusterProxyEnablementService.isClusterProxyApplicable(stack.getCloudPlatform())) {
        LOGGER.debug("Cluster Proxy integration disabled. Skipping registering FreeIpa [{}]", stack);
        return Optional.empty();
    }
    LOGGER.debug("Registering freeipa with cluster-proxy: Environment CRN = [{}], Stack CRN = [{}], bootstrap: [{}], waitForGoodHealth: [{}]", stack.getEnvironmentCrn(), stack.getResourceCrn(), bootstrap, waitForGoodHealth);
    GatewayConfig primaryGatewayConfig = gatewayConfigService.getPrimaryGatewayConfig(stack);
    List<GatewayConfig> gatewayConfigs = gatewayConfigService.getNotDeletedGatewayConfigs(stack);
    ClientCertificate clientCertificate = clientCertificates(stack);
    boolean preferPrivateIp = stack.getTunnel().useCcm();
    List<GatewayConfig> tunnelGatewayConfigs;
    List<ClusterServiceConfig> serviceConfigs = new LinkedList<>();
    serviceConfigs.add(createServiceConfig(stack, FREEIPA_SERVICE_NAME, primaryGatewayConfig, clientCertificate, preferPrivateIp));
    if (bootstrap) {
        tunnelGatewayConfigs = List.of(primaryGatewayConfig);
        serviceConfigs.add(createServiceConfig(stack, generateFreeIpaFqdn(stack), primaryGatewayConfig, clientCertificate, preferPrivateIp));
    } else if (clusterProxyServiceAvailabilityChecker.isDnsBasedServiceNameAvailable(stack)) {
        List<GatewayConfig> targetGatewayConfigs = gatewayConfigs.stream().filter(gatewayConfig -> Objects.nonNull(gatewayConfig.getInstanceId())).filter(gatewayConfig -> Objects.isNull(instanceIdsToRegister) || instanceIdsToRegister.contains(gatewayConfig.getInstanceId())).collect(Collectors.toList());
        serviceConfigs.addAll(createDnsMappedServiceConfigs(stack, targetGatewayConfigs, clientCertificate, preferPrivateIp));
        tunnelGatewayConfigs = targetGatewayConfigs;
    } else {
        tunnelGatewayConfigs = List.of(primaryGatewayConfig);
    }
    ConfigRegistrationRequestBuilder requestBuilder = new ConfigRegistrationRequestBuilder(stack.getResourceCrn()).withServices(serviceConfigs).withAccountId(stack.getAccountId());
    if (stack.getTunnel().useCcmV1()) {
        requestBuilder.withTunnelEntries(createTunnelEntries(stack, tunnelGatewayConfigs));
    } else if (stack.getTunnel().useCcmV2OrJumpgate()) {
        requestBuilder.withCcmV2Entries(createCcmV2Configs(stack, tunnelGatewayConfigs));
    }
    ConfigRegistrationRequest request = requestBuilder.build();
    LOGGER.debug("Registering cluster proxy configuration [{}]", request);
    ConfigRegistrationResponse response = clusterProxyRegistrationClient.registerConfig(request);
    if (waitForGoodHealth) {
        pollForGoodHealth(stack);
    }
    stackUpdater.updateClusterProxyRegisteredFlag(stack, true);
    return Optional.of(response);
}
Also used : FreeIpaCertVaultComponent(com.sequenceiq.freeipa.vault.FreeIpaCertVaultComponent) CCMV2_BACKEND_ID_FORMAT(com.sequenceiq.cloudbreak.ccm.cloudinit.CcmV2ParameterConstants.CCMV2_BACKEND_ID_FORMAT) FreeIpaDomainUtils(com.sequenceiq.freeipa.service.config.FreeIpaDomainUtils) LoggerFactory(org.slf4j.LoggerFactory) ConfigRegistrationRequestBuilder(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequestBuilder) ConfigRegistrationResponse(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse) MDCBuilder(com.sequenceiq.cloudbreak.logger.MDCBuilder) JsonUtil(com.sequenceiq.cloudbreak.common.json.JsonUtil) ConfigRegistrationRequest(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest) StringUtils(org.apache.commons.lang3.StringUtils) ClusterProxyConfiguration(com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyConfiguration) Inject(javax.inject.Inject) Value(org.springframework.beans.factory.annotation.Value) VaultSecret(com.sequenceiq.cloudbreak.service.secret.vault.VaultSecret) TunnelEntry(com.sequenceiq.cloudbreak.clusterproxy.TunnelEntry) Service(org.springframework.stereotype.Service) LinkedList(java.util.LinkedList) ServiceFamilies(com.sequenceiq.cloudbreak.ccm.endpoint.ServiceFamilies) Tunnel(com.sequenceiq.common.api.type.Tunnel) Stack(com.sequenceiq.freeipa.entity.Stack) VaultConfigException(com.sequenceiq.cloudbreak.service.secret.vault.VaultConfigException) ClientCertificate(com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) Logger(org.slf4j.Logger) FreeIpa(com.sequenceiq.freeipa.entity.FreeIpa) ClusterServiceHealthCheck(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceHealthCheck) ReadConfigResponse(com.sequenceiq.cloudbreak.clusterproxy.ReadConfigResponse) IOException(java.io.IOException) ServiceEndpointHealthListenerTask(com.sequenceiq.freeipa.service.polling.clusterproxy.ServiceEndpointHealthListenerTask) SecurityConfigService(com.sequenceiq.freeipa.service.SecurityConfigService) ClusterProxyServiceAvailabilityChecker(com.sequenceiq.freeipa.util.ClusterProxyServiceAvailabilityChecker) ClusterProxyEnablementService(com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyEnablementService) ServiceEndpointHealthPollerObject(com.sequenceiq.freeipa.service.polling.clusterproxy.ServiceEndpointHealthPollerObject) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig) List(java.util.List) ClusterProxyRegistrationClient(com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyRegistrationClient) GatewayConfigService(com.sequenceiq.freeipa.service.GatewayConfigService) PollingService(com.sequenceiq.cloudbreak.polling.PollingService) FreeIpaService(com.sequenceiq.freeipa.service.freeipa.FreeIpaService) CcmV2Config(com.sequenceiq.cloudbreak.clusterproxy.CcmV2Config) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig) Optional(java.util.Optional) HealthCheckAvailabilityChecker(com.sequenceiq.freeipa.util.HealthCheckAvailabilityChecker) ConfigRegistrationResponse(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) LinkedList(java.util.LinkedList) List(java.util.List) ConfigRegistrationRequest(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest) ConfigRegistrationRequestBuilder(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequestBuilder) ClientCertificate(com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate) LinkedList(java.util.LinkedList) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)

Aggregations

ClientCertificate (com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate)7 ClusterServiceConfig (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig)5 ClusterServiceCredential (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceCredential)3 SecurityConfig (com.sequenceiq.freeipa.entity.SecurityConfig)3 CCMV2_BACKEND_ID_FORMAT (com.sequenceiq.cloudbreak.ccm.cloudinit.CcmV2ParameterConstants.CCMV2_BACKEND_ID_FORMAT)2 ServiceFamilies (com.sequenceiq.cloudbreak.ccm.endpoint.ServiceFamilies)2 CcmV2Config (com.sequenceiq.cloudbreak.clusterproxy.CcmV2Config)2 ClusterProxyConfiguration (com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyConfiguration)2 ClusterProxyEnablementService (com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyEnablementService)2 ClusterProxyRegistrationClient (com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyRegistrationClient)2 ClusterServiceHealthCheck (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceHealthCheck)2 ConfigRegistrationRequest (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest)2 ConfigRegistrationRequestBuilder (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequestBuilder)2 ConfigRegistrationResponse (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse)2 ReadConfigResponse (com.sequenceiq.cloudbreak.clusterproxy.ReadConfigResponse)2 TunnelEntry (com.sequenceiq.cloudbreak.clusterproxy.TunnelEntry)2 JsonUtil (com.sequenceiq.cloudbreak.common.json.JsonUtil)2 MDCBuilder (com.sequenceiq.cloudbreak.logger.MDCBuilder)2 GatewayConfig (com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)2 PollingService (com.sequenceiq.cloudbreak.polling.PollingService)2