Search in sources :

Example 6 with ClusterServiceConfig

use of com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig in project cloudbreak by hortonworks.

the class ClusterProxyServiceTest method cmInternalServiceConfig.

private ClusterServiceConfig cmInternalServiceConfig(boolean withPrivateIp) {
    ClusterServiceCredential cloudbreakUser = new ClusterServiceCredential("cloudbreak", "/cb/test-data/secret/cbpassword:secret");
    ClusterServiceCredential dpUser = new ClusterServiceCredential("cmmgmt", "/cb/test-data/secret/dppassword:secret", true);
    ClientCertificate clientCertificate = new ClientCertificate("/cb/test-data/secret/clientKey:secret:base64", "/cb/test-data/secret/clientCert:secret:base64");
    return new ClusterServiceConfig("cb-internal", List.of(withPrivateIp ? "https://10.10.10.10:9443" : "https://1.2.3.4:9443"), null, false, asList(cloudbreakUser, dpUser), clientCertificate, null);
}
Also used : ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) ClusterServiceCredential(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceCredential) ClientCertificate(com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate)

Example 7 with ClusterServiceConfig

use of com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig in project cloudbreak by hortonworks.

the class ClusterProxyService method cmServiceConfig.

private ClusterServiceConfig cmServiceConfig(Stack stack, ClientCertificate clientCertificate, String serviceName, String clusterManagerUrl) {
    Cluster cluster = stack.getCluster();
    String cloudbreakUser = cluster.getCloudbreakAmbariUser();
    String cloudbreakPasswordVaultPath = vaultPath(cluster.getCloudbreakAmbariPasswordSecret(), false);
    String dpUser = cluster.getDpAmbariUser();
    String dpPasswordVaultPath = vaultPath(cluster.getDpAmbariPasswordSecret(), false);
    List<ClusterServiceCredential> credentials = asList(new ClusterServiceCredential(cloudbreakUser, cloudbreakPasswordVaultPath), new ClusterServiceCredential(dpUser, dpPasswordVaultPath, true));
    return new ClusterServiceConfig(serviceName, singletonList(clusterManagerUrl), credentials, clientCertificate);
}
Also used : Cluster(com.sequenceiq.cloudbreak.domain.stack.cluster.Cluster) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) ClusterServiceCredential(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceCredential)

Example 8 with ClusterServiceConfig

use of com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig in project cloudbreak by hortonworks.

the class ClusterProxyServiceTest method testClusterProxyRegistrationWhenCCMV2OrJumpgate.

@ParameterizedTest
@EnumSource(value = Tunnel.class, names = { "CCMV2", "CCMV2_JUMPGATE" }, mode = EnumSource.Mode.INCLUDE)
public void testClusterProxyRegistrationWhenCCMV2OrJumpgate(Tunnel ccmv2Mode) {
    Stack aStack = getAStack();
    aStack.setTunnel(ccmv2Mode);
    aStack.setCcmV2AgentCrn("testAgentCrn");
    FreeIpa freeIpa = new FreeIpa();
    freeIpa.setDomain("ipadom");
    GatewayConfig gatewayConfig = new GatewayConfig("connectionAddress", "publicIpAddress", PRIVATE_IP_ADDRESS, ServiceFamilies.GATEWAY.getDefaultPort(), "testInstanceId", true);
    ConfigRegistrationResponse configRegResponse = mock(ConfigRegistrationResponse.class);
    when(stackService.getStackById(STACK_ID)).thenReturn(aStack);
    when(clusterProxyEnablementService.isClusterProxyApplicable(any())).thenReturn(true);
    when(gatewayConfigService.getPrimaryGatewayConfig(aStack)).thenReturn(gatewayConfig);
    when(securityConfigService.findOneByStack(aStack)).thenReturn(null);
    when(clusterProxyRegistrationClient.registerConfig(any())).thenReturn(configRegResponse);
    when(stackUpdater.updateClusterProxyRegisteredFlag(aStack, true)).thenReturn(aStack);
    when(freeIpaService.findByStack(aStack)).thenReturn(freeIpa);
    underTest.registerFreeIpaForBootstrap(STACK_ID);
    ArgumentCaptor<ConfigRegistrationRequest> captor = ArgumentCaptor.forClass(ConfigRegistrationRequest.class);
    verify(clusterProxyRegistrationClient).registerConfig(captor.capture());
    ConfigRegistrationRequest proxyRegistrationReq = captor.getValue();
    assertThat(proxyRegistrationReq.getClusterCrn()).isEqualTo(STACK_RESOURCE_CRN);
    assertThat(proxyRegistrationReq.getAccountId()).isEqualTo(TEST_ACCOUNT_ID);
    assertFalse(proxyRegistrationReq.isUseTunnel(), "CCMV1 tunnel should not be enabled");
    assertTrue(proxyRegistrationReq.isUseCcmV2(), ccmv2Mode + " should be enabled.");
    assertEquals(List.of(new CcmV2Config("testAgentCrn", PRIVATE_IP_ADDRESS, ServiceFamilies.GATEWAY.getDefaultPort(), "testAgentCrn-testInstanceId", FREEIPA_SERVICE)), proxyRegistrationReq.getCcmV2Configs(), ccmv2Mode + " config should match");
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa", List.of("https://privateIpAddress:9443"), List.of(), null));
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa.ipadom", List.of("https://privateIpAddress:9443"), List.of(), null));
}
Also used : FreeIpa(com.sequenceiq.freeipa.entity.FreeIpa) ConfigRegistrationResponse(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) ConfigRegistrationRequest(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest) CcmV2Config(com.sequenceiq.cloudbreak.clusterproxy.CcmV2Config) Stack(com.sequenceiq.freeipa.entity.Stack) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig) EnumSource(org.junit.jupiter.params.provider.EnumSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 9 with ClusterServiceConfig

use of com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig in project cloudbreak by hortonworks.

the class ClusterProxyServiceTest method testClusterProxyRegistrationWhenCCMV1.

@Test
public void testClusterProxyRegistrationWhenCCMV1() {
    Stack aStack = getAStack();
    aStack.setTunnel(Tunnel.CCM);
    aStack.setMinaSshdServiceId("minaSshdServiceId");
    GatewayConfig gatewayConfig = new GatewayConfig("connectionAddress", "publicAddress", PRIVATE_ADDRESS, 9443, "instanceId", false);
    ConfigRegistrationResponse configRegResponse = mock(ConfigRegistrationResponse.class);
    FreeIpa freeIpa = new FreeIpa();
    freeIpa.setDomain("ipadom");
    when(stackService.getStackById(STACK_ID)).thenReturn(aStack);
    when(clusterProxyEnablementService.isClusterProxyApplicable(any())).thenReturn(true);
    when(gatewayConfigService.getPrimaryGatewayConfig(aStack)).thenReturn(gatewayConfig);
    when(securityConfigService.findOneByStack(aStack)).thenReturn(null);
    when(clusterProxyRegistrationClient.registerConfig(any())).thenReturn(configRegResponse);
    when(stackUpdater.updateClusterProxyRegisteredFlag(aStack, true)).thenReturn(aStack);
    when(freeIpaService.findByStack(aStack)).thenReturn(freeIpa);
    underTest.registerFreeIpaForBootstrap(STACK_ID);
    ArgumentCaptor<ConfigRegistrationRequest> captor = ArgumentCaptor.forClass(ConfigRegistrationRequest.class);
    verify(clusterProxyRegistrationClient).registerConfig(captor.capture());
    ConfigRegistrationRequest proxyRegistrationReq = captor.getValue();
    assertThat(proxyRegistrationReq.getClusterCrn()).isEqualTo(STACK_RESOURCE_CRN);
    assertThat(proxyRegistrationReq.getAccountId()).isEqualTo(TEST_ACCOUNT_ID);
    assertFalse(proxyRegistrationReq.isUseCcmV2(), "CCMV2 should not be enabled.");
    assertTrue(proxyRegistrationReq.isUseTunnel(), "CCMV1 tunnel should be enabled");
    assertEquals(List.of(new TunnelEntry("instanceId", "GATEWAY", PRIVATE_ADDRESS, 9443, "minaSshdServiceId")), proxyRegistrationReq.getTunnels(), "CCMV1 tunnel should be configured.");
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa", List.of("https://privateAddress:9443"), List.of(), null));
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa.ipadom", List.of("https://privateAddress:9443"), List.of(), null));
}
Also used : FreeIpa(com.sequenceiq.freeipa.entity.FreeIpa) ConfigRegistrationResponse(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) ConfigRegistrationRequest(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest) Stack(com.sequenceiq.freeipa.entity.Stack) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig) TunnelEntry(com.sequenceiq.cloudbreak.clusterproxy.TunnelEntry) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 10 with ClusterServiceConfig

use of com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig in project cloudbreak by hortonworks.

the class ClusterProxyService method registerFreeIpa.

private Optional<ConfigRegistrationResponse> registerFreeIpa(Stack stack, List<String> instanceIdsToRegister, boolean bootstrap, boolean waitForGoodHealth) {
    MDCBuilder.buildMdcContext(stack);
    if (!clusterProxyEnablementService.isClusterProxyApplicable(stack.getCloudPlatform())) {
        LOGGER.debug("Cluster Proxy integration disabled. Skipping registering FreeIpa [{}]", stack);
        return Optional.empty();
    }
    LOGGER.debug("Registering freeipa with cluster-proxy: Environment CRN = [{}], Stack CRN = [{}], bootstrap: [{}], waitForGoodHealth: [{}]", stack.getEnvironmentCrn(), stack.getResourceCrn(), bootstrap, waitForGoodHealth);
    GatewayConfig primaryGatewayConfig = gatewayConfigService.getPrimaryGatewayConfig(stack);
    List<GatewayConfig> gatewayConfigs = gatewayConfigService.getNotDeletedGatewayConfigs(stack);
    ClientCertificate clientCertificate = clientCertificates(stack);
    boolean preferPrivateIp = stack.getTunnel().useCcm();
    List<GatewayConfig> tunnelGatewayConfigs;
    List<ClusterServiceConfig> serviceConfigs = new LinkedList<>();
    serviceConfigs.add(createServiceConfig(stack, FREEIPA_SERVICE_NAME, primaryGatewayConfig, clientCertificate, preferPrivateIp));
    if (bootstrap) {
        tunnelGatewayConfigs = List.of(primaryGatewayConfig);
        serviceConfigs.add(createServiceConfig(stack, generateFreeIpaFqdn(stack), primaryGatewayConfig, clientCertificate, preferPrivateIp));
    } else if (clusterProxyServiceAvailabilityChecker.isDnsBasedServiceNameAvailable(stack)) {
        List<GatewayConfig> targetGatewayConfigs = gatewayConfigs.stream().filter(gatewayConfig -> Objects.nonNull(gatewayConfig.getInstanceId())).filter(gatewayConfig -> Objects.isNull(instanceIdsToRegister) || instanceIdsToRegister.contains(gatewayConfig.getInstanceId())).collect(Collectors.toList());
        serviceConfigs.addAll(createDnsMappedServiceConfigs(stack, targetGatewayConfigs, clientCertificate, preferPrivateIp));
        tunnelGatewayConfigs = targetGatewayConfigs;
    } else {
        tunnelGatewayConfigs = List.of(primaryGatewayConfig);
    }
    ConfigRegistrationRequestBuilder requestBuilder = new ConfigRegistrationRequestBuilder(stack.getResourceCrn()).withServices(serviceConfigs).withAccountId(stack.getAccountId());
    if (stack.getTunnel().useCcmV1()) {
        requestBuilder.withTunnelEntries(createTunnelEntries(stack, tunnelGatewayConfigs));
    } else if (stack.getTunnel().useCcmV2OrJumpgate()) {
        requestBuilder.withCcmV2Entries(createCcmV2Configs(stack, tunnelGatewayConfigs));
    }
    ConfigRegistrationRequest request = requestBuilder.build();
    LOGGER.debug("Registering cluster proxy configuration [{}]", request);
    ConfigRegistrationResponse response = clusterProxyRegistrationClient.registerConfig(request);
    if (waitForGoodHealth) {
        pollForGoodHealth(stack);
    }
    stackUpdater.updateClusterProxyRegisteredFlag(stack, true);
    return Optional.of(response);
}
Also used : FreeIpaCertVaultComponent(com.sequenceiq.freeipa.vault.FreeIpaCertVaultComponent) CCMV2_BACKEND_ID_FORMAT(com.sequenceiq.cloudbreak.ccm.cloudinit.CcmV2ParameterConstants.CCMV2_BACKEND_ID_FORMAT) FreeIpaDomainUtils(com.sequenceiq.freeipa.service.config.FreeIpaDomainUtils) LoggerFactory(org.slf4j.LoggerFactory) ConfigRegistrationRequestBuilder(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequestBuilder) ConfigRegistrationResponse(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse) MDCBuilder(com.sequenceiq.cloudbreak.logger.MDCBuilder) JsonUtil(com.sequenceiq.cloudbreak.common.json.JsonUtil) ConfigRegistrationRequest(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest) StringUtils(org.apache.commons.lang3.StringUtils) ClusterProxyConfiguration(com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyConfiguration) Inject(javax.inject.Inject) Value(org.springframework.beans.factory.annotation.Value) VaultSecret(com.sequenceiq.cloudbreak.service.secret.vault.VaultSecret) TunnelEntry(com.sequenceiq.cloudbreak.clusterproxy.TunnelEntry) Service(org.springframework.stereotype.Service) LinkedList(java.util.LinkedList) ServiceFamilies(com.sequenceiq.cloudbreak.ccm.endpoint.ServiceFamilies) Tunnel(com.sequenceiq.common.api.type.Tunnel) Stack(com.sequenceiq.freeipa.entity.Stack) VaultConfigException(com.sequenceiq.cloudbreak.service.secret.vault.VaultConfigException) ClientCertificate(com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) Logger(org.slf4j.Logger) FreeIpa(com.sequenceiq.freeipa.entity.FreeIpa) ClusterServiceHealthCheck(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceHealthCheck) ReadConfigResponse(com.sequenceiq.cloudbreak.clusterproxy.ReadConfigResponse) IOException(java.io.IOException) ServiceEndpointHealthListenerTask(com.sequenceiq.freeipa.service.polling.clusterproxy.ServiceEndpointHealthListenerTask) SecurityConfigService(com.sequenceiq.freeipa.service.SecurityConfigService) ClusterProxyServiceAvailabilityChecker(com.sequenceiq.freeipa.util.ClusterProxyServiceAvailabilityChecker) ClusterProxyEnablementService(com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyEnablementService) ServiceEndpointHealthPollerObject(com.sequenceiq.freeipa.service.polling.clusterproxy.ServiceEndpointHealthPollerObject) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig) List(java.util.List) ClusterProxyRegistrationClient(com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyRegistrationClient) GatewayConfigService(com.sequenceiq.freeipa.service.GatewayConfigService) PollingService(com.sequenceiq.cloudbreak.polling.PollingService) FreeIpaService(com.sequenceiq.freeipa.service.freeipa.FreeIpaService) CcmV2Config(com.sequenceiq.cloudbreak.clusterproxy.CcmV2Config) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig) Optional(java.util.Optional) HealthCheckAvailabilityChecker(com.sequenceiq.freeipa.util.HealthCheckAvailabilityChecker) ConfigRegistrationResponse(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) LinkedList(java.util.LinkedList) List(java.util.List) ConfigRegistrationRequest(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest) ConfigRegistrationRequestBuilder(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequestBuilder) ClientCertificate(com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate) LinkedList(java.util.LinkedList) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)

Aggregations

ClusterServiceConfig (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig)10 ConfigRegistrationRequest (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest)6 ConfigRegistrationResponse (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse)6 GatewayConfig (com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)6 FreeIpa (com.sequenceiq.freeipa.entity.FreeIpa)6 Stack (com.sequenceiq.freeipa.entity.Stack)6 ClientCertificate (com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate)5 CcmV2Config (com.sequenceiq.cloudbreak.clusterproxy.CcmV2Config)4 ClusterServiceCredential (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceCredential)4 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4 ClusterServiceHealthCheck (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceHealthCheck)3 TunnelEntry (com.sequenceiq.cloudbreak.clusterproxy.TunnelEntry)3 SecurityConfig (com.sequenceiq.freeipa.entity.SecurityConfig)3 CCMV2_BACKEND_ID_FORMAT (com.sequenceiq.cloudbreak.ccm.cloudinit.CcmV2ParameterConstants.CCMV2_BACKEND_ID_FORMAT)2 ServiceFamilies (com.sequenceiq.cloudbreak.ccm.endpoint.ServiceFamilies)2 ClusterProxyConfiguration (com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyConfiguration)2 ClusterProxyEnablementService (com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyEnablementService)2 ClusterProxyRegistrationClient (com.sequenceiq.cloudbreak.clusterproxy.ClusterProxyRegistrationClient)2 ConfigRegistrationRequestBuilder (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequestBuilder)2 ReadConfigResponse (com.sequenceiq.cloudbreak.clusterproxy.ReadConfigResponse)2