use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.
the class GatewayConfigService method getSaltClientConfig.
private SaltClientConfig getSaltClientConfig(Stack stack) {
SecurityConfig securityConfig = stack.getSecurityConfig();
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
String privateKey = saltSecurityConfig.getSaltBootSignPrivateKey();
String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
String saltPassword = saltSecurityConfig.getSaltPassword();
return new SaltClientConfig(saltPassword, saltBootPassword, new String(Base64.decodeBase64(privateKey)));
}
use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.
the class TlsSecurityService method buildGatewayConfig.
public GatewayConfig buildGatewayConfig(Stack stack, InstanceMetaData gatewayInstance, Integer gatewayPort, SaltClientConfig saltClientConfig, Boolean knoxGatewayEnabled) {
Long stackId = stack.getId();
LOGGER.info("Build gateway config for stack with id: {}, gatewayInstance: {}, gatewayPort: {}, knoxGatewayEnabled: {}", stackId, gatewayInstance, gatewayPort, knoxGatewayEnabled);
SecurityConfig securityConfig = getSecurityConfigByStackIdOrThrowNotFound(stackId);
String connectionIp = getGatewayIp(securityConfig, gatewayInstance, stack);
HttpClientConfig conf = buildTLSClientConfig(stackId, stack.getCloudPlatform(), connectionIp, gatewayInstance);
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
String saltSignPrivateKeyB64 = saltSecurityConfig.getSaltSignPrivateKey();
GatewayConfig gatewayConfig = new GatewayConfig(connectionIp, gatewayInstance.getPublicIpWrapper(), gatewayInstance.getPrivateIp(), gatewayInstance.getDiscoveryFQDN(), getGatewayPort(gatewayPort, stack), gatewayInstance.getInstanceId(), conf.getServerCert(), conf.getClientCert(), conf.getClientKey(), saltClientConfig.getSaltPassword(), saltClientConfig.getSaltBootPassword(), saltClientConfig.getSignatureKeyPem(), knoxGatewayEnabled, InstanceMetadataType.GATEWAY_PRIMARY.equals(gatewayInstance.getInstanceMetadataType()), new String(decodeBase64(saltSignPrivateKeyB64)), new String(decodeBase64(saltSecurityConfig.getSaltSignPublicKey())), securityConfig.getUserFacingCert(), securityConfig.getUserFacingKey());
if (clusterProxyService.isCreateConfigForClusterProxy(stack)) {
LOGGER.info("Create config for cluster proxy");
gatewayConfig.withPath(clusterProxyService.getProxyPath(stack.getResourceCrn(), gatewayInstance.getInstanceId())).withProtocol(clusterProxyConfiguration.getClusterProxyProtocol());
}
return gatewayConfig;
}
use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.
the class TlsSecurityService method setSaltSignKeypair.
private void setSaltSignKeypair(SecurityConfig securityConfig, Pair<String, String> keyPair) {
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
saltSecurityConfig.setSaltSignPublicKey(BaseEncoding.base64().encode(keyPair.getValue().getBytes()));
saltSecurityConfig.setSaltSignPrivateKey(BaseEncoding.base64().encode(keyPair.getKey().getBytes()));
}
use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.
the class UserDataService method createUserData.
public void createUserData(Long stackId) throws CloudbreakImageNotFoundException {
Stack stack = stackService.getByIdWithLists(stackId);
String userCrn = ThreadBasedUserCrnProvider.getUserCrn();
Future<PlatformParameters> platformParametersFuture = intermediateBuilderExecutor.submit(() -> connector.getPlatformParameters(stack, userCrn));
SecurityConfig securityConfig = securityConfigService.generateAndSaveSecurityConfig(stack);
stack.setSecurityConfig(securityConfig);
stackService.save(stack);
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
String cbPrivKey = saltSecurityConfig.getSaltBootSignPrivateKey();
byte[] cbSshKeyDer = PkiUtil.getPublicKeyDer(new String(Base64.decodeBase64(cbPrivKey)));
String sshUser = stack.getStackAuthentication().getLoginUserName();
String cbCert = securityConfig.getClientCert();
String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
try {
PlatformParameters platformParameters = platformParametersFuture.get();
CcmConnectivityParameters ccmParameters = ccmUserDataService.fetchAndSaveCcmParameters(stack);
Optional<ProxyConfig> proxyConfig = proxyConfigDtoService.getByEnvironmentCrn(stack.getEnvironmentCrn());
Map<InstanceGroupType, String> userData = userDataBuilder.buildUserData(Platform.platform(stack.getCloudPlatform()), cbSshKeyDer, sshUser, platformParameters, saltBootPassword, cbCert, ccmParameters, proxyConfig.orElse(null));
imageService.decorateImageWithUserDataForStack(stack, userData);
} catch (InterruptedException | ExecutionException e) {
LOGGER.error("Failed to get Platform parmaters", e);
throw new GetCloudParameterException("Failed to get Platform parmaters", e);
}
}
use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.
the class TlsSecurityService method generateSecurityKeys.
@Measure(TlsSecurityService.class)
public SecurityConfig generateSecurityKeys(Workspace workspace) {
SecurityConfig securityConfig = new SecurityConfig();
securityConfig.setWorkspace(workspace);
SaltSecurityConfig saltSecurityConfig = new SaltSecurityConfig();
saltSecurityConfig.setWorkspace(workspace);
saltSecurityConfig.setSaltBootPassword(PasswordUtil.generatePassword());
saltSecurityConfig.setSaltPassword(PasswordUtil.generatePassword());
securityConfig.setSaltSecurityConfig(saltSecurityConfig);
setClientKeys(securityConfig, keyPairCache.pop(), keyPairCache.pop());
setSaltBootSignKeypair(saltSecurityConfig, convertKeyPair(keyPairCache.pop()));
setSaltSignKeypair(securityConfig, convertKeyPair(keyPairCache.pop()));
return securityConfig;
}
Aggregations