Search in sources :

Example 1 with SaltSecurityConfig

use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.

the class GatewayConfigService method getSaltClientConfig.

private SaltClientConfig getSaltClientConfig(Stack stack) {
    SecurityConfig securityConfig = stack.getSecurityConfig();
    SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
    String privateKey = saltSecurityConfig.getSaltBootSignPrivateKey();
    String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
    String saltPassword = saltSecurityConfig.getSaltPassword();
    return new SaltClientConfig(saltPassword, saltBootPassword, new String(Base64.decodeBase64(privateKey)));
}
Also used : SecurityConfig(com.sequenceiq.cloudbreak.domain.SecurityConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig) SaltClientConfig(com.sequenceiq.cloudbreak.client.SaltClientConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig)

Example 2 with SaltSecurityConfig

use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.

the class TlsSecurityService method buildGatewayConfig.

public GatewayConfig buildGatewayConfig(Stack stack, InstanceMetaData gatewayInstance, Integer gatewayPort, SaltClientConfig saltClientConfig, Boolean knoxGatewayEnabled) {
    Long stackId = stack.getId();
    LOGGER.info("Build gateway config for stack with id: {}, gatewayInstance: {}, gatewayPort: {}, knoxGatewayEnabled: {}", stackId, gatewayInstance, gatewayPort, knoxGatewayEnabled);
    SecurityConfig securityConfig = getSecurityConfigByStackIdOrThrowNotFound(stackId);
    String connectionIp = getGatewayIp(securityConfig, gatewayInstance, stack);
    HttpClientConfig conf = buildTLSClientConfig(stackId, stack.getCloudPlatform(), connectionIp, gatewayInstance);
    SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
    String saltSignPrivateKeyB64 = saltSecurityConfig.getSaltSignPrivateKey();
    GatewayConfig gatewayConfig = new GatewayConfig(connectionIp, gatewayInstance.getPublicIpWrapper(), gatewayInstance.getPrivateIp(), gatewayInstance.getDiscoveryFQDN(), getGatewayPort(gatewayPort, stack), gatewayInstance.getInstanceId(), conf.getServerCert(), conf.getClientCert(), conf.getClientKey(), saltClientConfig.getSaltPassword(), saltClientConfig.getSaltBootPassword(), saltClientConfig.getSignatureKeyPem(), knoxGatewayEnabled, InstanceMetadataType.GATEWAY_PRIMARY.equals(gatewayInstance.getInstanceMetadataType()), new String(decodeBase64(saltSignPrivateKeyB64)), new String(decodeBase64(saltSecurityConfig.getSaltSignPublicKey())), securityConfig.getUserFacingCert(), securityConfig.getUserFacingKey());
    if (clusterProxyService.isCreateConfigForClusterProxy(stack)) {
        LOGGER.info("Create config for cluster proxy");
        gatewayConfig.withPath(clusterProxyService.getProxyPath(stack.getResourceCrn(), gatewayInstance.getInstanceId())).withProtocol(clusterProxyConfiguration.getClusterProxyProtocol());
    }
    return gatewayConfig;
}
Also used : HttpClientConfig(com.sequenceiq.cloudbreak.client.HttpClientConfig) SecurityConfig(com.sequenceiq.cloudbreak.domain.SecurityConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)

Example 3 with SaltSecurityConfig

use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.

the class TlsSecurityService method setSaltSignKeypair.

private void setSaltSignKeypair(SecurityConfig securityConfig, Pair<String, String> keyPair) {
    SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
    saltSecurityConfig.setSaltSignPublicKey(BaseEncoding.base64().encode(keyPair.getValue().getBytes()));
    saltSecurityConfig.setSaltSignPrivateKey(BaseEncoding.base64().encode(keyPair.getKey().getBytes()));
}
Also used : SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig)

Example 4 with SaltSecurityConfig

use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.

the class UserDataService method createUserData.

public void createUserData(Long stackId) throws CloudbreakImageNotFoundException {
    Stack stack = stackService.getByIdWithLists(stackId);
    String userCrn = ThreadBasedUserCrnProvider.getUserCrn();
    Future<PlatformParameters> platformParametersFuture = intermediateBuilderExecutor.submit(() -> connector.getPlatformParameters(stack, userCrn));
    SecurityConfig securityConfig = securityConfigService.generateAndSaveSecurityConfig(stack);
    stack.setSecurityConfig(securityConfig);
    stackService.save(stack);
    SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
    String cbPrivKey = saltSecurityConfig.getSaltBootSignPrivateKey();
    byte[] cbSshKeyDer = PkiUtil.getPublicKeyDer(new String(Base64.decodeBase64(cbPrivKey)));
    String sshUser = stack.getStackAuthentication().getLoginUserName();
    String cbCert = securityConfig.getClientCert();
    String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
    try {
        PlatformParameters platformParameters = platformParametersFuture.get();
        CcmConnectivityParameters ccmParameters = ccmUserDataService.fetchAndSaveCcmParameters(stack);
        Optional<ProxyConfig> proxyConfig = proxyConfigDtoService.getByEnvironmentCrn(stack.getEnvironmentCrn());
        Map<InstanceGroupType, String> userData = userDataBuilder.buildUserData(Platform.platform(stack.getCloudPlatform()), cbSshKeyDer, sshUser, platformParameters, saltBootPassword, cbCert, ccmParameters, proxyConfig.orElse(null));
        imageService.decorateImageWithUserDataForStack(stack, userData);
    } catch (InterruptedException | ExecutionException e) {
        LOGGER.error("Failed to get Platform parmaters", e);
        throw new GetCloudParameterException("Failed to get Platform parmaters", e);
    }
}
Also used : InstanceGroupType(com.sequenceiq.common.api.type.InstanceGroupType) GetCloudParameterException(com.sequenceiq.cloudbreak.cloud.service.GetCloudParameterException) ProxyConfig(com.sequenceiq.cloudbreak.dto.ProxyConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig) Stack(com.sequenceiq.cloudbreak.domain.stack.Stack) CcmConnectivityParameters(com.sequenceiq.cloudbreak.ccm.cloudinit.CcmConnectivityParameters) SecurityConfig(com.sequenceiq.cloudbreak.domain.SecurityConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig) PlatformParameters(com.sequenceiq.cloudbreak.cloud.PlatformParameters) ExecutionException(java.util.concurrent.ExecutionException)

Example 5 with SaltSecurityConfig

use of com.sequenceiq.cloudbreak.domain.SaltSecurityConfig in project cloudbreak by hortonworks.

the class TlsSecurityService method generateSecurityKeys.

@Measure(TlsSecurityService.class)
public SecurityConfig generateSecurityKeys(Workspace workspace) {
    SecurityConfig securityConfig = new SecurityConfig();
    securityConfig.setWorkspace(workspace);
    SaltSecurityConfig saltSecurityConfig = new SaltSecurityConfig();
    saltSecurityConfig.setWorkspace(workspace);
    saltSecurityConfig.setSaltBootPassword(PasswordUtil.generatePassword());
    saltSecurityConfig.setSaltPassword(PasswordUtil.generatePassword());
    securityConfig.setSaltSecurityConfig(saltSecurityConfig);
    setClientKeys(securityConfig, keyPairCache.pop(), keyPairCache.pop());
    setSaltBootSignKeypair(saltSecurityConfig, convertKeyPair(keyPairCache.pop()));
    setSaltSignKeypair(securityConfig, convertKeyPair(keyPairCache.pop()));
    return securityConfig;
}
Also used : SecurityConfig(com.sequenceiq.cloudbreak.domain.SecurityConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig) SaltSecurityConfig(com.sequenceiq.cloudbreak.domain.SaltSecurityConfig) Measure(com.sequenceiq.cloudbreak.aspect.Measure)

Aggregations

SaltSecurityConfig (com.sequenceiq.cloudbreak.domain.SaltSecurityConfig)6 SecurityConfig (com.sequenceiq.cloudbreak.domain.SecurityConfig)5 HttpClientConfig (com.sequenceiq.cloudbreak.client.HttpClientConfig)2 Stack (com.sequenceiq.cloudbreak.domain.stack.Stack)2 GatewayConfig (com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)2 Measure (com.sequenceiq.cloudbreak.aspect.Measure)1 CcmConnectivityParameters (com.sequenceiq.cloudbreak.ccm.cloudinit.CcmConnectivityParameters)1 SaltClientConfig (com.sequenceiq.cloudbreak.client.SaltClientConfig)1 PlatformParameters (com.sequenceiq.cloudbreak.cloud.PlatformParameters)1 GetCloudParameterException (com.sequenceiq.cloudbreak.cloud.service.GetCloudParameterException)1 ProxyConfig (com.sequenceiq.cloudbreak.dto.ProxyConfig)1 InstanceGroupType (com.sequenceiq.common.api.type.InstanceGroupType)1 ExecutionException (java.util.concurrent.ExecutionException)1