Example 1 with SaltSecurityConfig
use of com.sequenceiq.freeipa.entity.SaltSecurityConfig in project cloudbreak by hortonworks.
the class UserDataService method createUserData.
private void createUserData(Stack stack, Supplier<CcmConnectivityParameters> ccmParametersSupplier) {
DetailedEnvironmentResponse environment = environmentClientService.getByCrn(stack.getEnvironmentCrn());
Credential credential = credentialService.getCredentialByEnvCrn(stack.getEnvironmentCrn());
Future<PlatformParameters> platformParametersFuture = intermediateBuilderExecutor.submit(() -> platformParameterService.getPlatformParameters(stack, credential));
SecurityConfig securityConfig = stack.getSecurityConfig();
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
String cbPrivKey = saltSecurityConfig.getSaltBootSignPrivateKey();
byte[] cbSshKeyDer = PkiUtil.getPublicKeyDer(new String(Base64.decodeBase64(cbPrivKey)));
String sshUser = stack.getStackAuthentication().getLoginUserName();
String cbCert = securityConfig.getClientCert();
String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
try {
PlatformParameters platformParameters = platformParametersFuture.get();
CcmConnectivityParameters ccmParameters = ccmParametersSupplier.get();
Optional<ProxyConfig> proxyConfig = proxyConfigDtoService.getByEnvironmentCrn(stack.getEnvironmentCrn());
String userData = userDataBuilder.buildUserData(stack.getAccountId(), environment, Platform.platform(stack.getCloudPlatform()), cbSshKeyDer, sshUser, platformParameters, saltBootPassword, cbCert, ccmParameters, proxyConfig.orElse(null));
imageService.decorateImageWithUserDataForStack(stack, userData);
} catch (InterruptedException | ExecutionException e) {
LOGGER.error("Failed to get Platform parameters", e);
throw new GetCloudParameterException("Failed to get Platform parameters", e);
}
}
Also used :
Credential(com.sequenceiq.freeipa.dto.Credential)
GetCloudParameterException(com.sequenceiq.cloudbreak.cloud.service.GetCloudParameterException)
ProxyConfig(com.sequenceiq.cloudbreak.dto.ProxyConfig)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
CcmConnectivityParameters(com.sequenceiq.cloudbreak.ccm.cloudinit.CcmConnectivityParameters)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig)
DetailedEnvironmentResponse(com.sequenceiq.environment.api.v1.environment.model.response.DetailedEnvironmentResponse)
PlatformParameters(com.sequenceiq.cloudbreak.cloud.PlatformParameters)
ExecutionException(java.util.concurrent.ExecutionException)
Example 2 with SaltSecurityConfig
use of com.sequenceiq.freeipa.entity.SaltSecurityConfig in project cloudbreak by hortonworks.
the class GatewayConfigService method getSaltClientConfig.
private SaltClientConfig getSaltClientConfig(Stack stack) {
SecurityConfig securityConfig = stack.getSecurityConfig();
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
String privateKey = saltSecurityConfig.getSaltBootSignPrivateKey();
String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
String saltPassword = saltSecurityConfig.getSaltPassword();
return new SaltClientConfig(saltPassword, saltBootPassword, new String(Base64.decodeBase64(privateKey)));
}
Also used :
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig)
SaltClientConfig(com.sequenceiq.cloudbreak.client.SaltClientConfig)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
Example 3 with SaltSecurityConfig
use of com.sequenceiq.freeipa.entity.SaltSecurityConfig in project cloudbreak by hortonworks.
the class SecurityConfigService method findOneByStack.
public SecurityConfig findOneByStack(Stack stack) {
SecurityConfig securityConfig = securityConfigRepository.findOneByStackId(stack.getId());
if (securityConfig != null && securityConfig.getSaltSecurityConfig() != null) {
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
if (StringUtils.isAnyBlank(saltSecurityConfig.getSaltBootPasswordVault(), saltSecurityConfig.getSaltBootSignPrivateKeyVault(), saltSecurityConfig.getSaltPasswordVault(), saltSecurityConfig.getSaltSignPrivateKeyVault())) {
LOGGER.debug("Migrate SaltSecurityConfig with id [{}] to vault", saltSecurityConfig.getId());
if (!saltSecurityConfig.getSaltBootPassword().equals(saltSecurityConfig.getSaltBootPasswordVault())) {
saltSecurityConfig.setSaltBootPasswordVault(saltSecurityConfig.getSaltBootPassword());
}
if (!saltSecurityConfig.getSaltBootSignPrivateKey().equals(saltSecurityConfig.getSaltBootSignPrivateKeyVault())) {
saltSecurityConfig.setSaltBootSignPrivateKeyVault(saltSecurityConfig.getSaltBootSignPrivateKey());
}
if (!saltSecurityConfig.getSaltSignPrivateKey().equals(saltSecurityConfig.getSaltPasswordVault())) {
saltSecurityConfig.setSaltPasswordVault(saltSecurityConfig.getSaltPassword());
}
if (!saltSecurityConfig.getSaltSignPrivateKey().equals(saltSecurityConfig.getSaltSignPrivateKeyVault())) {
saltSecurityConfig.setSaltSignPrivateKeyVault(saltSecurityConfig.getSaltSignPrivateKey());
}
saltSecurityConfig = disabledSaltSecurityConfigRepository.save(saltSecurityConfig);
securityConfig.setSaltSecurityConfig(saltSecurityConfig);
}
}
return securityConfig;
}
Also used :
SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
Example 4 with SaltSecurityConfig
use of com.sequenceiq.freeipa.entity.SaltSecurityConfig in project cloudbreak by hortonworks.
the class TlsSecurityService method generateSaltSignKeypair.
private void generateSaltSignKeypair(SecurityConfig securityConfig) {
KeyPair keyPair = PkiUtil.generateKeypair();
String privateKey = PkiUtil.convert(keyPair.getPrivate());
String publicKey = PkiUtil.convertOpenSshPublicKey(keyPair.getPublic());
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
saltSecurityConfig.setSaltSignPublicKey(BaseEncoding.base64().encode(publicKey.getBytes()));
String saltSignPrivateKey = BaseEncoding.base64().encode(privateKey.getBytes());
saltSecurityConfig.setSaltSignPrivateKey(saltSignPrivateKey);
saltSecurityConfig.setSaltSignPrivateKeyVault(saltSignPrivateKey);
}
Also used :
KeyPair(java.security.KeyPair)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
Example 5 with SaltSecurityConfig
use of com.sequenceiq.freeipa.entity.SaltSecurityConfig in project cloudbreak by hortonworks.
the class TlsSecurityService method buildGatewayConfig.
public GatewayConfig buildGatewayConfig(Stack stack, InstanceMetaData gatewayInstance, SaltClientConfig saltClientConfig, Boolean knoxGatewayEnabled) {
SecurityConfig securityConfig = securityConfigService.findOneByStack(stack);
String connectionIp = getGatewayIp(securityConfig, gatewayInstance, stack);
HttpClientConfig conf = buildTLSClientConfig(stack, connectionIp, gatewayInstance);
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
String saltSignPrivateKeyB64 = saltSecurityConfig.getSaltSignPrivateKeyVault();
GatewayConfig gatewayConfig = new GatewayConfig(connectionIp, gatewayInstance.getPublicIpWrapper(), gatewayInstance.getPrivateIp(), gatewayInstance.getDiscoveryFQDN(), getGatewayPort(stack.getGatewayport(), stack), gatewayInstance.getInstanceId(), conf.getServerCert(), conf.getClientCert(), conf.getClientKey(), saltClientConfig.getSaltPassword(), saltClientConfig.getSaltBootPassword(), saltClientConfig.getSignatureKeyPem(), knoxGatewayEnabled, InstanceMetadataType.GATEWAY_PRIMARY.equals(gatewayInstance.getInstanceMetadataType()), new String(decodeBase64(saltSignPrivateKeyB64)), new String(decodeBase64(saltSecurityConfig.getSaltSignPublicKey())), null, null);
if (clusterProxyService.isCreateConfigForClusterProxy(stack)) {
gatewayConfig.withPath(clusterProxyService.getProxyPathPgwAsFallBack(stack, Optional.ofNullable(gatewayInstance.getDiscoveryFQDN()))).withProtocol(clusterProxyConfiguration.getClusterProxyProtocol());
}
return gatewayConfig;
}
Also used :
HttpClientConfig(com.sequenceiq.cloudbreak.client.HttpClientConfig)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig)
SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig)
GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)
Aggregations
SaltSecurityConfig (com.sequenceiq.freeipa.entity.SaltSecurityConfig)6
SecurityConfig (com.sequenceiq.freeipa.entity.SecurityConfig)5
CcmConnectivityParameters (com.sequenceiq.cloudbreak.ccm.cloudinit.CcmConnectivityParameters)1
HttpClientConfig (com.sequenceiq.cloudbreak.client.HttpClientConfig)1
SaltClientConfig (com.sequenceiq.cloudbreak.client.SaltClientConfig)1
PlatformParameters (com.sequenceiq.cloudbreak.cloud.PlatformParameters)1
GetCloudParameterException (com.sequenceiq.cloudbreak.cloud.service.GetCloudParameterException)1
ProxyConfig (com.sequenceiq.cloudbreak.dto.ProxyConfig)1
GatewayConfig (com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)1
DetailedEnvironmentResponse (com.sequenceiq.environment.api.v1.environment.model.response.DetailedEnvironmentResponse)1
Credential (com.sequenceiq.freeipa.dto.Credential)1
KeyPair (java.security.KeyPair)1
ExecutionException (java.util.concurrent.ExecutionException)1
