use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.
the class EnsemblePasswordAction method doExecute.
@Override
protected Object doExecute() throws Exception {
if (!commit) {
if (newPassword == null) {
System.out.println(fabricService.getZookeeperPassword());
} else {
String zookeeperUrl = fabricService.getZookeeperUrl();
String oldPassword = fabricService.getZookeeperPassword();
System.out.println("Updating the password...");
// Since we will be changing the password, create a new ZKClient that won't
// be getting update by the password change.
CuratorACLManager aclManager = new CuratorACLManager();
CuratorFramework curator = CuratorFrameworkFactory.builder().connectString(zookeeperUrl).retryPolicy(new RetryOneTime(500)).aclProvider(aclManager).authorization("digest", ("fabric:" + oldPassword).getBytes()).sessionTimeoutMs(30000).build();
curator.start();
try {
// Lets first adjust the acls so that the new password and old passwords work against the ZK paths.
String digestedIdPass = DigestAuthenticationProvider.generateDigest("fabric:" + newPassword);
aclManager.registerAcl("/fabric", "auth::acdrw,world:anyone:,digest:" + digestedIdPass + ":acdrw");
aclManager.fixAcl(curator, "/fabric", true);
// Ok now lets push out a config update of what the password is.
curator.setData().forPath(ZkPath.CONFIG_ENSEMBLE_PASSWORD.getPath(), PasswordEncoder.encode(newPassword).getBytes(Charsets.UTF_8));
} finally {
curator.close();
}
// Refresh the default profile to cause all nodes to pickup the new password.
ProfileService profileService = fabricService.adapt(ProfileService.class);
for (String ver : profileService.getVersions()) {
Version version = profileService.getVersion(ver);
if (version != null) {
Profile profile = version.getProfile("default");
if (profile != null) {
Profiles.refreshProfile(fabricService, profile);
}
}
}
System.out.println("");
System.out.println("Password updated. Please wait a little while for the new password to");
System.out.println("get delivered as a config update to all the fabric nodes. Once, the ");
System.out.println("nodes all updated (nodes must be online), please run:");
System.out.println("");
System.out.println(" fabric:ensemble-password --commit ");
System.out.println("");
}
} else {
// Now lets connect with the new password and reset the ACLs so that the old password
// does not work anymore.
CuratorACLManager aclManager = new CuratorACLManager();
CuratorFramework curator = CuratorFrameworkFactory.builder().connectString(fabricService.getZookeeperUrl()).retryPolicy(new RetryOneTime(500)).aclProvider(aclManager).authorization("digest", ("fabric:" + fabricService.getZookeeperPassword()).getBytes()).sessionTimeoutMs(30000).build();
curator.start();
try {
aclManager.fixAcl(curator, "/fabric", true);
System.out.println("Only the current password is allowed access to fabric now.");
} finally {
curator.close();
}
}
return null;
}
use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.
the class ZKPING method init.
@Override
public void init() throws Exception {
// connection url
String zkURL = System.getenv("FABRIC8_ZOOKEEPER_URL");
if (zkURL != null) {
connection = zkURL;
}
// password
String zkPassword = System.getenv("FABRIC8_ZOOKEEPER_PASSWORD");
if (zkPassword != null) {
password = PasswordEncoder.decode(zkPassword);
setAclProvider(new CuratorACLManager());
}
super.init();
}
use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.
the class CuratorFactoryBean method getObject.
// FactoryBean interface
// -------------------------------------------------------------------------
public CuratorFramework getObject() throws Exception {
LOG.debug("Connecting to ZooKeeper on " + connectString);
CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(connectString).retryPolicy(new ExponentialBackoffRetry(5, 10)).connectionTimeoutMs(getTimeout());
if (password != null && !password.isEmpty()) {
builder.aclProvider(new CuratorACLManager());
builder.authorization("digest", ("fabric:" + password).getBytes("UTF-8"));
}
this.curator = builder.build();
LOG.debug("Starting curator " + curator);
curator.start();
return curator;
}
use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.
the class FabricDiscoveryAgent method call.
@Override
public Object call() throws Exception {
LOG.info("Using local ZKClient");
managedZkClient = true;
CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(System.getProperty("zookeeper.url", "localhost:2181")).retryPolicy(new RetryOneTime(1000)).connectionTimeoutMs(10000);
String password = System.getProperty("zookeeper.password", "admin");
if (password != null && !password.isEmpty()) {
builder.aclProvider(new CuratorACLManager());
builder.authorization("digest", ("fabric:" + password).getBytes());
}
CuratorFramework client = builder.build();
client.start();
client.getZookeeperClient().blockUntilConnectedOrTimedOut();
return client;
}
Aggregations