Search in sources :

Example 1 with CuratorACLManager

use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.

the class EnsemblePasswordAction method doExecute.

@Override
protected Object doExecute() throws Exception {
    if (!commit) {
        if (newPassword == null) {
            System.out.println(fabricService.getZookeeperPassword());
        } else {
            String zookeeperUrl = fabricService.getZookeeperUrl();
            String oldPassword = fabricService.getZookeeperPassword();
            System.out.println("Updating the password...");
            // Since we will be changing the password, create a new ZKClient that won't
            // be getting update by the password change.
            CuratorACLManager aclManager = new CuratorACLManager();
            CuratorFramework curator = CuratorFrameworkFactory.builder().connectString(zookeeperUrl).retryPolicy(new RetryOneTime(500)).aclProvider(aclManager).authorization("digest", ("fabric:" + oldPassword).getBytes()).sessionTimeoutMs(30000).build();
            curator.start();
            try {
                // Lets first adjust the acls so that the new password and old passwords work against the ZK paths.
                String digestedIdPass = DigestAuthenticationProvider.generateDigest("fabric:" + newPassword);
                aclManager.registerAcl("/fabric", "auth::acdrw,world:anyone:,digest:" + digestedIdPass + ":acdrw");
                aclManager.fixAcl(curator, "/fabric", true);
                // Ok now lets push out a config update of what the password is.
                curator.setData().forPath(ZkPath.CONFIG_ENSEMBLE_PASSWORD.getPath(), PasswordEncoder.encode(newPassword).getBytes(Charsets.UTF_8));
            } finally {
                curator.close();
            }
            // Refresh the default profile to cause all nodes to pickup the new password.
            ProfileService profileService = fabricService.adapt(ProfileService.class);
            for (String ver : profileService.getVersions()) {
                Version version = profileService.getVersion(ver);
                if (version != null) {
                    Profile profile = version.getProfile("default");
                    if (profile != null) {
                        Profiles.refreshProfile(fabricService, profile);
                    }
                }
            }
            System.out.println("");
            System.out.println("Password updated. Please wait a little while for the new password to");
            System.out.println("get delivered as a config update to all the fabric nodes. Once, the ");
            System.out.println("nodes all updated (nodes must be online), please run:");
            System.out.println("");
            System.out.println("  fabric:ensemble-password --commit ");
            System.out.println("");
        }
    } else {
        // Now lets connect with the new password and reset the ACLs so that the old password
        // does not work anymore.
        CuratorACLManager aclManager = new CuratorACLManager();
        CuratorFramework curator = CuratorFrameworkFactory.builder().connectString(fabricService.getZookeeperUrl()).retryPolicy(new RetryOneTime(500)).aclProvider(aclManager).authorization("digest", ("fabric:" + fabricService.getZookeeperPassword()).getBytes()).sessionTimeoutMs(30000).build();
        curator.start();
        try {
            aclManager.fixAcl(curator, "/fabric", true);
            System.out.println("Only the current password is allowed access to fabric now.");
        } finally {
            curator.close();
        }
    }
    return null;
}
Also used : CuratorFramework(org.apache.curator.framework.CuratorFramework) RetryOneTime(org.apache.curator.retry.RetryOneTime) CuratorACLManager(io.fabric8.zookeeper.curator.CuratorACLManager)

Example 2 with CuratorACLManager

use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.

the class ZKPING method init.

@Override
public void init() throws Exception {
    // connection url
    String zkURL = System.getenv("FABRIC8_ZOOKEEPER_URL");
    if (zkURL != null) {
        connection = zkURL;
    }
    // password
    String zkPassword = System.getenv("FABRIC8_ZOOKEEPER_PASSWORD");
    if (zkPassword != null) {
        password = PasswordEncoder.decode(zkPassword);
        setAclProvider(new CuratorACLManager());
    }
    super.init();
}
Also used : CuratorACLManager(io.fabric8.zookeeper.curator.CuratorACLManager)

Example 3 with CuratorACLManager

use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.

the class CuratorFactoryBean method getObject.

// FactoryBean interface
// -------------------------------------------------------------------------
public CuratorFramework getObject() throws Exception {
    LOG.debug("Connecting to ZooKeeper on " + connectString);
    CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(connectString).retryPolicy(new ExponentialBackoffRetry(5, 10)).connectionTimeoutMs(getTimeout());
    if (password != null && !password.isEmpty()) {
        builder.aclProvider(new CuratorACLManager());
        builder.authorization("digest", ("fabric:" + password).getBytes("UTF-8"));
    }
    this.curator = builder.build();
    LOG.debug("Starting curator " + curator);
    curator.start();
    return curator;
}
Also used : CuratorFrameworkFactory(org.apache.curator.framework.CuratorFrameworkFactory) ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry) CuratorACLManager(io.fabric8.zookeeper.curator.CuratorACLManager)

Example 4 with CuratorACLManager

use of io.fabric8.zookeeper.curator.CuratorACLManager in project fabric8 by jboss-fuse.

the class FabricDiscoveryAgent method call.

@Override
public Object call() throws Exception {
    LOG.info("Using local ZKClient");
    managedZkClient = true;
    CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(System.getProperty("zookeeper.url", "localhost:2181")).retryPolicy(new RetryOneTime(1000)).connectionTimeoutMs(10000);
    String password = System.getProperty("zookeeper.password", "admin");
    if (password != null && !password.isEmpty()) {
        builder.aclProvider(new CuratorACLManager());
        builder.authorization("digest", ("fabric:" + password).getBytes());
    }
    CuratorFramework client = builder.build();
    client.start();
    client.getZookeeperClient().blockUntilConnectedOrTimedOut();
    return client;
}
Also used : CuratorFramework(org.apache.curator.framework.CuratorFramework) RetryOneTime(org.apache.curator.retry.RetryOneTime) CuratorFrameworkFactory(org.apache.curator.framework.CuratorFrameworkFactory) CuratorACLManager(io.fabric8.zookeeper.curator.CuratorACLManager)

Aggregations

CuratorACLManager (io.fabric8.zookeeper.curator.CuratorACLManager)4 CuratorFramework (org.apache.curator.framework.CuratorFramework)2 CuratorFrameworkFactory (org.apache.curator.framework.CuratorFrameworkFactory)2 RetryOneTime (org.apache.curator.retry.RetryOneTime)2 ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)1