use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.
the class Factory method getDataMovementRemoteCluster.
public static RemoteCluster getDataMovementRemoteCluster(ProcessContext processContext) throws GFacException, AiravataException, CredentialStoreException {
String storageResourceId = processContext.getStorageResourceId();
DataMovementProtocol dataMovementProtocol = processContext.getDataMovementProtocol();
String key = new StringBuilder(processContext.getComputeResourceLoginUserName()).append(':').append(dataMovementProtocol.name()).append(':').append(storageResourceId).append(":").append(processContext.getStorageResourceCredentialToken()).toString();
RemoteCluster remoteCluster = remoteClusterMap.get(key);
if (remoteCluster == null) {
JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
if (dataMovementProtocol == DataMovementProtocol.LOCAL) {
remoteCluster = new LocalRemoteCluster(processContext.getStorageResourceServerInfo(), jobManagerConfiguration, null);
} else if (dataMovementProtocol == DataMovementProtocol.SCP) {
remoteCluster = new HPCRemoteCluster(processContext.getStorageResourceServerInfo(), jobManagerConfiguration, Factory.getStorageSSHKeyAuthentication(processContext));
} else {
throw new GFacException("No remote cluster implementation map to job data movement protocol " + dataMovementProtocol.name());
}
remoteClusterMap.put(key, remoteCluster);
} else {
AuthenticationInfo authentication = remoteCluster.getAuthentication();
if (authentication instanceof SSHKeyAuthentication) {
SSHKeyAuthentication sshKeyAuthentication = (SSHKeyAuthentication) authentication;
if (!sshKeyAuthentication.getUserName().equals(processContext.getStorageResourceLoginUserName())) {
JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
dataMovementProtocol = processContext.getDataMovementProtocol();
if (dataMovementProtocol == DataMovementProtocol.SCP) {
remoteCluster = new HPCRemoteCluster(processContext.getStorageResourceServerInfo(), jobManagerConfiguration, Factory.getStorageSSHKeyAuthentication(processContext));
}
}
}
}
return remoteCluster;
}
use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.
the class Factory method getJobSubmissionRemoteCluster.
/**
* Factory class manage reomete cluster map, this will solve too many connections/ sessions issues with cluster
* communications.
* @param processContext
* @return
* @throws GFacException
* @throws AppCatalogException
* @throws AiravataException
*/
public static RemoteCluster getJobSubmissionRemoteCluster(ProcessContext processContext) throws GFacException, AppCatalogException, AiravataException, CredentialStoreException {
String computeResourceId = processContext.getComputeResourceId();
JobSubmissionProtocol jobSubmissionProtocol = processContext.getJobSubmissionProtocol();
String key = new StringBuilder(processContext.getComputeResourceLoginUserName()).append(':').append(jobSubmissionProtocol.name()).append(':').append(computeResourceId).append(':').append(processContext.getComputeResourceCredentialToken()).toString();
RemoteCluster remoteCluster = remoteClusterMap.get(key);
if (remoteCluster == null) {
JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
if (jobSubmissionProtocol == JobSubmissionProtocol.LOCAL || jobSubmissionProtocol == JobSubmissionProtocol.LOCAL_FORK) {
remoteCluster = new LocalRemoteCluster(processContext.getComputeResourceServerInfo(), jobManagerConfiguration, null);
} else if (jobSubmissionProtocol == JobSubmissionProtocol.SSH || jobSubmissionProtocol == JobSubmissionProtocol.SSH_FORK || jobSubmissionProtocol == JobSubmissionProtocol.CLOUD) {
remoteCluster = new HPCRemoteCluster(processContext.getComputeResourceServerInfo(), jobManagerConfiguration, Factory.getComputerResourceSSHKeyAuthentication(processContext));
} else {
throw new GFacException("No remote cluster implementation map to job submission protocol " + jobSubmissionProtocol.name());
}
remoteClusterMap.put(key, remoteCluster);
} else {
AuthenticationInfo authentication = remoteCluster.getAuthentication();
if (authentication instanceof SSHKeyAuthentication) {
SSHKeyAuthentication sshKeyAuthentication = (SSHKeyAuthentication) authentication;
if (!sshKeyAuthentication.getUserName().equals(processContext.getComputeResourceLoginUserName())) {
JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
if (jobSubmissionProtocol == JobSubmissionProtocol.SSH || jobSubmissionProtocol == JobSubmissionProtocol.SSH_FORK) {
remoteCluster = new HPCRemoteCluster(processContext.getComputeResourceServerInfo(), jobManagerConfiguration, Factory.getComputerResourceSSHKeyAuthentication(processContext));
}
}
}
}
return remoteCluster;
}
use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.
the class Factory method getSshKeyAuthentication.
private static SSHKeyAuthentication getSshKeyAuthentication(String gatewayId, String loginUserName, String credentialStoreToken) throws ApplicationSettingsException, IllegalAccessException, InstantiationException, CredentialStoreException, GFacException {
SSHKeyAuthentication sshKA;
CredentialReader credentialReader = GFacUtils.getCredentialReader();
Credential credential = credentialReader.getCredential(gatewayId, credentialStoreToken);
if (credential instanceof SSHCredential) {
sshKA = new SSHKeyAuthentication();
sshKA.setUserName(loginUserName);
SSHCredential sshCredential = (SSHCredential) credential;
sshKA.setPublicKey(sshCredential.getPublicKey());
sshKA.setPrivateKey(sshCredential.getPrivateKey());
sshKA.setPassphrase(sshCredential.getPassphrase());
sshKA.setStrictHostKeyChecking("no");
/* sshKA.setStrictHostKeyChecking(ServerSettings.getSetting("ssh.strict.hostKey.checking", "no"));
sshKA.setKnownHostsFilePath(ServerSettings.getSetting("ssh.known.hosts.file", null));
if (sshKA.getStrictHostKeyChecking().equals("yes") && sshKA.getKnownHostsFilePath() == null) {
throw new ApplicationSettingsException("If ssh strict hostkey checking property is set to yes, you must " +
"provide known host file path");
}*/
return sshKA;
} else {
String msg = "Provided credential store token is not valid. Please provide the correct credential store token";
log.error(msg);
throw new CredentialStoreException("Invalid credential store token:" + credentialStoreToken);
}
}
use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.
the class Factory method getSSHSession.
public static synchronized Session getSSHSession(AuthenticationInfo authenticationInfo, ServerInfo serverInfo) throws GFacException {
if (authenticationInfo == null || serverInfo == null) {
throw new IllegalArgumentException("Can't create ssh session, argument should be valid (not null)");
}
SSHKeyAuthentication authentication;
if (authenticationInfo instanceof SSHKeyAuthentication) {
authentication = (SSHKeyAuthentication) authenticationInfo;
} else {
throw new GFacException("Support ssh key authentication only");
}
String key = buildKey(serverInfo);
Session session = sessionCache.getIfPresent(key);
boolean valid = isValidSession(session);
// FIXME - move following info logs to debug
if (valid) {
log.info("SSH Session validation succeeded, key :" + key);
valid = testChannelCreation(session);
if (valid) {
log.info("Channel creation test succeeded, key :" + key);
} else {
log.info("Channel creation test failed, key :" + key);
}
} else {
log.info("Session validation failed, key :" + key);
}
if (!valid) {
if (session != null) {
log.info("Reinitialize a new SSH session for :" + key);
} else {
log.info("Initialize a new SSH session for :" + key);
}
try {
JSch jSch = new JSch();
jSch.addIdentity(UUID.randomUUID().toString(), authentication.getPrivateKey(), authentication.getPublicKey(), authentication.getPassphrase().getBytes());
session = jSch.getSession(serverInfo.getUserName(), serverInfo.getHost(), serverInfo.getPort());
session.setUserInfo(new DefaultUserInfo(serverInfo.getUserName(), null, authentication.getPassphrase()));
if (authentication.getStrictHostKeyChecking().equals("yes")) {
jSch.setKnownHosts(authentication.getKnownHostsFilePath());
} else {
session.setConfig("StrictHostKeyChecking", "no");
}
// 0 connection timeout
session.connect();
sessionCache.put(key, session);
} catch (JSchException e) {
throw new GFacException("JSch initialization error ", e);
}
} else {
// FIXME - move following info log to debug
log.info("Reuse SSH session for :" + key);
}
return session;
}
Aggregations