Examples with SSHKeyAuthentication org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication used on opensource projects

Example 1 with SSHKeyAuthentication

use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.

the class Factory method getDataMovementRemoteCluster.

public static RemoteCluster getDataMovementRemoteCluster(ProcessContext processContext) throws GFacException, AiravataException, CredentialStoreException {
    String storageResourceId = processContext.getStorageResourceId();
    DataMovementProtocol dataMovementProtocol = processContext.getDataMovementProtocol();
    String key = new StringBuilder(processContext.getComputeResourceLoginUserName()).append(':').append(dataMovementProtocol.name()).append(':').append(storageResourceId).append(":").append(processContext.getStorageResourceCredentialToken()).toString();
    RemoteCluster remoteCluster = remoteClusterMap.get(key);
    if (remoteCluster == null) {
        JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
        if (dataMovementProtocol == DataMovementProtocol.LOCAL) {
            remoteCluster = new LocalRemoteCluster(processContext.getStorageResourceServerInfo(), jobManagerConfiguration, null);
        } else if (dataMovementProtocol == DataMovementProtocol.SCP) {
            remoteCluster = new HPCRemoteCluster(processContext.getStorageResourceServerInfo(), jobManagerConfiguration, Factory.getStorageSSHKeyAuthentication(processContext));
        } else {
            throw new GFacException("No remote cluster implementation map to job data movement protocol " + dataMovementProtocol.name());
        }
        remoteClusterMap.put(key, remoteCluster);
    } else {
        AuthenticationInfo authentication = remoteCluster.getAuthentication();
        if (authentication instanceof SSHKeyAuthentication) {
            SSHKeyAuthentication sshKeyAuthentication = (SSHKeyAuthentication) authentication;
            if (!sshKeyAuthentication.getUserName().equals(processContext.getStorageResourceLoginUserName())) {
                JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
                dataMovementProtocol = processContext.getDataMovementProtocol();
                if (dataMovementProtocol == DataMovementProtocol.SCP) {
                    remoteCluster = new HPCRemoteCluster(processContext.getStorageResourceServerInfo(), jobManagerConfiguration, Factory.getStorageSSHKeyAuthentication(processContext));
                }
            }
        }
    }
    return remoteCluster;
}

Example 2 with SSHKeyAuthentication

use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.

the class Factory method getJobSubmissionRemoteCluster.

/**
 * Factory class manage reomete cluster map, this will solve too many connections/ sessions issues with cluster
 * communications.
 * @param processContext
 * @return
 * @throws GFacException
 * @throws AppCatalogException
 * @throws AiravataException
 */
public static RemoteCluster getJobSubmissionRemoteCluster(ProcessContext processContext) throws GFacException, AppCatalogException, AiravataException, CredentialStoreException {
    String computeResourceId = processContext.getComputeResourceId();
    JobSubmissionProtocol jobSubmissionProtocol = processContext.getJobSubmissionProtocol();
    String key = new StringBuilder(processContext.getComputeResourceLoginUserName()).append(':').append(jobSubmissionProtocol.name()).append(':').append(computeResourceId).append(':').append(processContext.getComputeResourceCredentialToken()).toString();
    RemoteCluster remoteCluster = remoteClusterMap.get(key);
    if (remoteCluster == null) {
        JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
        if (jobSubmissionProtocol == JobSubmissionProtocol.LOCAL || jobSubmissionProtocol == JobSubmissionProtocol.LOCAL_FORK) {
            remoteCluster = new LocalRemoteCluster(processContext.getComputeResourceServerInfo(), jobManagerConfiguration, null);
        } else if (jobSubmissionProtocol == JobSubmissionProtocol.SSH || jobSubmissionProtocol == JobSubmissionProtocol.SSH_FORK || jobSubmissionProtocol == JobSubmissionProtocol.CLOUD) {
            remoteCluster = new HPCRemoteCluster(processContext.getComputeResourceServerInfo(), jobManagerConfiguration, Factory.getComputerResourceSSHKeyAuthentication(processContext));
        } else {
            throw new GFacException("No remote cluster implementation map to job submission protocol " + jobSubmissionProtocol.name());
        }
        remoteClusterMap.put(key, remoteCluster);
    } else {
        AuthenticationInfo authentication = remoteCluster.getAuthentication();
        if (authentication instanceof SSHKeyAuthentication) {
            SSHKeyAuthentication sshKeyAuthentication = (SSHKeyAuthentication) authentication;
            if (!sshKeyAuthentication.getUserName().equals(processContext.getComputeResourceLoginUserName())) {
                JobManagerConfiguration jobManagerConfiguration = getJobManagerConfiguration(processContext.getResourceJobManager());
                if (jobSubmissionProtocol == JobSubmissionProtocol.SSH || jobSubmissionProtocol == JobSubmissionProtocol.SSH_FORK) {
                    remoteCluster = new HPCRemoteCluster(processContext.getComputeResourceServerInfo(), jobManagerConfiguration, Factory.getComputerResourceSSHKeyAuthentication(processContext));
                }
            }
        }
    }
    return remoteCluster;
}

Example 3 with SSHKeyAuthentication

use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.

the class Factory method getSshKeyAuthentication.

private static SSHKeyAuthentication getSshKeyAuthentication(String gatewayId, String loginUserName, String credentialStoreToken) throws ApplicationSettingsException, IllegalAccessException, InstantiationException, CredentialStoreException, GFacException {
    SSHKeyAuthentication sshKA;
    CredentialReader credentialReader = GFacUtils.getCredentialReader();
    Credential credential = credentialReader.getCredential(gatewayId, credentialStoreToken);
    if (credential instanceof SSHCredential) {
        sshKA = new SSHKeyAuthentication();
        sshKA.setUserName(loginUserName);
        SSHCredential sshCredential = (SSHCredential) credential;
        sshKA.setPublicKey(sshCredential.getPublicKey());
        sshKA.setPrivateKey(sshCredential.getPrivateKey());
        sshKA.setPassphrase(sshCredential.getPassphrase());
        sshKA.setStrictHostKeyChecking("no");
        /*            sshKA.setStrictHostKeyChecking(ServerSettings.getSetting("ssh.strict.hostKey.checking", "no"));
            sshKA.setKnownHostsFilePath(ServerSettings.getSetting("ssh.known.hosts.file", null));
            if (sshKA.getStrictHostKeyChecking().equals("yes") && sshKA.getKnownHostsFilePath() == null) {
                throw new ApplicationSettingsException("If ssh strict hostkey checking property is set to yes, you must " +
                        "provide known host file path");
            }*/
        return sshKA;
    } else {
        String msg = "Provided credential store token is not valid. Please provide the correct credential store token";
        log.error(msg);
        throw new CredentialStoreException("Invalid credential store token:" + credentialStoreToken);
    }
}

Example 4 with SSHKeyAuthentication

use of org.apache.airavata.gfac.core.authentication.SSHKeyAuthentication in project airavata by apache.

the class Factory method getSSHSession.

public static synchronized Session getSSHSession(AuthenticationInfo authenticationInfo, ServerInfo serverInfo) throws GFacException {
    if (authenticationInfo == null || serverInfo == null) {
        throw new IllegalArgumentException("Can't create ssh session, argument should be valid (not null)");
    }
    SSHKeyAuthentication authentication;
    if (authenticationInfo instanceof SSHKeyAuthentication) {
        authentication = (SSHKeyAuthentication) authenticationInfo;
    } else {
        throw new GFacException("Support ssh key authentication only");
    }
    String key = buildKey(serverInfo);
    Session session = sessionCache.getIfPresent(key);
    boolean valid = isValidSession(session);
    // FIXME - move following info logs to debug
    if (valid) {
        log.info("SSH Session validation succeeded, key :" + key);
        valid = testChannelCreation(session);
        if (valid) {
            log.info("Channel creation test succeeded, key :" + key);
        } else {
            log.info("Channel creation test failed, key :" + key);
        }
    } else {
        log.info("Session validation failed, key :" + key);
    }
    if (!valid) {
        if (session != null) {
            log.info("Reinitialize a new SSH session for :" + key);
        } else {
            log.info("Initialize a new SSH session for :" + key);
        }
        try {
            JSch jSch = new JSch();
            jSch.addIdentity(UUID.randomUUID().toString(), authentication.getPrivateKey(), authentication.getPublicKey(), authentication.getPassphrase().getBytes());
            session = jSch.getSession(serverInfo.getUserName(), serverInfo.getHost(), serverInfo.getPort());
            session.setUserInfo(new DefaultUserInfo(serverInfo.getUserName(), null, authentication.getPassphrase()));
            if (authentication.getStrictHostKeyChecking().equals("yes")) {
                jSch.setKnownHosts(authentication.getKnownHostsFilePath());
            } else {
                session.setConfig("StrictHostKeyChecking", "no");
            }
            // 0 connection timeout
            session.connect();
            sessionCache.put(key, session);
        } catch (JSchException e) {
            throw new GFacException("JSch initialization error ", e);
        }
    } else {
        // FIXME - move following info log to debug
        log.info("Reuse SSH session for :" + key);
    }
    return session;
}