This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new f75a194c095 Persist IP addresses related to VM access via CPVM (#9534)
f75a194c095 is described below
commit f75a194c0957187ef4623881d65413e92056735f
Author: Bernardo De Marco Gonçalves <bernardomg2...@gmail.com>
AuthorDate: Tue Dec 10 07:43:17 2024 -0300
Persist IP addresses related to VM access via CPVM (#9534)
---
.../consoleproxy/ConsoleProxyResource.java | 5 +-
.../consoleproxy/ConsoleAccessManager.java | 2 +-
.../api/ConsoleAccessAuthenticationCommand.java | 12 +++-
.../com/cloud/upgrade/DatabaseUpgradeChecker.java | 2 +
.../com/cloud/upgrade/dao/Upgrade42010to42100.java | 83 ++++++++++++++++++++++
.../main/java/com/cloud/vm/ConsoleSessionVO.java | 22 ++++++
.../java/com/cloud/vm/dao/ConsoleSessionDao.java | 2 +-
.../com/cloud/vm/dao/ConsoleSessionDaoImpl.java | 3 +-
.../META-INF/db/schema-42010to42100-cleanup.sql | 20 ++++++
.../resources/META-INF/db/schema-42010to42100.sql | 26 +++++++
.../java/com/cloud/consoleproxy/AgentHookBase.java | 3 +-
.../consoleproxy/ConsoleAccessManagerImpl.java | 9 +--
.../java/com/cloud/consoleproxy/ConsoleProxy.java | 5 +-
13 files changed, 179 insertions(+), 15 deletions(-)
diff --git
a/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
b/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
index ccd0d976e58..26f9d4b3d73 100644
---
a/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
+++
b/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
@@ -397,9 +397,8 @@ public class ConsoleProxyResource extends
ServerResourceBase implements ServerRe
}
public String authenticateConsoleAccess(String host, String port, String
vmId, String sid, String ticket,
- Boolean isReauthentication, String
sessionToken) {
-
- ConsoleAccessAuthenticationCommand cmd = new
ConsoleAccessAuthenticationCommand(host, port, vmId, sid, ticket, sessionToken);
+ Boolean isReauthentication, String
sessionToken, String clientAddress) {
+ ConsoleAccessAuthenticationCommand cmd = new
ConsoleAccessAuthenticationCommand(host, port, vmId, sid, ticket, sessionToken,
clientAddress);
cmd.setReauthenticating(isReauthentication);
ConsoleProxyAuthenticationResult result = new
ConsoleProxyAuthenticationResult();
diff --git
a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
index 5bd9699b201..23b571e7fae 100644
---
a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
+++
b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
@@ -44,7 +44,7 @@ public interface ConsoleAccessManager extends Manager,
Configurable {
void removeSessions(String[] sessionUuids);
- void acquireSession(String sessionUuid);
+ void acquireSession(String sessionUuid, String clientAddress);
String genAccessTicket(String host, String port, String sid, String tag,
String sessionUuid);
String genAccessTicket(String host, String port, String sid, String tag,
Date normalizedHashTime, String sessionUuid);
diff --git
a/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java
b/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java
index 683d4afd5b2..ac6f15ec4c3 100644
---
a/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java
+++
b/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java
@@ -27,6 +27,7 @@ public class ConsoleAccessAuthenticationCommand extends
AgentControlCommand {
private String _sid;
private String _ticket;
private String sessionUuid;
+ private String clientAddress;
private boolean _isReauthenticating;
@@ -35,13 +36,14 @@ public class ConsoleAccessAuthenticationCommand extends
AgentControlCommand {
}
public ConsoleAccessAuthenticationCommand(String host, String port, String
vmId, String sid, String ticket,
- String sessiontkn) {
+ String sessiontkn, String
clientAddress) {
_host = host;
_port = port;
_vmId = vmId;
_sid = sid;
_ticket = ticket;
sessionUuid = sessiontkn;
+ this.clientAddress = clientAddress;
}
public String getHost() {
@@ -79,4 +81,12 @@ public class ConsoleAccessAuthenticationCommand extends
AgentControlCommand {
public void setSessionUuid(String sessionUuid) {
this.sessionUuid = sessionUuid;
}
+
+ public String getClientAddress() {
+ return clientAddress;
+ }
+
+ public void setClientAddress(String clientAddress) {
+ this.clientAddress = clientAddress;
+ }
}
diff --git
a/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
b/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
index abf86043937..1e3b3a7e5ec 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
@@ -89,6 +89,7 @@ import com.cloud.upgrade.dao.Upgrade41810to41900;
import com.cloud.upgrade.dao.Upgrade41900to41910;
import com.cloud.upgrade.dao.Upgrade41910to42000;
import com.cloud.upgrade.dao.Upgrade42000to42010;
+import com.cloud.upgrade.dao.Upgrade42010to42100;
import com.cloud.upgrade.dao.Upgrade420to421;
import com.cloud.upgrade.dao.Upgrade421to430;
import com.cloud.upgrade.dao.Upgrade430to440;
@@ -232,6 +233,7 @@ public class DatabaseUpgradeChecker implements
SystemIntegrityChecker {
.next("4.19.0.0", new Upgrade41900to41910())
.next("4.19.1.0", new Upgrade41910to42000())
.next("4.20.0.0", new Upgrade42000to42010())
+ .next("4.20.1.0", new Upgrade42010to42100())
.build();
}
diff --git
a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
new file mode 100644
index 00000000000..06a68ec3d8b
--- /dev/null
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
@@ -0,0 +1,83 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.upgrade.dao;
+
+import com.cloud.upgrade.SystemVmTemplateRegistration;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+import java.io.InputStream;
+import java.sql.Connection;
+
+public class Upgrade42010to42100 extends DbUpgradeAbstractImpl implements
DbUpgrade, DbUpgradeSystemVmTemplate {
+ private SystemVmTemplateRegistration systemVmTemplateRegistration;
+
+ @Override
+ public String[] getUpgradableVersionRange() {
+ return new String[] {"4.20.1.0", "4.21.0.0"};
+ }
+
+ @Override
+ public String getUpgradedVersion() {
+ return "4.21.0.0";
+ }
+
+ @Override
+ public boolean supportsRollingUpgrade() {
+ return false;
+ }
+
+ @Override
+ public InputStream[] getPrepareScripts() {
+ final String scriptFile = "META-INF/db/schema-42010to42100.sql";
+ final InputStream script =
Thread.currentThread().getContextClassLoader().getResourceAsStream(scriptFile);
+ if (script == null) {
+ throw new CloudRuntimeException("Unable to find " + scriptFile);
+ }
+
+ return new InputStream[] {script};
+ }
+
+ @Override
+ public void performDataMigration(Connection conn) {
+ }
+
+ @Override
+ public InputStream[] getCleanupScripts() {
+ final String scriptFile =
"META-INF/db/schema-42010to42100-cleanup.sql";
+ final InputStream script =
Thread.currentThread().getContextClassLoader().getResourceAsStream(scriptFile);
+ if (script == null) {
+ throw new CloudRuntimeException("Unable to find " + scriptFile);
+ }
+
+ return new InputStream[] {script};
+ }
+
+ private void initSystemVmTemplateRegistration() {
+ systemVmTemplateRegistration = new SystemVmTemplateRegistration("");
+ }
+
+ @Override
+ public void updateSystemVmTemplates(Connection conn) {
+ logger.debug("Updating System Vm template IDs");
+ initSystemVmTemplateRegistration();
+ try {
+ systemVmTemplateRegistration.updateSystemVmTemplates(conn);
+ } catch (Exception e) {
+ throw new CloudRuntimeException("Failed to find / register
SystemVM template(s)");
+ }
+ }
+}
diff --git a/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java
b/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java
index 81a11241e4b..ef777be2de9 100644
--- a/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java
+++ b/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java
@@ -64,6 +64,12 @@ public class ConsoleSessionVO {
@Column(name = "removed")
private Date removed;
+ @Column(name = "console_endpoint_creator_address")
+ private String consoleEndpointCreatorAddress;
+
+ @Column(name = "client_address")
+ private String clientAddress;
+
public long getId() {
return id;
}
@@ -135,4 +141,20 @@ public class ConsoleSessionVO {
public void setAcquired(Date acquired) {
this.acquired = acquired;
}
+
+ public String getConsoleEndpointCreatorAddress() {
+ return consoleEndpointCreatorAddress;
+ }
+
+ public void setConsoleEndpointCreatorAddress(String
consoleEndpointCreatorAddress) {
+ this.consoleEndpointCreatorAddress = consoleEndpointCreatorAddress;
+ }
+
+ public String getClientAddress() {
+ return clientAddress;
+ }
+
+ public void setClientAddress(String clientAddress) {
+ this.clientAddress = clientAddress;
+ }
}
diff --git
a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java
b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java
index 79158dd13b2..95ced889b3d 100644
--- a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java
+++ b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java
@@ -33,7 +33,7 @@ public interface ConsoleSessionDao extends
GenericDao<ConsoleSessionVO, Long> {
int expungeSessionsOlderThanDate(Date date);
- void acquireSession(String sessionUuid);
+ void acquireSession(String sessionUuid, String clientAddress);
int expungeByVmList(List<Long> vmIds, Long batchSize);
}
diff --git
a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java
b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java
index 48709674451..3d117894670 100644
--- a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java
+++ b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java
@@ -62,9 +62,10 @@ public class ConsoleSessionDaoImpl extends
GenericDaoBase<ConsoleSessionVO, Long
}
@Override
- public void acquireSession(String sessionUuid) {
+ public void acquireSession(String sessionUuid, String clientAddress) {
ConsoleSessionVO consoleSessionVO = findByUuid(sessionUuid);
consoleSessionVO.setAcquired(new Date());
+ consoleSessionVO.setClientAddress(clientAddress);
update(consoleSessionVO.getId(), consoleSessionVO);
}
diff --git
a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100-cleanup.sql
b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100-cleanup.sql
new file mode 100644
index 00000000000..5f257f2965b
--- /dev/null
+++
b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100-cleanup.sql
@@ -0,0 +1,20 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+--;
+-- Schema upgrade cleanup from 4.20.1.0 to 4.21.0.0
+--;
diff --git
a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
new file mode 100644
index 00000000000..91223bab798
--- /dev/null
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -0,0 +1,26 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+--;
+-- Schema upgrade from 4.20.1.0 to 4.21.0.0
+--;
+
+-- Add console_endpoint_creator_address column to cloud.console_session table
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.console_session',
'console_endpoint_creator_address', 'VARCHAR(45)');
+
+-- Add client_address column to cloud.console_session table
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.console_session',
'client_address', 'VARCHAR(45)');
diff --git a/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
b/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
index 4ba0d7fe89a..93cf1e3f689 100644
--- a/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
@@ -89,6 +89,7 @@ public abstract class AgentHookBase implements AgentHook {
String ticketInUrl = cmd.getTicket();
String sessionUuid = cmd.getSessionUuid();
+ String clientAddress = cmd.getClientAddress();
if (ticketInUrl == null) {
logger.error("Access ticket could not be found, you could be
running an old version of console proxy. vmId: " + cmd.getVmId());
@@ -111,7 +112,7 @@ public abstract class AgentHookBase implements AgentHook {
}
logger.debug(String.format("Acquiring session [%s] as it was just
used.", sessionUuid));
- consoleAccessManager.acquireSession(sessionUuid);
+ consoleAccessManager.acquireSession(sessionUuid, clientAddress);
if (!ticket.equals(ticketInUrl)) {
Date now = new Date();
diff --git
a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
index 124ca05cc37..0116069036e 100644
---
a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
+++
b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
@@ -248,8 +248,8 @@ public class ConsoleAccessManagerImpl extends ManagerBase
implements ConsoleAcce
}
@Override
- public void acquireSession(String sessionUuid) {
- consoleSessionDao.acquireSession(sessionUuid);
+ public void acquireSession(String sessionUuid, String clientAddress) {
+ consoleSessionDao.acquireSession(sessionUuid, clientAddress);
}
protected boolean checkSessionPermission(VirtualMachine vm, Account
account) {
@@ -389,7 +389,7 @@ public class ConsoleAccessManagerImpl extends ManagerBase
implements ConsoleAcce
String url = generateConsoleAccessUrl(rootUrl, param, token, vncPort,
vm, hostVo, details);
logger.debug("Adding allowed session: " + sessionUuid);
- persistConsoleSession(sessionUuid, vm.getId(), hostVo.getId());
+ persistConsoleSession(sessionUuid, vm.getId(), hostVo.getId(), addr);
managementServer.setConsoleAccessForVm(vm.getId(), sessionUuid);
ConsoleEndpoint consoleEndpoint = new ConsoleEndpoint(true, url);
@@ -403,13 +403,14 @@ public class ConsoleAccessManagerImpl extends ManagerBase
implements ConsoleAcce
return consoleEndpoint;
}
- protected void persistConsoleSession(String sessionUuid, long instanceId,
long hostId) {
+ protected void persistConsoleSession(String sessionUuid, long instanceId,
long hostId, String consoleEndpointCreatorAddress) {
ConsoleSessionVO consoleSessionVo = new ConsoleSessionVO();
consoleSessionVo.setUuid(sessionUuid);
consoleSessionVo.setAccountId(CallContext.current().getCallingAccountId());
consoleSessionVo.setUserId(CallContext.current().getCallingUserId());
consoleSessionVo.setInstanceId(instanceId);
consoleSessionVo.setHostId(hostId);
+
consoleSessionVo.setConsoleEndpointCreatorAddress(consoleEndpointCreatorAddress);
consoleSessionDao.persist(consoleSessionVo);
}
diff --git
a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java
b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java
index 22922f43f93..cf59129459d 100644
---
a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java
+++
b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java
@@ -183,7 +183,6 @@ public class ConsoleProxy {
}
public static ConsoleProxyAuthenticationResult
authenticateConsoleAccess(ConsoleProxyClientParam param, boolean
reauthentication) {
-
ConsoleProxyAuthenticationResult authResult = new
ConsoleProxyAuthenticationResult();
authResult.setSuccess(true);
authResult.setReauthentication(reauthentication);
@@ -227,7 +226,7 @@ public class ConsoleProxy {
try {
result =
authMethod.invoke(ConsoleProxy.context,
param.getClientHostAddress(), String.valueOf(param.getClientHostPort()),
param.getClientTag(),
- param.getClientHostPassword(),
param.getTicket(), reauthentication, param.getSessionUuid());
+ param.getClientHostPassword(),
param.getTicket(), reauthentication, param.getSessionUuid(),
param.getClientIp());
} catch (IllegalAccessException e) {
LOGGER.error("Unable to invoke authenticateConsoleAccess due
to IllegalAccessException" + " for vm: " + param.getClientTag(), e);
authResult.setSuccess(false);
@@ -301,7 +300,7 @@ public class ConsoleProxy {
final ClassLoader loader =
Thread.currentThread().getContextClassLoader();
Class<?> contextClazz =
loader.loadClass("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource");
authMethod =
contextClazz.getDeclaredMethod("authenticateConsoleAccess", String.class,
String.class,
- String.class, String.class, String.class, Boolean.class,
String.class);
+ String.class, String.class, String.class, Boolean.class,
String.class, String.class);
reportMethod = contextClazz.getDeclaredMethod("reportLoadInfo",
String.class);
ensureRouteMethod = contextClazz.getDeclaredMethod("ensureRoute",
String.class);
} catch (SecurityException e) {
