Repository: cloudstack Updated Branches: refs/heads/volume-upload 317606859 -> 3da3d7418
volume upload: PSK exchange between managemnet server and SSVM generated a key during management server start and saved it in configurationt table Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3da3d741 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3da3d741 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3da3d741 Branch: refs/heads/volume-upload Commit: 3da3d7418e9095f52b7a38dedb29d74adfcb0690 Parents: 3176068 Author: Rajani Karuturi <rajanikarut...@gmail.com> Authored: Wed Nov 19 17:53:14 2014 +0530 Committer: Rajani Karuturi <rajanikarut...@gmail.com> Committed: Wed Nov 19 17:53:14 2014 +0530 ---------------------------------------------------------------------- server/src/com/cloud/configuration/Config.java | 4 ++- .../cloud/server/ConfigurationServerImpl.java | 34 +++++++++++++++----- 2 files changed, 29 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3da3d741/server/src/com/cloud/configuration/Config.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 435b0d8..4d6fb53 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -2059,7 +2059,9 @@ public enum Config { PublishAsynJobEvent("Advanced", ManagementServer.class, Boolean.class, "publish.async.job.events", "true", "enable or disable publishing of usage events on the event bus", null), // StatsCollector - StatsOutPutGraphiteHost("Advanced", ManagementServer.class, String.class, "stats.output.uri", "", "URI to additionally send StatsCollector statistics to", null); + StatsOutPutGraphiteHost("Advanced", ManagementServer.class, String.class, "stats.output.uri", "", "URI to additionally send StatsCollector statistics to", null), + + SSVMPSK("Hidden", ManagementServer.class, String.class, "upload.post.secret.key", "", "PSK with SSVM", null); private final String _category; private final Class<?> _componentClass; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3da3d741/server/src/com/cloud/server/ConfigurationServerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java index 7b0d898..0e48b26 100755 --- a/server/src/com/cloud/server/ConfigurationServerImpl.java +++ b/server/src/com/cloud/server/ConfigurationServerImpl.java @@ -303,6 +303,9 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio // store the public and private keys in the database updateKeyPairs(); + // generate a PSK to communicate with SSVM + updateSecondaryStorageVMSharedKey(); + // generate a random password for system vm updateSystemvmPassword(); @@ -962,19 +965,34 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio private void updateSSOKey() { try { - String encodedKey = null; - - // Algorithm for SSO Keys is SHA1, should this be configurable? - KeyGenerator generator = KeyGenerator.getInstance("HmacSHA1"); - SecretKey key = generator.generateKey(); - encodedKey = Base64.encodeBase64URLSafeString(key.getEncoded()); - - _configDao.update(Config.SSOKey.key(), Config.SSOKey.getCategory(), encodedKey); + _configDao.update(Config.SSOKey.key(), Config.SSOKey.getCategory(), getPrivateKey()); } catch (NoSuchAlgorithmException ex) { s_logger.error("error generating sso key", ex); } } + /** + * preshared key to be used by management server to communicate with SSVM during volume/template upload + */ + private void updateSecondaryStorageVMSharedKey() { + try { + _configDao.update(Config.SSVMPSK.key(), Config.SSVMPSK.getCategory(), getPrivateKey()); + } catch (NoSuchAlgorithmException ex) { + s_logger.error("error generating ssvm psk", ex); + } + } + + private String getPrivateKey() throws NoSuchAlgorithmException { + String encodedKey = null; + // Algorithm for generating Key is SHA1, should this be configurable? + KeyGenerator generator = KeyGenerator.getInstance("HmacSHA1"); + SecretKey key = generator.generateKey(); + encodedKey = Base64.encodeBase64URLSafeString(key.getEncoded()); + return encodedKey; + + } + + @DB protected HostPodVO createPod(long userId, String podName, final long zoneId, String gateway, String cidr, final String startIp, String endIp) throws InternalErrorException {
