agent: enable ssl only for kvm agent (not in system vms) (#6371) (#151)

* agent: enable ssl only for kvm agent (not in system vms) * Revert "agent: enable ssl only for kvm agent (not in system vms)" This reverts commit b2d76bad2e. * Revert "KVM: Enable SSL if keystore exists (#6200)" This reverts commit 4525f8c8e7. * KVM: Enable SSL if keystore exists in LibvirtComputingResource.java Co-authored-by: Wei Zhou <weizhou@apache.org>
2022-05-19 00:03:50 -03:00 · 2022-05-19 00:03:50 -03:00 · c39cf4cbde
parent 07abb808b1
commit c39cf4cbde
2 changed files with 19 additions and 24 deletions
--- a/agent/src/main/java/com/cloud/agent/AgentShell.java
+++ b/agent/src/main/java/com/cloud/agent/AgentShell.java
@ -28,8 +28,6 @@ import com.cloud.utils.backoff.BackoffAlgorithm;
 import com.cloud.utils.backoff.impl.ConstantTimeBackoff;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.google.common.base.Strings;
-import org.apache.cloudstack.utils.security.KeyStoreUtils;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.daemon.Daemon;
 import org.apache.commons.daemon.DaemonContext;
 import org.apache.commons.daemon.DaemonInitException;
@ -376,7 +374,6 @@ public class AgentShell implements IAgentShell, Daemon {

        loadProperties();
        parseCommand(args);
-        enableSSL();

        if (s_logger.isDebugEnabled()) {
            List<String> properties = Collections.list((Enumeration<String>)_properties.propertyNames());
@ -400,27 +397,6 @@ public class AgentShell implements IAgentShell, Daemon {
        _backoff.configure("ConstantTimeBackoff", new HashMap<String, Object>());
    }

-    private void enableSSL() {
-        final File agentFile = PropertiesUtil.findConfigFile("agent.properties");
-        if (agentFile == null) {
-            s_logger.info("Failed to find agent.properties file");
-            return;
-        }
-        String keystorePass = getProperty(null, "keystore.passphrase");
-        if (StringUtils.isBlank(keystorePass)) {
-            s_logger.info("Failed to find passphrase for keystore: " + KeyStoreUtils.KS_FILENAME);
-            return;
-        }
-        final String keyStoreFile = agentFile.getParent() + "/" + KeyStoreUtils.KS_FILENAME;
-        File f = new File(keyStoreFile);
-        if (f.exists() && !f.isDirectory()) {
-            System.setProperty("javax.net.ssl.trustStore", keyStoreFile);
-            System.setProperty("javax.net.ssl.trustStorePassword", keystorePass);
-        } else {
-            s_logger.info("Failed to find keystore file: " + keyStoreFile);
-        }
-    }
-
    private void launchAgent() throws ConfigurationException {
        String resourceClassNames = getProperty(null, "resource");
        s_logger.trace("resource=" + resourceClassNames);
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
@ -1009,6 +1009,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
            _localStoragePath = "/var/lib/libvirt/images/";
        }

+        enableSSLForKvmAgent(params);
+
        /* Directory to use for Qemu sockets like for the Qemu Guest Agent */
        _qemuSocketsPath = new File("/var/lib/libvirt/qemu");
        String _qemuSocketsPathVar = (String)params.get("qemu.sockets.path");
@ -1291,6 +1293,23 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
        return true;
    }

+    private void enableSSLForKvmAgent(final Map<String, Object> params) {
+        final File keyStoreFile = PropertiesUtil.findConfigFile(KeyStoreUtils.KS_FILENAME);
+        if (keyStoreFile == null) {
+            s_logger.info("Failed to find keystore file: " + KeyStoreUtils.KS_FILENAME);
+            return;
+        }
+        String keystorePass = (String)params.get(KeyStoreUtils.KS_PASSPHRASE_PROPERTY);
+        if (StringUtils.isBlank(keystorePass)) {
+            s_logger.info("Failed to find passphrase for keystore: " + KeyStoreUtils.KS_FILENAME);
+            return;
+        }
+        if (keyStoreFile.exists() && !keyStoreFile.isDirectory()) {
+            System.setProperty("javax.net.ssl.trustStore", keyStoreFile.getAbsolutePath());
+            System.setProperty("javax.net.ssl.trustStorePassword", keystorePass);
+        }
+    }
+
    public boolean configureHostParams(final Map<String, String> params) {
        final File file = PropertiesUtil.findConfigFile("agent.properties");
        if (file == null) {