mirror of https://github.com/apache/cloudstack.git
Compare commits
11 Commits
0e5f34b606
...
2c9607af3a
| Author | SHA1 | Date |
|---|---|---|
Edward-x
|
2c9607af3a | |
Wei Zhou
|
b5e9178078 | |
|
YoulongChen
|
45a66f0f5c | |
|
YoulongChen
|
2468400bf8 | |
chenyoulong20g@ict.ac.cn
|
a617571ba9 | |
|
chenyoulong20g@ict.ac.cn
|
64a6547cf3 | |
|
chenyoulong20g@ict.ac.cn
|
30fed1ae93 | |
|
chenyoulong20g@ict.ac.cn
|
d15379b729 | |
|
YoulongChen
|
7dc5b2b0d5 | |
|
YoulongChen
|
f9a05f51a4 | |
|
chenyoulong20g@ict.ac.cn
|
5bae18270e |
|
|
@ -37,7 +37,8 @@ public final class LibvirtUpdateHostPasswordCommandWrapper extends CommandWrappe
|
|||
final String newPassword = command.getNewPassword();
|
||||
|
||||
final Script script = libvirtUtilitiesHelper.buildScript(libvirtComputingResource.getUpdateHostPasswdPath());
|
||||
script.add(username, newPassword);
|
||||
script.add(username);
|
||||
script.addSensitive(newPassword);
|
||||
final String result = script.execute();
|
||||
|
||||
if (result != null) {
|
||||
|
|
|
|||
|
|
@ -45,9 +45,10 @@ public final class CitrixUpdateHostPasswordCommandWrapper extends CommandWrapper
|
|||
|
||||
Pair<Boolean, String> result;
|
||||
try {
|
||||
logger.debug("Executing command in Host: " + cmdLine);
|
||||
logger.debug("Executing command in Host: " + xenServerUtilitiesHelper.buildCommandLine(SCRIPT_CMD_PATH,
|
||||
VRScripts.UPDATE_HOST_PASSWD, username, "******"));
|
||||
final String hostPassword = citrixResourceBase.getPwdFromQueue();
|
||||
result = xenServerUtilitiesHelper.executeSshWrapper(hostIp, 22, username, null, hostPassword, cmdLine.toString());
|
||||
result = xenServerUtilitiesHelper.executeSshWrapper(hostIp, 22, username, null, hostPassword, cmdLine);
|
||||
} catch (final Exception e) {
|
||||
return new Answer(command, false, e.getMessage());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2527,7 +2527,7 @@
|
|||
"label.vnf.app.action.reinstall": "Reinstall VNF Appliance",
|
||||
"label.vnf.cidr.list": "CIDR from which access to the VNF appliance's Management interface should be allowed from",
|
||||
"label.vnf.cidr.list.tooltip": "the CIDR list to forward traffic from to the VNF management interface. Multiple entries must be separated by a single comma character (,). The default value is 0.0.0.0/0.",
|
||||
"label.vnf.configure.management": "Configure Firewall and Port Forwarding rules for VNF's management interfaces",
|
||||
"label.vnf.configure.management": "Configure network rules for VNF's management interfaces",
|
||||
"label.vnf.configure.management.tooltip": "True by default, security group or network rules (source nat and firewall rules) will be configured for VNF management interfaces. False otherwise. Learn what rules are configured at http://docs.cloudstack.apache.org/en/latest/adminguide/networking/vnf_templates_appliances.html#deploying-vnf-appliances",
|
||||
"label.vnf.detail.add": "Add VNF detail",
|
||||
"label.vnf.detail.remove": "Remove VNF detail",
|
||||
|
|
|
|||
|
|
@ -356,7 +356,10 @@ export default {
|
|||
permission: ['listVnfAppliances'],
|
||||
resourceType: 'UserVm',
|
||||
params: () => {
|
||||
return { details: 'servoff,tmpl,nics', isvnf: true }
|
||||
return {
|
||||
details: 'group,nics,secgrp,tmpl,servoff,diskoff,iso,volume,affgrp,backoff,vnfnics',
|
||||
isvnf: true
|
||||
}
|
||||
},
|
||||
columns: () => {
|
||||
const fields = ['name', 'state', 'ipaddress']
|
||||
|
|
|
|||
|
|
@ -1305,7 +1305,7 @@ export default {
|
|||
for (const deviceId of managementDeviceIds) {
|
||||
if (this.vnfNicNetworks && this.vnfNicNetworks[deviceId] &&
|
||||
((this.vnfNicNetworks[deviceId].type === 'Isolated' && this.vnfNicNetworks[deviceId].vpcid === undefined) ||
|
||||
(this.vnfNicNetworks[deviceId].type === 'Shared' && this.zone.securitygroupsenabled))) {
|
||||
(this.vnfNicNetworks[deviceId].type === 'Shared' && this.vnfNicNetworks[deviceId].service.filter(svc => svc.name === 'SecurityGroupProvider')))) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ export default {
|
|||
methods: {
|
||||
fetchData () {
|
||||
var params = {
|
||||
details: 'servoff,tmpl,nics',
|
||||
details: 'group,nics,secgrp,tmpl,servoff,diskoff,iso,volume,affgrp,backoff,vnfnics',
|
||||
isVnf: true,
|
||||
listAll: true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,8 +30,10 @@ import java.net.URISyntaxException;
|
|||
import java.net.URL;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.Callable;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import java.util.concurrent.Executors;
|
||||
|
|
@ -42,7 +44,6 @@ import java.util.concurrent.TimeUnit;
|
|||
import java.util.concurrent.TimeoutException;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.apache.cloudstack.utils.security.KeyStoreUtils;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
|
|
@ -64,8 +65,8 @@ public class Script implements Callable<String> {
|
|||
private static final int DEFAULT_TIMEOUT = 3600 * 1000; /* 1 hour */
|
||||
private volatile boolean _isTimeOut = false;
|
||||
|
||||
private boolean _passwordCommand = false;
|
||||
private boolean avoidLoggingCommand = false;
|
||||
private final Set<Integer> sensitiveArgIndices = new HashSet<>();
|
||||
|
||||
private static final ScheduledExecutorService s_executors = Executors.newScheduledThreadPool(10, new NamedThreadFactory("Script"));
|
||||
|
||||
|
|
@ -143,6 +144,11 @@ public class Script implements Callable<String> {
|
|||
_command.add(param);
|
||||
}
|
||||
|
||||
public void addSensitive(String param) {
|
||||
_command.add(param);
|
||||
sensitiveArgIndices.add(_command.size() - 1);
|
||||
}
|
||||
|
||||
public Script set(String name, String value) {
|
||||
_command.add(name);
|
||||
_command.add(value);
|
||||
|
|
@ -161,7 +167,7 @@ public class Script implements Callable<String> {
|
|||
if (sanitizeViCmdParameter(cmd, builder) || sanitizeRbdFileFormatCmdParameter(cmd, builder)) {
|
||||
continue;
|
||||
}
|
||||
if (obscureParam) {
|
||||
if (obscureParam || sensitiveArgIndices.contains(i)) {
|
||||
builder.append("******").append(" ");
|
||||
obscureParam = false;
|
||||
} else {
|
||||
|
|
@ -170,7 +176,6 @@ public class Script implements Callable<String> {
|
|||
|
||||
if ("-y".equals(cmd) || "-z".equals(cmd)) {
|
||||
obscureParam = true;
|
||||
_passwordCommand = true;
|
||||
}
|
||||
}
|
||||
return builder.toString();
|
||||
|
|
@ -238,8 +243,8 @@ public class Script implements Callable<String> {
|
|||
public String execute(OutputInterpreter interpreter) {
|
||||
String[] command = _command.toArray(new String[_command.size()]);
|
||||
String commandLine = buildCommandLine(command);
|
||||
if (_logger.isDebugEnabled() && !avoidLoggingCommand) {
|
||||
_logger.debug(String.format("Executing command [%s].", commandLine.split(KeyStoreUtils.KS_FILENAME)[0]));
|
||||
if (_logger.isDebugEnabled() ) {
|
||||
_logger.debug(String.format("Executing command [%s].", commandLine));
|
||||
}
|
||||
|
||||
try {
|
||||
|
|
@ -261,48 +266,62 @@ public class Script implements Callable<String> {
|
|||
_thread = Thread.currentThread();
|
||||
ScheduledFuture<String> future = null;
|
||||
if (_timeout > 0) {
|
||||
_logger.trace(String.format("Scheduling the execution of command [%s] with a timeout of [%s] milliseconds.", commandLine, _timeout));
|
||||
_logger.trace(String.format(
|
||||
"Scheduling the execution of command [%s] with a timeout of [%s] milliseconds.",
|
||||
commandLine, _timeout));
|
||||
future = s_executors.schedule(this, _timeout, TimeUnit.MILLISECONDS);
|
||||
}
|
||||
|
||||
long processPid = _process.pid();
|
||||
Task task = null;
|
||||
if (interpreter != null && interpreter.drain()) {
|
||||
_logger.trace(String.format("Executing interpreting task of process [%s] for command [%s].", processPid, commandLine));
|
||||
_logger.trace(String.format("Executing interpreting task of process [%s] for command [%s].",
|
||||
processPid, commandLine));
|
||||
task = new Task(interpreter, ir);
|
||||
s_executors.execute(task);
|
||||
}
|
||||
|
||||
while (true) {
|
||||
_logger.trace(String.format("Attempting process [%s] execution for command [%s] with timeout [%s].", processPid, commandLine, _timeout));
|
||||
_logger.trace(String.format("Attempting process [%s] execution for command [%s] with timeout [%s].",
|
||||
processPid, commandLine, _timeout));
|
||||
try {
|
||||
if (_process.waitFor(_timeout, TimeUnit.MILLISECONDS)) {
|
||||
_logger.trace(String.format("Process [%s] execution for command [%s] completed within timeout period [%s].", processPid, commandLine,
|
||||
_logger.trace(String.format(
|
||||
"Process [%s] execution for command [%s] completed within timeout period [%s].",
|
||||
processPid, commandLine,
|
||||
_timeout));
|
||||
if (_process.exitValue() == 0) {
|
||||
_logger.debug(String.format("Successfully executed process [%s] for command [%s].", processPid, commandLine));
|
||||
_logger.debug(String.format("Successfully executed process [%s] for command [%s].",
|
||||
processPid, commandLine));
|
||||
if (interpreter != null) {
|
||||
if (interpreter.drain()) {
|
||||
_logger.trace(String.format("Returning task result of process [%s] for command [%s].", processPid, commandLine));
|
||||
_logger.trace(
|
||||
String.format("Returning task result of process [%s] for command [%s].",
|
||||
processPid, commandLine));
|
||||
return task.getResult();
|
||||
}
|
||||
_logger.trace(String.format("Returning interpretation of process [%s] for command [%s].", processPid, commandLine));
|
||||
_logger.trace(
|
||||
String.format("Returning interpretation of process [%s] for command [%s].",
|
||||
processPid, commandLine));
|
||||
return interpreter.interpret(ir);
|
||||
} else {
|
||||
// null return exitValue apparently
|
||||
_logger.trace(String.format("Process [%s] for command [%s] exited with value [%s].", processPid, commandLine,
|
||||
_logger.trace(String.format("Process [%s] for command [%s] exited with value [%s].",
|
||||
processPid, commandLine,
|
||||
_process.exitValue()));
|
||||
return String.valueOf(_process.exitValue());
|
||||
}
|
||||
} else {
|
||||
_logger.warn(String.format("Execution of process [%s] for command [%s] failed.", processPid, commandLine));
|
||||
_logger.warn(String.format("Execution of process [%s] for command [%s] failed.",
|
||||
processPid, commandLine));
|
||||
break;
|
||||
}
|
||||
}
|
||||
} catch (InterruptedException e) {
|
||||
if (!_isTimeOut) {
|
||||
_logger.debug(String.format("Exception [%s] occurred; however, it was not a timeout. Therefore, proceeding with the execution of process [%s] for command "
|
||||
+ "[%s].", e.getMessage(), processPid, commandLine), e);
|
||||
_logger.debug(String.format(
|
||||
"Exception [%s] occurred; however, it was not a timeout. Therefore, proceeding with the execution of process [%s] for command [%s].",
|
||||
e.getMessage(), processPid, commandLine), e);
|
||||
continue;
|
||||
}
|
||||
} finally {
|
||||
|
|
@ -315,18 +334,17 @@ public class Script implements Callable<String> {
|
|||
TimedOutLogger log = new TimedOutLogger(_process);
|
||||
Task timedoutTask = new Task(log, ir);
|
||||
|
||||
_logger.trace(String.format("Running timed out task of process [%s] for command [%s].", processPid, commandLine));
|
||||
_logger.trace(String.format("Running timed out task of process [%s] for command [%s].", processPid,
|
||||
commandLine));
|
||||
timedoutTask.run();
|
||||
if (!_passwordCommand) {
|
||||
_logger.warn(String.format("Process [%s] for command [%s] timed out. Output is [%s].", processPid, commandLine, timedoutTask.getResult()));
|
||||
} else {
|
||||
_logger.warn(String.format("Process [%s] for command [%s] timed out.", processPid, commandLine));
|
||||
}
|
||||
_logger.warn(String.format("Process [%s] for command [%s] timed out. Output is [%s].", processPid,
|
||||
commandLine, timedoutTask.getResult()));
|
||||
|
||||
return ERR_TIMEOUT;
|
||||
}
|
||||
|
||||
_logger.debug(String.format("Exit value of process [%s] for command [%s] is [%s].", processPid, commandLine, _process.exitValue()));
|
||||
_logger.debug(String.format("Exit value of process [%s] for command [%s] is [%s].", processPid,
|
||||
commandLine, _process.exitValue()));
|
||||
|
||||
BufferedReader reader = new BufferedReader(new InputStreamReader(_process.getInputStream()), 128);
|
||||
|
||||
|
|
@ -337,19 +355,24 @@ public class Script implements Callable<String> {
|
|||
error = String.valueOf(_process.exitValue());
|
||||
}
|
||||
|
||||
_logger.warn(String.format("Process [%s] for command [%s] encountered the error: [%s].", processPid, commandLine, error));
|
||||
_logger.warn(String.format("Process [%s] for command [%s] encountered the error: [%s].", processPid,
|
||||
commandLine, error));
|
||||
|
||||
return error;
|
||||
} catch (SecurityException ex) {
|
||||
_logger.warn(String.format("Exception [%s] occurred. This may be due to an attempt of executing command [%s] as non root.", ex.getMessage(), commandLine),
|
||||
_logger.warn(String.format(
|
||||
"Exception [%s] occurred. This may be due to an attempt of executing command [%s] as non root.",
|
||||
ex.getMessage(), commandLine),
|
||||
ex);
|
||||
return stackTraceAsString(ex);
|
||||
} catch (Exception ex) {
|
||||
_logger.warn(String.format("Exception [%s] occurred when attempting to run command [%s].", ex.getMessage(), commandLine), ex);
|
||||
_logger.warn(String.format("Exception [%s] occurred when attempting to run command [%s].",
|
||||
ex.getMessage(), commandLine), ex);
|
||||
return stackTraceAsString(ex);
|
||||
} finally {
|
||||
if (_process != null) {
|
||||
_logger.trace(String.format("Destroying process [%s] for command [%s].", _process.pid(), commandLine));
|
||||
_logger.trace(
|
||||
String.format("Destroying process [%s] for command [%s].", _process.pid(), commandLine));
|
||||
IOUtils.closeQuietly(_process.getErrorStream());
|
||||
IOUtils.closeQuietly(_process.getOutputStream());
|
||||
IOUtils.closeQuietly(_process.getInputStream());
|
||||
|
|
@ -360,9 +383,10 @@ public class Script implements Callable<String> {
|
|||
|
||||
public String executeIgnoreExitValue(OutputInterpreter interpreter, int exitValue) {
|
||||
String[] command = _command.toArray(new String[_command.size()]);
|
||||
String commandLine = buildCommandLine(command);
|
||||
|
||||
if (_logger.isDebugEnabled()) {
|
||||
_logger.debug(String.format("Executing: %s", buildCommandLine(command).split(KeyStoreUtils.KS_FILENAME)[0]));
|
||||
_logger.debug(String.format("Executing: %s", commandLine));
|
||||
}
|
||||
|
||||
try {
|
||||
|
|
@ -373,7 +397,7 @@ public class Script implements Callable<String> {
|
|||
|
||||
_process = pb.start();
|
||||
if (_process == null) {
|
||||
_logger.warn(String.format("Unable to execute: %s", buildCommandLine(command)));
|
||||
_logger.warn(String.format("Unable to execute: %s", commandLine));
|
||||
return String.format("Unable to execute the command: %s", command[0]);
|
||||
}
|
||||
|
||||
|
|
@ -437,11 +461,8 @@ public class Script implements Callable<String> {
|
|||
Task timedoutTask = new Task(log, ir);
|
||||
|
||||
timedoutTask.run();
|
||||
if (!_passwordCommand) {
|
||||
_logger.warn(String.format("Timed out: %s. Output is: %s", buildCommandLine(command), timedoutTask.getResult()));
|
||||
} else {
|
||||
_logger.warn(String.format("Timed out: %s", buildCommandLine(command)));
|
||||
}
|
||||
_logger.warn(String.format("Timed out: %s. Output is: %s", commandLine,
|
||||
timedoutTask.getResult()));
|
||||
|
||||
return ERR_TIMEOUT;
|
||||
}
|
||||
|
|
@ -465,7 +486,7 @@ public class Script implements Callable<String> {
|
|||
_logger.warn("Security Exception....not running as root?", ex);
|
||||
return stackTraceAsString(ex);
|
||||
} catch (Exception ex) {
|
||||
_logger.warn(String.format("Exception: %s", buildCommandLine(command)), ex);
|
||||
_logger.warn(String.format("Exception: %s", commandLine), ex);
|
||||
return stackTraceAsString(ex);
|
||||
} finally {
|
||||
if (_process != null) {
|
||||
|
|
@ -514,9 +535,9 @@ public class Script implements Callable<String> {
|
|||
} catch (Exception ex) {
|
||||
result = stackTraceAsString(ex);
|
||||
} finally {
|
||||
done = true;
|
||||
notifyAll();
|
||||
IOUtils.closeQuietly(reader);
|
||||
done = true;
|
||||
notifyAll();
|
||||
IOUtils.closeQuietly(reader);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,4 +78,34 @@ public class ScriptTest {
|
|||
String result = Script.getExecutableAbsolutePath("ls");
|
||||
Assert.assertTrue(List.of("/usr/bin/ls", "/bin/ls").contains(result));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBuildCommandLineWithSensitiveData() {
|
||||
Script script = new Script("test.sh");
|
||||
script.add("normal-arg");
|
||||
script.addSensitive("sensitive-arg");
|
||||
String commandLine = script.toString();
|
||||
Assert.assertEquals("test.sh normal-arg ****** ", commandLine);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBuildCommandLineWithMultipleSensitiveData() {
|
||||
Script script = new Script("test.sh");
|
||||
script.add("normal-arg");
|
||||
script.addSensitive("sensitive-arg1");
|
||||
script.add("another-normal-arg");
|
||||
script.addSensitive("sensitive-arg2");
|
||||
String commandLine = script.toString();
|
||||
Assert.assertEquals("test.sh normal-arg ****** another-normal-arg ****** ", commandLine);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBuildCommandLineWithLegacyPasswordOption() {
|
||||
Script script = new Script("test.sh");
|
||||
script.add("-y");
|
||||
script.add("legacy-password");
|
||||
String commandLine = script.toString();
|
||||
Assert.assertEquals("test.sh -y ****** ", commandLine);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue