From 7ba345b6cda2874b99810dd438af9dd76829dd0f Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Mon, 4 Apr 2022 14:15:26 +0200 Subject: [PATCH 1/2] KVM: Enable SSL if keystore exists --- .../main/java/com/cloud/agent/AgentShell.java | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/agent/src/main/java/com/cloud/agent/AgentShell.java b/agent/src/main/java/com/cloud/agent/AgentShell.java index f5920a8e037b..80d99aeff2fd 100644 --- a/agent/src/main/java/com/cloud/agent/AgentShell.java +++ b/agent/src/main/java/com/cloud/agent/AgentShell.java @@ -27,6 +27,7 @@ import com.cloud.utils.backoff.BackoffAlgorithm; import com.cloud.utils.backoff.impl.ConstantTimeBackoff; import com.cloud.utils.exception.CloudRuntimeException; +import org.apache.cloudstack.utils.security.KeyStoreUtils; import org.apache.commons.daemon.Daemon; import org.apache.commons.daemon.DaemonContext; import org.apache.commons.daemon.DaemonInitException; @@ -374,6 +375,7 @@ public void init(String[] args) throws ConfigurationException { loadProperties(); parseCommand(args); + enableSSL(); if (s_logger.isDebugEnabled()) { List properties = Collections.list((Enumeration)_properties.propertyNames()); @@ -397,6 +399,24 @@ public void init(String[] args) throws ConfigurationException { _backoff.configure("ConstantTimeBackoff", new HashMap()); } + private void enableSSL() { + final File agentFile = PropertiesUtil.findConfigFile("agent.properties"); + if (agentFile == null) { + s_logger.info("Failed to find agent.properties file"); + return; + } + String keystorePass = getProperty(null, "keystore.passphrase"); + if (StringUtils.isBlank(keystorePass)) { + return; + } + final String keyStoreFile = agentFile.getParent() + "/" + KeyStoreUtils.KS_FILENAME; + File f = new File(keyStoreFile); + if (f.exists() && !f.isDirectory()) { + System.setProperty("javax.net.ssl.trustStore", keyStoreFile); + System.setProperty("javax.net.ssl.trustStorePassword", keystorePass); + } + } + private void launchAgent() throws ConfigurationException { String resourceClassNames = getProperty(null, "resource"); s_logger.trace("resource=" + resourceClassNames); From 29fada70b0b112d92274811c370ecf62c0bedfd7 Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Tue, 19 Apr 2022 16:28:27 +0200 Subject: [PATCH 2/2] Update #6200: add logs if no passphrase or no keystore --- agent/src/main/java/com/cloud/agent/AgentShell.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/agent/src/main/java/com/cloud/agent/AgentShell.java b/agent/src/main/java/com/cloud/agent/AgentShell.java index 80d99aeff2fd..b693ce1b2b3e 100644 --- a/agent/src/main/java/com/cloud/agent/AgentShell.java +++ b/agent/src/main/java/com/cloud/agent/AgentShell.java @@ -407,6 +407,7 @@ private void enableSSL() { } String keystorePass = getProperty(null, "keystore.passphrase"); if (StringUtils.isBlank(keystorePass)) { + s_logger.info("Failed to find passphrase for keystore: " + KeyStoreUtils.KS_FILENAME); return; } final String keyStoreFile = agentFile.getParent() + "/" + KeyStoreUtils.KS_FILENAME; @@ -414,6 +415,8 @@ private void enableSSL() { if (f.exists() && !f.isDirectory()) { System.setProperty("javax.net.ssl.trustStore", keyStoreFile); System.setProperty("javax.net.ssl.trustStorePassword", keystorePass); + } else { + s_logger.info("Failed to find keystore file: " + keyStoreFile); } }