Skip to content

Commit

Permalink
Merge "Enabling ssl based XMPP for dns and agent daemons"
Browse files Browse the repository at this point in the history
  • Loading branch information
@opencontrail-ci-admin
Zuul authored and opencontrail-ci-admin committed May 29, 2015
2 parents 3a231d7 + 7d8227b commit 77de9b8
Show file tree
Hide file tree
Showing 23 changed files with 317 additions and 85 deletions.
6 changes: 6 additions & 0 deletions src/bgp/test/bgp_xmpp_channel_test.cc
View file
Expand Up @@ -97,6 +97,12 @@ class XmppChannelMock : public XmppChannel {
virtual std::string LastFlap() const {
return "";
}
virtual std::string AuthType() const {
return "";
}
virtual std::string PeerAddress() const {
return "";
}
};

class BgpXmppChannelMock : public BgpXmppChannel {
Expand Down
20 changes: 11 additions & 9 deletions src/control-node/main.cc
View file
Expand Up @@ -82,20 +82,19 @@ static XmppServer *CreateXmppServer(EventManager *evm, Options *options,
xmpp_cfg->endpoint.port(options->xmpp_port());
xmpp_cfg->FromAddr = XmppInit::kControlNodeJID;
xmpp_cfg->auth_enabled = options->xmpp_auth_enabled();

XmppServer *xmpp_server;
if (xmpp_cfg->auth_enabled) {
xmpp_cfg->path_to_server_cert = options->xmpp_server_cert();
xmpp_cfg->path_to_pvt_key = options->xmpp_server_key();
// Create XmppServer
xmpp_server = new XmppServer(evm, options->hostname(), xmpp_cfg);
} else {
// Create XmppServer
xmpp_server = new XmppServer(evm, options->hostname());
}
xmpp_server->Initialize(options->xmpp_port(), true);

return (xmpp_server);
// Create XmppServer
XmppServer *xmpp_server;
xmpp_server = new XmppServer(evm, options->hostname(), xmpp_cfg);
if (!xmpp_server->Initialize(options->xmpp_port(), true)) {
return NULL;
} else {
return (xmpp_server);
}
}

static void WaitForIdle() {
Expand Down Expand Up @@ -500,6 +499,9 @@ int main(int argc, char *argv[]) {
//Create Xmpp Server
XmppChannelConfig xmpp_cfg(false);
XmppServer *xmpp_server = CreateXmppServer(&evm, &options, &xmpp_cfg);
if (xmpp_server == NULL) {
exit(1);
}

// Register XMPP channel peers
boost::scoped_ptr<BgpXmppChannelManager> bgp_peer_manager(
Expand Down
6 changes: 4 additions & 2 deletions src/control-node/options.cc
View file
Expand Up @@ -125,10 +125,12 @@ void Options::Initialize(EventManager &evm,
("DEFAULT.xmpp_auth_enable", opt::bool_switch(&xmpp_auth_enable_),
"Enable authentication over Xmpp")
("DEFAULT.xmpp_server_cert",
opt::value<string>()->default_value("/etc/contrail/ssl/certs/server.pem"),
opt::value<string>()->default_value(
"/etc/contrail/ssl/certs/control-node-cert.pem"),
"XMPP Server ssl certificate")
("DEFAULT.xmpp_server_key",
opt::value<string>()->default_value("/etc/contrail/ssl/private/server.key"),
opt::value<string>()->default_value(
"/etc/contrail/ssl/private/control-node-privkey.pem"),
"XMPP Server ssl private key")

("DISCOVERY.port", opt::value<uint16_t>()->default_value(
Expand Down
20 changes: 15 additions & 5 deletions src/dns/agent/agent_xmpp_init.cc
View file
Expand Up @@ -12,19 +12,29 @@

using namespace boost::asio;

bool DnsAgentXmppManager::Init() {
bool DnsAgentXmppManager::Init(bool xmpp_auth_enabled,
const std::string &xmpp_server_cert,
const std::string &xmpp_server_key) {
uint32_t port = Dns::GetXmppServerPort();
if (!port)
port = ContrailPorts::DnsXmpp();

XmppInit *init = new XmppInit();
XmppServer *server = new XmppServer(Dns::GetEventManager());
// XmppChannel Configuration
XmppChannelConfig xmpp_cfg(false);
xmpp_cfg.FromAddr = XmppInit::kDnsNodeJID;
xmpp_cfg.endpoint.port(port);
init->AddXmppChannelConfig(&xmpp_cfg);
if (!init->InitServer(server, port, false))
xmpp_cfg.auth_enabled = xmpp_auth_enabled;
if (xmpp_cfg.auth_enabled) {
xmpp_cfg.path_to_server_cert = xmpp_server_cert;
xmpp_cfg.path_to_pvt_key = xmpp_server_key;
}

// Create XmppServer
XmppServer *server = new XmppServer(Dns::GetEventManager(),
Dns::GetHostName(), &xmpp_cfg);
if (!server->Initialize(port, false)) {
return false;
}
Dns::SetXmppServer(server);

DnsAgentXmppChannelManager *agent_xmpp_mgr =
Expand Down
4 changes: 3 additions & 1 deletion src/dns/agent/agent_xmpp_init.h
View file
Expand Up @@ -7,7 +7,9 @@

class DnsAgentXmppManager {
public:
static bool Init();
static bool Init(bool xmpp_auth_enabled,
const std::string &xmpp_server_cert,
const std::string &xmpp_server_key);
static void Shutdown();
};

Expand Down
16 changes: 16 additions & 0 deletions src/dns/cmn/dns_options.cc
View file
Expand Up @@ -139,6 +139,18 @@ void Options::Initialize(EventManager &evm,
"IFMAP server URL")
("IFMAP.user", opt::value<string>()->default_value("dns_user"),
"IFMAP server username")


("DEFAULT.xmpp_auth_enable", opt::bool_switch(&xmpp_auth_enable_),
"Enable authentication over Xmpp")
("DEFAULT.xmpp_server_cert",
opt::value<string>()->default_value(
"/etc/contrail/ssl/certs/dns-cert.pem"),
"XMPP Server ssl certificate")
("DEFAULT.xmpp_server_key",
opt::value<string>()->default_value(
"/etc/contrail/ssl/private/dns-privkey.pem"),
"XMPP Server ssl private key")
;

config_file_options_.add(config);
Expand Down Expand Up @@ -255,4 +267,8 @@ void Options::Process(int argc, char *argv[],
GetOptValue<string>(var_map, ifmap_server_url_, "IFMAP.server_url");
GetOptValue<string>(var_map, ifmap_user_, "IFMAP.user");
GetOptValue<string>(var_map, ifmap_certs_store_, "IFMAP.certs_store");

GetOptValue<bool>(var_map, xmpp_auth_enable_, "DEFAULT.xmpp_auth_enable");
GetOptValue<string>(var_map, xmpp_server_cert_, "DEFAULT.xmpp_server_cert");
GetOptValue<string>(var_map, xmpp_server_key_, "DEFAULT.xmpp_server_key");
}
6 changes: 6 additions & 0 deletions src/dns/cmn/dns_options.h
View file
Expand Up @@ -40,6 +40,9 @@ class Options {
const std::string ifmap_password() const { return ifmap_password_; }
const std::string ifmap_user() const { return ifmap_user_; }
const std::string ifmap_certs_store() const { return ifmap_certs_store_; }
const bool xmpp_auth_enabled() const { return xmpp_auth_enable_; }
const std::string xmpp_server_cert() const { return xmpp_server_cert_; }
const std::string xmpp_server_key() const { return xmpp_server_key_; }
const bool test_mode() const { return test_mode_; }
const bool collectors_configured() const { return collectors_configured_; }

Expand Down Expand Up @@ -90,6 +93,9 @@ class Options {
std::string ifmap_password_;
std::string ifmap_user_;
std::string ifmap_certs_store_;
bool xmpp_auth_enable_;
std::string xmpp_server_cert_;
std::string xmpp_server_key_;
bool test_mode_;
bool collectors_configured_;
std::vector<std::string> default_collector_server_list_;
Expand Down
4 changes: 3 additions & 1 deletion src/dns/main.cc
View file
Expand Up @@ -164,7 +164,9 @@ int main(int argc, char *argv[]) {
DnsConfigParser parser(&config_db);
parser.Parse(FileRead(options.config_file()));

if (!DnsAgentXmppManager::Init()){
if (!DnsAgentXmppManager::Init(options.xmpp_auth_enabled(),
options.xmpp_server_cert(),
options.xmpp_server_key())) {
LOG(ERROR, "Address already in use " << ContrailPorts::DnsXmpp());
exit(1);
}
Expand Down
30 changes: 27 additions & 3 deletions src/vnsw/agent/cmn/agent.cc
View file
Expand Up @@ -218,21 +218,45 @@ void Agent::CopyConfig(AgentParam *params) {
int dns_count = 0;

if (params_->xmpp_server_1().to_ulong()) {
xs_addr_[count++] = params_->xmpp_server_1().to_string();
xs_addr_[count] = params_->xmpp_server_1().to_string();
xs_auth_enable_[count] = params_->xmpp_auth_enabled_1();
xs_server_cert_[count] = params_->xmpp_server_cert_1();
count++;
} else {
xs_auth_enable_[0] = params_->xmpp_auth_enabled_1();
xs_server_cert_[0] = params_->xmpp_server_cert_1();
}

if (params_->xmpp_server_2().to_ulong()) {
xs_addr_[count++] = params_->xmpp_server_2().to_string();
xs_addr_[count] = params_->xmpp_server_2().to_string();
xs_auth_enable_[count] = params_->xmpp_auth_enabled_2();
xs_server_cert_[count] = params_->xmpp_server_cert_2();
count++;
} else {
xs_auth_enable_[1] = params_->xmpp_auth_enabled_2();
xs_server_cert_[1] = params_->xmpp_server_cert_2();
}

if (params_->dns_server_1().to_ulong()) {
dns_port_[dns_count] = params_->dns_port_1();
dns_addr_[dns_count++] = params_->dns_server_1().to_string();
dns_addr_[dns_count] = params_->dns_server_1().to_string();
dns_auth_enable_[count] = params_->xmpp_dns_auth_enabled_1();
dns_server_cert_[count] = params_->xmpp_dns_server_cert_1();
dns_count++;
} else {
dns_auth_enable_[0] = params_->xmpp_dns_auth_enabled_1();
dns_server_cert_[0] = params_->xmpp_dns_server_cert_1();
}

if (params_->dns_server_2().to_ulong()) {
dns_port_[dns_count] = params_->dns_port_2();
dns_addr_[dns_count++] = params_->dns_server_2().to_string();
dns_auth_enable_[count] = params_->xmpp_dns_auth_enabled_2();
dns_server_cert_[count] = params_->xmpp_dns_server_cert_2();
dns_count++;
} else {
dns_auth_enable_[1] = params_->xmpp_dns_auth_enabled_2();
dns_server_cert_[1] = params_->xmpp_dns_server_cert_2();
}

dss_addr_ = params_->discovery_server();
Expand Down
17 changes: 17 additions & 0 deletions src/vnsw/agent/cmn/agent.h
View file
Expand Up @@ -402,6 +402,12 @@ class Agent {
xs_addr_[idx].clear();
xs_port_[idx] = 0;
}
const bool xmpp_auth_enabled(uint8_t idx) const {
return xs_auth_enable_[idx];
}
const std::string &xmpp_server_cert(uint8_t idx) const {
return xs_server_cert_[idx];
}

const uint32_t controller_ifmap_xmpp_port(uint8_t idx) const {
return xs_port_[idx];
Expand Down Expand Up @@ -483,6 +489,12 @@ class Agent {
// DNS XMPP Server
const int8_t &dns_xmpp_server_index() const {return xs_dns_idx_;}
void set_dns_xmpp_server_index(uint8_t xs_idx) {xs_dns_idx_ = xs_idx;}
const bool dns_auth_enabled(uint8_t idx) const {
return dns_auth_enable_[idx];
}
const std::string &dns_server_cert(uint8_t idx) const {
return dns_server_cert_[idx];
}

XmppInit *dns_xmpp_init(uint8_t idx) const {
return dns_xmpp_init_[idx];
Expand Down Expand Up @@ -964,9 +976,14 @@ class Agent {
std::string xs_addr_[MAX_XMPP_SERVERS];
uint32_t xs_port_[MAX_XMPP_SERVERS];
uint64_t xs_stime_[MAX_XMPP_SERVERS];
bool xs_auth_enable_[MAX_XMPP_SERVERS];
std::string xs_server_cert_[MAX_XMPP_SERVERS];
int8_t xs_dns_idx_;
std::string dns_addr_[MAX_XMPP_SERVERS];
uint32_t dns_port_[MAX_XMPP_SERVERS];
bool dns_auth_enable_[MAX_XMPP_SERVERS];
std::string dns_server_cert_[MAX_XMPP_SERVERS];
// Discovery
std::string dss_addr_;
uint32_t dss_port_;
int dss_xs_instances_;
Expand Down
29 changes: 19 additions & 10 deletions src/vnsw/agent/controller/controller.sandesh
View file
Expand Up @@ -12,16 +12,18 @@ struct ControllerProtoStats {
struct AgentXmppData {
1: string controller_ip;
2: string state;
3: string cfg_controller;
4: string mcast_controller;
5: string last_state;
6: string last_event;
7: string last_state_at;
8: u32 flap_count;
9: string flap_time;
10: ControllerProtoStats rx_proto_stats;
11: ControllerProtoStats tx_proto_stats;
12: string xmpp_auth_enabled;
3: string peer_name;
4: string peer_address;
5: optional string cfg_controller;
6: optional string mcast_controller;
7: string last_state;
8: string last_event;
9: string last_state_at;
10: u32 flap_count;
11: string flap_time;
12: ControllerProtoStats rx_proto_stats;
13: ControllerProtoStats tx_proto_stats;
14: string xmpp_auth_type;
}

traceobject sandesh AgentXmppTrace {
Expand Down Expand Up @@ -101,3 +103,10 @@ request sandesh AgentXmppConnectionStatusReq {
response sandesh AgentXmppConnectionStatus {
1: list<AgentXmppData>peer;
}

request sandesh AgentDnsXmppConnectionStatusReq {
}

response sandesh AgentDnsXmppConnectionStatus {
1: list<AgentXmppData>peer;
}
45 changes: 23 additions & 22 deletions src/vnsw/agent/controller/controller_init.cc
View file
Expand Up @@ -10,7 +10,6 @@
#include <sandesh/sandesh_types.h>
#include <sandesh/sandesh_trace.h>
#include "cmn/agent_cmn.h"
#include "init/agent_param.h"
#include "xmpp/xmpp_init.h"
#include "pugixml/pugixml.hpp"
#include "oper/vrf.h"
Expand Down Expand Up @@ -61,17 +60,17 @@ void VNController::XmppServerConnect() {
continue;
}

boost::system::error_code ec;
XmppChannelConfig *xmpp_cfg = new XmppChannelConfig(true);
xmpp_cfg->ToAddr = XmppInit::kControlNodeJID;
boost::system::error_code ec;
xmpp_cfg->FromAddr = agent_->agent_name();
xmpp_cfg->NodeAddr = XmppInit::kPubSubNS;
xmpp_cfg->endpoint.address(
ip::address::from_string(agent_->controller_ifmap_xmpp_server(count), ec));
assert(ec.value() == 0);
xmpp_cfg->auth_enabled = agent_->params()->xmpp_auth_enabled();
xmpp_cfg->auth_enabled = agent_->xmpp_auth_enabled(count);
if (xmpp_cfg->auth_enabled) {
xmpp_cfg->path_to_server_cert = agent_->params()->xmpp_server_cert();
xmpp_cfg->path_to_server_cert = agent_->xmpp_server_cert(count);
}
uint32_t port = agent_->controller_ifmap_xmpp_port(count);
if (!port) {
Expand All @@ -80,12 +79,7 @@ void VNController::XmppServerConnect() {
xmpp_cfg->endpoint.port(port);

// Create Xmpp Client
XmppClient *client;
if (xmpp_cfg->auth_enabled) {
client = new XmppClient(agent_->event_manager(), xmpp_cfg);
} else {
client = new XmppClient(agent_->event_manager());
}
XmppClient *client = new XmppClient(agent_->event_manager(), xmpp_cfg);

XmppInit *xmpp = new XmppInit();
xmpp->AddXmppChannelConfig(xmpp_cfg);
Expand Down Expand Up @@ -140,9 +134,26 @@ void VNController::DnsXmppServerConnect() {
continue;
}

// create Xmpp channel with DNS server
// XmppChannel Configuration
boost::system::error_code ec;
XmppChannelConfig *xmpp_cfg_dns = new XmppChannelConfig(true);
xmpp_cfg_dns->ToAddr = XmppInit::kDnsNodeJID;
xmpp_cfg_dns->FromAddr = agent_->agent_name() + "/dns";
xmpp_cfg_dns->NodeAddr = "";
xmpp_cfg_dns->endpoint.address(
ip::address::from_string(agent_->dns_server(count), ec));
assert(ec.value() == 0);
xmpp_cfg_dns->endpoint.port(ContrailPorts::DnsXmpp());
xmpp_cfg_dns->auth_enabled = agent_->dns_auth_enabled(count);
if (xmpp_cfg_dns->auth_enabled) {
xmpp_cfg_dns->path_to_server_cert = agent_->dns_server_cert(count);
}

// Create Xmpp Client
XmppClient *client_dns = new XmppClient(agent_->event_manager(),
xmpp_cfg_dns);

XmppInit *xmpp_dns = new XmppInit();
XmppClient *client_dns = new XmppClient(agent_->event_manager());
// create dns peer
AgentDnsXmppChannel *dns_peer = new AgentDnsXmppChannel(agent_,
agent_->dns_server(count),
Expand All @@ -151,16 +162,6 @@ void VNController::DnsXmppServerConnect() {
boost::bind(&AgentDnsXmppChannel::HandleXmppClientChannelEvent,
dns_peer, _2));

XmppChannelConfig *xmpp_cfg_dns = new XmppChannelConfig(true);
//XmppChannelConfig xmpp_cfg_dns(true);
xmpp_cfg_dns->ToAddr = XmppInit::kDnsNodeJID;
boost::system::error_code ec;
xmpp_cfg_dns->FromAddr = agent_->agent_name() + "/dns";
xmpp_cfg_dns->NodeAddr = "";
xmpp_cfg_dns->endpoint.address(
ip::address::from_string(agent_->dns_server(count), ec));
assert(ec.value() == 0);
xmpp_cfg_dns->endpoint.port(ContrailPorts::DnsXmpp());
xmpp_dns->AddXmppChannelConfig(xmpp_cfg_dns);
xmpp_dns->InitClient(client_dns);

Expand Down

0 comments on commit 77de9b8

Please sign in to comment.