diff --git a/src/bgp/test/bgp_xmpp_channel_test.cc b/src/bgp/test/bgp_xmpp_channel_test.cc index bc1a78cbe45..a2d54932bb2 100644 --- a/src/bgp/test/bgp_xmpp_channel_test.cc +++ b/src/bgp/test/bgp_xmpp_channel_test.cc @@ -97,6 +97,12 @@ class XmppChannelMock : public XmppChannel { virtual std::string LastFlap() const { return ""; } + virtual std::string AuthType() const { + return ""; + } + virtual std::string PeerAddress() const { + return ""; + } }; class BgpXmppChannelMock : public BgpXmppChannel { diff --git a/src/control-node/main.cc b/src/control-node/main.cc index f40978743f6..7757829b3c8 100644 --- a/src/control-node/main.cc +++ b/src/control-node/main.cc @@ -82,20 +82,19 @@ static XmppServer *CreateXmppServer(EventManager *evm, Options *options, xmpp_cfg->endpoint.port(options->xmpp_port()); xmpp_cfg->FromAddr = XmppInit::kControlNodeJID; xmpp_cfg->auth_enabled = options->xmpp_auth_enabled(); - - XmppServer *xmpp_server; if (xmpp_cfg->auth_enabled) { xmpp_cfg->path_to_server_cert = options->xmpp_server_cert(); xmpp_cfg->path_to_pvt_key = options->xmpp_server_key(); - // Create XmppServer - xmpp_server = new XmppServer(evm, options->hostname(), xmpp_cfg); - } else { - // Create XmppServer - xmpp_server = new XmppServer(evm, options->hostname()); } - xmpp_server->Initialize(options->xmpp_port(), true); - return (xmpp_server); + // Create XmppServer + XmppServer *xmpp_server; + xmpp_server = new XmppServer(evm, options->hostname(), xmpp_cfg); + if (!xmpp_server->Initialize(options->xmpp_port(), true)) { + return NULL; + } else { + return (xmpp_server); + } } static void WaitForIdle() { @@ -500,6 +499,9 @@ int main(int argc, char *argv[]) { //Create Xmpp Server XmppChannelConfig xmpp_cfg(false); XmppServer *xmpp_server = CreateXmppServer(&evm, &options, &xmpp_cfg); + if (xmpp_server == NULL) { + exit(1); + } // Register XMPP channel peers boost::scoped_ptr bgp_peer_manager( diff --git a/src/control-node/options.cc b/src/control-node/options.cc index 2b711c676b9..e167062b7f4 100644 --- a/src/control-node/options.cc +++ b/src/control-node/options.cc @@ -125,10 +125,12 @@ void Options::Initialize(EventManager &evm, ("DEFAULT.xmpp_auth_enable", opt::bool_switch(&xmpp_auth_enable_), "Enable authentication over Xmpp") ("DEFAULT.xmpp_server_cert", - opt::value()->default_value("/etc/contrail/ssl/certs/server.pem"), + opt::value()->default_value( + "/etc/contrail/ssl/certs/control-node-cert.pem"), "XMPP Server ssl certificate") ("DEFAULT.xmpp_server_key", - opt::value()->default_value("/etc/contrail/ssl/private/server.key"), + opt::value()->default_value( + "/etc/contrail/ssl/private/control-node-privkey.pem"), "XMPP Server ssl private key") ("DISCOVERY.port", opt::value()->default_value( diff --git a/src/dns/agent/agent_xmpp_init.cc b/src/dns/agent/agent_xmpp_init.cc index 82d6831f2b8..f678d235960 100644 --- a/src/dns/agent/agent_xmpp_init.cc +++ b/src/dns/agent/agent_xmpp_init.cc @@ -12,19 +12,29 @@ using namespace boost::asio; -bool DnsAgentXmppManager::Init() { +bool DnsAgentXmppManager::Init(bool xmpp_auth_enabled, + const std::string &xmpp_server_cert, + const std::string &xmpp_server_key) { uint32_t port = Dns::GetXmppServerPort(); if (!port) port = ContrailPorts::DnsXmpp(); - XmppInit *init = new XmppInit(); - XmppServer *server = new XmppServer(Dns::GetEventManager()); + // XmppChannel Configuration XmppChannelConfig xmpp_cfg(false); xmpp_cfg.FromAddr = XmppInit::kDnsNodeJID; xmpp_cfg.endpoint.port(port); - init->AddXmppChannelConfig(&xmpp_cfg); - if (!init->InitServer(server, port, false)) + xmpp_cfg.auth_enabled = xmpp_auth_enabled; + if (xmpp_cfg.auth_enabled) { + xmpp_cfg.path_to_server_cert = xmpp_server_cert; + xmpp_cfg.path_to_pvt_key = xmpp_server_key; + } + + // Create XmppServer + XmppServer *server = new XmppServer(Dns::GetEventManager(), + Dns::GetHostName(), &xmpp_cfg); + if (!server->Initialize(port, false)) { return false; + } Dns::SetXmppServer(server); DnsAgentXmppChannelManager *agent_xmpp_mgr = diff --git a/src/dns/agent/agent_xmpp_init.h b/src/dns/agent/agent_xmpp_init.h index 9dc1c409c8b..86b54b1abdf 100644 --- a/src/dns/agent/agent_xmpp_init.h +++ b/src/dns/agent/agent_xmpp_init.h @@ -7,7 +7,9 @@ class DnsAgentXmppManager { public: - static bool Init(); + static bool Init(bool xmpp_auth_enabled, + const std::string &xmpp_server_cert, + const std::string &xmpp_server_key); static void Shutdown(); }; diff --git a/src/dns/cmn/dns_options.cc b/src/dns/cmn/dns_options.cc index d3e0f486cae..b1a314bb8e7 100644 --- a/src/dns/cmn/dns_options.cc +++ b/src/dns/cmn/dns_options.cc @@ -139,6 +139,18 @@ void Options::Initialize(EventManager &evm, "IFMAP server URL") ("IFMAP.user", opt::value()->default_value("dns_user"), "IFMAP server username") + + + ("DEFAULT.xmpp_auth_enable", opt::bool_switch(&xmpp_auth_enable_), + "Enable authentication over Xmpp") + ("DEFAULT.xmpp_server_cert", + opt::value()->default_value( + "/etc/contrail/ssl/certs/dns-cert.pem"), + "XMPP Server ssl certificate") + ("DEFAULT.xmpp_server_key", + opt::value()->default_value( + "/etc/contrail/ssl/private/dns-privkey.pem"), + "XMPP Server ssl private key") ; config_file_options_.add(config); @@ -255,4 +267,8 @@ void Options::Process(int argc, char *argv[], GetOptValue(var_map, ifmap_server_url_, "IFMAP.server_url"); GetOptValue(var_map, ifmap_user_, "IFMAP.user"); GetOptValue(var_map, ifmap_certs_store_, "IFMAP.certs_store"); + + GetOptValue(var_map, xmpp_auth_enable_, "DEFAULT.xmpp_auth_enable"); + GetOptValue(var_map, xmpp_server_cert_, "DEFAULT.xmpp_server_cert"); + GetOptValue(var_map, xmpp_server_key_, "DEFAULT.xmpp_server_key"); } diff --git a/src/dns/cmn/dns_options.h b/src/dns/cmn/dns_options.h index 191a4c125fd..100f4924ac7 100644 --- a/src/dns/cmn/dns_options.h +++ b/src/dns/cmn/dns_options.h @@ -40,6 +40,9 @@ class Options { const std::string ifmap_password() const { return ifmap_password_; } const std::string ifmap_user() const { return ifmap_user_; } const std::string ifmap_certs_store() const { return ifmap_certs_store_; } + const bool xmpp_auth_enabled() const { return xmpp_auth_enable_; } + const std::string xmpp_server_cert() const { return xmpp_server_cert_; } + const std::string xmpp_server_key() const { return xmpp_server_key_; } const bool test_mode() const { return test_mode_; } const bool collectors_configured() const { return collectors_configured_; } @@ -90,6 +93,9 @@ class Options { std::string ifmap_password_; std::string ifmap_user_; std::string ifmap_certs_store_; + bool xmpp_auth_enable_; + std::string xmpp_server_cert_; + std::string xmpp_server_key_; bool test_mode_; bool collectors_configured_; std::vector default_collector_server_list_; diff --git a/src/dns/main.cc b/src/dns/main.cc index a188425b918..36d23640b38 100644 --- a/src/dns/main.cc +++ b/src/dns/main.cc @@ -164,7 +164,9 @@ int main(int argc, char *argv[]) { DnsConfigParser parser(&config_db); parser.Parse(FileRead(options.config_file())); - if (!DnsAgentXmppManager::Init()){ + if (!DnsAgentXmppManager::Init(options.xmpp_auth_enabled(), + options.xmpp_server_cert(), + options.xmpp_server_key())) { LOG(ERROR, "Address already in use " << ContrailPorts::DnsXmpp()); exit(1); } diff --git a/src/vnsw/agent/cmn/agent.cc b/src/vnsw/agent/cmn/agent.cc index cb3c3bc9b54..a365091d15f 100644 --- a/src/vnsw/agent/cmn/agent.cc +++ b/src/vnsw/agent/cmn/agent.cc @@ -218,21 +218,45 @@ void Agent::CopyConfig(AgentParam *params) { int dns_count = 0; if (params_->xmpp_server_1().to_ulong()) { - xs_addr_[count++] = params_->xmpp_server_1().to_string(); + xs_addr_[count] = params_->xmpp_server_1().to_string(); + xs_auth_enable_[count] = params_->xmpp_auth_enabled_1(); + xs_server_cert_[count] = params_->xmpp_server_cert_1(); + count++; + } else { + xs_auth_enable_[0] = params_->xmpp_auth_enabled_1(); + xs_server_cert_[0] = params_->xmpp_server_cert_1(); } if (params_->xmpp_server_2().to_ulong()) { - xs_addr_[count++] = params_->xmpp_server_2().to_string(); + xs_addr_[count] = params_->xmpp_server_2().to_string(); + xs_auth_enable_[count] = params_->xmpp_auth_enabled_2(); + xs_server_cert_[count] = params_->xmpp_server_cert_2(); + count++; + } else { + xs_auth_enable_[1] = params_->xmpp_auth_enabled_2(); + xs_server_cert_[1] = params_->xmpp_server_cert_2(); } if (params_->dns_server_1().to_ulong()) { dns_port_[dns_count] = params_->dns_port_1(); - dns_addr_[dns_count++] = params_->dns_server_1().to_string(); + dns_addr_[dns_count] = params_->dns_server_1().to_string(); + dns_auth_enable_[count] = params_->xmpp_dns_auth_enabled_1(); + dns_server_cert_[count] = params_->xmpp_dns_server_cert_1(); + dns_count++; + } else { + dns_auth_enable_[0] = params_->xmpp_dns_auth_enabled_1(); + dns_server_cert_[0] = params_->xmpp_dns_server_cert_1(); } if (params_->dns_server_2().to_ulong()) { dns_port_[dns_count] = params_->dns_port_2(); dns_addr_[dns_count++] = params_->dns_server_2().to_string(); + dns_auth_enable_[count] = params_->xmpp_dns_auth_enabled_2(); + dns_server_cert_[count] = params_->xmpp_dns_server_cert_2(); + dns_count++; + } else { + dns_auth_enable_[1] = params_->xmpp_dns_auth_enabled_2(); + dns_server_cert_[1] = params_->xmpp_dns_server_cert_2(); } dss_addr_ = params_->discovery_server(); diff --git a/src/vnsw/agent/cmn/agent.h b/src/vnsw/agent/cmn/agent.h index 4c06b4a8812..7b52fbe398b 100644 --- a/src/vnsw/agent/cmn/agent.h +++ b/src/vnsw/agent/cmn/agent.h @@ -402,6 +402,12 @@ class Agent { xs_addr_[idx].clear(); xs_port_[idx] = 0; } + const bool xmpp_auth_enabled(uint8_t idx) const { + return xs_auth_enable_[idx]; + } + const std::string &xmpp_server_cert(uint8_t idx) const { + return xs_server_cert_[idx]; + } const uint32_t controller_ifmap_xmpp_port(uint8_t idx) const { return xs_port_[idx]; @@ -483,6 +489,12 @@ class Agent { // DNS XMPP Server const int8_t &dns_xmpp_server_index() const {return xs_dns_idx_;} void set_dns_xmpp_server_index(uint8_t xs_idx) {xs_dns_idx_ = xs_idx;} + const bool dns_auth_enabled(uint8_t idx) const { + return dns_auth_enable_[idx]; + } + const std::string &dns_server_cert(uint8_t idx) const { + return dns_server_cert_[idx]; + } XmppInit *dns_xmpp_init(uint8_t idx) const { return dns_xmpp_init_[idx]; @@ -964,9 +976,14 @@ class Agent { std::string xs_addr_[MAX_XMPP_SERVERS]; uint32_t xs_port_[MAX_XMPP_SERVERS]; uint64_t xs_stime_[MAX_XMPP_SERVERS]; + bool xs_auth_enable_[MAX_XMPP_SERVERS]; + std::string xs_server_cert_[MAX_XMPP_SERVERS]; int8_t xs_dns_idx_; std::string dns_addr_[MAX_XMPP_SERVERS]; uint32_t dns_port_[MAX_XMPP_SERVERS]; + bool dns_auth_enable_[MAX_XMPP_SERVERS]; + std::string dns_server_cert_[MAX_XMPP_SERVERS]; + // Discovery std::string dss_addr_; uint32_t dss_port_; int dss_xs_instances_; diff --git a/src/vnsw/agent/controller/controller.sandesh b/src/vnsw/agent/controller/controller.sandesh index c69c2320409..ad9910da9d0 100644 --- a/src/vnsw/agent/controller/controller.sandesh +++ b/src/vnsw/agent/controller/controller.sandesh @@ -12,16 +12,18 @@ struct ControllerProtoStats { struct AgentXmppData { 1: string controller_ip; 2: string state; - 3: string cfg_controller; - 4: string mcast_controller; - 5: string last_state; - 6: string last_event; - 7: string last_state_at; - 8: u32 flap_count; - 9: string flap_time; - 10: ControllerProtoStats rx_proto_stats; - 11: ControllerProtoStats tx_proto_stats; - 12: string xmpp_auth_enabled; + 3: string peer_name; + 4: string peer_address; + 5: optional string cfg_controller; + 6: optional string mcast_controller; + 7: string last_state; + 8: string last_event; + 9: string last_state_at; + 10: u32 flap_count; + 11: string flap_time; + 12: ControllerProtoStats rx_proto_stats; + 13: ControllerProtoStats tx_proto_stats; + 14: string xmpp_auth_type; } traceobject sandesh AgentXmppTrace { @@ -101,3 +103,10 @@ request sandesh AgentXmppConnectionStatusReq { response sandesh AgentXmppConnectionStatus { 1: listpeer; } + +request sandesh AgentDnsXmppConnectionStatusReq { +} + +response sandesh AgentDnsXmppConnectionStatus { + 1: listpeer; +} diff --git a/src/vnsw/agent/controller/controller_init.cc b/src/vnsw/agent/controller/controller_init.cc index 0db4043b88d..371324ebabf 100644 --- a/src/vnsw/agent/controller/controller_init.cc +++ b/src/vnsw/agent/controller/controller_init.cc @@ -10,7 +10,6 @@ #include #include #include "cmn/agent_cmn.h" -#include "init/agent_param.h" #include "xmpp/xmpp_init.h" #include "pugixml/pugixml.hpp" #include "oper/vrf.h" @@ -61,17 +60,17 @@ void VNController::XmppServerConnect() { continue; } + boost::system::error_code ec; XmppChannelConfig *xmpp_cfg = new XmppChannelConfig(true); xmpp_cfg->ToAddr = XmppInit::kControlNodeJID; - boost::system::error_code ec; xmpp_cfg->FromAddr = agent_->agent_name(); xmpp_cfg->NodeAddr = XmppInit::kPubSubNS; xmpp_cfg->endpoint.address( ip::address::from_string(agent_->controller_ifmap_xmpp_server(count), ec)); assert(ec.value() == 0); - xmpp_cfg->auth_enabled = agent_->params()->xmpp_auth_enabled(); + xmpp_cfg->auth_enabled = agent_->xmpp_auth_enabled(count); if (xmpp_cfg->auth_enabled) { - xmpp_cfg->path_to_server_cert = agent_->params()->xmpp_server_cert(); + xmpp_cfg->path_to_server_cert = agent_->xmpp_server_cert(count); } uint32_t port = agent_->controller_ifmap_xmpp_port(count); if (!port) { @@ -80,12 +79,7 @@ void VNController::XmppServerConnect() { xmpp_cfg->endpoint.port(port); // Create Xmpp Client - XmppClient *client; - if (xmpp_cfg->auth_enabled) { - client = new XmppClient(agent_->event_manager(), xmpp_cfg); - } else { - client = new XmppClient(agent_->event_manager()); - } + XmppClient *client = new XmppClient(agent_->event_manager(), xmpp_cfg); XmppInit *xmpp = new XmppInit(); xmpp->AddXmppChannelConfig(xmpp_cfg); @@ -140,9 +134,26 @@ void VNController::DnsXmppServerConnect() { continue; } - // create Xmpp channel with DNS server + // XmppChannel Configuration + boost::system::error_code ec; + XmppChannelConfig *xmpp_cfg_dns = new XmppChannelConfig(true); + xmpp_cfg_dns->ToAddr = XmppInit::kDnsNodeJID; + xmpp_cfg_dns->FromAddr = agent_->agent_name() + "/dns"; + xmpp_cfg_dns->NodeAddr = ""; + xmpp_cfg_dns->endpoint.address( + ip::address::from_string(agent_->dns_server(count), ec)); + assert(ec.value() == 0); + xmpp_cfg_dns->endpoint.port(ContrailPorts::DnsXmpp()); + xmpp_cfg_dns->auth_enabled = agent_->dns_auth_enabled(count); + if (xmpp_cfg_dns->auth_enabled) { + xmpp_cfg_dns->path_to_server_cert = agent_->dns_server_cert(count); + } + + // Create Xmpp Client + XmppClient *client_dns = new XmppClient(agent_->event_manager(), + xmpp_cfg_dns); + XmppInit *xmpp_dns = new XmppInit(); - XmppClient *client_dns = new XmppClient(agent_->event_manager()); // create dns peer AgentDnsXmppChannel *dns_peer = new AgentDnsXmppChannel(agent_, agent_->dns_server(count), @@ -151,16 +162,6 @@ void VNController::DnsXmppServerConnect() { boost::bind(&AgentDnsXmppChannel::HandleXmppClientChannelEvent, dns_peer, _2)); - XmppChannelConfig *xmpp_cfg_dns = new XmppChannelConfig(true); - //XmppChannelConfig xmpp_cfg_dns(true); - xmpp_cfg_dns->ToAddr = XmppInit::kDnsNodeJID; - boost::system::error_code ec; - xmpp_cfg_dns->FromAddr = agent_->agent_name() + "/dns"; - xmpp_cfg_dns->NodeAddr = ""; - xmpp_cfg_dns->endpoint.address( - ip::address::from_string(agent_->dns_server(count), ec)); - assert(ec.value() == 0); - xmpp_cfg_dns->endpoint.port(ContrailPorts::DnsXmpp()); xmpp_dns->AddXmppChannelConfig(xmpp_cfg_dns); xmpp_dns->InitClient(client_dns); diff --git a/src/vnsw/agent/controller/controller_sandesh.cc b/src/vnsw/agent/controller/controller_sandesh.cc index 3a1295c38d0..bb45b5dce3a 100644 --- a/src/vnsw/agent/controller/controller_sandesh.cc +++ b/src/vnsw/agent/controller/controller_sandesh.cc @@ -7,10 +7,7 @@ #include #include #include -#include - -const char *ControllerSandesh::kAuthTypeNil = "NIL"; -const char *ControllerSandesh::kAuthTypeTls = "TLS"; +#include void AgentXmppConnectionStatusReq::HandleRequest() const { uint8_t count = 0; @@ -29,6 +26,8 @@ void AgentXmppConnectionStatusReq::HandleRequest() const { data.set_state("Down"); } + data.set_peer_name(xc->ToString()); + data.set_peer_address(xc->PeerAddress()); if (Agent::GetInstance()->mulitcast_builder() == ch) { data.set_mcast_controller("Yes"); } else { @@ -41,12 +40,7 @@ void AgentXmppConnectionStatusReq::HandleRequest() const { data.set_cfg_controller("No"); } - if (Agent::GetInstance()->params()->xmpp_auth_enabled()) { - data.set_xmpp_auth_enabled(ControllerSandesh::kAuthTypeTls); - } else { - data.set_xmpp_auth_enabled(ControllerSandesh::kAuthTypeNil); - } - + data.set_xmpp_auth_type(xc->AuthType()); data.set_last_state(xc->LastStateName()); data.set_last_event(xc->LastEvent()); data.set_last_state_at(xc->LastStateChangeAt()); @@ -79,3 +73,60 @@ void AgentXmppConnectionStatusReq::HandleRequest() const { resp->set_more(false); resp->Response(); } + +void AgentDnsXmppConnectionStatusReq::HandleRequest() const { + uint8_t dns_count = 0; + + AgentXmppConnectionStatus *resp = new AgentXmppConnectionStatus(); + while (dns_count < MAX_XMPP_SERVERS) { + if (!Agent::GetInstance()->dns_server(dns_count).empty()) { + + AgentXmppData data; + data.set_controller_ip(Agent::GetInstance()->dns_server(dns_count)); + + AgentDnsXmppChannel *ch = Agent::GetInstance()->dns_xmpp_channel(dns_count); + if (ch) { + XmppChannel *xc = ch->GetXmppChannel(); + if (xc->GetPeerState() == xmps::READY) { + data.set_state("Established"); + } else { + data.set_state("Down"); + } + + data.set_peer_name(xc->ToString()); + data.set_peer_address(xc->PeerAddress()); + data.set_mcast_controller("-"); + data.set_cfg_controller("-"); + data.set_xmpp_auth_type(xc->AuthType()); + data.set_last_state(xc->LastStateName()); + data.set_last_event(xc->LastEvent()); + data.set_last_state_at(xc->LastStateChangeAt()); + data.set_flap_count(xc->FlapCount()); + data.set_flap_time(xc->LastFlap()); + + ControllerProtoStats rx_proto_stats; + rx_proto_stats.open = xc->rx_open(); + rx_proto_stats.keepalive = xc->rx_keepalive(); + rx_proto_stats.update = xc->rx_update(); + rx_proto_stats.close = xc->rx_close(); + + ControllerProtoStats tx_proto_stats; + tx_proto_stats.open = xc->tx_open(); + tx_proto_stats.keepalive = xc->tx_keepalive(); + tx_proto_stats.update = xc->tx_update(); + tx_proto_stats.close = xc->tx_close(); + + data.set_rx_proto_stats(rx_proto_stats); + data.set_tx_proto_stats(tx_proto_stats); + } + + std::vector &list = + const_cast&>(resp->get_peer()); + list.push_back(data); + } + dns_count++; + } + resp->set_context(context()); + resp->set_more(false); + resp->Response(); +} diff --git a/src/vnsw/agent/controller/controller_sandesh.h b/src/vnsw/agent/controller/controller_sandesh.h index 7f5450f0f92..ee96f65b26d 100644 --- a/src/vnsw/agent/controller/controller_sandesh.h +++ b/src/vnsw/agent/controller/controller_sandesh.h @@ -14,8 +14,6 @@ class ControllerSandesh { public: static const uint8_t entries_per_sandesh = 20; - static const char *kAuthTypeNil; - static const char *kAuthTypeTls; ControllerSandesh(); virtual ~ControllerSandesh() {} diff --git a/src/vnsw/agent/init/agent_param.cc b/src/vnsw/agent/init/agent_param.cc index 45cd2d36ce3..fc61856e6a7 100644 --- a/src/vnsw/agent/init/agent_param.cc +++ b/src/vnsw/agent/init/agent_param.cc @@ -439,12 +439,22 @@ void AgentParam::ParseDefaultSection() { log_property_file_ = ""; } - if (!GetValueFromTree(xmpp_auth_enable_, "DEFAULT.xmpp_auth_enable")) { - xmpp_auth_enable_ = false; + GetValueFromTree(xmpp_auth_enable_1_, "DEFAULT.xmpp_auth_enable_1"); + GetValueFromTree(xmpp_auth_enable_2_, "DEFAULT.xmpp_auth_enable_2"); + if (!GetValueFromTree(xmpp_server_cert_1_, "DEFAULT.xmpp_server_cert_1")) { + xmpp_server_cert_1_ = "/etc/contrail/ssl/certs/control-node-cert.pem"; + } + if (!GetValueFromTree(xmpp_server_cert_2_, "DEFAULT.xmpp_server_cert_2")) { + xmpp_server_cert_2_ = "/etc/contrail/ssl/certs/control-node-cert.pem"; } - if (!GetValueFromTree(xmpp_server_cert_, "DEFAULT.xmpp_server_cert")) { - xmpp_server_cert_ = "/etc/contrail/ssl/certs/server.pem"; + GetValueFromTree(xmpp_dns_auth_enable_1_, "DEFAULT.xmpp_dns_auth_enable_1"); + GetValueFromTree(xmpp_dns_auth_enable_2_, "DEFAULT.xmpp_dns_auth_enable_2"); + if (!GetValueFromTree(xmpp_dns_server_cert_1_, "DEFAULT.xmpp_server_cert_1")) { + xmpp_dns_server_cert_1_ = "/etc/contrail/ssl/certs/dns-cert.pem"; + } + if (!GetValueFromTree(xmpp_dns_server_cert_2_, "DEFAULT.xmpp_server_cert_2")) { + xmpp_dns_server_cert_2_ = "/etc/contrail/ssl/certs/dns-cert.pem"; } } @@ -610,6 +620,7 @@ void AgentParam::ParseHypervisorArguments void AgentParam::ParseDefaultSectionArguments (const boost::program_options::variables_map &var_map) { + GetOptValue(var_map, flow_cache_timeout_, "DEFAULT.flow_cache_timeout"); GetOptValue(var_map, host_name_, "DEFAULT.hostname"); @@ -634,8 +645,15 @@ void AgentParam::ParseDefaultSectionArguments if (var_map.count("DEFAULT.log_flow")) { log_flow_ = true; } - GetOptValue(var_map, xmpp_auth_enable_, "DEFAULT.xmpp_auth_enable"); - GetOptValue(var_map, xmpp_server_cert_, "DEFAULT.xmpp_server_cert"); + GetOptValue(var_map, xmpp_auth_enable_1_, "DEFAULT.xmpp_auth_enable_1"); + GetOptValue(var_map, xmpp_auth_enable_2_, "DEFAULT.xmpp_auth_enable_2"); + GetOptValue(var_map, xmpp_server_cert_1_, "DEFAULT.xmpp_server_cert_1"); + GetOptValue(var_map, xmpp_server_cert_2_, "DEFAULT.xmpp_server_cert_2"); + + GetOptValue(var_map, xmpp_dns_auth_enable_1_, "DEFAULT.xmpp_dns_auth_enable_1"); + GetOptValue(var_map, xmpp_dns_auth_enable_2_, "DEFAULT.xmpp_dns_auth_enable_2"); + GetOptValue(var_map, xmpp_dns_server_cert_1_, "DEFAULT.xmpp_dns_server_cert_1"); + GetOptValue(var_map, xmpp_dns_server_cert_2_, "DEFAULT.xmpp_dns_server_cert_2"); } @@ -974,16 +992,30 @@ void AgentParam::LogConfig() const { << "/" << vhost_.plen_); LOG(DEBUG, "vhost gateway : " << vhost_.gw_.to_string()); LOG(DEBUG, "Ethernet port : " << eth_port_); - LOG(DEBUG, "Xmpp Authentication : " << xmpp_auth_enable_); - if (xmpp_auth_enable_) { - LOG(DEBUG, "Xmpp Server Certificate : " << xmpp_server_cert_); - } + LOG(DEBUG, "XMPP Server-1 : " << xmpp_server_1_); + LOG(DEBUG, "Xmpp Authentication-1 : " << xmpp_auth_enable_1_); + if (xmpp_auth_enable_1_) { + LOG(DEBUG, "Xmpp Server Certificate : " << xmpp_server_cert_1_); + } LOG(DEBUG, "XMPP Server-2 : " << xmpp_server_2_); + LOG(DEBUG, "Xmpp Authentication-2 : " << xmpp_auth_enable_2_); + if (xmpp_auth_enable_2_) { + LOG(DEBUG, "Xmpp Server Certificate : " << xmpp_server_cert_2_); + + } LOG(DEBUG, "DNS Server-1 : " << dns_server_1_); LOG(DEBUG, "DNS Port-1 : " << dns_port_1_); + LOG(DEBUG, "Xmpp Dns Authentication-1 : " << xmpp_dns_auth_enable_1_); + if (xmpp_dns_auth_enable_1_) { + LOG(DEBUG, "Xmpp Dns Server Certificate : " << xmpp_dns_server_cert_1_); + } LOG(DEBUG, "DNS Server-2 : " << dns_server_2_); LOG(DEBUG, "DNS Port-2 : " << dns_port_2_); + LOG(DEBUG, "Xmpp Dns Authentication-2 : " << xmpp_auth_enable_2_); + if (xmpp_dns_auth_enable_2_) { + LOG(DEBUG, "Xmpp Dns Server Certificate : " << xmpp_dns_server_cert_2_); + } LOG(DEBUG, "Discovery Server : " << dss_server_); LOG(DEBUG, "Controller Instances : " << xmpp_instance_count_); LOG(DEBUG, "Tunnel-Type : " << tunnel_type_); @@ -1091,7 +1123,10 @@ AgentParam::AgentParam(Agent *agent, bool enable_flow_options, vrouter_stats_interval_(kVrouterStatsInterval), vmware_physical_port_(""), test_mode_(false), debug_(false), tree_(), headless_mode_(false), dhcp_relay_mode_(false), - xmpp_auth_enable_(false), xmpp_server_cert_(""), + xmpp_auth_enable_1_(false), xmpp_auth_enable_2_(false), + xmpp_server_cert_1_(""), xmpp_server_cert_2_(""), + xmpp_dns_auth_enable_1_(false), xmpp_dns_auth_enable_2_(false), + xmpp_dns_server_cert_1_(""), xmpp_dns_server_cert_2_(""), simulate_evpn_tor_(false), si_netns_command_(), si_docker_command_(), si_netns_workers_(0), si_netns_timeout_(0), si_lb_ssl_cert_path_(), @@ -1144,11 +1179,30 @@ AgentParam::AgentParam(Agent *agent, bool enable_flow_options, "service <1|2>") ("DNS.server", opt::value >()->multitoken(), "IP addresses of dns nodes. Max of 2 Ip addresses can be configured") - ("DEFAULT.xmpp_auth_enable", opt::value(), - "Enable authentication over Xmpp") - ("DEFAULT.xmpp_server_cert", - opt::value()->default_value("/etc/contrail/ssl/certs/server.pem"), + ("DEFAULT.xmpp_auth_enable_1", opt::value(), + "Enable authentication over Xmpp Server 1") + ("DEFAULT.xmpp_auth_enable_2", opt::value(), + "Enable authentication over Xmpp Server 2") + ("DEFAULT.xmpp_server_cert_1", + opt::value()->default_value( + "/etc/contrail/ssl/certs/control-node-cert.pem"), + "XMPP Server ssl certificate") + ("DEFAULT.xmpp_server_cert_2", + opt::value()->default_value( + "/etc/contrail/ssl/certs/control-node-cert.pem"), "XMPP Server ssl certificate") + ("DEFAULT.xmpp_dns_auth_enable_1", opt::value(), + "Enable authentication over Xmpp Dns Server 1") + ("DEFAULT.xmpp_dns_auth_enable_2", opt::value(), + "Enable authentication over Xmpp Dns Server 2") + ("DEFAULT.xmpp_dns_server_cert_1", + opt::value()->default_value( + "/etc/contrail/ssl/certs/dns-cert.pem"), + "XMPP Dns Server ssl certificate") + ("DEFAULT.xmpp_dns_server_cert_2", + opt::value()->default_value( + "/etc/contrail/ssl/certs/dns-cert.pem"), + "XMPP Dns Server ssl certificate") ("METADATA.metadata_proxy_secret", opt::value(), "Shared secret for metadata proxy service") ("NETWORKS.control_network_ip", opt::value(), diff --git a/src/vnsw/agent/init/agent_param.h b/src/vnsw/agent/init/agent_param.h index 60ec8171d17..04c870a93bb 100644 --- a/src/vnsw/agent/init/agent_param.h +++ b/src/vnsw/agent/init/agent_param.h @@ -110,8 +110,15 @@ class AgentParam { uint32_t flow_cache_timeout() const {return flow_cache_timeout_;} bool headless_mode() const {return headless_mode_;} bool dhcp_relay_mode() const {return dhcp_relay_mode_;} - bool xmpp_auth_enabled() const {return xmpp_auth_enable_;} - std::string xmpp_server_cert() const { return xmpp_server_cert_;} + bool xmpp_auth_enabled_1() const {return xmpp_auth_enable_1_;} + bool xmpp_auth_enabled_2() const {return xmpp_auth_enable_2_;} + std::string xmpp_server_cert_1() const { return xmpp_server_cert_1_;} + std::string xmpp_server_cert_2() const { return xmpp_server_cert_2_;} + bool xmpp_dns_auth_enabled_1() const {return xmpp_dns_auth_enable_1_;} + bool xmpp_dns_auth_enabled_2() const {return xmpp_dns_auth_enable_2_;} + std::string xmpp_dns_server_cert_1() const { return xmpp_dns_server_cert_1_;} + std::string xmpp_dns_server_cert_2() const { return xmpp_dns_server_cert_2_;} + bool simulate_evpn_tor() const {return simulate_evpn_tor_;} std::string si_netns_command() const {return si_netns_command_;} std::string si_docker_command() const {return si_docker_command_;} @@ -373,8 +380,14 @@ class AgentParam { std::auto_ptr vgw_config_table_; bool headless_mode_; bool dhcp_relay_mode_; - bool xmpp_auth_enable_; - std::string xmpp_server_cert_; + bool xmpp_auth_enable_1_; + bool xmpp_auth_enable_2_; + std::string xmpp_server_cert_1_; + std::string xmpp_server_cert_2_; + bool xmpp_dns_auth_enable_1_; + bool xmpp_dns_auth_enable_2_; + std::string xmpp_dns_server_cert_1_; + std::string xmpp_dns_server_cert_2_; //Simulate EVPN TOR mode moves agent into L2 mode. This mode is required //only for testing where MX and bare metal are simulated. VM on the //simulated compute node behaves as bare metal. diff --git a/src/vnsw/agent/test/test_cmn_util.h b/src/vnsw/agent/test/test_cmn_util.h index 97b0efaab41..36dd565939f 100644 --- a/src/vnsw/agent/test/test_cmn_util.h +++ b/src/vnsw/agent/test/test_cmn_util.h @@ -420,6 +420,12 @@ class XmppChannelMock : public XmppChannel { virtual std::string LastFlap() const { return ""; } + virtual std::string AuthType() const { + return ""; + } + virtual std::string PeerAddress() const { + return ""; + } }; BgpPeer *CreateBgpPeer(std::string addr, std::string name); diff --git a/src/xmpp/sandesh/xmpp_server.sandesh b/src/xmpp/sandesh/xmpp_server.sandesh index 804f36b2d79..3ba222ebb8e 100644 --- a/src/xmpp/sandesh/xmpp_server.sandesh +++ b/src/xmpp/sandesh/xmpp_server.sandesh @@ -24,6 +24,7 @@ struct ShowXmppConnection { 7: string last_state; 8: string last_state_at; 9: list receivers; + 10: string server_auth_type; } response sandesh ShowXmppConnectionResp { diff --git a/src/xmpp/xmpp_channel.h b/src/xmpp/xmpp_channel.h index 6422baee83f..1e46ef1d59a 100644 --- a/src/xmpp/xmpp_channel.h +++ b/src/xmpp/xmpp_channel.h @@ -59,6 +59,8 @@ class XmppChannel { virtual std::string LastFlap() const = 0; virtual xmps::PeerState GetPeerState() const = 0; virtual std::string FromString() const = 0; + virtual std::string AuthType() const = 0; + virtual std::string PeerAddress() const = 0; virtual const XmppConnection *connection() const = 0; }; diff --git a/src/xmpp/xmpp_channel_mux.cc b/src/xmpp/xmpp_channel_mux.cc index 5e522970240..3d14a0f5a89 100644 --- a/src/xmpp/xmpp_channel_mux.cc +++ b/src/xmpp/xmpp_channel_mux.cc @@ -105,6 +105,14 @@ std::string XmppChannelMux::StateName() const { return connection_->StateName(); } +std::string XmppChannelMux::AuthType() const { + return connection_->GetXmppAuthenticationType(); +} + +std::string XmppChannelMux::PeerAddress() const { + return connection_->endpoint_string(); +} + inline bool MatchCallback(string to, xmps::PeerId peer) { if ((to.find(XmppInit::kBgpPeer) != string::npos) && (peer == xmps::BGP)) { diff --git a/src/xmpp/xmpp_channel_mux.h b/src/xmpp/xmpp_channel_mux.h index c0c6b97db16..d1220b78266 100644 --- a/src/xmpp/xmpp_channel_mux.h +++ b/src/xmpp/xmpp_channel_mux.h @@ -43,6 +43,8 @@ class XmppChannelMux : public XmppChannel { virtual uint32_t tx_keepalive() const; virtual uint32_t FlapCount() const; virtual std::string LastFlap() const; + virtual std::string AuthType() const; + virtual std::string PeerAddress() const; virtual void ProcessXmppMessage(const XmppStanza::XmppMessage *msg); void WriteReady(const boost::system::error_code &ec); diff --git a/src/xmpp/xmpp_client.cc b/src/xmpp/xmpp_client.cc index 56bc8e1962b..3e9a44b1fcd 100644 --- a/src/xmpp/xmpp_client.cc +++ b/src/xmpp/xmpp_client.cc @@ -51,7 +51,6 @@ XmppClient::XmppClient(EventManager *evm) XmppClient::XmppClient(EventManager *evm, const XmppChannelConfig *config) : SslServer(evm, ssl::context::tlsv1_client, config->auth_enabled, true), - config_mgr_(new XmppConfigManager), lifetime_manager_(new LifetimeManager( TaskScheduler::GetInstance()->GetTaskId("bgp::Config"))), diff --git a/src/xmpp/xmpp_connection.cc b/src/xmpp/xmpp_connection.cc index ed3752f6529..00d5127d73d 100644 --- a/src/xmpp/xmpp_connection.cc +++ b/src/xmpp/xmpp_connection.cc @@ -746,6 +746,7 @@ void XmppServerConnection::FillShowInfo( show_connection->set_last_state(LastStateName()); show_connection->set_last_state_at(LastStateChangeAt()); show_connection->set_receivers(channel_mux()->GetReceiverList()); + show_connection->set_server_auth_type(GetXmppAuthenticationType()); } class XmppClientConnection::DeleteActor : public LifetimeActor {