Enabling ssl based XMPP for dns and agent daemons

1) Addressing review comments for enabling control-node and agent daemon to parse Xmpp authentication params. 2) Updating "Snh_AgentXmppConnectionStatusReq" introspect commands on agent to include control-node connections along with AuthType, peer_name and peer_address information. 3) Add "Snh_AgentDnsXmppConnectionStatusReq" introspect commands on agent to display Dns connection with AuthType, peer_name and peer_address information. 4) Updating "Snh_ShowXmppConnectionReq" and "Snh_BgpNeighborReq?neighbor" introspect commands on control-node side to include AuthType information. Change-Id: I456cdd6921c1465a11be1ac1b984d384ae275304 Partial-Bug: 1432831
Juniper · May 28, 2015 · 7d8227b · 7d8227b
1 parent 1be41c2
commit 7d8227b
Show file tree

Hide file tree

Showing 23 changed files with 317 additions and 85 deletions.
diff --git a/src/bgp/test/bgp_xmpp_channel_test.cc b/src/bgp/test/bgp_xmpp_channel_test.cc
@@ -97,6 +97,12 @@ class XmppChannelMock : public XmppChannel {
     virtual std::string LastFlap() const {
         return "";
     }
+    virtual std::string AuthType() const {
+        return "";
+    }
+    virtual std::string PeerAddress() const {
+        return "";
+    }
 };
 
 class BgpXmppChannelMock : public BgpXmppChannel {

diff --git a/src/control-node/main.cc b/src/control-node/main.cc
@@ -82,20 +82,19 @@ static XmppServer *CreateXmppServer(EventManager *evm, Options *options,
     xmpp_cfg->endpoint.port(options->xmpp_port());
     xmpp_cfg->FromAddr = XmppInit::kControlNodeJID;
     xmpp_cfg->auth_enabled = options->xmpp_auth_enabled();
-
-    XmppServer *xmpp_server;
     if (xmpp_cfg->auth_enabled) {
         xmpp_cfg->path_to_server_cert = options->xmpp_server_cert();
         xmpp_cfg->path_to_pvt_key = options->xmpp_server_key();
-        // Create XmppServer
-        xmpp_server = new XmppServer(evm, options->hostname(), xmpp_cfg);
-    } else {
-        // Create XmppServer
-        xmpp_server = new XmppServer(evm, options->hostname());
     }
-    xmpp_server->Initialize(options->xmpp_port(), true);
 
-    return (xmpp_server);
+    // Create XmppServer
+    XmppServer *xmpp_server;
+    xmpp_server = new XmppServer(evm, options->hostname(), xmpp_cfg);
+    if (!xmpp_server->Initialize(options->xmpp_port(), true)) {
+        return NULL;
+    } else {
+        return (xmpp_server);
+    }
 }
 
 static void WaitForIdle() {
@@ -500,6 +499,9 @@ int main(int argc, char *argv[]) {
     //Create Xmpp Server
     XmppChannelConfig xmpp_cfg(false);
     XmppServer *xmpp_server = CreateXmppServer(&evm, &options, &xmpp_cfg);
+    if (xmpp_server == NULL) {
+        exit(1);
+    }
 
     // Register XMPP channel peers 
     boost::scoped_ptr<BgpXmppChannelManager> bgp_peer_manager(

diff --git a/src/control-node/options.cc b/src/control-node/options.cc
@@ -125,10 +125,12 @@ void Options::Initialize(EventManager &evm,
         ("DEFAULT.xmpp_auth_enable", opt::bool_switch(&xmpp_auth_enable_),
              "Enable authentication over Xmpp")
         ("DEFAULT.xmpp_server_cert",
-             opt::value<string>()->default_value("/etc/contrail/ssl/certs/server.pem"),
+             opt::value<string>()->default_value(
+             "/etc/contrail/ssl/certs/control-node-cert.pem"),
              "XMPP Server ssl certificate")
         ("DEFAULT.xmpp_server_key",
-             opt::value<string>()->default_value("/etc/contrail/ssl/private/server.key"),
+             opt::value<string>()->default_value(
+             "/etc/contrail/ssl/private/control-node-privkey.pem"),
              "XMPP Server ssl private key")
 
         ("DISCOVERY.port", opt::value<uint16_t>()->default_value(

diff --git a/src/dns/agent/agent_xmpp_init.cc b/src/dns/agent/agent_xmpp_init.cc
@@ -12,19 +12,29 @@
 
 using namespace boost::asio;
 
-bool DnsAgentXmppManager::Init() {
+bool DnsAgentXmppManager::Init(bool xmpp_auth_enabled,
+                               const std::string &xmpp_server_cert,
+                               const std::string &xmpp_server_key) {
     uint32_t port = Dns::GetXmppServerPort();
     if (!port)
         port = ContrailPorts::DnsXmpp();
 
-    XmppInit *init = new XmppInit();
-    XmppServer *server = new XmppServer(Dns::GetEventManager());
+    // XmppChannel Configuration
     XmppChannelConfig xmpp_cfg(false);
     xmpp_cfg.FromAddr = XmppInit::kDnsNodeJID;
     xmpp_cfg.endpoint.port(port);
-    init->AddXmppChannelConfig(&xmpp_cfg);
-    if (!init->InitServer(server, port, false))
+    xmpp_cfg.auth_enabled = xmpp_auth_enabled;
+    if (xmpp_cfg.auth_enabled) {
+        xmpp_cfg.path_to_server_cert = xmpp_server_cert;
+        xmpp_cfg.path_to_pvt_key = xmpp_server_key;
+    }
+
+    // Create XmppServer
+    XmppServer *server = new XmppServer(Dns::GetEventManager(),
+                                        Dns::GetHostName(), &xmpp_cfg);
+    if (!server->Initialize(port, false)) {
         return false;
+    }
     Dns::SetXmppServer(server);
 
     DnsAgentXmppChannelManager *agent_xmpp_mgr = 

diff --git a/src/dns/agent/agent_xmpp_init.h b/src/dns/agent/agent_xmpp_init.h
@@ -7,7 +7,9 @@
 
 class DnsAgentXmppManager {
 public:
-    static bool Init();
+    static bool Init(bool xmpp_auth_enabled,
+                     const std::string &xmpp_server_cert,
+                     const std::string &xmpp_server_key);
     static void Shutdown();
 };
 

diff --git a/src/dns/cmn/dns_options.cc b/src/dns/cmn/dns_options.cc
@@ -139,6 +139,18 @@ void Options::Initialize(EventManager &evm,
              "IFMAP server URL")
         ("IFMAP.user", opt::value<string>()->default_value("dns_user"),
              "IFMAP server username")
+
+
+        ("DEFAULT.xmpp_auth_enable", opt::bool_switch(&xmpp_auth_enable_),
+             "Enable authentication over Xmpp")
+        ("DEFAULT.xmpp_server_cert",
+             opt::value<string>()->default_value(
+             "/etc/contrail/ssl/certs/dns-cert.pem"),
+             "XMPP Server ssl certificate")
+        ("DEFAULT.xmpp_server_key",
+             opt::value<string>()->default_value(
+             "/etc/contrail/ssl/private/dns-privkey.pem"),
+             "XMPP Server ssl private key")
         ;
 
     config_file_options_.add(config);
@@ -255,4 +267,8 @@ void Options::Process(int argc, char *argv[],
     GetOptValue<string>(var_map, ifmap_server_url_, "IFMAP.server_url");
     GetOptValue<string>(var_map, ifmap_user_, "IFMAP.user");
     GetOptValue<string>(var_map, ifmap_certs_store_, "IFMAP.certs_store");
+
+    GetOptValue<bool>(var_map, xmpp_auth_enable_, "DEFAULT.xmpp_auth_enable");
+    GetOptValue<string>(var_map, xmpp_server_cert_, "DEFAULT.xmpp_server_cert");
+    GetOptValue<string>(var_map, xmpp_server_key_, "DEFAULT.xmpp_server_key");
 }
diff --git a/src/dns/cmn/dns_options.h b/src/dns/cmn/dns_options.h
@@ -40,6 +40,9 @@ class Options {
     const std::string ifmap_password() const { return ifmap_password_; }
     const std::string ifmap_user() const { return ifmap_user_; }
     const std::string ifmap_certs_store() const { return ifmap_certs_store_; }
+    const bool xmpp_auth_enabled() const { return xmpp_auth_enable_; }
+    const std::string xmpp_server_cert() const { return xmpp_server_cert_; }
+    const std::string xmpp_server_key() const { return xmpp_server_key_; }
     const bool test_mode() const { return test_mode_; }
     const bool collectors_configured() const { return collectors_configured_; }
 
@@ -90,6 +93,9 @@ class Options {
     std::string ifmap_password_;
     std::string ifmap_user_;
     std::string ifmap_certs_store_;
+    bool xmpp_auth_enable_;
+    std::string xmpp_server_cert_;
+    std::string xmpp_server_key_;
     bool test_mode_;
     bool collectors_configured_;
     std::vector<std::string> default_collector_server_list_;

diff --git a/src/dns/main.cc b/src/dns/main.cc
@@ -164,7 +164,9 @@ int main(int argc, char *argv[]) {
     DnsConfigParser parser(&config_db);
     parser.Parse(FileRead(options.config_file()));
 
-    if (!DnsAgentXmppManager::Init()){
+    if (!DnsAgentXmppManager::Init(options.xmpp_auth_enabled(),
+                                   options.xmpp_server_cert(),
+                                   options.xmpp_server_key())) {
         LOG(ERROR, "Address already in use " << ContrailPorts::DnsXmpp());
         exit(1);
     }

diff --git a/src/vnsw/agent/cmn/agent.cc b/src/vnsw/agent/cmn/agent.cc
@@ -217,21 +217,45 @@ void Agent::CopyConfig(AgentParam *params) {
     int dns_count = 0;
 
     if (params_->xmpp_server_1().to_ulong()) {
-        xs_addr_[count++] = params_->xmpp_server_1().to_string();
+        xs_addr_[count] = params_->xmpp_server_1().to_string();
+        xs_auth_enable_[count] = params_->xmpp_auth_enabled_1();
+        xs_server_cert_[count] = params_->xmpp_server_cert_1();
+        count++;
+    } else {
+        xs_auth_enable_[0] = params_->xmpp_auth_enabled_1();
+        xs_server_cert_[0] = params_->xmpp_server_cert_1();
     }
 
     if (params_->xmpp_server_2().to_ulong()) {
-        xs_addr_[count++] = params_->xmpp_server_2().to_string();
+        xs_addr_[count] = params_->xmpp_server_2().to_string();
+        xs_auth_enable_[count] = params_->xmpp_auth_enabled_2();
+        xs_server_cert_[count] = params_->xmpp_server_cert_2();
+        count++;
+    } else {
+        xs_auth_enable_[1] = params_->xmpp_auth_enabled_2();
+        xs_server_cert_[1] = params_->xmpp_server_cert_2();
     }
 
     if (params_->dns_server_1().to_ulong()) {
         dns_port_[dns_count] = params_->dns_port_1();
-        dns_addr_[dns_count++] = params_->dns_server_1().to_string();
+        dns_addr_[dns_count] = params_->dns_server_1().to_string();
+        dns_auth_enable_[count] = params_->xmpp_dns_auth_enabled_1();
+        dns_server_cert_[count] = params_->xmpp_dns_server_cert_1();
+        dns_count++;
+    } else {
+        dns_auth_enable_[0] = params_->xmpp_dns_auth_enabled_1();
+        dns_server_cert_[0] = params_->xmpp_dns_server_cert_1();
     }
 
     if (params_->dns_server_2().to_ulong()) {
         dns_port_[dns_count] = params_->dns_port_2();
         dns_addr_[dns_count++] = params_->dns_server_2().to_string();
+        dns_auth_enable_[count] = params_->xmpp_dns_auth_enabled_2();
+        dns_server_cert_[count] = params_->xmpp_dns_server_cert_2();
+        dns_count++;
+    } else {
+        dns_auth_enable_[1] = params_->xmpp_dns_auth_enabled_2();
+        dns_server_cert_[1] = params_->xmpp_dns_server_cert_2();
     }
 
     dss_addr_ = params_->discovery_server();

diff --git a/src/vnsw/agent/cmn/agent.h b/src/vnsw/agent/cmn/agent.h
@@ -402,6 +402,12 @@ class Agent {
         xs_addr_[idx].clear();
         xs_port_[idx] = 0;
     }
+    const bool xmpp_auth_enabled(uint8_t idx) const {
+        return xs_auth_enable_[idx];
+    }
+    const std::string &xmpp_server_cert(uint8_t idx) const {
+        return xs_server_cert_[idx];
+    }
 
     const uint32_t controller_ifmap_xmpp_port(uint8_t idx) const {
         return xs_port_[idx];
@@ -483,6 +489,12 @@ class Agent {
     // DNS XMPP Server
     const int8_t &dns_xmpp_server_index() const {return xs_dns_idx_;}
     void set_dns_xmpp_server_index(uint8_t xs_idx) {xs_dns_idx_ = xs_idx;}
+    const bool dns_auth_enabled(uint8_t idx) const {
+        return dns_auth_enable_[idx];
+    }
+    const std::string &dns_server_cert(uint8_t idx) const {
+        return dns_server_cert_[idx];
+    }
 
     XmppInit *dns_xmpp_init(uint8_t idx) const {
         return dns_xmpp_init_[idx];
@@ -988,9 +1000,14 @@ class Agent {
     std::string xs_addr_[MAX_XMPP_SERVERS];
     uint32_t xs_port_[MAX_XMPP_SERVERS];
     uint64_t xs_stime_[MAX_XMPP_SERVERS];
+    bool xs_auth_enable_[MAX_XMPP_SERVERS];
+    std::string xs_server_cert_[MAX_XMPP_SERVERS];
     int8_t xs_dns_idx_;
     std::string dns_addr_[MAX_XMPP_SERVERS];
     uint32_t dns_port_[MAX_XMPP_SERVERS];
+    bool dns_auth_enable_[MAX_XMPP_SERVERS];
+    std::string dns_server_cert_[MAX_XMPP_SERVERS];
+    // Discovery
     std::string dss_addr_;
     uint32_t dss_port_;
     int dss_xs_instances_;

diff --git a/src/vnsw/agent/controller/controller.sandesh b/src/vnsw/agent/controller/controller.sandesh
@@ -12,16 +12,18 @@ struct ControllerProtoStats {
 struct AgentXmppData {
     1: string controller_ip;
     2: string state;
-    3: string cfg_controller;
-    4: string mcast_controller;
-    5: string last_state;
-    6: string last_event;
-    7: string last_state_at;
-    8: u32 flap_count;
-    9: string flap_time;
-    10: ControllerProtoStats rx_proto_stats;
-    11: ControllerProtoStats tx_proto_stats;
-    12: string xmpp_auth_enabled;
+    3: string peer_name;
+    4: string peer_address;
+    5: optional string cfg_controller;
+    6: optional string mcast_controller;
+    7: string last_state;
+    8: string last_event;
+    9: string last_state_at;
+    10: u32 flap_count;
+    11: string flap_time;
+    12: ControllerProtoStats rx_proto_stats;
+    13: ControllerProtoStats tx_proto_stats;
+    14: string xmpp_auth_type;
 }
 
 traceobject sandesh AgentXmppTrace {
@@ -101,3 +103,10 @@ request sandesh AgentXmppConnectionStatusReq {
 response sandesh AgentXmppConnectionStatus {
     1: list<AgentXmppData>peer;
 }
+
+request sandesh AgentDnsXmppConnectionStatusReq {
+}
+
+response sandesh AgentDnsXmppConnectionStatus {
+    1: list<AgentXmppData>peer;
+}
diff --git a/src/vnsw/agent/controller/controller_init.cc b/src/vnsw/agent/controller/controller_init.cc
@@ -10,7 +10,6 @@
 #include <sandesh/sandesh_types.h>
 #include <sandesh/sandesh_trace.h>
 #include "cmn/agent_cmn.h"
-#include "init/agent_param.h"
 #include "xmpp/xmpp_init.h"
 #include "pugixml/pugixml.hpp"
 #include "oper/vrf.h"
@@ -61,17 +60,17 @@ void VNController::XmppServerConnect() {
                 continue; 
             }
 
+            boost::system::error_code ec;
             XmppChannelConfig *xmpp_cfg = new XmppChannelConfig(true);
             xmpp_cfg->ToAddr = XmppInit::kControlNodeJID;
-            boost::system::error_code ec;
             xmpp_cfg->FromAddr = agent_->agent_name();
             xmpp_cfg->NodeAddr = XmppInit::kPubSubNS;
             xmpp_cfg->endpoint.address(
                 ip::address::from_string(agent_->controller_ifmap_xmpp_server(count), ec));
             assert(ec.value() == 0);
-            xmpp_cfg->auth_enabled = agent_->params()->xmpp_auth_enabled();
+            xmpp_cfg->auth_enabled = agent_->xmpp_auth_enabled(count);
             if (xmpp_cfg->auth_enabled) {
-                xmpp_cfg->path_to_server_cert =  agent_->params()->xmpp_server_cert();
+                xmpp_cfg->path_to_server_cert =  agent_->xmpp_server_cert(count);
             }
             uint32_t port = agent_->controller_ifmap_xmpp_port(count);
             if (!port) {
@@ -80,12 +79,7 @@ void VNController::XmppServerConnect() {
             xmpp_cfg->endpoint.port(port);
 
             // Create Xmpp Client
-            XmppClient *client;
-            if (xmpp_cfg->auth_enabled) {
-                client = new XmppClient(agent_->event_manager(), xmpp_cfg);
-            } else {
-                client = new XmppClient(agent_->event_manager());
-            }
+            XmppClient *client = new XmppClient(agent_->event_manager(), xmpp_cfg);
 
             XmppInit *xmpp = new XmppInit();
             xmpp->AddXmppChannelConfig(xmpp_cfg);
@@ -140,9 +134,26 @@ void VNController::DnsXmppServerConnect() {
                 continue; 
             }
 
-            // create Xmpp channel with DNS server
+            // XmppChannel Configuration
+            boost::system::error_code ec;
+            XmppChannelConfig *xmpp_cfg_dns = new XmppChannelConfig(true);
+            xmpp_cfg_dns->ToAddr = XmppInit::kDnsNodeJID;
+            xmpp_cfg_dns->FromAddr = agent_->agent_name() + "/dns";
+            xmpp_cfg_dns->NodeAddr = "";
+            xmpp_cfg_dns->endpoint.address(
+                     ip::address::from_string(agent_->dns_server(count), ec));
+            assert(ec.value() == 0);
+            xmpp_cfg_dns->endpoint.port(ContrailPorts::DnsXmpp());
+            xmpp_cfg_dns->auth_enabled = agent_->dns_auth_enabled(count);
+            if (xmpp_cfg_dns->auth_enabled) {
+                xmpp_cfg_dns->path_to_server_cert = agent_->dns_server_cert(count);
+            }
+
+            // Create Xmpp Client
+            XmppClient *client_dns = new XmppClient(agent_->event_manager(),
+                                                    xmpp_cfg_dns);
+
             XmppInit *xmpp_dns = new XmppInit();
-            XmppClient *client_dns = new XmppClient(agent_->event_manager());
             // create dns peer
             AgentDnsXmppChannel *dns_peer = new AgentDnsXmppChannel(agent_,
                                                 agent_->dns_server(count),
@@ -151,16 +162,6 @@ void VNController::DnsXmppServerConnect() {
                 boost::bind(&AgentDnsXmppChannel::HandleXmppClientChannelEvent,
                             dns_peer, _2));
 
-            XmppChannelConfig *xmpp_cfg_dns = new XmppChannelConfig(true);
-            //XmppChannelConfig xmpp_cfg_dns(true);
-            xmpp_cfg_dns->ToAddr = XmppInit::kDnsNodeJID;
-            boost::system::error_code ec;
-            xmpp_cfg_dns->FromAddr = agent_->agent_name() + "/dns";
-            xmpp_cfg_dns->NodeAddr = "";
-            xmpp_cfg_dns->endpoint.address(
-                     ip::address::from_string(agent_->dns_server(count), ec));
-            assert(ec.value() == 0);
-            xmpp_cfg_dns->endpoint.port(ContrailPorts::DnsXmpp());
             xmpp_dns->AddXmppChannelConfig(xmpp_cfg_dns);
             xmpp_dns->InitClient(client_dns);