summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Kozyrev <alex.kozyrev@windriver.com>2019-01-21 11:52:51 -0500
committerAlex Kozyrev <alex.kozyrev@windriver.com>2019-02-14 09:04:46 -0500
commit506ef3fd7f8017adba2b77967b78328c1bf41b18 (patch)
tree4d53d6899ce499dbbf80c73a72b9e147974c97b7
parentb01f8ea964d47fa87c9459a313417abdf1fdefad (diff)
MTCE: reading BMC passwords from Barbican secret storage.HEADmaster
Use Openstack Barbican API to retrieve BMC passwords stored by SysInv. See SysInv commit for details on how to write password to Barbican. MTCE is going to find corresponding secret by host uuid and retrieve secret payload associated with it. mtcSecretApi_get is used to find secret reference, based on a hostname. mtcSecretApi_read is used to read a password using the reference found on a prevoius step. Also, did a little cleanup and removed old unused token handling code. Depends-On: I7102a9662f3757c062ab310737f4ba08379d0100 Change-Id: I66011dc95bb69ff536bd5888c08e3987bd666082 Story: 2003108 Task: 27700 Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Notes
Notes (review): Code-Review+2: Eric MacDonald <eric.macdonald@windriver.com> Workflow+1: Eric MacDonald <eric.macdonald@windriver.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 14 Feb 2019 16:26:05 +0000 Reviewed-on: https://review.openstack.org/632149 Project: openstack/stx-metal Branch: refs/heads/master
-rw-r--r--devstack/lib/stx-metal2
-rw-r--r--mtce-common/centos/mtce-common.spec1
-rwxr-xr-xmtce-common/src/common/Makefile2
-rw-r--r--mtce-common/src/common/hostUtil.cpp8
-rw-r--r--mtce-common/src/common/hostUtil.h1
-rw-r--r--mtce-common/src/common/httpUtil.cpp124
-rw-r--r--mtce-common/src/common/httpUtil.h52
-rw-r--r--mtce-common/src/common/jsonUtil.cpp74
-rw-r--r--mtce-common/src/common/jsonUtil.h67
-rw-r--r--mtce-common/src/common/logMacros.h5
-rwxr-xr-xmtce-common/src/common/nodeBase.h2
-rwxr-xr-xmtce-common/src/common/nodeUtil.cpp67
-rwxr-xr-xmtce-common/src/common/nodeUtil.h11
-rwxr-xr-xmtce-common/src/common/secretUtil.cpp348
-rwxr-xr-xmtce-common/src/common/secretUtil.h63
-rw-r--r--mtce-common/src/common/tokenUtil.cpp93
-rw-r--r--mtce-common/src/common/tokenUtil.h4
-rwxr-xr-xmtce-common/src/daemon/daemon_common.h6
-rw-r--r--mtce-common/src/daemon/daemon_config.cpp26
-rwxr-xr-xmtce/src/common/nodeClass.cpp38
-rwxr-xr-xmtce/src/common/nodeClass.h13
-rwxr-xr-xmtce/src/heartbeat/Makefile2
-rw-r--r--mtce/src/heartbeat/hbsStubs.cpp1
-rw-r--r--mtce/src/hwmon/hwmonClass.cpp78
-rw-r--r--mtce/src/hwmon/hwmonClass.h27
-rw-r--r--mtce/src/hwmon/hwmonFsm.cpp18
-rw-r--r--mtce/src/hwmon/hwmonHdlr.cpp6
-rw-r--r--mtce/src/hwmon/hwmonInit.cpp6
-rwxr-xr-xmtce/src/maintenance/Makefile2
-rwxr-xr-xmtce/src/maintenance/mtcHttpUtil.cpp2
-rwxr-xr-xmtce/src/maintenance/mtcInvApi.cpp6
-rwxr-xr-xmtce/src/maintenance/mtcKeyApi.cpp183
-rwxr-xr-xmtce/src/maintenance/mtcKeyApi.h25
-rw-r--r--mtce/src/maintenance/mtcNodeCtrl.cpp13
-rwxr-xr-xmtce/src/maintenance/mtcNodeHdlrs.cpp15
-rw-r--r--mtce/src/scripts/mtc.conf1
36 files changed, 899 insertions, 493 deletions
diff --git a/devstack/lib/stx-metal b/devstack/lib/stx-metal
index 8c30340..f140aca 100644
--- a/devstack/lib/stx-metal
+++ b/devstack/lib/stx-metal
@@ -169,6 +169,7 @@ function install_mtce_common {
169 "common/regexUtil.h" \ 169 "common/regexUtil.h" \
170 "common/threadUtil.h" \ 170 "common/threadUtil.h" \
171 "common/tokenUtil.h" \ 171 "common/tokenUtil.h" \
172 "common/secretUtil.h" \
172 ) 173 )
173 sudo install -m 755 -d ${inc_dir_common} 174 sudo install -m 755 -d ${inc_dir_common}
174 sudo install -m 644 -t ${inc_dir_common} ${commonhdr_file[*]} 175 sudo install -m 644 -t ${inc_dir_common} ${commonhdr_file[*]}
@@ -957,6 +958,7 @@ function cleanup_metal {
957 "regexUtil.h" \ 958 "regexUtil.h" \
958 "threadUtil.h" \ 959 "threadUtil.h" \
959 "tokenUtil.h" \ 960 "tokenUtil.h" \
961 "secretUtil.h" \
960 "daemon_ini.h" \ 962 "daemon_ini.h" \
961 "daemon_common.h" \ 963 "daemon_common.h" \
962 "daemon_option.h" \ 964 "daemon_option.h" \
diff --git a/mtce-common/centos/mtce-common.spec b/mtce-common/centos/mtce-common.spec
index 738d82f..b0837f7 100644
--- a/mtce-common/centos/mtce-common.spec
+++ b/mtce-common/centos/mtce-common.spec
@@ -140,6 +140,7 @@ install -m 644 -p -D %{_buildsubdir}/common/pingUtil.h %{buildroot}%{_includedir
140install -m 644 -p -D %{_buildsubdir}/common/regexUtil.h %{buildroot}%{_includedir}/mtce-common 140install -m 644 -p -D %{_buildsubdir}/common/regexUtil.h %{buildroot}%{_includedir}/mtce-common
141install -m 644 -p -D %{_buildsubdir}/common/threadUtil.h %{buildroot}%{_includedir}/mtce-common 141install -m 644 -p -D %{_buildsubdir}/common/threadUtil.h %{buildroot}%{_includedir}/mtce-common
142install -m 644 -p -D %{_buildsubdir}/common/tokenUtil.h %{buildroot}%{_includedir}/mtce-common 142install -m 644 -p -D %{_buildsubdir}/common/tokenUtil.h %{buildroot}%{_includedir}/mtce-common
143install -m 644 -p -D %{_buildsubdir}/common/secretUtil.h %{buildroot}%{_includedir}/mtce-common
143 144
144%clean 145%clean
145rm -v -rf $RPM_BUILD_ROOT 146rm -v -rf $RPM_BUILD_ROOT
diff --git a/mtce-common/src/common/Makefile b/mtce-common/src/common/Makefile
index 9c9788b..ce75921 100755
--- a/mtce-common/src/common/Makefile
+++ b/mtce-common/src/common/Makefile
@@ -22,6 +22,7 @@ SRCS = regexUtil.cpp \
22 jsonUtil.cpp \ 22 jsonUtil.cpp \
23 httpUtil.cpp \ 23 httpUtil.cpp \
24 tokenUtil.cpp \ 24 tokenUtil.cpp \
25 secretUtil.cpp \
25 msgClass.cpp 26 msgClass.cpp
26 27
27COMMON_OBJS = regexUtil.o \ 28COMMON_OBJS = regexUtil.o \
@@ -39,6 +40,7 @@ COMMON_OBJS = regexUtil.o \
39 jsonUtil.o \ 40 jsonUtil.o \
40 httpUtil.o \ 41 httpUtil.o \
41 tokenUtil.o \ 42 tokenUtil.o \
43 secretUtil.o \
42 msgClass.o 44 msgClass.o
43 45
44OBJS = $(SRCS:.cpp=.o) 46OBJS = $(SRCS:.cpp=.o)
diff --git a/mtce-common/src/common/hostUtil.cpp b/mtce-common/src/common/hostUtil.cpp
index dc75442..588ef85 100644
--- a/mtce-common/src/common/hostUtil.cpp
+++ b/mtce-common/src/common/hostUtil.cpp
@@ -56,6 +56,11 @@ string hostUtil_getServiceIp ( mtc_service_enum service )
56 ip = "localhost" ; 56 ip = "localhost" ;
57 break ; 57 break ;
58 } 58 }
59 case SERVICE_SECRET:
60 {
61 ip = cfg_ptr->barbican_api_host;
62 break ;
63 }
59 default: 64 default:
60 { 65 {
61 slog ("Unsupported service (%d)\n", service ); 66 slog ("Unsupported service (%d)\n", service );
@@ -97,6 +102,9 @@ int hostUtil_getServicePort ( mtc_service_enum service )
97 case SERVICE_TOKEN: 102 case SERVICE_TOKEN:
98 return(cfg_ptr->keystone_port); 103 return(cfg_ptr->keystone_port);
99 104
105 case SERVICE_SECRET:
106 return(cfg_ptr->barbican_api_port);
107
100 default: 108 default:
101 { 109 {
102 slog ("Unsupported service (%d)\n", service ); 110 slog ("Unsupported service (%d)\n", service );
diff --git a/mtce-common/src/common/hostUtil.h b/mtce-common/src/common/hostUtil.h
index d207f4d..f58f9be 100644
--- a/mtce-common/src/common/hostUtil.h
+++ b/mtce-common/src/common/hostUtil.h
@@ -70,6 +70,7 @@ typedef enum
70 SERVICE_TOKEN = 1, 70 SERVICE_TOKEN = 1,
71 SERVICE_SMGR = 2, 71 SERVICE_SMGR = 2,
72 SERVICE_VIM = 3, 72 SERVICE_VIM = 3,
73 SERVICE_SECRET = 4,
73} mtc_service_enum ; 74} mtc_service_enum ;
74 75
75string hostUtil_getServiceIp ( mtc_service_enum service ); 76string hostUtil_getServiceIp ( mtc_service_enum service );
diff --git a/mtce-common/src/common/httpUtil.cpp b/mtce-common/src/common/httpUtil.cpp
index d263971..a487664 100644
--- a/mtce-common/src/common/httpUtil.cpp
+++ b/mtce-common/src/common/httpUtil.cpp
@@ -20,7 +20,7 @@ using namespace std;
20#include "tokenUtil.h" /* for ... tokenUtil_handler */ 20#include "tokenUtil.h" /* for ... tokenUtil_handler */
21#include "nodeUtil.h" /* for ... string_contains */ 21#include "nodeUtil.h" /* for ... string_contains */
22#include "timeUtil.h" /* for ... time_debug_type */ 22#include "timeUtil.h" /* for ... time_debug_type */
23#include "keyClass.h" /* for ... add_key, del_key */ 23#include "keyClass.h" /* for ... add_key, del_key */
24 24
25static keyClass keyValObject ; 25static keyClass keyValObject ;
26static char rest_api_filename[MAX_FILENAME_LEN]; 26static char rest_api_filename[MAX_FILENAME_LEN];
@@ -66,10 +66,10 @@ const char * getHttpCmdType_str ( evhttp_cmd_type type )
66 * 66 *
67 * ************************************************************************/ 67 * ************************************************************************/
68 68
69int httpUtil_event_init ( libEvent * ptr , 69int httpUtil_event_init ( libEvent * ptr ,
70 string hostname, 70 string hostname,
71 string service, 71 string service,
72 string ip, 72 string ip,
73 int port ) 73 int port )
74{ 74{
75 /* Default Starting States */ 75 /* Default Starting States */
@@ -127,12 +127,12 @@ int httpUtil_event_init ( libEvent * ptr ,
127 /** Default the user agent to mtce ; other users and commands can override */ 127 /** Default the user agent to mtce ; other users and commands can override */
128 ptr->user_agent = "mtce/1.0" ; 128 ptr->user_agent = "mtce/1.0" ;
129 129
130 ptr->admin_url.clear(); 130 ptr->admin_url.clear();
131 ptr->internal_url.clear(); 131 ptr->internal_url.clear();
132 ptr->public_url.clear(); 132 ptr->public_url.clear();
133 133
134 /* HTTP Specific Info */ 134 /* HTTP Specific Info */
135 ptr->type = EVHTTP_REQ_GET ; /* request type GET/PUT/PATCH etc */ 135 ptr->type = EVHTTP_REQ_GET ; /* request type GET/PUT/PATCH etc */
136 136
137 /* Result Info */ 137 /* Result Info */
138 ptr->status = FAIL; 138 ptr->status = FAIL;
@@ -154,8 +154,8 @@ void httpUtil_init ( void )
154{ 154{
155 httpUtil_event_init ( &nullEvent, "null", "null" , "0.0.0.0", 0); 155 httpUtil_event_init ( &nullEvent, "null", "null" , "0.0.0.0", 0);
156 nullEvent.request = SERVICE_NONE ; 156 nullEvent.request = SERVICE_NONE ;
157 157
158 snprintf (&rest_api_filename[0], MAX_FILENAME_LEN, "/var/log/%s_api.log", 158 snprintf (&rest_api_filename[0], MAX_FILENAME_LEN, "/var/log/%s_api.log",
159 program_invocation_short_name ); 159 program_invocation_short_name );
160} 160}
161 161
@@ -200,7 +200,7 @@ void httpUtil_free_base ( libEvent & event )
200 event.base = NULL ; 200 event.base = NULL ;
201 if ( event.conn ) 201 if ( event.conn )
202 { 202 {
203 hlog ("%s Free Connection (%p) --------- along with base\n", 203 hlog ("%s Free Connection (%p) --------- along with base\n",
204 event.log_prefix.c_str(), event.conn ); 204 event.log_prefix.c_str(), event.conn );
205 205
206 evhttp_connection_free ( event.conn ); 206 evhttp_connection_free ( event.conn );
@@ -209,7 +209,7 @@ void httpUtil_free_base ( libEvent & event )
209 } 209 }
210 else 210 else
211 { 211 {
212 hlog1 ("%s Already Freed Event Base\n", event.log_prefix.c_str()); 212 hlog1 ("%s Already Freed Event Base\n", event.log_prefix.c_str());
213 } 213 }
214} 214}
215 215
@@ -230,7 +230,7 @@ int httpUtil_connect ( libEvent & event )
230 230
231 /* Open an http connection to specified IP and port */ 231 /* Open an http connection to specified IP and port */
232 event.conn = evhttp_connection_base_new ( event.base, NULL, 232 event.conn = evhttp_connection_base_new ( event.base, NULL,
233 event.ip.c_str(), 233 event.ip.c_str(),
234 event.port ); 234 event.port );
235 /* bind to the correctly-versioned local address */ 235 /* bind to the correctly-versioned local address */
236 if ( event.conn ) 236 if ( event.conn )
@@ -262,7 +262,7 @@ int httpUtil_request ( libEvent & event,
262 void(*hdlr)(struct evhttp_request *, void *)) 262 void(*hdlr)(struct evhttp_request *, void *))
263{ 263{
264 int rc = PASS ; 264 int rc = PASS ;
265 265
266 /* make a new request and bind the event handler to it */ 266 /* make a new request and bind the event handler to it */
267 event.req = evhttp_request_new( hdlr , event.base ); 267 event.req = evhttp_request_new( hdlr , event.base );
268 if ( ! event.req ) 268 if ( ! event.req )
@@ -286,14 +286,14 @@ int httpUtil_request ( libEvent & event,
286int httpUtil_payload_add ( libEvent & event ) 286int httpUtil_payload_add ( libEvent & event )
287{ 287{
288 int rc = PASS ; 288 int rc = PASS ;
289 289
290 /* Returns the output buffer. */ 290 /* Returns the output buffer. */
291 event.buf = evhttp_request_get_output_buffer ( event.req ); 291 event.buf = evhttp_request_get_output_buffer ( event.req );
292 292
293 /* Check for no buffer */ 293 /* Check for no buffer */
294 if ( ! event.buf ) 294 if ( ! event.buf )
295 { 295 {
296 elog ("%s evhttp_request_get_output_buffer returned null (%p)\n", 296 elog ("%s evhttp_request_get_output_buffer returned null (%p)\n",
297 event.log_prefix.c_str(), event.req ); 297 event.log_prefix.c_str(), event.req );
298 298
299 rc = FAIL ; 299 rc = FAIL ;
@@ -311,7 +311,7 @@ int httpUtil_payload_add ( libEvent & event )
311 } 311 }
312 else if ( rc == 0 ) 312 else if ( rc == 0 )
313 { 313 {
314 elog ("%s no data added to output buffer (len=0)\n", 314 elog ("%s no data added to output buffer (len=0)\n",
315 event.log_prefix.c_str()); 315 event.log_prefix.c_str());
316 316
317 rc = FAIL ; 317 rc = FAIL ;
@@ -367,15 +367,15 @@ int httpUtil_header_add ( libEvent * ptr, http_headers_type * hdrs_ptr )
367 367
368 if ( hdrs_ptr->entries > MAX_HEADERS ) 368 if ( hdrs_ptr->entries > MAX_HEADERS )
369 { 369 {
370 elog ("%s Too many headers (%d:%d)\n", 370 elog ("%s Too many headers (%d:%d)\n",
371 ptr->log_prefix.c_str(), MAX_HEADERS, hdrs_ptr->entries ); 371 ptr->log_prefix.c_str(), MAX_HEADERS, hdrs_ptr->entries );
372 return FAIL ; 372 return FAIL ;
373 } 373 }
374 for ( int i = 0 ; i < hdrs_ptr->entries ; i++ ) 374 for ( int i = 0 ; i < hdrs_ptr->entries ; i++ )
375 { 375 {
376 /* Add the header */ 376 /* Add the header */
377 rc = evhttp_add_header( ptr->req->output_headers, 377 rc = evhttp_add_header( ptr->req->output_headers,
378 hdrs_ptr->entry[i].key.c_str() , 378 hdrs_ptr->entry[i].key.c_str(),
379 hdrs_ptr->entry[i].value.c_str()); 379 hdrs_ptr->entry[i].value.c_str());
380 if ( rc ) 380 if ( rc )
381 { 381 {
@@ -385,7 +385,7 @@ int httpUtil_header_add ( libEvent * ptr, http_headers_type * hdrs_ptr )
385 hdrs_ptr->entry[i].value.c_str()); 385 hdrs_ptr->entry[i].value.c_str());
386 rc = FAIL ; 386 rc = FAIL ;
387 break ; 387 break ;
388 } 388 }
389 } 389 }
390 return (rc); 390 return (rc);
391} 391}
@@ -432,14 +432,14 @@ int httpUtil_get_response ( libEvent & event )
432 /* Get a stack buffer, zero it, copy to it and terminate it */ 432 /* Get a stack buffer, zero it, copy to it and terminate it */
433 char * stack_buf_ptr = (char*)malloc (event.response_len+1); 433 char * stack_buf_ptr = (char*)malloc (event.response_len+1);
434 memset ( stack_buf_ptr, 0, event.response_len+1 ); 434 memset ( stack_buf_ptr, 0, event.response_len+1 );
435 real_len = evbuffer_remove( event.req->input_buffer, stack_buf_ptr, 435 real_len = evbuffer_remove( event.req->input_buffer, stack_buf_ptr,
436 event.response_len); 436 event.response_len);
437 437
438 if ( real_len != event.response_len ) 438 if ( real_len != event.response_len )
439 { 439 {
440 wlog ("%s Length differs from removed length (%ld:%ld)\n", 440 wlog ("%s Length differs from removed length (%ld:%ld)\n",
441 event.log_prefix.c_str(), 441 event.log_prefix.c_str(),
442 event.response_len, 442 event.response_len,
443 real_len ); 443 real_len );
444 } 444 }
445 445
@@ -447,7 +447,7 @@ int httpUtil_get_response ( libEvent & event )
447 { 447 {
448 hlog1 ("%s has no response data\n", event.log_prefix.c_str() ); 448 hlog1 ("%s has no response data\n", event.log_prefix.c_str() );
449 } 449 }
450 /* Terminate the buffer , this is where the +1 above is required. 450 /* Terminate the buffer , this is where the +1 above is required.
451 * Without it there is memory corruption reported by Linux */ 451 * Without it there is memory corruption reported by Linux */
452 *(stack_buf_ptr+event.response_len) = '\0'; 452 *(stack_buf_ptr+event.response_len) = '\0';
453 453
@@ -538,7 +538,7 @@ void httpUtil_handler ( struct evhttp_request *req, void *arg )
538 return ; 538 return ;
539 } 539 }
540 540
541 event_ptr = (libEvent*)temp; 541 event_ptr = (libEvent*)temp;
542 if (( event_ptr->request >= SERVICE_LAST ) || ( event_ptr->request == SERVICE_NONE )) 542 if (( event_ptr->request >= SERVICE_LAST ) || ( event_ptr->request == SERVICE_NONE ))
543 { 543 {
544 slog ("HTTP Event Lookup Failed for http base (%p) <------\n", arg); 544 slog ("HTTP Event Lookup Failed for http base (%p) <------\n", arg);
@@ -549,18 +549,17 @@ void httpUtil_handler ( struct evhttp_request *req, void *arg )
549 event_ptr->status = httpUtil_status ( (*event_ptr) ) ; 549 event_ptr->status = httpUtil_status ( (*event_ptr) ) ;
550 if ( event_ptr->status == HTTP_NOTFOUND ) 550 if ( event_ptr->status == HTTP_NOTFOUND )
551 { 551 {
552 elog ("%s returned (Not-Found) (%d)\n", 552 elog ("%s returned (Not-Found) (%d)\n",
553 event_ptr->log_prefix.c_str(), 553 event_ptr->log_prefix.c_str(),
554 event_ptr->status); 554 event_ptr->status);
555 if ( event_ptr->type != EVHTTP_REQ_POST ) 555 if ( event_ptr->type != EVHTTP_REQ_POST )
556 event_ptr->status = PASS ; 556 event_ptr->status = PASS ;
557
558 goto httpUtil_handler_done ; 557 goto httpUtil_handler_done ;
559 } 558 }
560 559
561 else if (( event_ptr->status != PASS ) && ( ! req )) 560 else if (( event_ptr->status != PASS ) && ( ! req ))
562 { 561 {
563 elog ("%s Request Timeout (%d)\n", 562 elog ("%s Request Timeout (%d)\n",
564 event_ptr->log_prefix.c_str(), 563 event_ptr->log_prefix.c_str(),
565 event_ptr->timeout); 564 event_ptr->timeout);
566 565
@@ -788,6 +787,11 @@ int httpUtil_api_request ( libEvent & event )
788 { 787 {
789 ; 788 ;
790 } 789 }
790 else if (( event.request == BARBICAN_GET_SECRET ) ||
791 ( event.request == BARBICAN_READ_SECRET ))
792 {
793 ;
794 }
791 else 795 else
792 { 796 {
793 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request); 797 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request);
@@ -799,7 +803,7 @@ int httpUtil_api_request ( libEvent & event )
799 if ( httpUtil_connect ( event )) 803 if ( httpUtil_connect ( event ))
800 { 804 {
801 event.status = FAIL_CONNECT ; 805 event.status = FAIL_CONNECT ;
802 goto httpUtil_api_request_done ; 806 goto httpUtil_api_request_done ;
803 } 807 }
804 808
805 if ( httpUtil_request ( event, &httpUtil_handler )) 809 if ( httpUtil_request ( event, &httpUtil_handler ))
@@ -813,7 +817,7 @@ int httpUtil_api_request ( libEvent & event )
813 jlog ("%s Address : %s\n", event.hostname.c_str(), event.address.c_str()); 817 jlog ("%s Address : %s\n", event.hostname.c_str(), event.address.c_str());
814 } 818 }
815 819
816 if (( event.type != EVHTTP_REQ_GET ) && 820 if (( event.type != EVHTTP_REQ_GET ) &&
817 ( event.type != EVHTTP_REQ_DELETE )) 821 ( event.type != EVHTTP_REQ_DELETE ))
818 { 822 {
819 /* Add payload to the output buffer but only for PUT, POST and PATCH requests */ 823 /* Add payload to the output buffer but only for PUT, POST and PATCH requests */
@@ -824,15 +828,15 @@ int httpUtil_api_request ( libEvent & event )
824 } 828 }
825 if ( daemon_get_cfg_ptr()->debug_json ) 829 if ( daemon_get_cfg_ptr()->debug_json )
826 { 830 {
827 if ((!string_contains(event.payload,"token")) && 831 if ((!string_contains(event.payload,"token")) &&
828 (!string_contains(event.payload,"assword"))) 832 (!string_contains(event.payload,"assword")))
829 { 833 {
830 jlog ("%s Payload : %s\n", event.hostname.c_str(), 834 jlog ("%s Payload : %s\n", event.hostname.c_str(),
831 event.payload.c_str() ); 835 event.payload.c_str() );
832 } 836 }
833 else 837 else
834 { 838 {
835 jlog ("%s Payload : ... contains private content ...\n", 839 jlog ("%s Payload : ... contains private content ...\n",
836 event.hostname.c_str()); 840 event.hostname.c_str());
837 841
838 } 842 }
@@ -848,7 +852,7 @@ int httpUtil_api_request ( libEvent & event )
848 hdrs.entry[hdr_entry].value = "admin"; 852 hdrs.entry[hdr_entry].value = "admin";
849 hdr_entry++; 853 hdr_entry++;
850 854
851 if (( event.type != EVHTTP_REQ_GET ) && 855 if (( event.type != EVHTTP_REQ_GET ) &&
852 ( event.type != EVHTTP_REQ_DELETE )) 856 ( event.type != EVHTTP_REQ_DELETE ))
853 { 857 {
854 hdrs.entry[hdr_entry].key = "Content-Length" ; 858 hdrs.entry[hdr_entry].key = "Content-Length" ;
@@ -859,14 +863,23 @@ int httpUtil_api_request ( libEvent & event )
859 hdrs.entry[hdr_entry].key = "User-Agent" ; 863 hdrs.entry[hdr_entry].key = "User-Agent" ;
860 hdrs.entry[hdr_entry].value = event.user_agent ; 864 hdrs.entry[hdr_entry].value = event.user_agent ;
861 hdr_entry++; 865 hdr_entry++;
862 866
863 hdrs.entry[hdr_entry].key = "Content-Type" ; 867 hdrs.entry[hdr_entry].key = "Content-Type" ;
864 hdrs.entry[hdr_entry].value = "application/json" ; 868 hdrs.entry[hdr_entry].value = "application/json" ;
865 hdr_entry++; 869 hdr_entry++;
866 870
867 hdrs.entry[hdr_entry].key = "Accept" ; 871 if ( event.request == BARBICAN_READ_SECRET )
868 hdrs.entry[hdr_entry].value = "application/json" ; 872 {
869 hdr_entry++; 873 hdrs.entry[hdr_entry].key = "Accept" ;
874 hdrs.entry[hdr_entry].value = "application/octet-stream" ;
875 hdr_entry++;
876 }
877 else
878 {
879 hdrs.entry[hdr_entry].key = "Accept" ;
880 hdrs.entry[hdr_entry].value = "application/json" ;
881 hdr_entry++;
882 }
870 883
871 if ( event.request != KEYSTONE_GET_TOKEN ) 884 if ( event.request != KEYSTONE_GET_TOKEN )
872 { 885 {
@@ -912,8 +925,10 @@ int httpUtil_api_request ( libEvent & event )
912 } 925 }
913 else 926 else
914 { 927 {
928 hlog ("%s API Internal Address : %s\n", event.hostname.c_str(), event.address.c_str());
915 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.address.data()); 929 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.address.data());
916 } 930 }
931
917 daemon_signal_hdlr (); 932 daemon_signal_hdlr ();
918 if ( event.status == PASS ) 933 if ( event.status == PASS )
919 { 934 {
@@ -939,14 +954,15 @@ int httpUtil_api_request ( libEvent & event )
939 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG ); 954 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG );
940 goto httpUtil_api_request_done ; 955 goto httpUtil_api_request_done ;
941 } 956 }
942 else if ( event.request == KEYSTONE_GET_TOKEN ) 957 else if ( event.request == KEYSTONE_GET_TOKEN ||
958 event.request == BARBICAN_GET_SECRET ||
959 event.request == BARBICAN_READ_SECRET )
943 { 960 {
944 hlog ("%s Requested (non-blocking) (timeout:%d secs)\n", event.log_prefix.c_str(), event.timeout); 961 hlog ("%s Requested (non-blocking) (timeout:%d secs)\n", event.log_prefix.c_str(), event.timeout);
945 event.active = true ; 962 event.active = true ;
946 event.status = event_base_loop(event.base, EVLOOP_NONBLOCK); 963 event.status = event_base_loop(event.base, EVLOOP_NONBLOCK);
947 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG ); /* Should be immediate ; non blocking */ 964 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG ); /* Should be immediate ; non blocking */
948 return (event.status); 965 return (event.status);
949 // goto httpUtil_api_request_done ;
950 } 966 }
951 else 967 else
952 { 968 {
@@ -979,9 +995,9 @@ httpUtil_api_request_done:
979 995
980void httpUtil_event_info ( libEvent & event ) 996void httpUtil_event_info ( libEvent & event )
981{ 997{
982 ilog ("%s request to %s.%d Status:%d \n", 998 ilog ("%s request to %s.%d Status:%d \n",
983 event.log_prefix.c_str(), 999 event.log_prefix.c_str(),
984 event.ip.c_str(), 1000 event.ip.c_str(),
985 event.port, 1001 event.port,
986 event.status); 1002 event.status);
987 if ( event.request == KEYSTONE_GET_TOKEN ) 1003 if ( event.request == KEYSTONE_GET_TOKEN )
@@ -1001,7 +1017,7 @@ void httpUtil_log_event ( libEvent * event_ptr )
1001{ 1017{
1002 string event_sig = daemon_get_cfg_ptr()->debug_event ; 1018 string event_sig = daemon_get_cfg_ptr()->debug_event ;
1003 msgSock_type * mtclogd_ptr = get_mtclogd_sockPtr (); 1019 msgSock_type * mtclogd_ptr = get_mtclogd_sockPtr ();
1004 1020
1005 send_log_message ( get_mtclogd_sockPtr(), event_ptr->hostname.data(), &rest_api_filename[0], &event_ptr->req_str[0] ); 1021 send_log_message ( get_mtclogd_sockPtr(), event_ptr->hostname.data(), &rest_api_filename[0], &event_ptr->req_str[0] );
1006 1022
1007 if ( event_ptr->request == KEYSTONE_GET_TOKEN ) 1023 if ( event_ptr->request == KEYSTONE_GET_TOKEN )
@@ -1031,16 +1047,16 @@ void httpUtil_log_event ( libEvent * event_ptr )
1031 1047
1032 if (!event_ptr->payload.empty()) 1048 if (!event_ptr->payload.empty())
1033 { 1049 {
1034 if ((!string_contains(event_ptr->payload,"token")) && 1050 if ((!string_contains(event_ptr->payload,"token")) &&
1035 (!string_contains(event_ptr->payload,"assword"))) 1051 (!string_contains(event_ptr->payload,"assword")))
1036 { 1052 {
1037 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1053 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1038 "%s [%5d] %s seq:%d -> Payload : %s", 1054 "%s [%5d] %s seq:%d -> Payload : %s",
1039 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->payload.c_str() ); 1055 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->payload.c_str() );
1040 } 1056 }
1041 else 1057 else
1042 { 1058 {
1043 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1059 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1044 "%s [%5d] %s seq:%d -> Payload : ... contains private content ...", 1060 "%s [%5d] %s seq:%d -> Payload : ... contains private content ...",
1045 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence ); 1061 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence );
1046 } 1062 }
@@ -1049,10 +1065,10 @@ void httpUtil_log_event ( libEvent * event_ptr )
1049 1065
1050 if ( !event_ptr->response.empty() ) 1066 if ( !event_ptr->response.empty() )
1051 { 1067 {
1052 if ((!string_contains(event_ptr->response,"token")) && 1068 if ((!string_contains(event_ptr->response,"token")) &&
1053 (!string_contains(event_ptr->response,"assword"))) 1069 (!string_contains(event_ptr->response,"assword")))
1054 { 1070 {
1055 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1071 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1056 "%s [%5d] %s seq:%d -> Response: %s", 1072 "%s [%5d] %s seq:%d -> Response: %s",
1057 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->response.c_str() ); 1073 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->response.c_str() );
1058 } 1074 }
@@ -1064,18 +1080,18 @@ void httpUtil_log_event ( libEvent * event_ptr )
1064 } 1080 }
1065 send_log_message ( mtclogd_ptr, event_ptr->hostname.data(), rest_api_filename, &rest_api_log_str[0] ); 1081 send_log_message ( mtclogd_ptr, event_ptr->hostname.data(), rest_api_filename, &rest_api_log_str[0] );
1066 } 1082 }
1067 1083
1068 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1084 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1069 "%s [%5d] %s %s '%s' seq:%d -> Status : %d {execution time %ld.%06ld secs}\n", 1085 "%s [%5d] %s %s '%s' seq:%d -> Status : %d {execution time %ld.%06ld secs}\n",
1070 pt(), getpid(), 1086 pt(), getpid(),
1071 event_ptr->hostname.c_str(), 1087 event_ptr->hostname.c_str(),
1072 event_ptr->service.c_str(), 1088 event_ptr->service.c_str(),
1073 event_ptr->operation.c_str(), 1089 event_ptr->operation.c_str(),
1074 event_ptr->sequence, 1090 event_ptr->sequence,
1075 event_ptr->http_status, 1091 event_ptr->http_status,
1076 event_ptr->diff_time.secs, 1092 event_ptr->diff_time.secs,
1077 event_ptr->diff_time.msecs ); 1093 event_ptr->diff_time.msecs );
1078 1094
1079 if (( event_ptr->diff_time.secs > 2 ) || (event_ptr->http_status != HTTP_OK ) ) 1095 if (( event_ptr->diff_time.secs > 2 ) || (event_ptr->http_status != HTTP_OK ) )
1080 { 1096 {
1081 int len = strlen (rest_api_log_str) ; 1097 int len = strlen (rest_api_log_str) ;
diff --git a/mtce-common/src/common/httpUtil.h b/mtce-common/src/common/httpUtil.h
index d846d29..b0f6698 100644
--- a/mtce-common/src/common/httpUtil.h
+++ b/mtce-common/src/common/httpUtil.h
@@ -52,6 +52,7 @@ using namespace std;
52#define HTTP_KEYSTONE_GET_TIMEOUT (10) 52#define HTTP_KEYSTONE_GET_TIMEOUT (10)
53#define HTTP_SMGR_TIMEOUT (20) 53#define HTTP_SMGR_TIMEOUT (20)
54#define HTTP_VIM_TIMEOUT (20) 54#define HTTP_VIM_TIMEOUT (20)
55#define HTTP_SECRET_TIMEOUT (5)
55 56
56#define SMGR_MAX_RETRIES (3) 57#define SMGR_MAX_RETRIES (3)
57 58
@@ -61,12 +62,14 @@ using namespace std;
61 62
62#define SMGR_EVENT_SIG "smgrEvent" 63#define SMGR_EVENT_SIG "smgrEvent"
63#define SYSINV_EVENT_SIG "sysinvEvent" 64#define SYSINV_EVENT_SIG "sysinvEvent"
65#define SECRET_EVENT_SIG "secretEvent"
64 66
65#define KEYSTONE_SIG "token" 67#define KEYSTONE_SIG "token"
66#define SENSOR_SIG "sensor" 68#define SENSOR_SIG "sensor"
67#define SYSINV_SIG "sysinv" 69#define SYSINV_SIG "sysinv"
68#define SMGR_SIG "smgr" 70#define SMGR_SIG "smgr"
69#define VIM_SIG "vim" 71#define VIM_SIG "vim"
72#define SECRET_SIG "secret"
70 73
71#define SYSINV_OPER__LOAD_HOST "load host" 74#define SYSINV_OPER__LOAD_HOST "load host"
72#define SYSINV_OPER__UPDATE_TASK "update task" 75#define SYSINV_OPER__UPDATE_TASK "update task"
@@ -108,6 +111,26 @@ typedef struct
108 error renewal - flood avoidance */ 111 error renewal - flood avoidance */
109} keyToken_type ; 112} keyToken_type ;
110 113
114
115typedef enum
116{
117 MTC_SECRET__START = 0,
118 MTC_SECRET__GET_REF,
119 MTC_SECRET__GET_REF_FAIL,
120 MTC_SECRET__GET_REF_RECV,
121 MTC_SECRET__GET_PWD,
122 MTC_SECRET__GET_PWD_FAIL,
123 MTC_SECRET__GET_PWD_RECV,
124 MTC_SECRET__STAGES,
125} mtc_secretStages_enum ;
126
127typedef struct
128{
129 string reference;
130 string payload ;
131 mtc_secretStages_enum stage ;
132} barbicanSecret_type;
133
111/** All supported Request Type Enums */ 134/** All supported Request Type Enums */
112typedef enum { 135typedef enum {
113 SERVICE_NONE, 136 SERVICE_NONE,
@@ -154,19 +177,22 @@ typedef enum {
154 SMGR_HOST_LOCKED, 177 SMGR_HOST_LOCKED,
155 SMGR_HOST_ENABLED, 178 SMGR_HOST_ENABLED,
156 SMGR_HOST_DISABLED, 179 SMGR_HOST_DISABLED,
157 180
158 KEYSTONE_TOKEN, 181 KEYSTONE_TOKEN,
159 KEYSTONE_GET_TOKEN, 182 KEYSTONE_GET_TOKEN,
160 KEYSTONE_GET_SERVICE_LIST, 183 KEYSTONE_GET_SERVICE_LIST,
161 KEYSTONE_GET_ENDPOINT_LIST, 184 KEYSTONE_GET_ENDPOINT_LIST,
162 185
186 BARBICAN_GET_SECRET,
187 BARBICAN_READ_SECRET,
188
163 SERVICE_LAST 189 SERVICE_LAST
164} libEvent_enum ; 190} libEvent_enum ;
165 191
166 192
167/** Local event control structure for REST API services 193/** Local event control structure for REST API services
168 * 194 *
169 * Nova, Neutron, Keystone and Inventory 195 * Nova, Neutron, Keystone, Barbican and Inventory
170 * 196 *
171 */ 197 */
172struct libEvent 198struct libEvent
@@ -177,7 +203,7 @@ struct libEvent
177 bool mutex ; /**< single operation at a time */ 203 bool mutex ; /**< single operation at a time */
178 bool active ; /**< true if waiting on response */ 204 bool active ; /**< true if waiting on response */
179 int stuck ; /**< Count mutex active stuck state */ 205 int stuck ; /**< Count mutex active stuck state */
180 bool blocking ; /**< true if command is blocking */ 206 bool blocking ; /**< true if command is blocking */
181 bool found ; /**< true if query was found */ 207 bool found ; /**< true if query was found */
182 int timeout ; /**< Request timeout */ 208 int timeout ; /**< Request timeout */
183 int count ; /**< retry recover counter */ 209 int count ; /**< retry recover counter */
@@ -204,7 +230,7 @@ struct libEvent
204 230
205 /** Service Specific Request Info */ 231 /** Service Specific Request Info */
206 libEvent_enum request ; /**< Specify the request command */ 232 libEvent_enum request ; /**< Specify the request command */
207 keyToken_type token ; /**< Copy of the active token */ 233 keyToken_type token ; /**< Copy of the active token */
208 string service ; /**< Service being executed */ 234 string service ; /**< Service being executed */
209 string hostname ; /**< Target hostname */ 235 string hostname ; /**< Target hostname */
210 string uuid ; /**< The UUID for this request */ 236 string uuid ; /**< The UUID for this request */
@@ -222,12 +248,12 @@ struct libEvent
222 string address ; /**< http url address */ 248 string address ; /**< http url address */
223 string payload ; /**< the request's payload */ 249 string payload ; /**< the request's payload */
224 string user_agent ; /**< set the User-Agent header */ 250 string user_agent ; /**< set the User-Agent header */
225 251
226 /** Result Info */ 252 /** Result Info */
227 int status ; /**< Execution Status */ 253 int status ; /**< Execution Status */
228 int http_status ; /**< raw http returned status */ 254 int http_status ; /**< raw http returned status */
229 int exec_time_msec ; /**< execution time in msec */ 255 int exec_time_msec ; /**< execution time in msec */
230 node_inv_type inv_info ; 256 node_inv_type inv_info ;
231 size_t response_len ; /**< the json response length */ 257 size_t response_len ; /**< the json response length */
232 string response ; /**< the json response string */ 258 string response ; /**< the json response string */
233 string result ; /**< Command specific result str */ 259 string result ; /**< Command specific result str */
@@ -288,10 +314,10 @@ typedef struct
288 314
289void httpUtil_init ( void ); 315void httpUtil_init ( void );
290 316
291int httpUtil_event_init ( libEvent * ptr , 317int httpUtil_event_init ( libEvent * ptr ,
292 string hostname, 318 string hostname,
293 string service, 319 string service,
294 string ip, 320 string ip,
295 int port ); 321 int port );
296 322
297/** Add payload to the HTTP message body. */ 323/** Add payload to the HTTP message body. */
@@ -310,14 +336,14 @@ int httpUtil_connect ( libEvent & event );
310int httpUtil_request ( libEvent & event, 336int httpUtil_request ( libEvent & event,
311 void(*hdlr)(struct evhttp_request *, void *)); 337 void(*hdlr)(struct evhttp_request *, void *));
312 338
313/** Common REST API Request Utility */ 339/** Common REST API Request Utility */
314int httpUtil_api_request ( libEvent & event ); 340int httpUtil_api_request ( libEvent & event );
315 341
316/** Common REST API Request Utility */ 342/** Common REST API Request Utility */
317int httpUtil_request ( libEvent & event , bool block, 343int httpUtil_request ( libEvent & event , bool block,
318 void(*hdlr)(struct evhttp_request *, void *)); 344 void(*hdlr)(struct evhttp_request *, void *));
319 345
320/** Common REST API Receive Utility for non-blocking requests */ 346/** Common REST API Receive Utility for non-blocking requests */
321int httpUtil_receive ( libEvent & event ); 347int httpUtil_receive ( libEvent & event );
322 348
323/** HTTP response status checker */ 349/** HTTP response status checker */
diff --git a/mtce-common/src/common/jsonUtil.cpp b/mtce-common/src/common/jsonUtil.cpp
index aafc20c..15fe84d 100644
--- a/mtce-common/src/common/jsonUtil.cpp
+++ b/mtce-common/src/common/jsonUtil.cpp
@@ -619,6 +619,80 @@ load_host_cleanup:
619 return (rc); 619 return (rc);
620} 620}
621 621
622int jsonUtil_secret_load ( string & name,
623 char * json_str_ptr,
624 jsonUtil_secret_type & info )
625{
626 int rc = PASS ;
627 json_bool status ;
628
629 /* init to null to avoid trap on early cleanup call with
630 * bad non-null default pointer value */
631 struct array_list * array_list_obj = (struct array_list *)(NULL);
632 struct json_object *raw_obj = (struct json_object *)(NULL);
633 struct json_object *secret_obj = (struct json_object *)(NULL);
634 struct json_object *ref_obj = (struct json_object *)(NULL);
635
636 if (( json_str_ptr == NULL ) || ( *json_str_ptr == '\0' ) ||
637 ( ! strncmp ( json_str_ptr, "(null)" , 6 )))
638 {
639 elog ("Cannot tokenize a null json string\n");
640 return (FAIL);
641 }
642 raw_obj = json_tokener_parse( json_str_ptr );
643 if ( !raw_obj )
644 {
645 elog ("No or invalid json string (%s)\n", json_str_ptr );
646 rc = FAIL ;
647 goto secret_load_cleanup ;
648 }
649
650 status = json_object_object_get_ex(raw_obj, MTC_JSON_SECRET_LIST, &secret_obj );
651 if ( ( status == TRUE ) && ( secret_obj ))
652 {
653 array_list_obj = json_object_get_array(secret_obj );
654 if ( array_list_obj )
655 {
656 int len = array_list_length (array_list_obj );
657 if ( len == 0 )
658 {
659 wlog ( "No %s elements in array\n", MTC_JSON_SECRET_LIST );
660 goto secret_load_cleanup;
661 }
662 for ( int i = 0 ; i < len ; i++ )
663 {
664 ref_obj = _json_object_array_get_idx (secret_obj, i );
665 if ( ref_obj )
666 {
667 string secret_name = _json_get_key_value_string ( ref_obj, MTC_JSON_SECRET_NAME );
668 if ( ( secret_name.length() > 0) && !secret_name.compare(name) )
669 {
670 info.secret_ref = _json_get_key_value_string ( ref_obj, MTC_JSON_SECRET_REFERENCE );
671 jlog ( "Found secret_ref %s\n", info.secret_ref.c_str() );
672 break ;
673 }
674 }
675 }
676 }
677 else
678 {
679 elog ("%s Failed to find %s object array\n", name.c_str(), MTC_JSON_SECRET_LIST );
680 }
681 }
682 else
683 {
684 elog ("%s Failed to find %s object\n", name.c_str(), MTC_JSON_SECRET_LIST );
685 }
686
687secret_load_cleanup:
688
689 if (raw_obj) json_object_put(raw_obj );
690 if (secret_obj) json_object_put(secret_obj );
691 if (ref_obj) json_object_put(ref_obj );
692
693 return (rc);
694}
695
622void jsonUtil_print ( jsonUtil_info_type & info, int index ) 696void jsonUtil_print ( jsonUtil_info_type & info, int index )
623{ 697{
624 if ( info.elements == 0 ) 698 if ( info.elements == 0 )
diff --git a/mtce-common/src/common/jsonUtil.h b/mtce-common/src/common/jsonUtil.h
index 1786df3..7779766 100644
--- a/mtce-common/src/common/jsonUtil.h
+++ b/mtce-common/src/common/jsonUtil.h
@@ -10,7 +10,7 @@
10 /** 10 /**
11 * @file 11 * @file
12 * Wind River CGTS Platform Controller Maintenance 12 * Wind River CGTS Platform Controller Maintenance
13 * 13 *
14 * JSON Utility Header 14 * JSON Utility Header
15 */ 15 */
16 16
@@ -56,17 +56,57 @@ typedef struct
56 string adminURL; /**< path to the nova server. */ 56 string adminURL; /**< path to the nova server. */
57} jsonUtil_auth_type ; 57} jsonUtil_auth_type ;
58 58
59/** Module initialization interface. 59#define MAX_JSON_SECRET_CONTENTS_NUM 7
60#define MTC_JSON_SECRET_LIST "secrets"
61#define MTC_JSON_SECRET_TOTAL "total"
62#define MTC_JSON_SECRET_PREVIOUS "previous"
63#define MTC_JSON_SECRET_NEXT "next"
64#define MTC_JSON_SECRET_ALGORITHM "algorithm"
65#define MTC_JSON_SECRET_LENGTH "bit_length"
66#define MTC_JSON_SECRET_CONTENT "content_types"
67#define MTC_JSON_SECRET_CREATED "created"
68#define MTC_JSON_SECRET_CREATOR "creator_id"
69#define MTC_JSON_SECRET_EXPIRATION "expiration"
70#define MTC_JSON_SECRET_MODE "mode"
71#define MTC_JSON_SECRET_NAME "name"
72#define MTC_JSON_SECRET_REFERENCE "secret_ref"
73#define MTC_JSON_SECRET_TYPE "secret_type"
74#define MTC_JSON_SECRET_STATUS "status"
75#define MTC_JSON_SECRET_UPDATED "updated"
76
77typedef struct
78{
79 string type ;
80 string encoding ;
81} content_type ;
82
83typedef struct
84{
85 string algorithm ;
86 int bit_length ;
87 content_type contents[MAX_JSON_SECRET_CONTENTS_NUM];
88 string created ;
89 string creator_id ;
90 string expiration ;
91 string mode ;
92 string name ;
93 string secret_ref ;
94 string secret_type ;
95 string status ;
96 string updated ;
97} jsonUtil_secret_type ;
98
99/** Module initialization interface.
60 */ 100 */
61void jsonUtil_init ( jsonUtil_info_type & info ); 101void jsonUtil_init ( jsonUtil_info_type & info );
62 102
63/** Print the authroization struct to stdio. 103/** Print the authroization struct to stdio.
64 */ 104 */
65void jsonUtil_print ( jsonUtil_info_type & info , int index ); 105void jsonUtil_print ( jsonUtil_info_type & info , int index );
66void jsonUtil_print_inv ( node_inv_type & info ); 106void jsonUtil_print_inv ( node_inv_type & info );
67 107
68int jsonUtil_get_key_val ( char * json_str_ptr, 108int jsonUtil_get_key_val ( char * json_str_ptr,
69 string key, 109 string key,
70 string & value ); 110 string & value );
71 111
72int jsonUtil_get_key_val_int ( char * json_str_ptr, 112int jsonUtil_get_key_val_int ( char * json_str_ptr,
@@ -76,10 +116,11 @@ int jsonUtil_get_key_val_int ( char * json_str_ptr,
76/** Submit a request to get an authorization token and nova URL */ 116/** Submit a request to get an authorization token and nova URL */
77int jsonApi_auth_request ( string & hostname, string & payload ); 117int jsonApi_auth_request ( string & hostname, string & payload );
78 118
79/** Parse through the authorization request's response json string 119/** Parse through the authorization request's response json string
80 * and load the relavent information into the passed in structure */ 120 * and load the relavent information into the passed in structure */
81 int jsonUtil_inv_load ( char * json_str_ptr, 121int jsonUtil_inv_load ( char * json_str_ptr, jsonUtil_info_type & info );
82 jsonUtil_info_type & info ); 122
123int jsonUtil_secret_load ( string & name, char * json_str_ptr, jsonUtil_secret_type & info );
83 124
84int jsonUtil_load_host ( char * json_str_ptr, node_inv_type & info ); 125int jsonUtil_load_host ( char * json_str_ptr, node_inv_type & info );
85int jsonUtil_load_host_state ( char * json_str_ptr, node_inv_type & info ); 126int jsonUtil_load_host_state ( char * json_str_ptr, node_inv_type & info );
@@ -102,7 +143,7 @@ int jsonUtil_patch_load ( char * json_str_ptr, node_inv_type & info );
102 *- FAIL indicates bad or error reply in json string. 143 *- FAIL indicates bad or error reply in json string.
103 * 144 *
104 */ 145 */
105int jsonApi_auth_load ( string & hostname, char * json_str_ptr, 146int jsonApi_auth_load ( string & hostname, char * json_str_ptr,
106 jsonUtil_auth_type & info ); 147 jsonUtil_auth_type & info );
107 148
108 149
@@ -110,9 +151,9 @@ int jsonApi_auth_load ( string & hostname, char * json_str_ptr,
110 * This utility searches for an 'array_label' and then loops over the array 151 * This utility searches for an 'array_label' and then loops over the array
111 * looking at each element for the specified 'search_key' and 'search_value' 152 * looking at each element for the specified 'search_key' and 'search_value'
112 * Once found it searches that same element for the specified 'element_key' 153 * Once found it searches that same element for the specified 'element_key'
113 * and loads its value content into 'element_value' - what we're looking for 154 * and loads its value content into 'element_value' - what we're looking for
114 ***************************************************************************/ 155 ***************************************************************************/
115int jsonApi_array_value ( char * json_str_ptr, 156int jsonApi_array_value ( char * json_str_ptr,
116 string array_label, 157 string array_label,
117 string search_key, 158 string search_key,
118 string search_value, 159 string search_value,
@@ -123,18 +164,18 @@ int jsonApi_array_value ( char * json_str_ptr,
123 * This utility updates the reference key_list with all the 164 * This utility updates the reference key_list with all the
124 * values for the specified label. 165 * values for the specified label.
125 ***********************************************************************/ 166 ***********************************************************************/
126int jsonUtil_get_list ( char * json_str_ptr, 167int jsonUtil_get_list ( char * json_str_ptr,
127 string label, list<string> & key_list ); 168 string label, list<string> & key_list );
128 169
129/*********************************************************************** 170/***********************************************************************
130 * This utility updates the reference element with the number of array 171 * This utility updates the reference element with the number of array
131 * elements for the specified label in the provided string 172 * elements for the specified label in the provided string
132 ***********************************************************************/ 173 ***********************************************************************/
133int jsonUtil_array_elements ( char * json_str_ptr, string label, int & elements ); 174int jsonUtil_array_elements ( char * json_str_ptr, string label, int & elements );
134 175
135/*********************************************************************** 176/***********************************************************************
136 * This utility updates the reference string 'element' with the 177 * This utility updates the reference string 'element' with the
137 * contents of the specified labeled array element index. 178 * contents of the specified labeled array element index.
138 ***********************************************************************/ 179 ***********************************************************************/
139int jsonUtil_get_array_idx ( char * json_str_ptr, string label, int idx, string & element ); 180int jsonUtil_get_array_idx ( char * json_str_ptr, string label, int idx, string & element );
140 181
diff --git a/mtce-common/src/common/logMacros.h b/mtce-common/src/common/logMacros.h
index f8720c9..b041208 100644
--- a/mtce-common/src/common/logMacros.h
+++ b/mtce-common/src/common/logMacros.h
@@ -67,7 +67,7 @@ typedef struct
67 char* keystone_auth_project ; /**< =services */ 67 char* keystone_auth_project ; /**< =services */
68 char* keystone_user_domain; /**< = Default */ 68 char* keystone_user_domain; /**< = Default */
69 char* keystone_project_domain; /**< = Default */ 69 char* keystone_project_domain; /**< = Default */
70 char* keyring_directory ; /**< =/opt/platform/.keyring/<release> */ 70
71 char* sysinv_mtc_inv_label ; /**< =/v1/hosts/ */ 71 char* sysinv_mtc_inv_label ; /**< =/v1/hosts/ */
72 int sysinv_api_port ; /**< =6385 */ 72 int sysinv_api_port ; /**< =6385 */
73 char* sysinv_api_bind_ip ; /**< =<local floating IP> */ 73 char* sysinv_api_bind_ip ; /**< =<local floating IP> */
@@ -75,6 +75,9 @@ typedef struct
75 char* ceilometer_url ; /**< ceilometer sensor sample database url */ 75 char* ceilometer_url ; /**< ceilometer sensor sample database url */
76 int ceilometer_port ; /**< ceilometer REST API port number */ 76 int ceilometer_port ; /**< ceilometer REST API port number */
77 77
78 char* barbican_api_host ; /**< Barbican REST API host IP address */
79 int barbican_api_port ; /**< Barbican REST API port number */
80
78 int mtc_rx_mgmnt_port ; /**< mtcClient listens mgmnt nwk cmd reqs */ 81 int mtc_rx_mgmnt_port ; /**< mtcClient listens mgmnt nwk cmd reqs */
79 int mtc_rx_infra_port ; /**< mtcClient listens infra nwk cmd reqs */ 82 int mtc_rx_infra_port ; /**< mtcClient listens infra nwk cmd reqs */
80 int mtc_tx_mgmnt_port ; /**< mtcClient sends mgmnt nwk cmds/resp's */ 83 int mtc_tx_mgmnt_port ; /**< mtcClient sends mgmnt nwk cmds/resp's */
diff --git a/mtce-common/src/common/nodeBase.h b/mtce-common/src/common/nodeBase.h
index 162dace..c154653 100755
--- a/mtce-common/src/common/nodeBase.h
+++ b/mtce-common/src/common/nodeBase.h
@@ -114,7 +114,7 @@ void daemon_exit ( void );
114#define NFVI_PLUGIN_CFG_FILE ((const char *)"/etc/nfv/nfv_plugins/nfvi_plugins/config.ini") 114#define NFVI_PLUGIN_CFG_FILE ((const char *)"/etc/nfv/nfv_plugins/nfvi_plugins/config.ini")
115#define SYSINV_CFG_FILE ((const char *)"/etc/sysinv/sysinv.conf") 115#define SYSINV_CFG_FILE ((const char *)"/etc/sysinv/sysinv.conf")
116#define HWMON_CONF_FILE ((const char *)"/etc/mtc/hwmond.conf") 116#define HWMON_CONF_FILE ((const char *)"/etc/mtc/hwmond.conf")
117 117#define SECRET_CFG_FILE ((const char *)"/etc/barbican/barbican.conf")
118 118
119#define GOENABLED_DIR ((const char *)"/etc/goenabled.d") /* generic */ 119#define GOENABLED_DIR ((const char *)"/etc/goenabled.d") /* generic */
120#define GOENABLED_WORKER_DIR ((const char *)"/etc/goenabled.d/worker") 120#define GOENABLED_WORKER_DIR ((const char *)"/etc/goenabled.d/worker")
diff --git a/mtce-common/src/common/nodeUtil.cpp b/mtce-common/src/common/nodeUtil.cpp
index 9aa30dc..a7aaed2 100755
--- a/mtce-common/src/common/nodeUtil.cpp
+++ b/mtce-common/src/common/nodeUtil.cpp
@@ -1188,73 +1188,6 @@ bool string_contains ( string buffer, string sequence )
1188} 1188}
1189 1189
1190 1190
1191extern char *program_invocation_short_name;
1192
1193
1194string get_bm_password ( const char * uuid )
1195{
1196 #define STR_LEN 128
1197 int rc = RETRY ;
1198 string value = "" ;
1199
1200 daemon_signal_hdlr ();
1201
1202 if ( uuid == NULL )
1203 {
1204 slog ("failed ; Null uuid\n" );
1205 return (value);
1206 }
1207
1208 string temp_file = "/tmp/." ;
1209 temp_file.append(program_invocation_short_name);
1210 temp_file.append("_bmc.tmp");
1211
1212 /* If the keyring dir is not present then set the password to unknown */
1213 DIR *d = opendir(daemon_get_cfg_ptr()->keyring_directory);
1214 if (d)
1215 {
1216 char str [STR_LEN] ;
1217 memset (&str[0],0,STR_LEN);
1218 sprintf(&str[0], "/usr/bin/keyring get BM %s > %s", uuid, temp_file.data() );
1219 /* This system call can take 1 sec */
1220 rc = system(str) ;
1221 {
1222 int parms ;
1223 usleep(10);
1224 FILE *fp = fopen(temp_file.c_str(), "r");
1225 if (fp)
1226 {
1227 memset (&str[0],0,STR_LEN);
1228 if ( (parms = fscanf(fp, "%128s", &str[0])) == 1 )
1229 {
1230 value = str ; /* get the value we are looking for */
1231 rc = PASS ;
1232 }
1233 fclose(fp);
1234 }
1235 else
1236 {
1237 wlog ("Failed to open %s\n", temp_file.c_str() );
1238 }
1239 }
1240 closedir(d);
1241 }
1242 else
1243 {
1244 wlog ("Failed to open credentials directory '%s'\n", daemon_get_cfg_ptr()->keyring_directory );
1245 }
1246
1247 if ( rc != PASS )
1248 {
1249 wlog ("password for uuid '%s' not found\n", uuid);
1250 }
1251
1252 /* Don't leave the temp file containing the password around */
1253 daemon_remove_file ( temp_file.data() );
1254
1255 return (value);
1256}
1257
1258static int health = NODE_HEALTH_UNKNOWN ; 1191static int health = NODE_HEALTH_UNKNOWN ;
1259int get_node_health ( string hostname ) 1192int get_node_health ( string hostname )
1260{ 1193{
diff --git a/mtce-common/src/common/nodeUtil.h b/mtce-common/src/common/nodeUtil.h
index 712a725..f8765af 100755
--- a/mtce-common/src/common/nodeUtil.h
+++ b/mtce-common/src/common/nodeUtil.h
@@ -41,10 +41,10 @@ typedef struct
41} msgSock_type ; 41} msgSock_type ;
42 42
43int send_log_message ( msgSock_type * sock_ptr, 43int send_log_message ( msgSock_type * sock_ptr,
44 const char * hostname, 44 const char * hostname,
45 const char * filename, 45 const char * filename,
46 const char * log_str ); 46 const char * log_str );
47 47
48msgSock_type * get_mtclogd_sockPtr ( void ) ; 48msgSock_type * get_mtclogd_sockPtr ( void ) ;
49 49
50void mem_log_list_init ( void ); 50void mem_log_list_init ( void );
@@ -70,14 +70,13 @@ const char * get_iface_name_str ( int iface );
70unsigned int get_host_function_mask ( string & nodeType_str ); 70unsigned int get_host_function_mask ( string & nodeType_str );
71bool is_combo_system (unsigned int nodetype_mask ); 71bool is_combo_system (unsigned int nodetype_mask );
72 72
73int set_host_functions ( string nodetype_str, 73int set_host_functions ( string nodetype_str,
74 unsigned int * nodetype_bits_ptr, 74 unsigned int * nodetype_bits_ptr,
75 unsigned int * nodetype_function_ptr, 75 unsigned int * nodetype_function_ptr,
76 unsigned int * nodetype_subfunction_ptr ); 76 unsigned int * nodetype_subfunction_ptr );
77 77
78bool is_goenabled ( int nodeType, bool pass ); 78bool is_goenabled ( int nodeType, bool pass );
79 79
80string get_bm_password ( const char * username );
81string get_strings_in_string_list ( std::list<string> & l ); 80string get_strings_in_string_list ( std::list<string> & l );
82bool is_string_in_string_list ( std::list<string> & l , string & str ); 81bool is_string_in_string_list ( std::list<string> & l , string & str );
83bool is_int_in_int_list ( std::list<int> & l , int & val ); 82bool is_int_in_int_list ( std::list<int> & l , int & val );
diff --git a/mtce-common/src/common/secretUtil.cpp b/mtce-common/src/common/secretUtil.cpp
new file mode 100755
index 0000000..c92251c
--- /dev/null
+++ b/mtce-common/src/common/secretUtil.cpp
@@ -0,0 +1,348 @@
1/*
2 * Copyright (c) 2019 Wind River Systems, Inc.
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 *
6 */
7
8 /**
9 * @file
10 * Wind River CGTS Platform Controller Maintenance
11 * Access to Openstack Barbican via REST API Interface.
12 *
13 * This file implements the a set of secret utilities that maintenance
14 * calls upon to get/read Barbican secrets from the Barbican Secret storage.
15 *
16 * The APIs exposed from this file are
17 *
18 * secretUtil_get_secret - gets the Barbican secret, filtered by name
19 * secretUtil_read_secret - reads the payload for a specified secret uuid
20 *
21 * Each utility is paired with a private handler.
22 *
23 * secretUtil_handler - handles response for Barbican requests
24 *
25 * Warning: These calls cannot be nested.
26 *
27 **/
28
29#ifdef __AREA__
30#undef __AREA__
31#endif
32#define __AREA__ "pwd"
33
34#include <map>
35#include "nodeBase.h" /* for ... Base Service Header */
36#include "nodeUtil.h" /* for ... Utility Service Header */
37#include "hostUtil.h" /* for ... Host Service Header */
38#include "jsonUtil.h" /* for ... Json utilities */
39#include "secretUtil.h" /* this .. module header */
40
41std::map<string, barbicanSecret_type> secretList;
42
43barbicanSecret_type * secretUtil_find_secret ( string & host_uuid )
44{
45 std::map<string, barbicanSecret_type>::iterator it;
46 it = secretList.find( host_uuid );
47 if ( it != secretList.end() )
48 {
49 return &it->second;
50 }
51 return NULL;
52}
53
54
55barbicanSecret_type * secretUtil_manage_secret ( libEvent & event,
56 string & host_uuid,
57 struct mtc_timer & secret_timer,
58 void (*handler)(int, siginfo_t*, void*))
59{
60 int rc = PASS;
61 std::map<string, barbicanSecret_type>::iterator it;
62 it = secretList.find( host_uuid );
63 if ( it == secretList.end() )
64 {
65 barbicanSecret_type secret;
66 secret.stage = MTC_SECRET__START;
67 it = secretList.insert( std::pair<string, barbicanSecret_type>( host_uuid, secret ) ).first;
68 }
69
70 if ( it->second.stage == MTC_SECRET__START )
71 {
72 it->second.reference.clear();
73 it->second.payload.clear();
74 }
75
76 if ( it->second.stage == MTC_SECRET__START ||
77 it->second.stage == MTC_SECRET__GET_REF_FAIL )
78 {
79 if ( secret_timer.ring == true )
80 {
81 rc = secretUtil_get_secret ( event, host_uuid );
82 if (rc)
83 {
84 wlog ( "%s getting secret reference failed \n", host_uuid.c_str() );
85 it->second.stage = MTC_SECRET__GET_REF_FAIL;
86 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
87 }
88 else
89 {
90 mtcTimer_start( secret_timer, handler, SECRET_REPLY_DELAY );
91 }
92 }
93 else if ( event.base )
94 {
95 httpUtil_free_conn ( event );
96 httpUtil_free_base ( event );
97 }
98 }
99 else if ( it->second.stage == MTC_SECRET__GET_REF_RECV ||
100 it->second.stage == MTC_SECRET__GET_PWD_FAIL )
101 {
102 if ( secret_timer.ring == true )
103 {
104 rc = secretUtil_read_secret ( event, host_uuid );
105 if (rc)
106 {
107 wlog ( "%s getting secret payload failed \n", host_uuid.c_str() );
108 it->second.stage = MTC_SECRET__GET_PWD_FAIL;
109 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
110 }
111 else
112 {
113 mtcTimer_start( secret_timer, handler, SECRET_REPLY_DELAY );
114 }
115 }
116 else if ( event.base )
117 {
118 httpUtil_free_conn ( event );
119 httpUtil_free_base ( event );
120 }
121 }
122 else if ( it->second.stage == MTC_SECRET__GET_REF ||
123 it->second.stage == MTC_SECRET__GET_PWD )
124 {
125 if ( event.active == true )
126 {
127 /* Look for the response */
128 if ( event.base )
129 {
130 event_base_loop( event.base, EVLOOP_NONBLOCK );
131 }
132 else
133 {
134 /* should not get here. event active while base is null
135 * try and recover from this error case. */
136 event.active = false ;
137 }
138 }
139 else if ( event.base )
140 {
141 if ( it->second.stage == MTC_SECRET__GET_REF )
142 {
143 wlog ( "%s getting secret reference timeout \n", host_uuid.c_str() );
144 it->second.stage = MTC_SECRET__GET_REF_FAIL ;
145 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
146 }
147 if ( it->second.stage == MTC_SECRET__GET_PWD )
148 {
149 wlog ( "%s getting secret payload timeout \n", host_uuid.c_str() );
150 it->second.stage = MTC_SECRET__GET_PWD_FAIL ;
151 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
152 }
153 httpUtil_free_conn ( event );
154 httpUtil_free_base ( event );
155 }
156 }
157 return & it->second ;
158}
159
160/***********************************************************************
161 *
162 * Name : secretUtil_get_secret
163 *
164 * Purpose : Issue an Barbican GET request for a specified secret name
165 * to manage secret's reference.
166 *
167 */
168
169int secretUtil_get_secret ( libEvent & event, string & host_uuid )
170{
171 httpUtil_event_init ( &event,
172 host_uuid,
173 "secretUtil_get_secret",
174 hostUtil_getServiceIp (SERVICE_SECRET),
175 hostUtil_getServicePort(SERVICE_SECRET));
176
177 std::map<string, barbicanSecret_type>::iterator it;
178 it = secretList.find( host_uuid );
179 if ( it != secretList.end() )
180 {
181 it->second.stage = MTC_SECRET__GET_REF;
182 }
183 else
184 {
185 elog ("%s failed to find secret record\n", host_uuid.c_str());
186 return FAIL;
187 }
188
189 event.hostname = _hn();
190 event.uuid = host_uuid;
191
192 event.token.url = MTC_SECRET_LABEL;
193 event.token.url.append(MTC_SECRET_NAME);
194 event.token.url.append(host_uuid);
195 event.token.url.append(MTC_SECRET_BATCH);
196 event.token.url.append(MTC_SECRET_BATCH_MAX);
197 event.address = event.token.url;
198
199 event.blocking = false;
200 event.request = BARBICAN_GET_SECRET;
201 event.operation = "get secret reference";
202 event.type = EVHTTP_REQ_GET ;
203 event.timeout = HTTP_SECRET_TIMEOUT ;
204 event.handler = &secretUtil_handler ;
205
206 dlog ("Path:%s\n", event.token.url.c_str() );
207
208 return ( httpUtil_api_request ( event ) ) ;
209}
210
211/* ******************************************************************
212 *
213 * Name: secretUtil_read_secret
214 *
215 * Purpose: Issue an Barbican GET request for a specified secret uuid
216 * to read secret's payload, ie password itself.
217 *
218 *********************************************************************/
219
220int secretUtil_read_secret ( libEvent & event, string & host_uuid )
221{
222 httpUtil_event_init ( &event,
223 host_uuid,
224 "secretUtil_get_secret",
225 hostUtil_getServiceIp (SERVICE_SECRET),
226 hostUtil_getServicePort(SERVICE_SECRET));
227
228 string bm_pw_reference;
229 std::map<string, barbicanSecret_type>::iterator it;
230 it = secretList.find( host_uuid );
231 if ( it != secretList.end() )
232 {
233 bm_pw_reference = it->second.reference;
234 it->second.stage = MTC_SECRET__GET_PWD;
235 }
236 else
237 {
238 elog ("%s failed to find secret record\n", host_uuid.c_str());
239 return FAIL;
240 }
241
242 event.hostname = _hn();
243 event.uuid = host_uuid;
244
245 event.token.url = MTC_SECRET_LABEL;
246 event.token.url.append("/");
247 event.token.url.append(bm_pw_reference);
248 event.token.url.append("/");
249 event.token.url.append(MTC_SECRET_PAYLOAD);
250 event.address = event.token.url;
251
252 event.blocking = false;
253 event.request = BARBICAN_READ_SECRET ;
254 event.operation = "get secret payload";
255 event.type = EVHTTP_REQ_GET ;
256 event.timeout = HTTP_SECRET_TIMEOUT ;
257 event.handler = &secretUtil_handler ;
258
259 dlog ("Path:%s\n", event.token.url.c_str() );
260
261 return ( httpUtil_api_request ( event ) ) ;
262}
263
264
265/*******************************************************************
266 *
267 * Name : secretUtil_handler
268 *
269 * Description: The handles the barbican get request
270 * responses for the following messages
271 *
272 * BARBICAN_GET_SECRET,
273 * BARBICAN_READ_SECRET
274 *
275 *******************************************************************/
276
277int secretUtil_handler ( libEvent & event )
278{
279 /* Declare and clean the json info object string containers */
280 jsonUtil_secret_type json_info ;
281
282 string hn = event.hostname ;
283 int rc = event.status ;
284
285 std::map<string, barbicanSecret_type>::iterator it;
286 it = secretList.find( event.uuid );
287 if ( it == secretList.end() )
288 {
289 elog ("%s failed to find secret record\n", hn.c_str());
290 return ( rc ) ;
291 }
292
293 if ( event.request == BARBICAN_GET_SECRET )
294 {
295 if ( event.status )
296 {
297 elog ("%s failed to get secret - error code (%d) \n", hn.c_str(), event.status );
298 it->second.stage = MTC_SECRET__GET_REF_FAIL;
299 return ( rc ) ;
300 }
301 rc = jsonUtil_secret_load ( event.uuid,
302 (char*)event.response.data(),
303 json_info );
304 if ( rc != PASS )
305 {
306 elog ( "%s failed to parse secret response (%s)\n",
307 event.hostname.c_str(),
308 event.response.c_str() );
309 event.status = FAIL_JSON_PARSE ;
310 it->second.stage = MTC_SECRET__GET_REF_FAIL;
311 }
312 else
313 {
314 size_t pos = json_info.secret_ref.find_last_of( '/' );
315 it->second.reference = json_info.secret_ref.substr( pos+1 );
316 if ( it->second.reference.empty() )
317 {
318 ilog ("%s no barbican secret reference found \n", hn.c_str() );
319 it->second.stage = MTC_SECRET__GET_PWD_RECV;
320 }
321 else
322 {
323 it->second.stage = MTC_SECRET__GET_REF_RECV;
324 }
325 }
326 }
327 else if ( event.request == BARBICAN_READ_SECRET )
328 {
329 if ( event.status == HTTP_NOTFOUND )
330 {
331 ilog ("%s no barbican secret payload found \n", hn.c_str() );
332 }
333 else if ( event.status != PASS )
334 {
335 elog ("%s failed to read secret - error code (%d) \n", hn.c_str(), event.status );
336 it->second.stage = MTC_SECRET__GET_REF_FAIL;
337 return ( rc ) ;
338 }
339
340 it->second.payload = event.response;
341 it->second.stage = MTC_SECRET__GET_PWD_RECV;
342 }
343 else
344 {
345 elog ("%s unsupported secret request (%d)\n", hn.c_str(), event.request );
346 }
347 return ( rc ) ;
348}
diff --git a/mtce-common/src/common/secretUtil.h b/mtce-common/src/common/secretUtil.h
new file mode 100755
index 0000000..c222da6
--- /dev/null
+++ b/mtce-common/src/common/secretUtil.h
@@ -0,0 +1,63 @@
1#ifndef __INCLUDE_MTCSECRETUTIL_H__
2#define __INCLUDE_MTCSECRETUTIL_H__
3
4/*
5 * Copyright (c) 2019 Wind River Systems, Inc.
6*
7* SPDX-License-Identifier: Apache-2.0
8*
9 */
10
11 /**
12 * @file
13 * Wind River CGCS Platform - Maintenance - Openstack Barbican UTIL Header
14 */
15
16/**
17 * @addtogroup secretUtil
18 * @{
19 *
20 * This file implements the a set of secretUtil utilities that maintenance
21 * calls upon to get/read Barbican secrets from the Barbican Secret storage.
22 *
23 * The UTILs exposed from this file are
24 *
25 * secretUtil_get_secret - gets all the Barbican secrets, filtered by name
26 * secretUtil_read_secret - reads the payload for a specified secret
27 *
28 * See nodeClass.h for these prototypes
29 *
30 * Each utility is paired with a private handler.
31 *
32 * secretUtil_handler - handles response for secretUtil_get/read_secret
33 *
34 * Warning: These calls cannot be nested.
35 *
36 **/
37
38using namespace std;
39
40#include "logMacros.h"
41#include "httpUtil.h"
42
43#define MTC_SECRET_LABEL "/v1/secrets" /**< barbican secrets url label */
44#define MTC_SECRET_NAME "?name=" /**< name of barbican secret prefix */
45#define MTC_SECRET_BATCH "&limit=" /**< batch read limit specified prefix */
46#define MTC_SECRET_BATCH_MAX "1" /**< maximum allowed batched read */
47#define MTC_SECRET_PAYLOAD "payload" /**< barbican secret payload label */
48
49#define SECRET_START_DELAY (1)
50#define SECRET_REPLY_DELAY (1)
51#define SECRET_RETRY_DELAY (8)
52
53barbicanSecret_type * secretUtil_find_secret ( string & host_uuid );
54barbicanSecret_type * secretUtil_manage_secret ( libEvent & event,
55 string & host_uuid,
56 struct mtc_timer & secret_timer,
57 void (*handler)(int, siginfo_t*, void*) );
58
59int secretUtil_handler ( libEvent & event );
60int secretUtil_get_secret ( libEvent & event, string & host_uuid );
61int secretUtil_read_secret ( libEvent & event, string & host_uuid );
62
63#endif /* __INCLUDE_MTCSECRETUTIL_H__ */
diff --git a/mtce-common/src/common/tokenUtil.cpp b/mtce-common/src/common/tokenUtil.cpp
index 251ecf5..c4cfa72 100644
--- a/mtce-common/src/common/tokenUtil.cpp
+++ b/mtce-common/src/common/tokenUtil.cpp
@@ -7,7 +7,7 @@
7 7
8 /** 8 /**
9 * @file 9 * @file
10 * Wind River Titanium Cloud 10 * Wind River Titanium Cloud
11 * Common Keystone Token Authentication Utility API 11 * Common Keystone Token Authentication Utility API
12 * 12 *
13 * tokenUtil_handler - handle response 13 * tokenUtil_handler - handle response
@@ -410,18 +410,18 @@ string _get_keystone_prefix_path ( )
410 return (prefix_path); 410 return (prefix_path);
411} 411}
412 412
413/* http://localhost:5000/v2.0/tokens -X POST -H "Content-Type: application/json" 413/* http://localhost:5000/v2.0/tokens -X POST -H "Content-Type: application/json"
414 * -H "Accept: application/json" 414 * -H "Accept: application/json"
415 * -H "User-Agent: python-keyclient" 415 * -H "User-Agent: python-keyclient"
416 * -H "Connection: close" 416 * -H "Connection: close"
417 * 417 *
418 * { 418 * {
419 * "auth": 419 * "auth":
420 * { 420 * {
421 * "tenantName": "admin", 421 * "tenantName": "admin",
422 * "passwordCredentials": 422 * "passwordCredentials":
423 * { 423 * {
424 * "username": "admin", 424 * "username": "admin",
425 * "password": "password" 425 * "password": "password"
426 * } 426 * }
427 * } 427 * }
@@ -433,12 +433,12 @@ string _get_keystone_prefix_path ( )
433 * 433 *
434 * Name : tokenUtil_handler 434 * Name : tokenUtil_handler
435 * 435 *
436 * Description: The handles the keystone get request 436 * Description: The handles the keystone get request
437 * responses for the following messages 437 * responses for the following messages
438 * 438 *
439 * KEYSTONE_GET_TOKEN, 439 * KEYSTONE_GET_TOKEN,
440 * KEYSTONE_GET_SERVICE_LIST 440 * KEYSTONE_GET_SERVICE_LIST
441 * KEYSTONE_GET_ENDPOINT_LIST 441 * KEYSTONE_GET_ENDPOINT_LIST
442 * 442 *
443 *******************************************************************/ 443 *******************************************************************/
444int tokenUtil_handler ( libEvent & event ) 444int tokenUtil_handler ( libEvent & event )
@@ -486,12 +486,12 @@ int tokenUtil_handler ( libEvent & event )
486 } 486 }
487 else if ( event.request == KEYSTONE_GET_ENDPOINT_LIST ) 487 else if ( event.request == KEYSTONE_GET_ENDPOINT_LIST )
488 { 488 {
489 /* Response: {"endpoints": 489 /* Response: {"endpoints":
490 * [{ 490 * [{
491 * "service_id": "067...b60", 491 * "service_id": "067...b60",
492 * "region": "RegionOne", 492 * "region": "RegionOne",
493 * "enabled": true, 493 * "enabled": true,
494 * "id": "410ab64a37114a418d188f450300aa48", 494 * "id": "410ab64a37114a418d188f450300aa48",
495 * "interface": "internal", 495 * "interface": "internal",
496 * ""links": { 496 * ""links": {
497 * "self": "http://192.168.204.2:5000/v3/endpoints/410ab64a37114a418d188f450300aa48" 497 * "self": "http://192.168.204.2:5000/v3/endpoints/410ab64a37114a418d188f450300aa48"
@@ -592,28 +592,28 @@ int tokenUtil_handler ( libEvent & event )
592 { 592 {
593 /* Response: {"services": 593 /* Response: {"services":
594 [ 594 [
595 {"id": "49fc93c32d734c78a9d9f975c22f1703", "type": "network", "name": "neutron", "description": "Neutron Networking Service"}, 595 {"id": "49fc93c32d734c78a9d9f975c22f1703", "type": "network", "name": "neutron", "description": "Neutron Networking Service"},
596 {"id": "0900a982ff114e7ba62c317443b43362", "type": "metering", "name": "ceilometer", "description": "Openstack Metering Service"}, 596 {"id": "0900a982ff114e7ba62c317443b43362", "type": "metering", "name": "ceilometer", "description": "Openstack Metering Service"},
597 {"id": "97940d057bec47cc989cc190b4293aad", "type": "ec2", "name": "nova_ec2", "description": "EC2 Service"}, 597 {"id": "97940d057bec47cc989cc190b4293aad", "type": "ec2", "name": "nova_ec2", "description": "EC2 Service"},
598 {"id": "7ce51d481d024b1f8b80bb1127b80752", "type": "volumev2", "name": "cinderv2", "description": "Cinder Service v2"}, 598 {"id": "7ce51d481d024b1f8b80bb1127b80752", "type": "volumev2", "name": "cinderv2", "description": "Cinder Service v2"},
599 {"id": "3ed8ae6ccf85445ebdf2e93bbce9f5fb", "type": "computev3", "name": "novav3", "description": "Openstack Compute Service v3"}, 599 {"id": "3ed8ae6ccf85445ebdf2e93bbce9f5fb", "type": "computev3", "name": "novav3", "description": "Openstack Compute Service v3"},
600 {"id": "564bf663693c49cf9fee24e2fdbdba3a", "type": "identity", "name": "keystone", "description": "OpenStack Identity Service"}, 600 {"id": "564bf663693c49cf9fee24e2fdbdba3a", "type": "identity", "name": "keystone", "description": "OpenStack Identity Service"},
601 {"id": "7e0cadd9db444342b7fddb0005c4ce5f", "type": "platform", "name": "sysinv", "description": "SysInv Service"}, 601 {"id": "7e0cadd9db444342b7fddb0005c4ce5f", "type": "platform", "name": "sysinv", "description": "SysInv Service"},
602 {"id": "be7afccda91c4ba19ac2e53f613c6b63", "type": "volume", "name": "cinder", "description": "Cinder Service"}, 602 {"id": "be7afccda91c4ba19ac2e53f613c6b63", "type": "volume", "name": "cinder", "description": "Cinder Service"},
603 {"id": "edf60a37f4f84b9baba215d8346b814f", "type": "image", "name": "glance", "description": "Openstack Image Service"}, 603 {"id": "edf60a37f4f84b9baba215d8346b814f", "type": "image", "name": "glance", "description": "Openstack Image Service"},
604 {"id": "0673921c7b094178989455a5b157fb60", "type": "patching", "name": "patching", "description": "Patching Service"}, 604 {"id": "0673921c7b094178989455a5b157fb60", "type": "patching", "name": "patching", "description": "Patching Service"},
605 {"id": "d7621026166f43c0a1c74e0e9784cce6", "type": "compute", "name": "nova", "description": "Openstack Compute Service"}, 605 {"id": "d7621026166f43c0a1c74e0e9784cce6", "type": "compute", "name": "nova", "description": "Openstack Compute Service"},
606 {"id": "aef585311e3144e0b1267ea25dc40b70", "type": "orchestration", "name": "heat", "description": "Openstack Orchestration Service"}, 606 {"id": "aef585311e3144e0b1267ea25dc40b70", "type": "orchestration", "name": "heat", "description": "Openstack Orchestration Service"},
607 {"id": "0a67bc174fa0469e9b837daf23d83aaf", "type": "cloudformation", "name": "heat-cfn", "description": "Openstack Cloudformation Service"} 607 {"id": "0a67bc174fa0469e9b837daf23d83aaf", "type": "cloudformation", "name": "heat-cfn", "description": "Openstack Cloudformation Service"}
608 ]} */ 608 ]} */
609 609
610 bool found = false ; 610 bool found = false ;
611 list<string> service_list ; service_list.clear() ; 611 list<string> service_list ; service_list.clear() ;
612 rc = jsonUtil_get_list ( (char*)event.response.data(), (char*)event.label.data(), service_list ); 612 rc = jsonUtil_get_list ( (char*)event.response.data(), (char*)event.label.data(), service_list );
613 if ( rc == PASS ) 613 if ( rc == PASS )
614 { 614 {
615 std::list<string>::iterator iter_ptr ; 615 std::list<string>::iterator iter_ptr ;
616 616
617 for ( iter_ptr = service_list.begin() ; 617 for ( iter_ptr = service_list.begin() ;
618 iter_ptr != service_list.end() ; 618 iter_ptr != service_list.end() ;
619 iter_ptr++ ) 619 iter_ptr++ )
@@ -625,16 +625,16 @@ int tokenUtil_handler ( libEvent & event )
625 if ( jsonUtil_get_key_val ( (char*)iter_ptr->data(), "id", event.result ) == PASS ) 625 if ( jsonUtil_get_key_val ( (char*)iter_ptr->data(), "id", event.result ) == PASS )
626 { 626 {
627 found = true ; 627 found = true ;
628 ilog ("%s '%s' service uuid is '%s'\n", 628 ilog ("%s '%s' service uuid is '%s'\n",
629 event.hostname.c_str(), 629 event.hostname.c_str(),
630 event.information.c_str(), 630 event.information.c_str(),
631 event.result.c_str()); 631 event.result.c_str());
632 break ; 632 break ;
633 } 633 }
634 else 634 else
635 { 635 {
636 wlog ("%s '%s' service uuid not found\n", 636 wlog ("%s '%s' service uuid not found\n",
637 event.hostname.c_str(), 637 event.hostname.c_str(),
638 event.information.c_str()); 638 event.information.c_str());
639 event.status = FAIL_KEY_VALUE_PARSE ; 639 event.status = FAIL_KEY_VALUE_PARSE ;
640 } 640 }
@@ -642,8 +642,8 @@ int tokenUtil_handler ( libEvent & event )
642 } 642 }
643 else 643 else
644 { 644 {
645 wlog ("%s '%s' service not found\n", 645 wlog ("%s '%s' service not found\n",
646 event.hostname.c_str(), 646 event.hostname.c_str(),
647 event.information.c_str()); 647 event.information.c_str());
648 } 648 }
649 } 649 }
@@ -707,13 +707,13 @@ int tokenUtil_new_token ( libEvent & event, string hostname, bool blocking )
707 ilog ("%s Requesting Authentication Token\n", hostname.c_str()); 707 ilog ("%s Requesting Authentication Token\n", hostname.c_str());
708 708
709 httpUtil_event_init ( &event, 709 httpUtil_event_init ( &event,
710 hostname, 710 hostname,
711 "tokenUtil_new_token", 711 "tokenUtil_new_token",
712 _get_ip(), 712 _get_ip(),
713 daemon_get_cfg_ptr()->keystone_port); 713 daemon_get_cfg_ptr()->keystone_port);
714 714
715 event.hostname = _hn (); 715 event.hostname = _hn ();
716 716
717 dlog ("%s fetching new token\n", event.hostname.c_str()); 717 dlog ("%s fetching new token\n", event.hostname.c_str());
718 718
719 event.prefix_path = _get_keystone_prefix_path(); 719 event.prefix_path = _get_keystone_prefix_path();
@@ -724,7 +724,7 @@ int tokenUtil_new_token ( libEvent & event, string hostname, bool blocking )
724 event.type = EVHTTP_REQ_POST ; 724 event.type = EVHTTP_REQ_POST ;
725 event.timeout = HTTP_TOKEN_TIMEOUT ; 725 event.timeout = HTTP_TOKEN_TIMEOUT ;
726 event.handler = &tokenUtil_handler ; 726 event.handler = &tokenUtil_handler ;
727 727
728 return ( httpUtil_api_request ( event )); 728 return ( httpUtil_api_request ( event ));
729} 729}
730 730
@@ -732,11 +732,11 @@ int tokenUtil_new_token ( libEvent & event, string hostname, bool blocking )
732string tokenUtil_get_svc_uuid ( libEvent & event, string service_name ) 732string tokenUtil_get_svc_uuid ( libEvent & event, string service_name )
733{ 733{
734 httpUtil_event_init ( &event, 734 httpUtil_event_init ( &event,
735 service_name, 735 service_name,
736 "tokenUtil_get_svc_uuid", 736 "tokenUtil_get_svc_uuid",
737 _get_ip(), 737 _get_ip(),
738 5000 ) ; // get_keystone_admin_port() ; 738 5000 ) ; // get_keystone_admin_port() ;
739 739
740 event.hostname = _hn() ; 740 event.hostname = _hn() ;
741 741
742 /* The type of HTTP request */ 742 /* The type of HTTP request */
@@ -766,8 +766,8 @@ string tokenUtil_get_svc_uuid ( libEvent & event, string service_name )
766int tokenUtil_get_endpoints ( libEvent & event, string service_uuid ) 766int tokenUtil_get_endpoints ( libEvent & event, string service_uuid )
767{ 767{
768 httpUtil_event_init ( &event, 768 httpUtil_event_init ( &event,
769 service_uuid, 769 service_uuid,
770 "tokenUtil_get_endpoints", 770 "tokenUtil_get_endpoints",
771 _get_ip(), 771 _get_ip(),
772 5000 ); // get_keystone_admin_port(); 772 5000 ); // get_keystone_admin_port();
773 773
@@ -799,7 +799,7 @@ int tokenUtil_get_endpoints ( libEvent & event, string service_uuid )
799 return ( event.status ); 799 return ( event.status );
800} 800}
801 801
802int keystone_config_handler ( void * user, 802int keystone_config_handler ( void * user,
803 const char * section, 803 const char * section,
804 const char * name, 804 const char * name,
805 const char * value) 805 const char * value)
@@ -833,33 +833,28 @@ int keystone_config_handler ( void * user,
833 } 833 }
834 } 834 }
835 } 835 }
836 else if (MATCH("agent", "keyring_directory"))
837 {
838 config_ptr->keyring_directory = strdup(value);
839 ilog("Keyring Directory : %s\n", config_ptr->keyring_directory );
840 }
841 else if (MATCH("agent", "keystone_auth_username")) 836 else if (MATCH("agent", "keystone_auth_username"))
842 { 837 {
843 config_ptr->keystone_auth_username = strdup(value); 838 config_ptr->keystone_auth_username = strdup(value);
844 ilog("Mtce Keystone username : %s\n", 839 ilog("Mtce Keystone username : %s\n",
845 config_ptr->keystone_auth_username ); 840 config_ptr->keystone_auth_username );
846 } 841 }
847 else if (MATCH("agent", "keystone_auth_pw")) 842 else if (MATCH("agent", "keystone_auth_pw"))
848 { 843 {
849 config_ptr->keystone_auth_pw = strdup(value); 844 config_ptr->keystone_auth_pw = strdup(value);
850 dlog("Mtce Keystone pw : %s\n", 845 dlog("Mtce Keystone pw : %s\n",
851 config_ptr->keystone_auth_pw ); 846 config_ptr->keystone_auth_pw );
852 } 847 }
853 else if (MATCH("agent", "keystone_auth_project")) 848 else if (MATCH("agent", "keystone_auth_project"))
854 { 849 {
855 config_ptr->keystone_auth_project = strdup(value); 850 config_ptr->keystone_auth_project = strdup(value);
856 ilog("Mtce Keystone project : %s\n", 851 ilog("Mtce Keystone project : %s\n",
857 config_ptr->keystone_auth_project ); 852 config_ptr->keystone_auth_project );
858 } 853 }
859 else if (MATCH("agent", "keystone_user_domain")) 854 else if (MATCH("agent", "keystone_user_domain"))
860 { 855 {
861 config_ptr->keystone_user_domain = strdup(value); 856 config_ptr->keystone_user_domain = strdup(value);
862 ilog("Mtce Keystone user domain : %s\n", 857 ilog("Mtce Keystone user domain : %s\n",
863 config_ptr->keystone_user_domain ); 858 config_ptr->keystone_user_domain );
864 } 859 }
865 else if (MATCH("agent", "keystone_project_domain")) 860 else if (MATCH("agent", "keystone_project_domain"))
diff --git a/mtce-common/src/common/tokenUtil.h b/mtce-common/src/common/tokenUtil.h
index 7e26956..b0f5437 100644
--- a/mtce-common/src/common/tokenUtil.h
+++ b/mtce-common/src/common/tokenUtil.h
@@ -26,13 +26,11 @@
26 26
27using namespace std; 27using namespace std;
28 28
29#include "logMacros.h" 29#include "logMacros.h"
30#include "httpUtil.h" /* for ... libEvent */ 30#include "httpUtil.h" /* for ... libEvent */
31 31
32#define MTC_POST_KEY_LABEL "/v3/auth/tokens" 32#define MTC_POST_KEY_LABEL "/v3/auth/tokens"
33 33
34#define KEYSTONE_SIG "token"
35
36/* The invalidation window is 5 minutes according 34/* The invalidation window is 5 minutes according
37 * to the testing of token expiration time */ 35 * to the testing of token expiration time */
38#define STALE_TOKEN_DURATION 300 //5 minutes 36#define STALE_TOKEN_DURATION 300 //5 minutes
diff --git a/mtce-common/src/daemon/daemon_common.h b/mtce-common/src/daemon/daemon_common.h
index 6215dcb..efd48d3 100755
--- a/mtce-common/src/daemon/daemon_common.h
+++ b/mtce-common/src/daemon/daemon_common.h
@@ -169,6 +169,11 @@ int sysinv_config_handler ( void * user,
169 const char * name, 169 const char * name,
170 const char * value); 170 const char * value);
171 171
172int barbican_config_handler ( void * user,
173 const char * section,
174 const char * name,
175 const char * value);
176
172int client_timeout_handler ( void * user, 177int client_timeout_handler ( void * user,
173 const char * section, 178 const char * section,
174 const char * name, 179 const char * name,
@@ -225,6 +230,7 @@ int daemon_run_testhead ( void );
225#define CONFIG_MTC_TO_HBS_CMD_PORT 0x04000000 /**< Mtce to Hbs Command Port */ 230#define CONFIG_MTC_TO_HBS_CMD_PORT 0x04000000 /**< Mtce to Hbs Command Port */
226#define CONFIG_HBS_TO_MTC_EVENT_PORT 0x08000000 /**< Hbs to Mtc Event Port */ 231#define CONFIG_HBS_TO_MTC_EVENT_PORT 0x08000000 /**< Hbs to Mtc Event Port */
227#define CONFIG_CLIENT_PULSE_PORT 0x10000000 /**< Pmon pulse port */ 232#define CONFIG_CLIENT_PULSE_PORT 0x10000000 /**< Pmon pulse port */
233#define CONFIG_AGENT_SECRET_PORT 0x20000000 /**< Barbican HTTP port */
228#define CONFIG_AGENT_VIM_EVENT_PORT 0x40000000 /**< VIM Event Port Mask */ 234#define CONFIG_AGENT_VIM_EVENT_PORT 0x40000000 /**< VIM Event Port Mask */
229#define CONFIG_CLIENT_RMON_PORT 0x80000000 /**< Rmon client port */ 235#define CONFIG_CLIENT_RMON_PORT 0x80000000 /**< Rmon client port */
230 236
diff --git a/mtce-common/src/daemon/daemon_config.cpp b/mtce-common/src/daemon/daemon_config.cpp
index e11212c..0fb7109 100644
--- a/mtce-common/src/daemon/daemon_config.cpp
+++ b/mtce-common/src/daemon/daemon_config.cpp
@@ -40,7 +40,6 @@ void daemon_config_default ( daemon_config_type* config_ptr )
40 config_ptr->keystone_auth_uri = strdup(""); 40 config_ptr->keystone_auth_uri = strdup("");
41 config_ptr->keystone_auth_host = strdup(""); 41 config_ptr->keystone_auth_host = strdup("");
42 config_ptr->keystone_region_name = strdup("none"); 42 config_ptr->keystone_region_name = strdup("none");
43 config_ptr->keyring_directory = strdup("");
44 config_ptr->sysinv_mtc_inv_label = strdup("none"); 43 config_ptr->sysinv_mtc_inv_label = strdup("none");
45 config_ptr->mgmnt_iface = strdup("none"); 44 config_ptr->mgmnt_iface = strdup("none");
46 config_ptr->infra_iface = strdup("none"); 45 config_ptr->infra_iface = strdup("none");
@@ -48,6 +47,7 @@ void daemon_config_default ( daemon_config_type* config_ptr )
48 config_ptr->mode = strdup("none"); 47 config_ptr->mode = strdup("none");
49 config_ptr->fit_host = strdup("none"); 48 config_ptr->fit_host = strdup("none");
50 config_ptr->multicast = strdup("none"); 49 config_ptr->multicast = strdup("none");
50 config_ptr->barbican_api_host = strdup("none");
51 51
52 config_ptr->debug_all = 0 ; 52 config_ptr->debug_all = 0 ;
53 config_ptr->debug_json = 0 ; 53 config_ptr->debug_json = 0 ;
@@ -264,6 +264,27 @@ int sysinv_config_handler ( void * user,
264 return (PASS); 264 return (PASS);
265} 265}
266 266
267/* Openstack Barbican Config Reader */
268int barbican_config_handler ( void * user,
269 const char * section,
270 const char * name,
271 const char * value)
272{
273 daemon_config_type* config_ptr = (daemon_config_type*)user;
274
275 if (MATCH("DEFAULT", "bind_port")) // bind_port=9311
276 {
277 config_ptr->barbican_api_port = atoi(value);
278 ilog("Barbican Port : %d\n", config_ptr->barbican_api_port );
279 }
280 else if (MATCH("DEFAULT", "bind_host")) // bind_host=192.168.204.2
281 {
282 config_ptr->barbican_api_host = strdup(value);
283 ilog("Barbican Host : %s\n", config_ptr->barbican_api_host );
284 }
285 return (PASS);
286}
287
267#define EMPTY "----" 288#define EMPTY "----"
268 289
269void daemon_dump_cfg ( void ) 290void daemon_dump_cfg ( void )
@@ -306,7 +327,8 @@ void daemon_dump_cfg ( void )
306 if ( ptr->keystone_user_domain ) { ilog ("keystone_user_domain = %s\n", ptr->keystone_user_domain );} 327 if ( ptr->keystone_user_domain ) { ilog ("keystone_user_domain = %s\n", ptr->keystone_user_domain );}
307 if ( ptr->keystone_project_domain ) { ilog ("keystone_project_domain = %s\n", ptr->keystone_project_domain );} 328 if ( ptr->keystone_project_domain ) { ilog ("keystone_project_domain = %s\n", ptr->keystone_project_domain );}
308 if ( ptr->keystone_region_name ) { ilog ("keystone_region_name = %s\n", ptr->keystone_region_name );} 329 if ( ptr->keystone_region_name ) { ilog ("keystone_region_name = %s\n", ptr->keystone_region_name );}
309 if ( ptr->keyring_directory ) { ilog ("keyring_directory = %s\n", ptr->keyring_directory );} 330 if ( ptr->barbican_api_port ) { ilog ("barbican_api_port = %d\n", ptr->barbican_api_port );}
331 if ( ptr->barbican_api_host ) { ilog ("barbican_api_host = %s\n", ptr->barbican_api_host );}
310 332
311 if ( ptr->mtc_rx_mgmnt_port ) { ilog ("mtc_rx_mgmnt_port = %d\n", ptr->mtc_rx_mgmnt_port );} 333 if ( ptr->mtc_rx_mgmnt_port ) { ilog ("mtc_rx_mgmnt_port = %d\n", ptr->mtc_rx_mgmnt_port );}
312 if ( ptr->mtc_rx_infra_port ) { ilog ("mtc_rx_infra_port = %d\n", ptr->mtc_rx_infra_port );} 334 if ( ptr->mtc_rx_infra_port ) { ilog ("mtc_rx_infra_port = %d\n", ptr->mtc_rx_infra_port );}
diff --git a/mtce/src/common/nodeClass.cpp b/mtce/src/common/nodeClass.cpp
index 2069cdc..49c73d2 100755
--- a/mtce/src/common/nodeClass.cpp
+++ b/mtce/src/common/nodeClass.cpp
@@ -28,6 +28,7 @@ using namespace std;
28#include "threadUtil.h" 28#include "threadUtil.h"
29#include "nodeClass.h" 29#include "nodeClass.h"
30#include "nodeUtil.h" 30#include "nodeUtil.h"
31#include "secretUtil.h"
31#include "mtcNodeMsg.h" /* for ... send_mtc_cmd */ 32#include "mtcNodeMsg.h" /* for ... send_mtc_cmd */
32#include "nlEvent.h" /* for ... get_netlink_events */ 33#include "nlEvent.h" /* for ... get_netlink_events */
33#include "daemon_common.h" 34#include "daemon_common.h"
@@ -649,6 +650,7 @@ nodeLinkClass::node* nodeLinkClass::addNode( string hostname )
649 ptr->cfgEvent.base = NULL ; 650 ptr->cfgEvent.base = NULL ;
650 ptr->sysinvEvent.base= NULL ; 651 ptr->sysinvEvent.base= NULL ;
651 ptr->vimEvent.base = NULL ; 652 ptr->vimEvent.base = NULL ;
653 ptr->secretEvent.base= NULL ;
652 654
653 ptr->httpReq.base = NULL ; 655 ptr->httpReq.base = NULL ;
654 ptr->libEvent_done_fifo.clear(); 656 ptr->libEvent_done_fifo.clear();
@@ -664,17 +666,19 @@ nodeLinkClass::node* nodeLinkClass::addNode( string hostname )
664 ptr->sysinvEvent.conn= NULL ; 666 ptr->sysinvEvent.conn= NULL ;
665 ptr->vimEvent.conn = NULL ; 667 ptr->vimEvent.conn = NULL ;
666 ptr->httpReq.conn = NULL ; 668 ptr->httpReq.conn = NULL ;
669 ptr->secretEvent.conn= NULL ;
667 670
668 ptr->cfgEvent.req = NULL ; 671 ptr->cfgEvent.req = NULL ;
669 ptr->sysinvEvent.req = NULL ; 672 ptr->sysinvEvent.req = NULL ;
670 ptr->vimEvent.req = NULL ; 673 ptr->vimEvent.req = NULL ;
671 ptr->httpReq.req = NULL ; 674 ptr->httpReq.req = NULL ;
672 675 ptr->secretEvent.req = NULL ;
673 676
674 ptr->cfgEvent.buf = NULL ; 677 ptr->cfgEvent.buf = NULL ;
675 ptr->sysinvEvent.buf = NULL ; 678 ptr->sysinvEvent.buf = NULL ;
676 ptr->vimEvent.buf = NULL ; 679 ptr->vimEvent.buf = NULL ;
677 ptr->httpReq.buf = NULL ; 680 ptr->httpReq.buf = NULL ;
681 ptr->secretEvent.buf = NULL ;
678 682
679 /* log throttles */ 683 /* log throttles */
680 ptr->stall_recovery_log_throttle = 0 ; 684 ptr->stall_recovery_log_throttle = 0 ;
@@ -838,10 +842,21 @@ struct nodeLinkClass::node* nodeLinkClass::getEventBaseNode ( libEvent_enum requ
838 return ptr ; 842 return ptr ;
839 } 843 }
840 } 844 }
845 case BARBICAN_GET_SECRET:
846 case BARBICAN_READ_SECRET:
847 {
848 if ( ptr->secretEvent.base == base_ptr )
849 {
850 hlog1 ("%s Found secretEvent Base Pointer (%p) \n",
851 ptr->hostname.c_str(), ptr->secretEvent.base);
852
853 return ptr ;
854 }
855 }
841 default: 856 default:
842 ; 857 ;
843 } /* End Switch */ 858 } /* End Switch */
844 859
845 if (( ptr->next == NULL ) || ( ptr == tail )) 860 if (( ptr->next == NULL ) || ( ptr == tail ))
846 break ; 861 break ;
847 } 862 }
@@ -2428,9 +2443,10 @@ int nodeLinkClass::mod_host ( node_inv_type & inv )
2428 /* BM is already provisioned but is now deprovisioned */ 2443 /* BM is already provisioned but is now deprovisioned */
2429 else if (( bm_type_was_valid == true ) && ( bm_type_now_valid == false )) 2444 else if (( bm_type_was_valid == true ) && ( bm_type_now_valid == false ))
2430 { 2445 {
2431 node_ptr->bm_type = NONE ; 2446 node_ptr->bm_type = NONE ;
2432 node_ptr->bm_ip = NONE ; 2447 node_ptr->bm_ip = NONE ;
2433 node_ptr->bm_un = NONE ; 2448 node_ptr->bm_un = NONE ;
2449 node_ptr->bm_pw = NONE ;
2434 mtcAlarm_log ( node_ptr->hostname, MTC_LOG_ID__COMMAND_BM_DEPROVISIONED ); 2450 mtcAlarm_log ( node_ptr->hostname, MTC_LOG_ID__COMMAND_BM_DEPROVISIONED );
2435 set_bm_prov ( node_ptr, false ); 2451 set_bm_prov ( node_ptr, false );
2436 } 2452 }
@@ -3953,10 +3969,16 @@ int nodeLinkClass::set_bm_prov ( struct nodeLinkClass::node * node_ptr, bool sta
3953 bmc_access_data_init ( node_ptr ); 3969 bmc_access_data_init ( node_ptr );
3954 node_ptr->bm_ping_info.timer_handler = &mtcTimer_handler ; 3970 node_ptr->bm_ping_info.timer_handler = &mtcTimer_handler ;
3955 3971
3956 node_ptr->thread_extra_info.bm_pw = 3972 barbicanSecret_type * secret = secretUtil_find_secret( node_ptr->uuid );
3957 node_ptr->bm_pw = 3973 if ( secret )
3958 get_bm_password (node_ptr->uuid.data()); 3974 {
3975 secret->reference.clear() ;
3976 secret->payload.clear() ;
3977 secret->stage = MTC_SECRET__START ;
3978 }
3979 mtcTimer_start( node_ptr->bm_timer, mtcTimer_handler, SECRET_START_DELAY );
3959 3980
3981 node_ptr->thread_extra_info.bm_pw.clear() ;
3960 node_ptr->thread_extra_info.bm_ip = node_ptr->bm_ip ; 3982 node_ptr->thread_extra_info.bm_ip = node_ptr->bm_ip ;
3961 node_ptr->thread_extra_info.bm_un = node_ptr->bm_un ; 3983 node_ptr->thread_extra_info.bm_un = node_ptr->bm_un ;
3962 3984
diff --git a/mtce/src/common/nodeClass.h b/mtce/src/common/nodeClass.h
index f879351..bd38d78 100755
--- a/mtce/src/common/nodeClass.h
+++ b/mtce/src/common/nodeClass.h
@@ -35,7 +35,7 @@ using namespace std;
35#include "httpUtil.h" /* for ... libevent stuff */ 35#include "httpUtil.h" /* for ... libevent stuff */
36#include "ipmiUtil.h" /* for ... mc_info_type */ 36#include "ipmiUtil.h" /* for ... mc_info_type */
37#include "mtcHttpUtil.h" /* for ... libevent stuff */ 37#include "mtcHttpUtil.h" /* for ... libevent stuff */
38#include "mtcSmgrApi.h" /* */ 38#include "mtcSmgrApi.h" /* for ... mtcSmgrApi_request/handler */
39#include "alarmUtil.h" /* for ... SFmAlarmDataT */ 39#include "alarmUtil.h" /* for ... SFmAlarmDataT */
40#include "mtcAlarm.h" /* for ... MTC_ALARM_ID__xx and utils */ 40#include "mtcAlarm.h" /* for ... MTC_ALARM_ID__xx and utils */
41#include "mtcThreads.h" /* for ... mtcThread_ipmitool */ 41#include "mtcThreads.h" /* for ... mtcThread_ipmitool */
@@ -455,8 +455,9 @@ private:
455 * based on each service */ 455 * based on each service */
456 456
457 libEvent sysinvEvent; /**< Sysinv REST API Handling for host */ 457 libEvent sysinvEvent; /**< Sysinv REST API Handling for host */
458 libEvent cfgEvent; /**< Sysinv REST API Handling for config changes */ 458 libEvent cfgEvent ; /**< Sysinv REST API Handling for config changes */
459 libEvent vimEvent ; /**< VIM Event REST API Handling */ 459 libEvent vimEvent ; /**< VIM Event REST API Handling */
460 libEvent secretEvent;
460 461
461 libEvent httpReq ; /**< Http libEvent Request Handling */ 462 libEvent httpReq ; /**< Http libEvent Request Handling */
462 libEvent thisReq ; /**< Http libEvent Request Handling */ 463 libEvent thisReq ; /**< Http libEvent Request Handling */
@@ -1110,7 +1111,7 @@ private:
1110 int mtcSmgrApi_request ( struct nodeLinkClass::node * node_ptr, mtc_cmd_enum operation, int retries ); 1111 int mtcSmgrApi_request ( struct nodeLinkClass::node * node_ptr, mtc_cmd_enum operation, int retries );
1111 1112
1112 /* Private VIM API */ 1113 /* Private VIM API */
1113 int mtcVimApi_state_change ( struct nodeLinkClass::node * node_ptr, libEvent_enum operation, int retries ); 1114 int mtcVimApi_state_change ( struct nodeLinkClass::node * node_ptr, libEvent_enum operation, int retries );
1114 1115
1115 int set_bm_prov ( struct nodeLinkClass::node * node_ptr, bool state ); 1116 int set_bm_prov ( struct nodeLinkClass::node * node_ptr, bool state );
1116 1117
@@ -1926,12 +1927,6 @@ public:
1926 1927
1927 void mtcHttpUtil_handler ( struct evhttp_request *req, void *arg ); 1928 void mtcHttpUtil_handler ( struct evhttp_request *req, void *arg );
1928 1929
1929 /* Update the authentication token as a work queue'd command */
1930 int mtcKeyApi_refresh_token ( string hostname );
1931
1932 /* Update the authentication token now ; as a blocking request */
1933 int mtcKeyApi_get_token ( string hostname );
1934
1935 /*********************** Public Heartbeat Interfaces *********************/ 1930 /*********************** Public Heartbeat Interfaces *********************/
1936 1931
1937 /** Creates a linked list of nodes to heartbeat for the specified port 1932 /** Creates a linked list of nodes to heartbeat for the specified port
diff --git a/mtce/src/heartbeat/Makefile b/mtce/src/heartbeat/Makefile
index 549f0e0..e36de53 100755
--- a/mtce/src/heartbeat/Makefile
+++ b/mtce/src/heartbeat/Makefile
@@ -9,7 +9,7 @@ SHELL = /bin/bash
9SRCS = hbsAlarm.cpp hbsClient.cpp hbsAgent.cpp hbsPmon.cpp hbsUtil.cpp hbsCluster.cpp hbsStubs.cpp 9SRCS = hbsAlarm.cpp hbsClient.cpp hbsAgent.cpp hbsPmon.cpp hbsUtil.cpp hbsCluster.cpp hbsStubs.cpp
10OBJS = $(SRCS:.cpp=.o) 10OBJS = $(SRCS:.cpp=.o)
11 11
12LDLIBS = -lstdc++ -ldaemon -lcommon -lthreadUtil -lpthread -lfmcommon -lalarm -lrt -lamon -lcrypto -luuid -ljson-c 12LDLIBS = -lstdc++ -ldaemon -lcommon -lthreadUtil -lpthread -lfmcommon -lalarm -lrt -lamon -lcrypto -luuid -ljson-c -levent
13INCLUDES = -I. -I/usr/include/mtce-daemon -I/usr/include/mtce-common 13INCLUDES = -I. -I/usr/include/mtce-daemon -I/usr/include/mtce-common
14INCLUDES += -I../common -I../alarm -I../maintenance -I../public 14INCLUDES += -I../common -I../alarm -I../maintenance -I../public
15 15
diff --git a/mtce/src/heartbeat/hbsStubs.cpp b/mtce/src/heartbeat/hbsStubs.cpp
index fbd6806..d0675d8 100644
--- a/mtce/src/heartbeat/hbsStubs.cpp
+++ b/mtce/src/heartbeat/hbsStubs.cpp
@@ -226,7 +226,6 @@ int nodeLinkClass::mtcSmgrApi_request ( struct nodeLinkClass::node * node_ptr, m
226 return(PASS); 226 return(PASS);
227} 227}
228 228
229
230void mtcTimer_handler ( int sig, siginfo_t *si, void *uc) 229void mtcTimer_handler ( int sig, siginfo_t *si, void *uc)
231{ 230{
232 UNUSED(sig); 231 UNUSED(sig);
diff --git a/mtce/src/hwmon/hwmonClass.cpp b/mtce/src/hwmon/hwmonClass.cpp
index f758709..b897ab1 100644
--- a/mtce/src/hwmon/hwmonClass.cpp
+++ b/mtce/src/hwmon/hwmonClass.cpp
@@ -7,6 +7,7 @@
7 7
8#include "nodeBase.h" 8#include "nodeBase.h"
9#include "tokenUtil.h" 9#include "tokenUtil.h"
10#include "secretUtil.h"
10#include "hwmonClass.h" 11#include "hwmonClass.h"
11#include "hwmonUtil.h" 12#include "hwmonUtil.h"
12#include "hwmonIpmi.h" 13#include "hwmonIpmi.h"
@@ -128,6 +129,7 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::addHost( string hostname )
128 ptr->ping_info.timer_handler = &hwmonTimer_handler ; 129 ptr->ping_info.timer_handler = &hwmonTimer_handler ;
129 mtcTimer_init ( ptr->hostTimer, ptr->hostname, "host timer" ); 130 mtcTimer_init ( ptr->hostTimer, ptr->hostname, "host timer" );
130 mtcTimer_init ( ptr->addTimer, ptr->hostname, "add timer" ); 131 mtcTimer_init ( ptr->addTimer, ptr->hostname, "add timer" );
132 mtcTimer_init ( ptr->secretTimer, ptr->hostname, "secret timer" );
131 mtcTimer_init ( ptr->relearnTimer, ptr->hostname, "relearn timer" ); 133 mtcTimer_init ( ptr->relearnTimer, ptr->hostname, "relearn timer" );
132 134
133 mtcTimer_init ( ptr->ping_info.timer, ptr->hostname, "ping monitor timer" ); 135 mtcTimer_init ( ptr->ping_info.timer, ptr->hostname, "ping monitor timer" );
@@ -144,6 +146,11 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::addHost( string hostname )
144 ptr->event.req = NULL ; 146 ptr->event.req = NULL ;
145 ptr->event.buf = NULL ; 147 ptr->event.buf = NULL ;
146 148
149 ptr->secretEvent.base= NULL ;
150 ptr->secretEvent.conn= NULL ;
151 ptr->secretEvent.req = NULL ;
152 ptr->secretEvent.buf = NULL ;
153
147 /* If the host list is empty add it to the head */ 154 /* If the host list is empty add it to the head */
148 if( hwmon_head == NULL ) 155 if( hwmon_head == NULL )
149 { 156 {
@@ -180,6 +187,7 @@ void hwmonHostClass::free_host_timers ( struct hwmon_host * ptr )
180{ 187{
181 mtcTimer_fini ( ptr->hostTimer ); 188 mtcTimer_fini ( ptr->hostTimer );
182 mtcTimer_fini ( ptr->addTimer ); 189 mtcTimer_fini ( ptr->addTimer );
190 mtcTimer_fini ( ptr->secretTimer );
183 mtcTimer_fini ( ptr->relearnTimer ); 191 mtcTimer_fini ( ptr->relearnTimer );
184 mtcTimer_fini ( ptr->ping_info.timer ); 192 mtcTimer_fini ( ptr->ping_info.timer );
185 193
@@ -195,7 +203,7 @@ int hwmonHostClass::remHost( string hostname )
195 203
196 if ( hwmon_head == NULL ) 204 if ( hwmon_head == NULL )
197 return -ENXIO ; 205 return -ENXIO ;
198 206
199 struct hwmon_host * ptr = hwmonHostClass::getHost ( hostname ); 207 struct hwmon_host * ptr = hwmonHostClass::getHost ( hostname );
200 208
201 if ( ptr == NULL ) 209 if ( ptr == NULL )
@@ -263,15 +271,15 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::getHost ( string hostname )
263} 271}
264 272
265/* 273/*
266 * Allocates memory for a new host and stores its the address in host_ptrs 274 * Allocates memory for a new host and stores its the address in host_ptrs
267 * 275 *
268 * @param void 276 * @param void
269 * @return pointer to the newly allocted host memory 277 * @return pointer to the newly allocted host memory
270 */ 278 */
271struct hwmonHostClass::hwmon_host * hwmonHostClass::newHost ( void ) 279struct hwmonHostClass::hwmon_host * hwmonHostClass::newHost ( void )
272{ 280{
273 struct hwmonHostClass::hwmon_host * temp_host_ptr = NULL ; 281 struct hwmonHostClass::hwmon_host * temp_host_ptr = NULL ;
274 282
275 if ( memory_allocs == 0 ) 283 if ( memory_allocs == 0 )
276 { 284 {
277 memset ( host_ptrs, 0 , sizeof(struct hwmon_host *)*MAX_HOSTS); 285 memset ( host_ptrs, 0 , sizeof(struct hwmon_host *)*MAX_HOSTS);
@@ -428,7 +436,7 @@ void hwmonHostClass::degrade_state_audit ( struct hwmonHostClass::hwmon_host * h
428} 436}
429 437
430/* Frees the memory of a pre-allocated host and removes 438/* Frees the memory of a pre-allocated host and removes
431 * it from the host_ptrs list 439 * it from the host_ptrs list
432 * @param host * pointer to the host memory address to be freed 440 * @param host * pointer to the host memory address to be freed
433 * @return int return code { PASS or -EINVAL } 441 * @return int return code { PASS or -EINVAL }
434 */ 442 */
@@ -451,14 +459,14 @@ int hwmonHostClass::delHost ( struct hwmonHostClass::hwmon_host * host_ptr )
451 } 459 }
452 else 460 else
453 elog ( "Error: Free memory called when there is no memory to free\n" ); 461 elog ( "Error: Free memory called when there is no memory to free\n" );
454 462
455 return -EINVAL ; 463 return -EINVAL ;
456} 464}
457 465
458void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * host_ptr ) 466void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * host_ptr )
459{ 467{
460 /* Loop over all sensors and groups 468 /* Loop over all sensors and groups
461 * - clear any outstanding alarms 469 * - clear any outstanding alarms
462 * - clear degrade of host 470 * - clear degrade of host
463 * ... while we deprovision the BMC */ 471 * ... while we deprovision the BMC */
464 for ( int i = 0 ; i < host_ptr->sensors ; i++ ) 472 for ( int i = 0 ; i < host_ptr->sensors ; i++ )
@@ -475,9 +483,9 @@ void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * h
475 { 483 {
476 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORGROUP, host_ptr->group[g].group_name, REASON_DEPROVISIONED ); 484 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORGROUP, host_ptr->group[g].group_name, REASON_DEPROVISIONED );
477 } 485 }
478 486
479 /* send the degrade anyway , just to be safe */ 487 /* send the degrade anyway , just to be safe */
480 hwmon_send_event ( host_ptr->hostname, MTC_DEGRADE_CLEAR , "sensors" ); 488 hwmon_send_event ( host_ptr->hostname, MTC_DEGRADE_CLEAR , "sensors" );
481 489
482 /* Bug Fix: This was outside the if bm_provisioned clause causing it 490 /* Bug Fix: This was outside the if bm_provisioned clause causing it
483 * to be called even if the bmc was not already provisioned 491 * to be called even if the bmc was not already provisioned
@@ -485,9 +493,6 @@ void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * h
485 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORCFG, "sensors", REASON_DEPROVISIONED ); 493 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORCFG, "sensors", REASON_DEPROVISIONED );
486} 494}
487 495
488
489
490
491int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr, bool state ) 496int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr, bool state )
492{ 497{
493 int rc = FAIL_HOSTNAME_LOOKUP ; 498 int rc = FAIL_HOSTNAME_LOOKUP ;
@@ -510,7 +515,18 @@ int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr,
510 host_ptr->ping_info.ip = host_ptr->bm_ip ; 515 host_ptr->ping_info.ip = host_ptr->bm_ip ;
511 host_ptr->ping_info.hostname = host_ptr->hostname ; 516 host_ptr->ping_info.hostname = host_ptr->hostname ;
512 ipmi_bmc_data_init ( host_ptr ); 517 ipmi_bmc_data_init ( host_ptr );
513 host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = get_bm_password (hostBase.get_uuid(host_ptr->hostname).data()); 518
519 string host_uuid = hostBase.get_uuid( host_ptr->hostname );
520 barbicanSecret_type * secret = secretUtil_find_secret( host_uuid );
521 if ( secret )
522 {
523 secret->reference.clear() ;
524 secret->payload.clear() ;
525 secret->stage = MTC_SECRET__START ;
526 }
527 mtcTimer_start( host_ptr->secretTimer, hwmonTimer_handler, SECRET_START_DELAY );
528
529 host_ptr->thread_extra_info.bm_pw.clear() ;
514 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ; 530 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ;
515 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ; 531 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ;
516 } 532 }
@@ -709,6 +725,7 @@ int hwmonHostClass::add_host ( node_inv_type & inv )
709 host_ptr->sensor_query_count = 0 ; 725 host_ptr->sensor_query_count = 0 ;
710 726
711 /* Sensor Monitoring Thread 'Extra Request Information' */ 727 /* Sensor Monitoring Thread 'Extra Request Information' */
728 host_ptr->empty_secret_log_throttle = 0 ;
712 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ; 729 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ;
713 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ; 730 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ;
714 host_ptr->thread_extra_info.bm_pw.clear() ; 731 host_ptr->thread_extra_info.bm_pw.clear() ;
@@ -779,7 +796,7 @@ int hwmonHostClass::rem_host ( string hostname )
779 hwmonHostClass::remHost ( hostname ); 796 hwmonHostClass::remHost ( hostname );
780 slog ("potential memory leak !\n"); 797 slog ("potential memory leak !\n");
781 } 798 }
782 799
783 /* Now remove the service specific component */ 800 /* Now remove the service specific component */
784 hostlist.remove ( hostname ); 801 hostlist.remove ( hostname );
785 } 802 }
@@ -814,7 +831,7 @@ int hwmonHostClass::del_host ( string hostname )
814{ 831{
815 int rc = FAIL_DEL_UNKNOWN ; 832 int rc = FAIL_DEL_UNKNOWN ;
816 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname ); 833 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname );
817 if ( hwmon_host_ptr ) 834 if ( hwmon_host_ptr )
818 { 835 {
819 rc = rem_host ( hostname ); 836 rc = rem_host ( hostname );
820 if ( rc == PASS ) 837 if ( rc == PASS )
@@ -838,7 +855,7 @@ int hwmonHostClass::mon_host ( string hostname, bool monitor )
838{ 855{
839 int rc = FAIL_UNKNOWN_HOSTNAME ; 856 int rc = FAIL_UNKNOWN_HOSTNAME ;
840 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname ); 857 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname );
841 if ( hwmon_host_ptr ) 858 if ( hwmon_host_ptr )
842 { 859 {
843 bool change = false ; 860 bool change = false ;
844 string want_state = "" ; 861 string want_state = "" ;
@@ -1013,6 +1030,10 @@ struct hwmonHostClass::hwmon_host * hwmonHostClass::getHost_timer ( timer_t tid
1013 { 1030 {
1014 return host_ptr ; 1031 return host_ptr ;
1015 } 1032 }
1033 if ( host_ptr->secretTimer.tid == tid )
1034 {
1035 return host_ptr ;
1036 }
1016 if ( host_ptr->ping_info.timer.tid == tid ) 1037 if ( host_ptr->ping_info.timer.tid == tid )
1017 { 1038 {
1018 return host_ptr ; 1039 return host_ptr ;
@@ -1166,7 +1187,7 @@ int hwmonHostClass::add_sensor ( string hostname, sensor_type & sensor )
1166 1187
1167 if ( rc ) 1188 if ( rc )
1168 { 1189 {
1169 elog ("%s '%s' sensor add failed\n", hostname.c_str() , 1190 elog ("%s '%s' sensor add failed\n", hostname.c_str(),
1170 sensor.sensorname.c_str()); 1191 sensor.sensorname.c_str());
1171 } 1192 }
1172 return (rc); 1193 return (rc);
@@ -1197,8 +1218,8 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_sensorgroup ( string hostna
1197 { 1218 {
1198 if ( !host_ptr->group[g].sensor_ptr[s]->sensorname.compare(entity_path) ) 1219 if ( !host_ptr->group[g].sensor_ptr[s]->sensorname.compare(entity_path) )
1199 { 1220 {
1200 blog ("%s '%s' sensor found in '%s' group\n", 1221 blog ("%s '%s' sensor found in '%s' group\n",
1201 hostname.c_str(), 1222 hostname.c_str(),
1202 host_ptr->group[g].sensor_ptr[s]->sensorname.c_str(), 1223 host_ptr->group[g].sensor_ptr[s]->sensorname.c_str(),
1203 host_ptr->group[g].group_name.c_str()); 1224 host_ptr->group[g].group_name.c_str());
1204 1225
@@ -1229,7 +1250,7 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_sensorgroup ( string hostna
1229 * 1250 *
1230 * Name : hwmon_get_group 1251 * Name : hwmon_get_group
1231 * 1252 *
1232 * Description : Returns a pointer to the sensor group that matches the supplied 1253 * Description : Returns a pointer to the sensor group that matches the supplied
1233 * group name. 1254 * group name.
1234 * 1255 *
1235 **********************************************************************************/ 1256 **********************************************************************************/
@@ -1247,8 +1268,8 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_group ( string hostname, st
1247 { 1268 {
1248 if ( !group_name.compare(host_ptr->group[i].group_name)) 1269 if ( !group_name.compare(host_ptr->group[i].group_name))
1249 { 1270 {
1250 blog ("%s '%s' sensor group found\n", 1271 blog ("%s '%s' sensor group found\n",
1251 hostname.c_str(), 1272 hostname.c_str(),
1252 host_ptr->group[i].group_name.c_str()); 1273 host_ptr->group[i].group_name.c_str());
1253 1274
1254 return (&host_ptr->group[i]) ; 1275 return (&host_ptr->group[i]) ;
@@ -1306,7 +1327,7 @@ int hwmonHostClass::hwmon_add_group ( string hostname, struct sensor_group_type
1306 1327
1307 host_ptr->group[i].hostname = hostname ; 1328 host_ptr->group[i].hostname = hostname ;
1308 host_ptr->interval_changed = true ; 1329 host_ptr->interval_changed = true ;
1309 1330
1310 host_ptr->group[i].group_interval = group.group_interval ; 1331 host_ptr->group[i].group_interval = group.group_interval ;
1311 1332
1312 host_ptr->group[i].sensortype = group.sensortype ; 1333 host_ptr->group[i].sensortype = group.sensortype ;
@@ -1349,7 +1370,7 @@ int hwmonHostClass::hwmon_add_group ( string hostname, struct sensor_group_type
1349 1370
1350 if ( rc ) 1371 if ( rc )
1351 { 1372 {
1352 elog ("%s '%s' sensor group add failed\n", hostname.c_str() , 1373 elog ("%s '%s' sensor group add failed\n", hostname.c_str(),
1353 group.group_name.c_str()); 1374 group.group_name.c_str());
1354 } 1375 }
1355 return (rc); 1376 return (rc);
@@ -1377,8 +1398,8 @@ int hwmonHostClass::add_group_uuid ( string & hostname, string & group_name, st
1377 { 1398 {
1378 if ( !group_name.compare(host_ptr->group[i].group_name)) 1399 if ( !group_name.compare(host_ptr->group[i].group_name))
1379 { 1400 {
1380 blog1 ("%s '%s' sensor group found\n", 1401 blog1 ("%s '%s' sensor group found\n",
1381 hostname.c_str(), 1402 hostname.c_str(),
1382 host_ptr->group[i].group_name.c_str()); 1403 host_ptr->group[i].group_name.c_str());
1383 1404
1384 host_ptr->group[i].group_uuid = uuid ; 1405 host_ptr->group[i].group_uuid = uuid ;
@@ -1418,8 +1439,8 @@ int hwmonHostClass::add_sensor_uuid ( string & hostname, string & sensorname, s
1418 { 1439 {
1419 if ( !sensorname.compare(host_ptr->sensor[i].sensorname)) 1440 if ( !sensorname.compare(host_ptr->sensor[i].sensorname))
1420 { 1441 {
1421 blog1 ("%s '%s' sensor found\n", 1442 blog1 ("%s '%s' sensor found\n",
1422 hostname.c_str(), 1443 hostname.c_str(),
1423 host_ptr->sensor[i].sensorname.c_str()); 1444 host_ptr->sensor[i].sensorname.c_str());
1424 1445
1425 host_ptr->sensor[i].uuid = uuid ; 1446 host_ptr->sensor[i].uuid = uuid ;
@@ -2352,7 +2373,6 @@ void hwmonHostClass::mem_log_groups ( struct hwmonHostClass::hwmon_host * host_p
2352 done = true ; 2373 done = true ;
2353 } 2374 }
2354 if ((( x % 8 == 0 ) & ( x != 0 )) || ( done == true )) 2375 if ((( x % 8 == 0 ) & ( x != 0 )) || ( done == true ))
2355 // if ( done == true )
2356 { 2376 {
2357 if ( first == true ) 2377 if ( first == true )
2358 { 2378 {
diff --git a/mtce/src/hwmon/hwmonClass.h b/mtce/src/hwmon/hwmonClass.h
index 7cb7b6c..b1afd73 100644
--- a/mtce/src/hwmon/hwmonClass.h
+++ b/mtce/src/hwmon/hwmonClass.h
@@ -49,6 +49,10 @@ class hwmonHostClass
49 49
50 bool bm_provisioned ; 50 bool bm_provisioned ;
51 51
52 int empty_secret_log_throttle ;
53
54 libEvent secretEvent ;
55
52 /** set true once a connection is estabished and 56 /** set true once a connection is estabished and
53 * set false when error recovery is performed on the connection 57 * set false when error recovery is performed on the connection
54 **/ 58 **/
@@ -91,12 +95,13 @@ class hwmonHostClass
91 95
92 /** Pointer to the previous host in the list */ 96 /** Pointer to the previous host in the list */
93 struct hwmon_host * prev; 97 struct hwmon_host * prev;
94 98
95 /** Pointer to the next host in the list */ 99 /** Pointer to the next host in the list */
96 struct hwmon_host * next; 100 struct hwmon_host * next;
97 101
98 struct mtc_timer hostTimer ; 102 struct mtc_timer hostTimer ;
99 struct mtc_timer addTimer ; 103 struct mtc_timer addTimer ;
104 struct mtc_timer secretTimer ;
100 105
101 bool monitor ; /* true if host's sensors are to be monitored */ 106 bool monitor ; /* true if host's sensors are to be monitored */
102 107
@@ -232,9 +237,9 @@ class hwmonHostClass
232 int memory_allocs ; 237 int memory_allocs ;
233 238
234 /** A memory used counter 239 /** A memory used counter
235 * 240 *
236 * A variable storing the accumulated host memory 241 * A variable storing the accumulated host memory
237 */ 242 */
238 int memory_used ; 243 int memory_used ;
239 244
240 struct hwmon_host * hwmon_head ; /**< Host Linked List Head pointer */ 245 struct hwmon_host * hwmon_head ; /**< Host Linked List Head pointer */
@@ -458,7 +463,7 @@ class hwmonHostClass
458 463
459 void timer_handler ( int sig, siginfo_t *si, void *uc); 464 void timer_handler ( int sig, siginfo_t *si, void *uc);
460 465
461 /** This is a list of host names. */ 466 /** This is a list of host names. */
462 std::list<string> hostlist ; 467 std::list<string> hostlist ;
463 std::list<string>::iterator hostlist_iter_ptr ; 468 std::list<string>::iterator hostlist_iter_ptr ;
464 469
@@ -476,7 +481,7 @@ class hwmonHostClass
476 int hosts ; 481 int hosts ;
477 482
478 /* This bool is set in the daemon_configure case to inform the 483 /* This bool is set in the daemon_configure case to inform the
479 * FSM that there has been a configuration reload. 484 * FSM that there has been a configuration reload.
480 * The initial purpose if this bool is to trigger a full sensor 485 * The initial purpose if this bool is to trigger a full sensor
481 * dump of all hosts on demand */ 486 * dump of all hosts on demand */
482 bool config_reload ; 487 bool config_reload ;
@@ -506,7 +511,7 @@ class hwmonHostClass
506 * Name: get_sensor 511 * Name: get_sensor
507 * 512 *
508 * Description: Returns a pointer to the host sensor 513 * Description: Returns a pointer to the host sensor
509 * that matches the supplied sensor name. 514 * that matches the supplied sensor name.
510 * 515 *
511 ****************************************************************************/ 516 ****************************************************************************/
512 sensor_type * get_sensor ( string hostname, string sensorname ); 517 sensor_type * get_sensor ( string hostname, string sensorname );
@@ -515,7 +520,7 @@ class hwmonHostClass
515 * 520 *
516 * Name: add_sensor 521 * Name: add_sensor
517 * 522 *
518 * Description: If the return code is PASS then the supplied sensor is 523 * Description: If the return code is PASS then the supplied sensor is
519 * provisioned against this host. If the sensor already exists 524 * provisioned against this host. If the sensor already exists
520 * then it is updated with all the new information. Otherwise 525 * then it is updated with all the new information. Otherwise
521 * (normally) a new sensor is added. 526 * (normally) a new sensor is added.
@@ -532,13 +537,13 @@ class hwmonHostClass
532 * 537 *
533 ****************************************************************************/ 538 ****************************************************************************/
534 int add_sensor_uuid ( string & hostname, string & name, string & uuid ); 539 int add_sensor_uuid ( string & hostname, string & name, string & uuid );
535 540
536 /**************************************************************************** 541 /****************************************************************************
537 * 542 *
538 * Name: hwmon_get_group 543 * Name: hwmon_get_group
539 * 544 *
540 * Description: Returns a pointer to the host sensor group 545 * Description: Returns a pointer to the host sensor group
541 * that matches the supplied sensor group name. 546 * that matches the supplied sensor group name.
542 ****************************************************************************/ 547 ****************************************************************************/
543 struct sensor_group_type * hwmon_get_group ( string hostname, string group_name ); 548 struct sensor_group_type * hwmon_get_group ( string hostname, string group_name );
544 549
@@ -547,7 +552,7 @@ class hwmonHostClass
547 * Name: hwmon_get_sensorgroup 552 * Name: hwmon_get_sensorgroup
548 * 553 *
549 * Description: Returns a pointer to the host sensor group 554 * Description: Returns a pointer to the host sensor group
550 * that matches the supplied sensor name. 555 * that matches the supplied sensor name.
551 ****************************************************************************/ 556 ****************************************************************************/
552 struct sensor_group_type * hwmon_get_sensorgroup ( string hostname, string sensorname ); 557 struct sensor_group_type * hwmon_get_sensorgroup ( string hostname, string sensorname );
553 558
@@ -555,7 +560,7 @@ class hwmonHostClass
555 * 560 *
556 * Name: hwmon_add_group 561 * Name: hwmon_add_group
557 * 562 *
558 * Description: If the return code is PASS then the supplied sensor group is 563 * Description: If the return code is PASS then the supplied sensor group is
559 * provisioned against this host. If the group already exists 564 * provisioned against this host. If the group already exists
560 * then it is updated with all the new information. Otherwise 565 * then it is updated with all the new information. Otherwise
561 * (normally) a new group is added to the hwmon class struct. 566 * (normally) a new group is added to the hwmon class struct.
diff --git a/mtce/src/hwmon/hwmonFsm.cpp b/mtce/src/hwmon/hwmonFsm.cpp
index 6faa216..789a298 100644
--- a/mtce/src/hwmon/hwmonFsm.cpp
+++ b/mtce/src/hwmon/hwmonFsm.cpp
@@ -16,7 +16,7 @@
16#include "hwmonHttp.h" 16#include "hwmonHttp.h"
17#include "hwmonSensor.h" 17#include "hwmonSensor.h"
18#include "hwmonThreads.h" /* for ... ipmitool_thread */ 18#include "hwmonThreads.h" /* for ... ipmitool_thread */
19 19#include "secretUtil.h"
20 20
21 21
22/************************************************************************** 22/**************************************************************************
@@ -155,9 +155,19 @@ void hwmonHostClass::hwmon_fsm ( void )
155#endif 155#endif
156 if (( host_ptr->thread_extra_info.bm_pw.empty ()) && ( host_ptr->ping_info.ok == true )) 156 if (( host_ptr->thread_extra_info.bm_pw.empty ()) && ( host_ptr->ping_info.ok == true ))
157 { 157 {
158 wlog ( "%s bm password is empty ; learning and forcing reconnect\n", host_ptr->hostname.c_str()); 158 string host_uuid = hostBase.get_uuid(host_ptr->hostname);
159 host_ptr->ping_info.ok = false ; 159 wlog_throttled ( host_ptr->empty_secret_log_throttle, 20,
160 host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = get_bm_password (hostBase.get_uuid(host_ptr->hostname).data()); 160 "%s bm password is empty ; learning and forcing reconnect\n",
161 host_ptr->hostname.c_str());
162 barbicanSecret_type * secret = secretUtil_manage_secret( host_ptr->secretEvent,
163 host_uuid,
164 host_ptr->secretTimer,
165 hwmonTimer_handler );
166 if ( secret->stage == MTC_SECRET__GET_PWD_RECV )
167 {
168 host_ptr->ping_info.ok = false ;
169 host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = secret->payload ;
170 }
161 } 171 }
162 else if ( host_ptr->accessible ) 172 else if ( host_ptr->accessible )
163 { 173 {
diff --git a/mtce/src/hwmon/hwmonHdlr.cpp b/mtce/src/hwmon/hwmonHdlr.cpp
index 9520045..304fb55 100644
--- a/mtce/src/hwmon/hwmonHdlr.cpp
+++ b/mtce/src/hwmon/hwmonHdlr.cpp
@@ -236,6 +236,12 @@ void hwmonHostClass::timer_handler ( int sig, siginfo_t *si, void *uc)
236 hwmon_host_ptr->relearn = false ; 236 hwmon_host_ptr->relearn = false ;
237 return ; 237 return ;
238 } 238 }
239 else if (( *tid_ptr == hwmon_host_ptr->secretTimer.tid ) )
240 {
241 mtcTimer_stop_int_safe ( hwmon_host_ptr->secretTimer );
242 hwmon_host_ptr->secretTimer.ring = true ;
243 return ;
244 }
239 } 245 }
240 } 246 }
241 mtcTimer_stop_tid_int_safe (tid_ptr); 247 mtcTimer_stop_tid_int_safe (tid_ptr);
diff --git a/mtce/src/hwmon/hwmonInit.cpp b/mtce/src/hwmon/hwmonInit.cpp
index 9217400..70f76ff 100644
--- a/mtce/src/hwmon/hwmonInit.cpp
+++ b/mtce/src/hwmon/hwmonInit.cpp
@@ -151,6 +151,12 @@ int daemon_configure ( void )
151 return (FAIL_LOAD_INI); 151 return (FAIL_LOAD_INI);
152 } 152 }
153 153
154 if (ini_parse(SECRET_CFG_FILE, barbican_config_handler, &hwmon_config) < 0)
155 {
156 elog ("Can't load '%s'\n", SECRET_CFG_FILE );
157 return (FAIL_LOAD_INI);
158 }
159
154 /* tell the host service that there has been a config reload */ 160 /* tell the host service that there has been a config reload */
155 obj_ptr->config_reload = true ; 161 obj_ptr->config_reload = true ;
156 162
diff --git a/mtce/src/maintenance/Makefile b/mtce/src/maintenance/Makefile
index 875178f..d2a1348 100755
--- a/mtce/src/maintenance/Makefile
+++ b/mtce/src/maintenance/Makefile
@@ -21,7 +21,6 @@ SRCS += mtcHttpSvr.cpp
21SRCS += mtcWorkQueue.cpp 21SRCS += mtcWorkQueue.cpp
22SRCS += mtcInvApi.cpp 22SRCS += mtcInvApi.cpp
23SRCS += mtcSmgrApi.cpp 23SRCS += mtcSmgrApi.cpp
24SRCS += mtcKeyApi.cpp
25SRCS += mtcCmdHdlr.cpp 24SRCS += mtcCmdHdlr.cpp
26SRCS += mtcNodeMnfa.cpp 25SRCS += mtcNodeMnfa.cpp
27SRCS += mtcVimApi.cpp 26SRCS += mtcVimApi.cpp
@@ -42,7 +41,6 @@ CONTROL_OBJS += mtcCtrlMsg.o
42CONTROL_OBJS += mtcWorkQueue.o 41CONTROL_OBJS += mtcWorkQueue.o
43CONTROL_OBJS += mtcInvApi.o 42CONTROL_OBJS += mtcInvApi.o
44CONTROL_OBJS += mtcSmgrApi.o 43CONTROL_OBJS += mtcSmgrApi.o
45CONTROL_OBJS += mtcKeyApi.o
46CONTROL_OBJS += mtcHttpUtil.o 44CONTROL_OBJS += mtcHttpUtil.o
47CONTROL_OBJS += mtcHttpSvr.o 45CONTROL_OBJS += mtcHttpSvr.o
48CONTROL_OBJS += mtcCmdHdlr.o 46CONTROL_OBJS += mtcCmdHdlr.o
diff --git a/mtce/src/maintenance/mtcHttpUtil.cpp b/mtce/src/maintenance/mtcHttpUtil.cpp
index 73cce49..71c30f7 100755
--- a/mtce/src/maintenance/mtcHttpUtil.cpp
+++ b/mtce/src/maintenance/mtcHttpUtil.cpp
@@ -680,6 +680,7 @@ int mtcHttpUtil_api_request ( libEvent & event )
680 event.type = EVHTTP_REQ_PATCH ; 680 event.type = EVHTTP_REQ_PATCH ;
681 } 681 }
682 } 682 }
683
683 else 684 else
684 { 685 {
685 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request); 686 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request);
@@ -826,6 +827,7 @@ int mtcHttpUtil_api_request ( libEvent & event )
826 } 827 }
827 else 828 else
828 { 829 {
830 jlog ("%s API Address : %s\n", event.hostname.c_str(), event.token.url.c_str());
829 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.token.url.data()); 831 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.token.url.data());
830 } 832 }
831 if ( event.status == PASS ) 833 if ( event.status == PASS )
diff --git a/mtce/src/maintenance/mtcInvApi.cpp b/mtce/src/maintenance/mtcInvApi.cpp
index b90c652..242626d 100755
--- a/mtce/src/maintenance/mtcInvApi.cpp
+++ b/mtce/src/maintenance/mtcInvApi.cpp
@@ -49,7 +49,6 @@
49#include "nodeUtil.h" /* for ... Utility Service Header */ 49#include "nodeUtil.h" /* for ... Utility Service Header */
50#include "jsonUtil.h" /* for ... Json utilities */ 50#include "jsonUtil.h" /* for ... Json utilities */
51#include "mtcInvApi.h" /* this .. module header */ 51#include "mtcInvApi.h" /* this .. module header */
52#include "mtcKeyApi.h" /* for ... keystone service utilities */
53#include "mtcNodeHdlrs.h" /* for ... mtcTimer_handler ( .. ) */ 52#include "mtcNodeHdlrs.h" /* for ... mtcTimer_handler ( .. ) */
54 53
55 54
@@ -70,11 +69,6 @@ int mtcInvApi_read_inventory ( int batch )
70 69
71 nodeLinkClass * obj_ptr = get_mtcInv_ptr (); 70 nodeLinkClass * obj_ptr = get_mtcInv_ptr ();
72 string hostname = obj_ptr->get_my_hostname(); 71 string hostname = obj_ptr->get_my_hostname();
73 if ( rc != PASS )
74 {
75 wlog ("Failed to get an authentication token ... requesting retry\n");
76 return (RETRY);
77 }
78 72
79 rc = mtcHttpUtil_event_init ( &obj_ptr->sysinvEvent, 73 rc = mtcHttpUtil_event_init ( &obj_ptr->sysinvEvent,
80 obj_ptr->my_hostname, 74 obj_ptr->my_hostname,
diff --git a/mtce/src/maintenance/mtcKeyApi.cpp b/mtce/src/maintenance/mtcKeyApi.cpp
deleted file mode 100755
index e1f99ed..0000000
--- a/mtce/src/maintenance/mtcKeyApi.cpp
+++ /dev/null
@@ -1,183 +0,0 @@
1/*
2 * Copyright (c) 2013, 2015 Wind River Systems, Inc.
3*
4* SPDX-License-Identifier: Apache-2.0
5*
6 */
7
8 /**
9 * @file
10 * Wind River CGTS Platform Controller Maintenance
11 * Authentication Utility API
12 *
13 * mtcKeyApi_get_token
14 * _key_POST_request - Request a authentication token
15 * jsonApi_auth_request
16 * mtcHttpUtil_connect_new
17 * mtcHttpUtil_request_new
18 * mtcHttpUtil_header_add
19 * mtcHttpUtil_request_make
20 * evhttp_connection_set_timeout
21 * event_base_dispatch
22 *
23 * _key_POST_handler - called by libevent like an interrupt handler
24 * evbuffer_remove - reads the response data out of da resp buffer
25 * jsonApi_auth_load - extract the data we want from resp json string
26 * tokenid - load data: the 3604 byte authentication token
27 * adminURL - load data: the key address
28 * issued - load data: can use this later so that we
29 * expiry - load data: don't have to keep requesting tokens
30 * event_base_loopbreak - end the interrupt handler
31*/
32
33#ifdef __AREA__
34#undef __AREA__
35#endif
36#define __AREA__ "key"
37
38#include "nodeClass.h" /* for ... maintenance class nodeLinkClass */
39#include "nodeUtil.h"
40#include "httpUtil.h" /* for ... libEvent */
41#include "mtcKeyApi.h" /* for ... this module header */
42#include "jsonUtil.h" /* for ... Json utilities */
43
44/* Token info is stored in the common public
45 * area of the maintenance nodelinkClass structure */
46
47/* http://localhost:5000/v2.0/tokens -X POST -H "Content-Type: application/json"
48 * -H "Accept: application/json"
49 * -H "User-Agent: python-keyclient"
50 * -H "Connection: close"
51 *
52 * {
53 * "auth":
54 * {
55 * "tenantName": "services",
56 * "passwordCredentials":
57 * {
58 * "username": "mtce",
59 * "password": "password"
60 * }
61 * }
62 * }
63 *
64 */
65int throttle = 0 ;
66
67/* The handles the keystone POST request's response message */
68int mtcKeyApi_handler ( libEvent & event )
69{
70 jsonUtil_auth_type info ;
71 string hn = event.hostname ;
72 int rc = PASS ;
73
74 nodeLinkClass * obj_ptr = get_mtcInv_ptr () ;
75
76 /* Copy the token info into the static libEvent tokenEvent struct */
77 obj_ptr->tokenEvent = event ;
78
79 if ( event.status )
80 {
81 rc = obj_ptr->tokenEvent.status ;
82 elog ( "%s Token Request Failed (%d) \n", hn.c_str(), rc );
83 }
84 else if ( jsonApi_auth_load ( hn, (char*)obj_ptr->tokenEvent.response.data(), info ) )
85 {
86 rc = obj_ptr->tokenEvent.status = FAIL_JSON_PARSE ;
87 elog ( "%s Token Request Failed - Json Parse Error\n", hn.c_str());
88 }
89 else
90 {
91 jlog ("%s Token Exp: %s\n", hn.c_str(), info.expiry.c_str() );
92 jlog ("%s Admin URL: %s\n" ,hn.c_str(), info.adminURL.c_str() );
93 jlog ("%s Token Len: %ld\n",hn.c_str(), info.tokenid.length() );
94 obj_ptr->tokenEvent.token.issued = info.issued ;
95 obj_ptr->tokenEvent.token.expiry = info.expiry ;
96 obj_ptr->tokenEvent.token.token = info.tokenid ;
97 obj_ptr->tokenEvent.token.url = info.adminURL ;
98 obj_ptr->tokenEvent.status = PASS ;
99 if ( obj_ptr->token_refresh_rate )
100 {
101 ilog ( "Token Refresh: [%s] [Expiry: %s %s]\n",
102 md5sum_string ( obj_ptr->tokenEvent.token.token).c_str(),
103 obj_ptr->tokenEvent.token.expiry.substr(0,10).c_str(),
104 obj_ptr->tokenEvent.token.expiry.substr(11,8).c_str());
105 }
106 }
107
108 /* Check for a response string */
109 if ( obj_ptr->tokenEvent.token.token.empty() )
110 {
111 elog ("%s Failed to get token\n",
112 obj_ptr->tokenEvent.hostname.c_str());
113 rc = FAIL_TOKEN_GET;
114 }
115
116 /* Check for Key URL */
117 else if ( obj_ptr->tokenEvent.token.url.empty() )
118 {
119 elog ("%s Failed to get token URL\n",
120 obj_ptr->tokenEvent.hostname.c_str());
121 rc = FAIL_TOKEN_URL;
122 }
123 else
124 {
125 dlog ("%s Token Refresh O.K.\n", obj_ptr->tokenEvent.hostname.c_str());
126 }
127 return (rc);
128}
129
130void corrupt_token ( keyToken_type & key )
131{
132 key.token.replace ( 800, 50, "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" );
133}
134
135/* fetches an authorization token as a blocking request */
136int nodeLinkClass::mtcKeyApi_get_token ( string hostname )
137{
138 mtcHttpUtil_event_init ( &this->tokenEvent,
139 hostname,
140 "mtcKeyApi_get_token",
141 hostUtil_getServiceIp ( SERVICE_TOKEN ),
142 hostUtil_getServicePort ( SERVICE_TOKEN ));
143
144 this->tokenEvent.prefix_path = hostUtil_getPrefixPath();
145 this->tokenEvent.blocking = true ;
146 this->tokenEvent.request = KEYSTONE_TOKEN ;
147 this->tokenEvent.operation = KEYSTONE_SIG ;
148
149 this->tokenEvent.token.token.clear() ;
150 this->tokenEvent.token.url.clear();
151 this->tokenEvent.token.issued.clear();
152 this->tokenEvent.token.expiry.clear();
153
154 ilog ("%s Prefix path: %s\n", hostname.c_str(), this->tokenEvent.prefix_path.c_str() );
155 return ( mtcHttpUtil_api_request ( this->tokenEvent ));
156}
157
158/* fetches an authorization token and key URL and UUID info */
159int nodeLinkClass::mtcKeyApi_refresh_token ( string hostname )
160{
161 GET_NODE_PTR(hostname);
162 mtcHttpUtil_event_init ( &node_ptr->httpReq,
163 hostname,
164 "mtcKeyApi_refresh_token",
165 hostUtil_getServiceIp ( SERVICE_TOKEN ),
166 hostUtil_getServicePort ( SERVICE_TOKEN ));
167
168 node_ptr->httpReq.prefix_path = hostUtil_getPrefixPath();
169 node_ptr->httpReq.hostname = hostname ;
170 node_ptr->httpReq.uuid = node_ptr->uuid ;
171 node_ptr->httpReq.request = KEYSTONE_TOKEN ;
172 node_ptr->httpReq.operation = KEYSTONE_SIG ;
173 node_ptr->httpReq.max_retries = 3 ;
174 node_ptr->httpReq.cur_retries = 0 ;
175
176 node_ptr->httpReq.token.token.clear() ;
177 node_ptr->httpReq.token.url.clear();
178 node_ptr->httpReq.token.issued.clear();
179 node_ptr->httpReq.token.expiry.clear();
180
181 ilog ("%s Prefix path: %s\n", hostname.c_str(), this->tokenEvent.prefix_path.c_str() );
182 return(this->workQueue_enqueue ( node_ptr->httpReq));
183}
diff --git a/mtce/src/maintenance/mtcKeyApi.h b/mtce/src/maintenance/mtcKeyApi.h
deleted file mode 100755
index 6e53aad..0000000
--- a/mtce/src/maintenance/mtcKeyApi.h
+++ /dev/null
@@ -1,25 +0,0 @@
1#ifndef __INCLUDE_MTCKEYAPI_H__
2#define __INCLUDE_MTCKEYAPI_H__
3/*
4 * Copyright (c) 2013, 2016 Wind River Systems, Inc.
5*
6* SPDX-License-Identifier: Apache-2.0
7*
8 */
9
10#include <iostream>
11#include <string>
12
13#include "mtcHttpUtil.h"
14
15//#define MTC_POST_KEY_ADDR "localhost"
16//#define MTC_POST_KEY_PORT 5000
17#define MTC_POST_KEY_LABEL "/v3/auth/tokens"
18
19int mtcKeyApi_init ( string ip, int port );
20
21int mtcKeyApi_handler ( libEvent & event );
22
23void corrupt_token ( keyToken_type & key );
24
25#endif /* __INCLUDE_MTCKEYAPI_H__ */
diff --git a/mtce/src/maintenance/mtcNodeCtrl.cpp b/mtce/src/maintenance/mtcNodeCtrl.cpp
index 75c2685..12c35fa 100644
--- a/mtce/src/maintenance/mtcNodeCtrl.cpp
+++ b/mtce/src/maintenance/mtcNodeCtrl.cpp
@@ -53,7 +53,7 @@ using namespace std;
53#include "mtcHttpSvr.h" /* for ... mtcHttpSvr_init/_fini/_look */ 53#include "mtcHttpSvr.h" /* for ... mtcHttpSvr_init/_fini/_look */
54#include "mtcInvApi.h" /* */ 54#include "mtcInvApi.h" /* */
55#include "mtcSmgrApi.h" /* */ 55#include "mtcSmgrApi.h" /* */
56#include "nlEvent.h" /* for ... open_netlink_socket */ 56#include "nlEvent.h" /* for ... open_netlink_socket */
57 57
58/************************************************************** 58/**************************************************************
59 * Implementation Structure 59 * Implementation Structure
@@ -237,19 +237,16 @@ static int mtc_config_handler ( void * user,
237 config_ptr->ha_port = atoi(value); 237 config_ptr->ha_port = atoi(value);
238 config_ptr->mask |= CONFIG_AGENT_HA_PORT ; 238 config_ptr->mask |= CONFIG_AGENT_HA_PORT ;
239 } 239 }
240
241 else if (MATCH("agent", "inv_event_port")) 240 else if (MATCH("agent", "inv_event_port"))
242 { 241 {
243 config_ptr->inv_event_port = atoi(value); 242 config_ptr->inv_event_port = atoi(value);
244 config_ptr->mask |= CONFIG_AGENT_INV_EVENT_PORT ; 243 config_ptr->mask |= CONFIG_AGENT_INV_EVENT_PORT ;
245 } 244 }
246
247 else if (MATCH("agent", "keystone_port")) 245 else if (MATCH("agent", "keystone_port"))
248 { 246 {
249 config_ptr->keystone_port = atoi(value); 247 config_ptr->keystone_port = atoi(value);
250 config_ptr->mask |= CONFIG_AGENT_KEY_PORT ; 248 config_ptr->mask |= CONFIG_AGENT_KEY_PORT ;
251 } 249 }
252
253 else if (MATCH("agent", "mtc_agent_port")) 250 else if (MATCH("agent", "mtc_agent_port"))
254 { 251 {
255 config_ptr->mtc_agent_port = atoi(value); 252 config_ptr->mtc_agent_port = atoi(value);
@@ -482,6 +479,12 @@ int daemon_configure ( void )
482 return (FAIL_LOAD_INI); 479 return (FAIL_LOAD_INI);
483 } 480 }
484 481
482 if (ini_parse(SECRET_CFG_FILE, barbican_config_handler, &mtc_config) < 0)
483 {
484 elog ("Can't load '%s'\n", SECRET_CFG_FILE );
485 return (FAIL_LOAD_INI);
486 }
487
485 /* Loads key Mtce debug values that can override the defaults */ 488 /* Loads key Mtce debug values that can override the defaults */
486 if (ini_parse(MTCE_CONF_FILE, debug_config_handler, &mtc_config) < 0) 489 if (ini_parse(MTCE_CONF_FILE, debug_config_handler, &mtc_config) < 0)
487 { 490 {
@@ -653,6 +656,8 @@ int daemon_configure ( void )
653 ilog("guestAgent : %d (port)\n", mtc_config.mtc_to_guest_cmd_port ); 656 ilog("guestAgent : %d (port)\n", mtc_config.mtc_to_guest_cmd_port );
654 ilog("hwmond : %d (port)\n", mtc_config.hwmon_cmd_port ); 657 ilog("hwmond : %d (port)\n", mtc_config.hwmon_cmd_port );
655 ilog("auth_host : %s \n", mtc_config.keystone_auth_host ); 658 ilog("auth_host : %s \n", mtc_config.keystone_auth_host );
659 ilog("Barbican Port: %d (rx)\n", mtc_config.barbican_api_port );
660 ilog("Barbican Address : %s (tx)\n", mtc_config.barbican_api_host );
656 661
657 /* log system wide service based auto recovery control values */ 662 /* log system wide service based auto recovery control values */
658 ilog("AR Config : %d (threshold) %d sec (retry interval)", 663 ilog("AR Config : %d (threshold) %d sec (retry interval)",
diff --git a/mtce/src/maintenance/mtcNodeHdlrs.cpp b/mtce/src/maintenance/mtcNodeHdlrs.cpp
index 5ac7f72..35343c3 100755
--- a/mtce/src/maintenance/mtcNodeHdlrs.cpp
+++ b/mtce/src/maintenance/mtcNodeHdlrs.cpp
@@ -37,6 +37,7 @@ using namespace std;
37 37
38#include "jsonUtil.h" /* for ... jsonApi_array_value */ 38#include "jsonUtil.h" /* for ... jsonApi_array_value */
39#include "tokenUtil.h" 39#include "tokenUtil.h"
40#include "secretUtil.h"
40#include "regexUtil.h" /* for ... regexUtil_pattern_match */ 41#include "regexUtil.h" /* for ... regexUtil_pattern_match */
41 42
42#include "nodeClass.h" /* All base stuff */ 43#include "nodeClass.h" /* All base stuff */
@@ -5833,6 +5834,18 @@ int nodeLinkClass::bm_handler ( struct nodeLinkClass::node * node_ptr )
5833 mtcTimer_start ( node_ptr->bmc_access_timer, mtcTimer_handler, MTC_MINS_2 ); 5834 mtcTimer_start ( node_ptr->bmc_access_timer, mtcTimer_handler, MTC_MINS_2 );
5834 } 5835 }
5835 5836
5837 if (( node_ptr->thread_extra_info.bm_pw.empty ()) && ( node_ptr->bm_ping_info.ok == true ))
5838 {
5839 barbicanSecret_type * secret = secretUtil_manage_secret( node_ptr->secretEvent,
5840 node_ptr->uuid,
5841 node_ptr->bm_timer,
5842 mtcTimer_handler );
5843 if ( secret->stage == MTC_SECRET__GET_PWD_RECV )
5844 {
5845 node_ptr->thread_extra_info.bm_pw = node_ptr->bm_pw = secret->payload ;
5846 }
5847 }
5848
5836 /* This block queries and logs BMC Info and last Reset Cause */ 5849 /* This block queries and logs BMC Info and last Reset Cause */
5837 if (( node_ptr->bm_accessible == false ) && 5850 if (( node_ptr->bm_accessible == false ) &&
5838 ( node_ptr->bm_ping_info.ok == true ) && 5851 ( node_ptr->bm_ping_info.ok == true ) &&
@@ -5968,8 +5981,8 @@ int nodeLinkClass::bm_handler ( struct nodeLinkClass::node * node_ptr )
5968 node_ptr->power_status_query_done = true ; 5981 node_ptr->power_status_query_done = true ;
5969 node_ptr->ipmitool_thread_ctrl.done = true ; 5982 node_ptr->ipmitool_thread_ctrl.done = true ;
5970 node_ptr->ipmitool_thread_info.command = 0 ; 5983 node_ptr->ipmitool_thread_info.command = 0 ;
5971 node_ptr->bm_accessible = true ;
5972 node_ptr->bm_accessible = true ; 5984 node_ptr->bm_accessible = true ;
5985 node_ptr->bm_ping_info.ok = true;
5973 mtcTimer_reset ( node_ptr->bmc_access_timer ); 5986 mtcTimer_reset ( node_ptr->bmc_access_timer );
5974 5987
5975 ilog ("%s %s\n", node_ptr->hostname.c_str(), 5988 ilog ("%s %s\n", node_ptr->hostname.c_str(),
diff --git a/mtce/src/scripts/mtc.conf b/mtce/src/scripts/mtc.conf
index 898e8a3..0060df6 100644
--- a/mtce/src/scripts/mtc.conf
+++ b/mtce/src/scripts/mtc.conf
@@ -25,6 +25,7 @@ mtc_to_hbs_cmd_port = 2104 ; Mtc to Hbs Command Port Number
25mtc_to_guest_cmd_port = 2108 ; Mtc to guestAgent Command port 25mtc_to_guest_cmd_port = 2108 ; Mtc to guestAgent Command port
26hbs_to_mtc_event_port = 2107 ; Hbs to Mtc Event Port Number 26hbs_to_mtc_event_port = 2107 ; Hbs to Mtc Event Port Number
27inv_event_port = 2112 ; The Inventory Event Port Number 27inv_event_port = 2112 ; The Inventory Event Port Number
28barbican_port = 9311 ; The Barbican Port Number
28 29
29token_refresh_rate = 1200 ; Authentication token refresh rate in seconds. 30token_refresh_rate = 1200 ; Authentication token refresh rate in seconds.
30 ; A value of zero means no refresh. 31 ; A value of zero means no refresh.