summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--devstack/lib/stx-metal2
-rw-r--r--mtce-common/centos/mtce-common.spec1
-rwxr-xr-xmtce-common/src/common/Makefile2
-rw-r--r--mtce-common/src/common/hostUtil.cpp8
-rw-r--r--mtce-common/src/common/hostUtil.h1
-rw-r--r--mtce-common/src/common/httpUtil.cpp124
-rw-r--r--mtce-common/src/common/httpUtil.h52
-rw-r--r--mtce-common/src/common/jsonUtil.cpp74
-rw-r--r--mtce-common/src/common/jsonUtil.h67
-rw-r--r--mtce-common/src/common/logMacros.h5
-rwxr-xr-xmtce-common/src/common/nodeBase.h2
-rwxr-xr-xmtce-common/src/common/nodeUtil.cpp67
-rwxr-xr-xmtce-common/src/common/nodeUtil.h11
-rwxr-xr-xmtce-common/src/common/secretUtil.cpp348
-rwxr-xr-xmtce-common/src/common/secretUtil.h63
-rw-r--r--mtce-common/src/common/tokenUtil.cpp93
-rw-r--r--mtce-common/src/common/tokenUtil.h4
-rwxr-xr-xmtce-common/src/daemon/daemon_common.h6
-rw-r--r--mtce-common/src/daemon/daemon_config.cpp26
-rwxr-xr-xmtce/src/common/nodeClass.cpp38
-rwxr-xr-xmtce/src/common/nodeClass.h13
-rwxr-xr-xmtce/src/heartbeat/Makefile2
-rw-r--r--mtce/src/heartbeat/hbsStubs.cpp1
-rw-r--r--mtce/src/hwmon/hwmonClass.cpp78
-rw-r--r--mtce/src/hwmon/hwmonClass.h27
-rw-r--r--mtce/src/hwmon/hwmonFsm.cpp18
-rw-r--r--mtce/src/hwmon/hwmonHdlr.cpp6
-rw-r--r--mtce/src/hwmon/hwmonInit.cpp6
-rwxr-xr-xmtce/src/maintenance/Makefile2
-rwxr-xr-xmtce/src/maintenance/mtcHttpUtil.cpp2
-rwxr-xr-xmtce/src/maintenance/mtcInvApi.cpp6
-rwxr-xr-xmtce/src/maintenance/mtcKeyApi.cpp183
-rwxr-xr-xmtce/src/maintenance/mtcKeyApi.h25
-rw-r--r--mtce/src/maintenance/mtcNodeCtrl.cpp13
-rwxr-xr-xmtce/src/maintenance/mtcNodeHdlrs.cpp15
-rw-r--r--mtce/src/scripts/mtc.conf1
36 files changed, 899 insertions, 493 deletions
diff --git a/devstack/lib/stx-metal b/devstack/lib/stx-metal
index 8c30340..f140aca 100644
--- a/devstack/lib/stx-metal
+++ b/devstack/lib/stx-metal
@@ -169,6 +169,7 @@ function install_mtce_common {
169 "common/regexUtil.h" \ 169 "common/regexUtil.h" \
170 "common/threadUtil.h" \ 170 "common/threadUtil.h" \
171 "common/tokenUtil.h" \ 171 "common/tokenUtil.h" \
172 "common/secretUtil.h" \
172 ) 173 )
173 sudo install -m 755 -d ${inc_dir_common} 174 sudo install -m 755 -d ${inc_dir_common}
174 sudo install -m 644 -t ${inc_dir_common} ${commonhdr_file[*]} 175 sudo install -m 644 -t ${inc_dir_common} ${commonhdr_file[*]}
@@ -957,6 +958,7 @@ function cleanup_metal {
957 "regexUtil.h" \ 958 "regexUtil.h" \
958 "threadUtil.h" \ 959 "threadUtil.h" \
959 "tokenUtil.h" \ 960 "tokenUtil.h" \
961 "secretUtil.h" \
960 "daemon_ini.h" \ 962 "daemon_ini.h" \
961 "daemon_common.h" \ 963 "daemon_common.h" \
962 "daemon_option.h" \ 964 "daemon_option.h" \
diff --git a/mtce-common/centos/mtce-common.spec b/mtce-common/centos/mtce-common.spec
index 738d82f..b0837f7 100644
--- a/mtce-common/centos/mtce-common.spec
+++ b/mtce-common/centos/mtce-common.spec
@@ -140,6 +140,7 @@ install -m 644 -p -D %{_buildsubdir}/common/pingUtil.h %{buildroot}%{_includedir
140install -m 644 -p -D %{_buildsubdir}/common/regexUtil.h %{buildroot}%{_includedir}/mtce-common 140install -m 644 -p -D %{_buildsubdir}/common/regexUtil.h %{buildroot}%{_includedir}/mtce-common
141install -m 644 -p -D %{_buildsubdir}/common/threadUtil.h %{buildroot}%{_includedir}/mtce-common 141install -m 644 -p -D %{_buildsubdir}/common/threadUtil.h %{buildroot}%{_includedir}/mtce-common
142install -m 644 -p -D %{_buildsubdir}/common/tokenUtil.h %{buildroot}%{_includedir}/mtce-common 142install -m 644 -p -D %{_buildsubdir}/common/tokenUtil.h %{buildroot}%{_includedir}/mtce-common
143install -m 644 -p -D %{_buildsubdir}/common/secretUtil.h %{buildroot}%{_includedir}/mtce-common
143 144
144%clean 145%clean
145rm -v -rf $RPM_BUILD_ROOT 146rm -v -rf $RPM_BUILD_ROOT
diff --git a/mtce-common/src/common/Makefile b/mtce-common/src/common/Makefile
index 9c9788b..ce75921 100755
--- a/mtce-common/src/common/Makefile
+++ b/mtce-common/src/common/Makefile
@@ -22,6 +22,7 @@ SRCS = regexUtil.cpp \
22 jsonUtil.cpp \ 22 jsonUtil.cpp \
23 httpUtil.cpp \ 23 httpUtil.cpp \
24 tokenUtil.cpp \ 24 tokenUtil.cpp \
25 secretUtil.cpp \
25 msgClass.cpp 26 msgClass.cpp
26 27
27COMMON_OBJS = regexUtil.o \ 28COMMON_OBJS = regexUtil.o \
@@ -39,6 +40,7 @@ COMMON_OBJS = regexUtil.o \
39 jsonUtil.o \ 40 jsonUtil.o \
40 httpUtil.o \ 41 httpUtil.o \
41 tokenUtil.o \ 42 tokenUtil.o \
43 secretUtil.o \
42 msgClass.o 44 msgClass.o
43 45
44OBJS = $(SRCS:.cpp=.o) 46OBJS = $(SRCS:.cpp=.o)
diff --git a/mtce-common/src/common/hostUtil.cpp b/mtce-common/src/common/hostUtil.cpp
index dc75442..588ef85 100644
--- a/mtce-common/src/common/hostUtil.cpp
+++ b/mtce-common/src/common/hostUtil.cpp
@@ -56,6 +56,11 @@ string hostUtil_getServiceIp ( mtc_service_enum service )
56 ip = "localhost" ; 56 ip = "localhost" ;
57 break ; 57 break ;
58 } 58 }
59 case SERVICE_SECRET:
60 {
61 ip = cfg_ptr->barbican_api_host;
62 break ;
63 }
59 default: 64 default:
60 { 65 {
61 slog ("Unsupported service (%d)\n", service ); 66 slog ("Unsupported service (%d)\n", service );
@@ -97,6 +102,9 @@ int hostUtil_getServicePort ( mtc_service_enum service )
97 case SERVICE_TOKEN: 102 case SERVICE_TOKEN:
98 return(cfg_ptr->keystone_port); 103 return(cfg_ptr->keystone_port);
99 104
105 case SERVICE_SECRET:
106 return(cfg_ptr->barbican_api_port);
107
100 default: 108 default:
101 { 109 {
102 slog ("Unsupported service (%d)\n", service ); 110 slog ("Unsupported service (%d)\n", service );
diff --git a/mtce-common/src/common/hostUtil.h b/mtce-common/src/common/hostUtil.h
index d207f4d..f58f9be 100644
--- a/mtce-common/src/common/hostUtil.h
+++ b/mtce-common/src/common/hostUtil.h
@@ -70,6 +70,7 @@ typedef enum
70 SERVICE_TOKEN = 1, 70 SERVICE_TOKEN = 1,
71 SERVICE_SMGR = 2, 71 SERVICE_SMGR = 2,
72 SERVICE_VIM = 3, 72 SERVICE_VIM = 3,
73 SERVICE_SECRET = 4,
73} mtc_service_enum ; 74} mtc_service_enum ;
74 75
75string hostUtil_getServiceIp ( mtc_service_enum service ); 76string hostUtil_getServiceIp ( mtc_service_enum service );
diff --git a/mtce-common/src/common/httpUtil.cpp b/mtce-common/src/common/httpUtil.cpp
index d263971..a487664 100644
--- a/mtce-common/src/common/httpUtil.cpp
+++ b/mtce-common/src/common/httpUtil.cpp
@@ -20,7 +20,7 @@ using namespace std;
20#include "tokenUtil.h" /* for ... tokenUtil_handler */ 20#include "tokenUtil.h" /* for ... tokenUtil_handler */
21#include "nodeUtil.h" /* for ... string_contains */ 21#include "nodeUtil.h" /* for ... string_contains */
22#include "timeUtil.h" /* for ... time_debug_type */ 22#include "timeUtil.h" /* for ... time_debug_type */
23#include "keyClass.h" /* for ... add_key, del_key */ 23#include "keyClass.h" /* for ... add_key, del_key */
24 24
25static keyClass keyValObject ; 25static keyClass keyValObject ;
26static char rest_api_filename[MAX_FILENAME_LEN]; 26static char rest_api_filename[MAX_FILENAME_LEN];
@@ -66,10 +66,10 @@ const char * getHttpCmdType_str ( evhttp_cmd_type type )
66 * 66 *
67 * ************************************************************************/ 67 * ************************************************************************/
68 68
69int httpUtil_event_init ( libEvent * ptr , 69int httpUtil_event_init ( libEvent * ptr ,
70 string hostname, 70 string hostname,
71 string service, 71 string service,
72 string ip, 72 string ip,
73 int port ) 73 int port )
74{ 74{
75 /* Default Starting States */ 75 /* Default Starting States */
@@ -127,12 +127,12 @@ int httpUtil_event_init ( libEvent * ptr ,
127 /** Default the user agent to mtce ; other users and commands can override */ 127 /** Default the user agent to mtce ; other users and commands can override */
128 ptr->user_agent = "mtce/1.0" ; 128 ptr->user_agent = "mtce/1.0" ;
129 129
130 ptr->admin_url.clear(); 130 ptr->admin_url.clear();
131 ptr->internal_url.clear(); 131 ptr->internal_url.clear();
132 ptr->public_url.clear(); 132 ptr->public_url.clear();
133 133
134 /* HTTP Specific Info */ 134 /* HTTP Specific Info */
135 ptr->type = EVHTTP_REQ_GET ; /* request type GET/PUT/PATCH etc */ 135 ptr->type = EVHTTP_REQ_GET ; /* request type GET/PUT/PATCH etc */
136 136
137 /* Result Info */ 137 /* Result Info */
138 ptr->status = FAIL; 138 ptr->status = FAIL;
@@ -154,8 +154,8 @@ void httpUtil_init ( void )
154{ 154{
155 httpUtil_event_init ( &nullEvent, "null", "null" , "0.0.0.0", 0); 155 httpUtil_event_init ( &nullEvent, "null", "null" , "0.0.0.0", 0);
156 nullEvent.request = SERVICE_NONE ; 156 nullEvent.request = SERVICE_NONE ;
157 157
158 snprintf (&rest_api_filename[0], MAX_FILENAME_LEN, "/var/log/%s_api.log", 158 snprintf (&rest_api_filename[0], MAX_FILENAME_LEN, "/var/log/%s_api.log",
159 program_invocation_short_name ); 159 program_invocation_short_name );
160} 160}
161 161
@@ -200,7 +200,7 @@ void httpUtil_free_base ( libEvent & event )
200 event.base = NULL ; 200 event.base = NULL ;
201 if ( event.conn ) 201 if ( event.conn )
202 { 202 {
203 hlog ("%s Free Connection (%p) --------- along with base\n", 203 hlog ("%s Free Connection (%p) --------- along with base\n",
204 event.log_prefix.c_str(), event.conn ); 204 event.log_prefix.c_str(), event.conn );
205 205
206 evhttp_connection_free ( event.conn ); 206 evhttp_connection_free ( event.conn );
@@ -209,7 +209,7 @@ void httpUtil_free_base ( libEvent & event )
209 } 209 }
210 else 210 else
211 { 211 {
212 hlog1 ("%s Already Freed Event Base\n", event.log_prefix.c_str()); 212 hlog1 ("%s Already Freed Event Base\n", event.log_prefix.c_str());
213 } 213 }
214} 214}
215 215
@@ -230,7 +230,7 @@ int httpUtil_connect ( libEvent & event )
230 230
231 /* Open an http connection to specified IP and port */ 231 /* Open an http connection to specified IP and port */
232 event.conn = evhttp_connection_base_new ( event.base, NULL, 232 event.conn = evhttp_connection_base_new ( event.base, NULL,
233 event.ip.c_str(), 233 event.ip.c_str(),
234 event.port ); 234 event.port );
235 /* bind to the correctly-versioned local address */ 235 /* bind to the correctly-versioned local address */
236 if ( event.conn ) 236 if ( event.conn )
@@ -262,7 +262,7 @@ int httpUtil_request ( libEvent & event,
262 void(*hdlr)(struct evhttp_request *, void *)) 262 void(*hdlr)(struct evhttp_request *, void *))
263{ 263{
264 int rc = PASS ; 264 int rc = PASS ;
265 265
266 /* make a new request and bind the event handler to it */ 266 /* make a new request and bind the event handler to it */
267 event.req = evhttp_request_new( hdlr , event.base ); 267 event.req = evhttp_request_new( hdlr , event.base );
268 if ( ! event.req ) 268 if ( ! event.req )
@@ -286,14 +286,14 @@ int httpUtil_request ( libEvent & event,
286int httpUtil_payload_add ( libEvent & event ) 286int httpUtil_payload_add ( libEvent & event )
287{ 287{
288 int rc = PASS ; 288 int rc = PASS ;
289 289
290 /* Returns the output buffer. */ 290 /* Returns the output buffer. */
291 event.buf = evhttp_request_get_output_buffer ( event.req ); 291 event.buf = evhttp_request_get_output_buffer ( event.req );
292 292
293 /* Check for no buffer */ 293 /* Check for no buffer */
294 if ( ! event.buf ) 294 if ( ! event.buf )
295 { 295 {
296 elog ("%s evhttp_request_get_output_buffer returned null (%p)\n", 296 elog ("%s evhttp_request_get_output_buffer returned null (%p)\n",
297 event.log_prefix.c_str(), event.req ); 297 event.log_prefix.c_str(), event.req );
298 298
299 rc = FAIL ; 299 rc = FAIL ;
@@ -311,7 +311,7 @@ int httpUtil_payload_add ( libEvent & event )
311 } 311 }
312 else if ( rc == 0 ) 312 else if ( rc == 0 )
313 { 313 {
314 elog ("%s no data added to output buffer (len=0)\n", 314 elog ("%s no data added to output buffer (len=0)\n",
315 event.log_prefix.c_str()); 315 event.log_prefix.c_str());
316 316
317 rc = FAIL ; 317 rc = FAIL ;
@@ -367,15 +367,15 @@ int httpUtil_header_add ( libEvent * ptr, http_headers_type * hdrs_ptr )
367 367
368 if ( hdrs_ptr->entries > MAX_HEADERS ) 368 if ( hdrs_ptr->entries > MAX_HEADERS )
369 { 369 {
370 elog ("%s Too many headers (%d:%d)\n", 370 elog ("%s Too many headers (%d:%d)\n",
371 ptr->log_prefix.c_str(), MAX_HEADERS, hdrs_ptr->entries ); 371 ptr->log_prefix.c_str(), MAX_HEADERS, hdrs_ptr->entries );
372 return FAIL ; 372 return FAIL ;
373 } 373 }
374 for ( int i = 0 ; i < hdrs_ptr->entries ; i++ ) 374 for ( int i = 0 ; i < hdrs_ptr->entries ; i++ )
375 { 375 {
376 /* Add the header */ 376 /* Add the header */
377 rc = evhttp_add_header( ptr->req->output_headers, 377 rc = evhttp_add_header( ptr->req->output_headers,
378 hdrs_ptr->entry[i].key.c_str() , 378 hdrs_ptr->entry[i].key.c_str(),
379 hdrs_ptr->entry[i].value.c_str()); 379 hdrs_ptr->entry[i].value.c_str());
380 if ( rc ) 380 if ( rc )
381 { 381 {
@@ -385,7 +385,7 @@ int httpUtil_header_add ( libEvent * ptr, http_headers_type * hdrs_ptr )
385 hdrs_ptr->entry[i].value.c_str()); 385 hdrs_ptr->entry[i].value.c_str());
386 rc = FAIL ; 386 rc = FAIL ;
387 break ; 387 break ;
388 } 388 }
389 } 389 }
390 return (rc); 390 return (rc);
391} 391}
@@ -432,14 +432,14 @@ int httpUtil_get_response ( libEvent & event )
432 /* Get a stack buffer, zero it, copy to it and terminate it */ 432 /* Get a stack buffer, zero it, copy to it and terminate it */
433 char * stack_buf_ptr = (char*)malloc (event.response_len+1); 433 char * stack_buf_ptr = (char*)malloc (event.response_len+1);
434 memset ( stack_buf_ptr, 0, event.response_len+1 ); 434 memset ( stack_buf_ptr, 0, event.response_len+1 );
435 real_len = evbuffer_remove( event.req->input_buffer, stack_buf_ptr, 435 real_len = evbuffer_remove( event.req->input_buffer, stack_buf_ptr,
436 event.response_len); 436 event.response_len);
437 437
438 if ( real_len != event.response_len ) 438 if ( real_len != event.response_len )
439 { 439 {
440 wlog ("%s Length differs from removed length (%ld:%ld)\n", 440 wlog ("%s Length differs from removed length (%ld:%ld)\n",
441 event.log_prefix.c_str(), 441 event.log_prefix.c_str(),
442 event.response_len, 442 event.response_len,
443 real_len ); 443 real_len );
444 } 444 }
445 445
@@ -447,7 +447,7 @@ int httpUtil_get_response ( libEvent & event )
447 { 447 {
448 hlog1 ("%s has no response data\n", event.log_prefix.c_str() ); 448 hlog1 ("%s has no response data\n", event.log_prefix.c_str() );
449 } 449 }
450 /* Terminate the buffer , this is where the +1 above is required. 450 /* Terminate the buffer , this is where the +1 above is required.
451 * Without it there is memory corruption reported by Linux */ 451 * Without it there is memory corruption reported by Linux */
452 *(stack_buf_ptr+event.response_len) = '\0'; 452 *(stack_buf_ptr+event.response_len) = '\0';
453 453
@@ -538,7 +538,7 @@ void httpUtil_handler ( struct evhttp_request *req, void *arg )
538 return ; 538 return ;
539 } 539 }
540 540
541 event_ptr = (libEvent*)temp; 541 event_ptr = (libEvent*)temp;
542 if (( event_ptr->request >= SERVICE_LAST ) || ( event_ptr->request == SERVICE_NONE )) 542 if (( event_ptr->request >= SERVICE_LAST ) || ( event_ptr->request == SERVICE_NONE ))
543 { 543 {
544 slog ("HTTP Event Lookup Failed for http base (%p) <------\n", arg); 544 slog ("HTTP Event Lookup Failed for http base (%p) <------\n", arg);
@@ -549,18 +549,17 @@ void httpUtil_handler ( struct evhttp_request *req, void *arg )
549 event_ptr->status = httpUtil_status ( (*event_ptr) ) ; 549 event_ptr->status = httpUtil_status ( (*event_ptr) ) ;
550 if ( event_ptr->status == HTTP_NOTFOUND ) 550 if ( event_ptr->status == HTTP_NOTFOUND )
551 { 551 {
552 elog ("%s returned (Not-Found) (%d)\n", 552 elog ("%s returned (Not-Found) (%d)\n",
553 event_ptr->log_prefix.c_str(), 553 event_ptr->log_prefix.c_str(),
554 event_ptr->status); 554 event_ptr->status);
555 if ( event_ptr->type != EVHTTP_REQ_POST ) 555 if ( event_ptr->type != EVHTTP_REQ_POST )
556 event_ptr->status = PASS ; 556 event_ptr->status = PASS ;
557
558 goto httpUtil_handler_done ; 557 goto httpUtil_handler_done ;
559 } 558 }
560 559
561 else if (( event_ptr->status != PASS ) && ( ! req )) 560 else if (( event_ptr->status != PASS ) && ( ! req ))
562 { 561 {
563 elog ("%s Request Timeout (%d)\n", 562 elog ("%s Request Timeout (%d)\n",
564 event_ptr->log_prefix.c_str(), 563 event_ptr->log_prefix.c_str(),
565 event_ptr->timeout); 564 event_ptr->timeout);
566 565
@@ -788,6 +787,11 @@ int httpUtil_api_request ( libEvent & event )
788 { 787 {
789 ; 788 ;
790 } 789 }
790 else if (( event.request == BARBICAN_GET_SECRET ) ||
791 ( event.request == BARBICAN_READ_SECRET ))
792 {
793 ;
794 }
791 else 795 else
792 { 796 {
793 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request); 797 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request);
@@ -799,7 +803,7 @@ int httpUtil_api_request ( libEvent & event )
799 if ( httpUtil_connect ( event )) 803 if ( httpUtil_connect ( event ))
800 { 804 {
801 event.status = FAIL_CONNECT ; 805 event.status = FAIL_CONNECT ;
802 goto httpUtil_api_request_done ; 806 goto httpUtil_api_request_done ;
803 } 807 }
804 808
805 if ( httpUtil_request ( event, &httpUtil_handler )) 809 if ( httpUtil_request ( event, &httpUtil_handler ))
@@ -813,7 +817,7 @@ int httpUtil_api_request ( libEvent & event )
813 jlog ("%s Address : %s\n", event.hostname.c_str(), event.address.c_str()); 817 jlog ("%s Address : %s\n", event.hostname.c_str(), event.address.c_str());
814 } 818 }
815 819
816 if (( event.type != EVHTTP_REQ_GET ) && 820 if (( event.type != EVHTTP_REQ_GET ) &&
817 ( event.type != EVHTTP_REQ_DELETE )) 821 ( event.type != EVHTTP_REQ_DELETE ))
818 { 822 {
819 /* Add payload to the output buffer but only for PUT, POST and PATCH requests */ 823 /* Add payload to the output buffer but only for PUT, POST and PATCH requests */
@@ -824,15 +828,15 @@ int httpUtil_api_request ( libEvent & event )
824 } 828 }
825 if ( daemon_get_cfg_ptr()->debug_json ) 829 if ( daemon_get_cfg_ptr()->debug_json )
826 { 830 {
827 if ((!string_contains(event.payload,"token")) && 831 if ((!string_contains(event.payload,"token")) &&
828 (!string_contains(event.payload,"assword"))) 832 (!string_contains(event.payload,"assword")))
829 { 833 {
830 jlog ("%s Payload : %s\n", event.hostname.c_str(), 834 jlog ("%s Payload : %s\n", event.hostname.c_str(),
831 event.payload.c_str() ); 835 event.payload.c_str() );
832 } 836 }
833 else 837 else
834 { 838 {
835 jlog ("%s Payload : ... contains private content ...\n", 839 jlog ("%s Payload : ... contains private content ...\n",
836 event.hostname.c_str()); 840 event.hostname.c_str());
837 841
838 } 842 }
@@ -848,7 +852,7 @@ int httpUtil_api_request ( libEvent & event )
848 hdrs.entry[hdr_entry].value = "admin"; 852 hdrs.entry[hdr_entry].value = "admin";
849 hdr_entry++; 853 hdr_entry++;
850 854
851 if (( event.type != EVHTTP_REQ_GET ) && 855 if (( event.type != EVHTTP_REQ_GET ) &&
852 ( event.type != EVHTTP_REQ_DELETE )) 856 ( event.type != EVHTTP_REQ_DELETE ))
853 { 857 {
854 hdrs.entry[hdr_entry].key = "Content-Length" ; 858 hdrs.entry[hdr_entry].key = "Content-Length" ;
@@ -859,14 +863,23 @@ int httpUtil_api_request ( libEvent & event )
859 hdrs.entry[hdr_entry].key = "User-Agent" ; 863 hdrs.entry[hdr_entry].key = "User-Agent" ;
860 hdrs.entry[hdr_entry].value = event.user_agent ; 864 hdrs.entry[hdr_entry].value = event.user_agent ;
861 hdr_entry++; 865 hdr_entry++;
862 866
863 hdrs.entry[hdr_entry].key = "Content-Type" ; 867 hdrs.entry[hdr_entry].key = "Content-Type" ;
864 hdrs.entry[hdr_entry].value = "application/json" ; 868 hdrs.entry[hdr_entry].value = "application/json" ;
865 hdr_entry++; 869 hdr_entry++;
866 870
867 hdrs.entry[hdr_entry].key = "Accept" ; 871 if ( event.request == BARBICAN_READ_SECRET )
868 hdrs.entry[hdr_entry].value = "application/json" ; 872 {
869 hdr_entry++; 873 hdrs.entry[hdr_entry].key = "Accept" ;
874 hdrs.entry[hdr_entry].value = "application/octet-stream" ;
875 hdr_entry++;
876 }
877 else
878 {
879 hdrs.entry[hdr_entry].key = "Accept" ;
880 hdrs.entry[hdr_entry].value = "application/json" ;
881 hdr_entry++;
882 }
870 883
871 if ( event.request != KEYSTONE_GET_TOKEN ) 884 if ( event.request != KEYSTONE_GET_TOKEN )
872 { 885 {
@@ -912,8 +925,10 @@ int httpUtil_api_request ( libEvent & event )
912 } 925 }
913 else 926 else
914 { 927 {
928 hlog ("%s API Internal Address : %s\n", event.hostname.c_str(), event.address.c_str());
915 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.address.data()); 929 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.address.data());
916 } 930 }
931
917 daemon_signal_hdlr (); 932 daemon_signal_hdlr ();
918 if ( event.status == PASS ) 933 if ( event.status == PASS )
919 { 934 {
@@ -939,14 +954,15 @@ int httpUtil_api_request ( libEvent & event )
939 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG ); 954 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG );
940 goto httpUtil_api_request_done ; 955 goto httpUtil_api_request_done ;
941 } 956 }
942 else if ( event.request == KEYSTONE_GET_TOKEN ) 957 else if ( event.request == KEYSTONE_GET_TOKEN ||
958 event.request == BARBICAN_GET_SECRET ||
959 event.request == BARBICAN_READ_SECRET )
943 { 960 {
944 hlog ("%s Requested (non-blocking) (timeout:%d secs)\n", event.log_prefix.c_str(), event.timeout); 961 hlog ("%s Requested (non-blocking) (timeout:%d secs)\n", event.log_prefix.c_str(), event.timeout);
945 event.active = true ; 962 event.active = true ;
946 event.status = event_base_loop(event.base, EVLOOP_NONBLOCK); 963 event.status = event_base_loop(event.base, EVLOOP_NONBLOCK);
947 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG ); /* Should be immediate ; non blocking */ 964 httpUtil_latency_log ( event, label.c_str(), __LINE__, MAX_DELAY_B4_LATENCY_LOG ); /* Should be immediate ; non blocking */
948 return (event.status); 965 return (event.status);
949 // goto httpUtil_api_request_done ;
950 } 966 }
951 else 967 else
952 { 968 {
@@ -979,9 +995,9 @@ httpUtil_api_request_done:
979 995
980void httpUtil_event_info ( libEvent & event ) 996void httpUtil_event_info ( libEvent & event )
981{ 997{
982 ilog ("%s request to %s.%d Status:%d \n", 998 ilog ("%s request to %s.%d Status:%d \n",
983 event.log_prefix.c_str(), 999 event.log_prefix.c_str(),
984 event.ip.c_str(), 1000 event.ip.c_str(),
985 event.port, 1001 event.port,
986 event.status); 1002 event.status);
987 if ( event.request == KEYSTONE_GET_TOKEN ) 1003 if ( event.request == KEYSTONE_GET_TOKEN )
@@ -1001,7 +1017,7 @@ void httpUtil_log_event ( libEvent * event_ptr )
1001{ 1017{
1002 string event_sig = daemon_get_cfg_ptr()->debug_event ; 1018 string event_sig = daemon_get_cfg_ptr()->debug_event ;
1003 msgSock_type * mtclogd_ptr = get_mtclogd_sockPtr (); 1019 msgSock_type * mtclogd_ptr = get_mtclogd_sockPtr ();
1004 1020
1005 send_log_message ( get_mtclogd_sockPtr(), event_ptr->hostname.data(), &rest_api_filename[0], &event_ptr->req_str[0] ); 1021 send_log_message ( get_mtclogd_sockPtr(), event_ptr->hostname.data(), &rest_api_filename[0], &event_ptr->req_str[0] );
1006 1022
1007 if ( event_ptr->request == KEYSTONE_GET_TOKEN ) 1023 if ( event_ptr->request == KEYSTONE_GET_TOKEN )
@@ -1031,16 +1047,16 @@ void httpUtil_log_event ( libEvent * event_ptr )
1031 1047
1032 if (!event_ptr->payload.empty()) 1048 if (!event_ptr->payload.empty())
1033 { 1049 {
1034 if ((!string_contains(event_ptr->payload,"token")) && 1050 if ((!string_contains(event_ptr->payload,"token")) &&
1035 (!string_contains(event_ptr->payload,"assword"))) 1051 (!string_contains(event_ptr->payload,"assword")))
1036 { 1052 {
1037 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1053 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1038 "%s [%5d] %s seq:%d -> Payload : %s", 1054 "%s [%5d] %s seq:%d -> Payload : %s",
1039 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->payload.c_str() ); 1055 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->payload.c_str() );
1040 } 1056 }
1041 else 1057 else
1042 { 1058 {
1043 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1059 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1044 "%s [%5d] %s seq:%d -> Payload : ... contains private content ...", 1060 "%s [%5d] %s seq:%d -> Payload : ... contains private content ...",
1045 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence ); 1061 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence );
1046 } 1062 }
@@ -1049,10 +1065,10 @@ void httpUtil_log_event ( libEvent * event_ptr )
1049 1065
1050 if ( !event_ptr->response.empty() ) 1066 if ( !event_ptr->response.empty() )
1051 { 1067 {
1052 if ((!string_contains(event_ptr->response,"token")) && 1068 if ((!string_contains(event_ptr->response,"token")) &&
1053 (!string_contains(event_ptr->response,"assword"))) 1069 (!string_contains(event_ptr->response,"assword")))
1054 { 1070 {
1055 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1071 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1056 "%s [%5d] %s seq:%d -> Response: %s", 1072 "%s [%5d] %s seq:%d -> Response: %s",
1057 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->response.c_str() ); 1073 pt(), getpid(), event_ptr->log_prefix.c_str(), event_ptr->sequence, event_ptr->response.c_str() );
1058 } 1074 }
@@ -1064,18 +1080,18 @@ void httpUtil_log_event ( libEvent * event_ptr )
1064 } 1080 }
1065 send_log_message ( mtclogd_ptr, event_ptr->hostname.data(), rest_api_filename, &rest_api_log_str[0] ); 1081 send_log_message ( mtclogd_ptr, event_ptr->hostname.data(), rest_api_filename, &rest_api_log_str[0] );
1066 } 1082 }
1067 1083
1068 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1, 1084 snprintf (&rest_api_log_str[0], MAX_API_LOG_LEN-1,
1069 "%s [%5d] %s %s '%s' seq:%d -> Status : %d {execution time %ld.%06ld secs}\n", 1085 "%s [%5d] %s %s '%s' seq:%d -> Status : %d {execution time %ld.%06ld secs}\n",
1070 pt(), getpid(), 1086 pt(), getpid(),
1071 event_ptr->hostname.c_str(), 1087 event_ptr->hostname.c_str(),
1072 event_ptr->service.c_str(), 1088 event_ptr->service.c_str(),
1073 event_ptr->operation.c_str(), 1089 event_ptr->operation.c_str(),
1074 event_ptr->sequence, 1090 event_ptr->sequence,
1075 event_ptr->http_status, 1091 event_ptr->http_status,
1076 event_ptr->diff_time.secs, 1092 event_ptr->diff_time.secs,
1077 event_ptr->diff_time.msecs ); 1093 event_ptr->diff_time.msecs );
1078 1094
1079 if (( event_ptr->diff_time.secs > 2 ) || (event_ptr->http_status != HTTP_OK ) ) 1095 if (( event_ptr->diff_time.secs > 2 ) || (event_ptr->http_status != HTTP_OK ) )
1080 { 1096 {
1081 int len = strlen (rest_api_log_str) ; 1097 int len = strlen (rest_api_log_str) ;
diff --git a/mtce-common/src/common/httpUtil.h b/mtce-common/src/common/httpUtil.h
index d846d29..b0f6698 100644
--- a/mtce-common/src/common/httpUtil.h
+++ b/mtce-common/src/common/httpUtil.h
@@ -52,6 +52,7 @@ using namespace std;
52#define HTTP_KEYSTONE_GET_TIMEOUT (10) 52#define HTTP_KEYSTONE_GET_TIMEOUT (10)
53#define HTTP_SMGR_TIMEOUT (20) 53#define HTTP_SMGR_TIMEOUT (20)
54#define HTTP_VIM_TIMEOUT (20) 54#define HTTP_VIM_TIMEOUT (20)
55#define HTTP_SECRET_TIMEOUT (5)
55 56
56#define SMGR_MAX_RETRIES (3) 57#define SMGR_MAX_RETRIES (3)
57 58
@@ -61,12 +62,14 @@ using namespace std;
61 62
62#define SMGR_EVENT_SIG "smgrEvent" 63#define SMGR_EVENT_SIG "smgrEvent"
63#define SYSINV_EVENT_SIG "sysinvEvent" 64#define SYSINV_EVENT_SIG "sysinvEvent"
65#define SECRET_EVENT_SIG "secretEvent"
64 66
65#define KEYSTONE_SIG "token" 67#define KEYSTONE_SIG "token"
66#define SENSOR_SIG "sensor" 68#define SENSOR_SIG "sensor"
67#define SYSINV_SIG "sysinv" 69#define SYSINV_SIG "sysinv"
68#define SMGR_SIG "smgr" 70#define SMGR_SIG "smgr"
69#define VIM_SIG "vim" 71#define VIM_SIG "vim"
72#define SECRET_SIG "secret"
70 73
71#define SYSINV_OPER__LOAD_HOST "load host" 74#define SYSINV_OPER__LOAD_HOST "load host"
72#define SYSINV_OPER__UPDATE_TASK "update task" 75#define SYSINV_OPER__UPDATE_TASK "update task"
@@ -108,6 +111,26 @@ typedef struct
108 error renewal - flood avoidance */ 111 error renewal - flood avoidance */
109} keyToken_type ; 112} keyToken_type ;
110 113
114
115typedef enum
116{
117 MTC_SECRET__START = 0,
118 MTC_SECRET__GET_REF,
119 MTC_SECRET__GET_REF_FAIL,
120 MTC_SECRET__GET_REF_RECV,
121 MTC_SECRET__GET_PWD,
122 MTC_SECRET__GET_PWD_FAIL,
123 MTC_SECRET__GET_PWD_RECV,
124 MTC_SECRET__STAGES,
125} mtc_secretStages_enum ;
126
127typedef struct
128{
129 string reference;
130 string payload ;
131 mtc_secretStages_enum stage ;
132} barbicanSecret_type;
133
111/** All supported Request Type Enums */ 134/** All supported Request Type Enums */
112typedef enum { 135typedef enum {
113 SERVICE_NONE, 136 SERVICE_NONE,
@@ -154,19 +177,22 @@ typedef enum {
154 SMGR_HOST_LOCKED, 177 SMGR_HOST_LOCKED,
155 SMGR_HOST_ENABLED, 178 SMGR_HOST_ENABLED,
156 SMGR_HOST_DISABLED, 179 SMGR_HOST_DISABLED,
157 180
158 KEYSTONE_TOKEN, 181 KEYSTONE_TOKEN,
159 KEYSTONE_GET_TOKEN, 182 KEYSTONE_GET_TOKEN,
160 KEYSTONE_GET_SERVICE_LIST, 183 KEYSTONE_GET_SERVICE_LIST,
161 KEYSTONE_GET_ENDPOINT_LIST, 184 KEYSTONE_GET_ENDPOINT_LIST,
162 185
186 BARBICAN_GET_SECRET,
187 BARBICAN_READ_SECRET,
188
163 SERVICE_LAST 189 SERVICE_LAST
164} libEvent_enum ; 190} libEvent_enum ;
165 191
166 192
167/** Local event control structure for REST API services 193/** Local event control structure for REST API services
168 * 194 *
169 * Nova, Neutron, Keystone and Inventory 195 * Nova, Neutron, Keystone, Barbican and Inventory
170 * 196 *
171 */ 197 */
172struct libEvent 198struct libEvent
@@ -177,7 +203,7 @@ struct libEvent
177 bool mutex ; /**< single operation at a time */ 203 bool mutex ; /**< single operation at a time */
178 bool active ; /**< true if waiting on response */ 204 bool active ; /**< true if waiting on response */
179 int stuck ; /**< Count mutex active stuck state */ 205 int stuck ; /**< Count mutex active stuck state */
180 bool blocking ; /**< true if command is blocking */ 206 bool blocking ; /**< true if command is blocking */
181 bool found ; /**< true if query was found */ 207 bool found ; /**< true if query was found */
182 int timeout ; /**< Request timeout */ 208 int timeout ; /**< Request timeout */
183 int count ; /**< retry recover counter */ 209 int count ; /**< retry recover counter */
@@ -204,7 +230,7 @@ struct libEvent
204 230
205 /** Service Specific Request Info */ 231 /** Service Specific Request Info */
206 libEvent_enum request ; /**< Specify the request command */ 232 libEvent_enum request ; /**< Specify the request command */
207 keyToken_type token ; /**< Copy of the active token */ 233 keyToken_type token ; /**< Copy of the active token */
208 string service ; /**< Service being executed */ 234 string service ; /**< Service being executed */
209 string hostname ; /**< Target hostname */ 235 string hostname ; /**< Target hostname */
210 string uuid ; /**< The UUID for this request */ 236 string uuid ; /**< The UUID for this request */
@@ -222,12 +248,12 @@ struct libEvent
222 string address ; /**< http url address */ 248 string address ; /**< http url address */
223 string payload ; /**< the request's payload */ 249 string payload ; /**< the request's payload */
224 string user_agent ; /**< set the User-Agent header */ 250 string user_agent ; /**< set the User-Agent header */
225 251
226 /** Result Info */ 252 /** Result Info */
227 int status ; /**< Execution Status */ 253 int status ; /**< Execution Status */
228 int http_status ; /**< raw http returned status */ 254 int http_status ; /**< raw http returned status */
229 int exec_time_msec ; /**< execution time in msec */ 255 int exec_time_msec ; /**< execution time in msec */
230 node_inv_type inv_info ; 256 node_inv_type inv_info ;
231 size_t response_len ; /**< the json response length */ 257 size_t response_len ; /**< the json response length */
232 string response ; /**< the json response string */ 258 string response ; /**< the json response string */
233 string result ; /**< Command specific result str */ 259 string result ; /**< Command specific result str */
@@ -288,10 +314,10 @@ typedef struct
288 314
289void httpUtil_init ( void ); 315void httpUtil_init ( void );
290 316
291int httpUtil_event_init ( libEvent * ptr , 317int httpUtil_event_init ( libEvent * ptr ,
292 string hostname, 318 string hostname,
293 string service, 319 string service,
294 string ip, 320 string ip,
295 int port ); 321 int port );
296 322
297/** Add payload to the HTTP message body. */ 323/** Add payload to the HTTP message body. */
@@ -310,14 +336,14 @@ int httpUtil_connect ( libEvent & event );
310int httpUtil_request ( libEvent & event, 336int httpUtil_request ( libEvent & event,
311 void(*hdlr)(struct evhttp_request *, void *)); 337 void(*hdlr)(struct evhttp_request *, void *));
312 338
313/** Common REST API Request Utility */ 339/** Common REST API Request Utility */
314int httpUtil_api_request ( libEvent & event ); 340int httpUtil_api_request ( libEvent & event );
315 341
316/** Common REST API Request Utility */ 342/** Common REST API Request Utility */
317int httpUtil_request ( libEvent & event , bool block, 343int httpUtil_request ( libEvent & event , bool block,
318 void(*hdlr)(struct evhttp_request *, void *)); 344 void(*hdlr)(struct evhttp_request *, void *));
319 345
320/** Common REST API Receive Utility for non-blocking requests */ 346/** Common REST API Receive Utility for non-blocking requests */
321int httpUtil_receive ( libEvent & event ); 347int httpUtil_receive ( libEvent & event );
322 348
323/** HTTP response status checker */ 349/** HTTP response status checker */
diff --git a/mtce-common/src/common/jsonUtil.cpp b/mtce-common/src/common/jsonUtil.cpp
index aafc20c..15fe84d 100644
--- a/mtce-common/src/common/jsonUtil.cpp
+++ b/mtce-common/src/common/jsonUtil.cpp
@@ -619,6 +619,80 @@ load_host_cleanup:
619 return (rc); 619 return (rc);
620} 620}
621 621
622int jsonUtil_secret_load ( string & name,
623 char * json_str_ptr,
624 jsonUtil_secret_type & info )
625{
626 int rc = PASS ;
627 json_bool status ;
628
629 /* init to null to avoid trap on early cleanup call with
630 * bad non-null default pointer value */
631 struct array_list * array_list_obj = (struct array_list *)(NULL);
632 struct json_object *raw_obj = (struct json_object *)(NULL);
633 struct json_object *secret_obj = (struct json_object *)(NULL);
634 struct json_object *ref_obj = (struct json_object *)(NULL);
635
636 if (( json_str_ptr == NULL ) || ( *json_str_ptr == '\0' ) ||
637 ( ! strncmp ( json_str_ptr, "(null)" , 6 )))
638 {
639 elog ("Cannot tokenize a null json string\n");
640 return (FAIL);
641 }
642 raw_obj = json_tokener_parse( json_str_ptr );
643 if ( !raw_obj )
644 {
645 elog ("No or invalid json string (%s)\n", json_str_ptr );
646 rc = FAIL ;
647 goto secret_load_cleanup ;
648 }
649
650 status = json_object_object_get_ex(raw_obj, MTC_JSON_SECRET_LIST, &secret_obj );
651 if ( ( status == TRUE ) && ( secret_obj ))
652 {
653 array_list_obj = json_object_get_array(secret_obj );
654 if ( array_list_obj )
655 {
656 int len = array_list_length (array_list_obj );
657 if ( len == 0 )
658 {
659 wlog ( "No %s elements in array\n", MTC_JSON_SECRET_LIST );
660 goto secret_load_cleanup;
661 }
662 for ( int i = 0 ; i < len ; i++ )
663 {
664 ref_obj = _json_object_array_get_idx (secret_obj, i );
665 if ( ref_obj )
666 {
667 string secret_name = _json_get_key_value_string ( ref_obj, MTC_JSON_SECRET_NAME );
668 if ( ( secret_name.length() > 0) && !secret_name.compare(name) )
669 {
670 info.secret_ref = _json_get_key_value_string ( ref_obj, MTC_JSON_SECRET_REFERENCE );
671 jlog ( "Found secret_ref %s\n", info.secret_ref.c_str() );
672 break ;
673 }
674 }
675 }
676 }
677 else
678 {
679 elog ("%s Failed to find %s object array\n", name.c_str(), MTC_JSON_SECRET_LIST );
680 }
681 }
682 else
683 {
684 elog ("%s Failed to find %s object\n", name.c_str(), MTC_JSON_SECRET_LIST );
685 }
686
687secret_load_cleanup:
688
689 if (raw_obj) json_object_put(raw_obj );
690 if (secret_obj) json_object_put(secret_obj );
691 if (ref_obj) json_object_put(ref_obj );
692
693 return (rc);
694}
695
622void jsonUtil_print ( jsonUtil_info_type & info, int index ) 696void jsonUtil_print ( jsonUtil_info_type & info, int index )
623{ 697{
624 if ( info.elements == 0 ) 698 if ( info.elements == 0 )
diff --git a/mtce-common/src/common/jsonUtil.h b/mtce-common/src/common/jsonUtil.h
index 1786df3..7779766 100644
--- a/mtce-common/src/common/jsonUtil.h
+++ b/mtce-common/src/common/jsonUtil.h
@@ -10,7 +10,7 @@
10 /** 10 /**
11 * @file 11 * @file
12 * Wind River CGTS Platform Controller Maintenance 12 * Wind River CGTS Platform Controller Maintenance
13 * 13 *
14 * JSON Utility Header 14 * JSON Utility Header
15 */ 15 */
16 16
@@ -56,17 +56,57 @@ typedef struct
56 string adminURL; /**< path to the nova server. */ 56 string adminURL; /**< path to the nova server. */
57} jsonUtil_auth_type ; 57} jsonUtil_auth_type ;
58 58
59/** Module initialization interface. 59#define MAX_JSON_SECRET_CONTENTS_NUM 7
60#define MTC_JSON_SECRET_LIST "secrets"
61#define MTC_JSON_SECRET_TOTAL "total"
62#define MTC_JSON_SECRET_PREVIOUS "previous"
63#define MTC_JSON_SECRET_NEXT "next"
64#define MTC_JSON_SECRET_ALGORITHM "algorithm"
65#define MTC_JSON_SECRET_LENGTH "bit_length"
66#define MTC_JSON_SECRET_CONTENT "content_types"
67#define MTC_JSON_SECRET_CREATED "created"
68#define MTC_JSON_SECRET_CREATOR "creator_id"
69#define MTC_JSON_SECRET_EXPIRATION "expiration"
70#define MTC_JSON_SECRET_MODE "mode"
71#define MTC_JSON_SECRET_NAME "name"
72#define MTC_JSON_SECRET_REFERENCE "secret_ref"
73#define MTC_JSON_SECRET_TYPE "secret_type"
74#define MTC_JSON_SECRET_STATUS "status"
75#define MTC_JSON_SECRET_UPDATED "updated"
76
77typedef struct
78{
79 string type ;
80 string encoding ;
81} content_type ;
82
83typedef struct
84{
85 string algorithm ;
86 int bit_length ;
87 content_type contents[MAX_JSON_SECRET_CONTENTS_NUM];
88 string created ;
89 string creator_id ;
90 string expiration ;
91 string mode ;
92 string name ;
93 string secret_ref ;
94 string secret_type ;
95 string status ;
96 string updated ;
97} jsonUtil_secret_type ;
98
99/** Module initialization interface.
60 */ 100 */
61void jsonUtil_init ( jsonUtil_info_type & info ); 101void jsonUtil_init ( jsonUtil_info_type & info );
62 102
63/** Print the authroization struct to stdio. 103/** Print the authroization struct to stdio.
64 */ 104 */
65void jsonUtil_print ( jsonUtil_info_type & info , int index ); 105void jsonUtil_print ( jsonUtil_info_type & info , int index );
66void jsonUtil_print_inv ( node_inv_type & info ); 106void jsonUtil_print_inv ( node_inv_type & info );
67 107
68int jsonUtil_get_key_val ( char * json_str_ptr, 108int jsonUtil_get_key_val ( char * json_str_ptr,
69 string key, 109 string key,
70 string & value ); 110 string & value );
71 111
72int jsonUtil_get_key_val_int ( char * json_str_ptr, 112int jsonUtil_get_key_val_int ( char * json_str_ptr,
@@ -76,10 +116,11 @@ int jsonUtil_get_key_val_int ( char * json_str_ptr,
76/** Submit a request to get an authorization token and nova URL */ 116/** Submit a request to get an authorization token and nova URL */
77int jsonApi_auth_request ( string & hostname, string & payload ); 117int jsonApi_auth_request ( string & hostname, string & payload );
78 118
79/** Parse through the authorization request's response json string 119/** Parse through the authorization request's response json string
80 * and load the relavent information into the passed in structure */ 120 * and load the relavent information into the passed in structure */
81 int jsonUtil_inv_load ( char * json_str_ptr, 121int jsonUtil_inv_load ( char * json_str_ptr, jsonUtil_info_type & info );
82 jsonUtil_info_type & info ); 122
123int jsonUtil_secret_load ( string & name, char * json_str_ptr, jsonUtil_secret_type & info );
83 124
84int jsonUtil_load_host ( char * json_str_ptr, node_inv_type & info ); 125int jsonUtil_load_host ( char * json_str_ptr, node_inv_type & info );
85int jsonUtil_load_host_state ( char * json_str_ptr, node_inv_type & info ); 126int jsonUtil_load_host_state ( char * json_str_ptr, node_inv_type & info );
@@ -102,7 +143,7 @@ int jsonUtil_patch_load ( char * json_str_ptr, node_inv_type & info );
102 *- FAIL indicates bad or error reply in json string. 143 *- FAIL indicates bad or error reply in json string.
103 * 144 *
104 */ 145 */
105int jsonApi_auth_load ( string & hostname, char * json_str_ptr, 146int jsonApi_auth_load ( string & hostname, char * json_str_ptr,
106 jsonUtil_auth_type & info ); 147 jsonUtil_auth_type & info );
107 148
108 149
@@ -110,9 +151,9 @@ int jsonApi_auth_load ( string & hostname, char * json_str_ptr,
110 * This utility searches for an 'array_label' and then loops over the array 151 * This utility searches for an 'array_label' and then loops over the array
111 * looking at each element for the specified 'search_key' and 'search_value' 152 * looking at each element for the specified 'search_key' and 'search_value'
112 * Once found it searches that same element for the specified 'element_key' 153 * Once found it searches that same element for the specified 'element_key'
113 * and loads its value content into 'element_value' - what we're looking for 154 * and loads its value content into 'element_value' - what we're looking for
114 ***************************************************************************/ 155 ***************************************************************************/
115int jsonApi_array_value ( char * json_str_ptr, 156int jsonApi_array_value ( char * json_str_ptr,
116 string array_label, 157 string array_label,
117 string search_key, 158 string search_key,
118 string search_value, 159 string search_value,
@@ -123,18 +164,18 @@ int jsonApi_array_value ( char * json_str_ptr,
123 * This utility updates the reference key_list with all the 164 * This utility updates the reference key_list with all the
124 * values for the specified label. 165 * values for the specified label.
125 ***********************************************************************/ 166 ***********************************************************************/
126int jsonUtil_get_list ( char * json_str_ptr, 167int jsonUtil_get_list ( char * json_str_ptr,
127 string label, list<string> & key_list ); 168 string label, list<string> & key_list );
128 169
129/*********************************************************************** 170/***********************************************************************
130 * This utility updates the reference element with the number of array 171 * This utility updates the reference element with the number of array
131 * elements for the specified label in the provided string 172 * elements for the specified label in the provided string
132 ***********************************************************************/ 173 ***********************************************************************/
133int jsonUtil_array_elements ( char * json_str_ptr, string label, int & elements ); 174int jsonUtil_array_elements ( char * json_str_ptr, string label, int & elements );
134 175
135/*********************************************************************** 176/***********************************************************************
136 * This utility updates the reference string 'element' with the 177 * This utility updates the reference string 'element' with the
137 * contents of the specified labeled array element index. 178 * contents of the specified labeled array element index.
138 ***********************************************************************/ 179 ***********************************************************************/
139int jsonUtil_get_array_idx ( char * json_str_ptr, string label, int idx, string & element ); 180int jsonUtil_get_array_idx ( char * json_str_ptr, string label, int idx, string & element );
140 181
diff --git a/mtce-common/src/common/logMacros.h b/mtce-common/src/common/logMacros.h
index f8720c9..b041208 100644
--- a/mtce-common/src/common/logMacros.h
+++ b/mtce-common/src/common/logMacros.h
@@ -67,7 +67,7 @@ typedef struct
67 char* keystone_auth_project ; /**< =services */ 67 char* keystone_auth_project ; /**< =services */
68 char* keystone_user_domain; /**< = Default */ 68 char* keystone_user_domain; /**< = Default */
69 char* keystone_project_domain; /**< = Default */ 69 char* keystone_project_domain; /**< = Default */
70 char* keyring_directory ; /**< =/opt/platform/.keyring/<release> */ 70
71 char* sysinv_mtc_inv_label ; /**< =/v1/hosts/ */ 71 char* sysinv_mtc_inv_label ; /**< =/v1/hosts/ */
72 int sysinv_api_port ; /**< =6385 */ 72 int sysinv_api_port ; /**< =6385 */
73 char* sysinv_api_bind_ip ; /**< =<local floating IP> */ 73 char* sysinv_api_bind_ip ; /**< =<local floating IP> */
@@ -75,6 +75,9 @@ typedef struct
75 char* ceilometer_url ; /**< ceilometer sensor sample database url */ 75 char* ceilometer_url ; /**< ceilometer sensor sample database url */
76 int ceilometer_port ; /**< ceilometer REST API port number */ 76 int ceilometer_port ; /**< ceilometer REST API port number */
77 77
78 char* barbican_api_host ; /**< Barbican REST API host IP address */
79 int barbican_api_port ; /**< Barbican REST API port number */
80
78 int mtc_rx_mgmnt_port ; /**< mtcClient listens mgmnt nwk cmd reqs */ 81 int mtc_rx_mgmnt_port ; /**< mtcClient listens mgmnt nwk cmd reqs */
79 int mtc_rx_infra_port ; /**< mtcClient listens infra nwk cmd reqs */ 82 int mtc_rx_infra_port ; /**< mtcClient listens infra nwk cmd reqs */
80 int mtc_tx_mgmnt_port ; /**< mtcClient sends mgmnt nwk cmds/resp's */ 83 int mtc_tx_mgmnt_port ; /**< mtcClient sends mgmnt nwk cmds/resp's */
diff --git a/mtce-common/src/common/nodeBase.h b/mtce-common/src/common/nodeBase.h
index 162dace..c154653 100755
--- a/mtce-common/src/common/nodeBase.h
+++ b/mtce-common/src/common/nodeBase.h
@@ -114,7 +114,7 @@ void daemon_exit ( void );
114#define NFVI_PLUGIN_CFG_FILE ((const char *)"/etc/nfv/nfv_plugins/nfvi_plugins/config.ini") 114#define NFVI_PLUGIN_CFG_FILE ((const char *)"/etc/nfv/nfv_plugins/nfvi_plugins/config.ini")
115#define SYSINV_CFG_FILE ((const char *)"/etc/sysinv/sysinv.conf") 115#define SYSINV_CFG_FILE ((const char *)"/etc/sysinv/sysinv.conf")
116#define HWMON_CONF_FILE ((const char *)"/etc/mtc/hwmond.conf") 116#define HWMON_CONF_FILE ((const char *)"/etc/mtc/hwmond.conf")
117 117#define SECRET_CFG_FILE ((const char *)"/etc/barbican/barbican.conf")
118 118
119#define GOENABLED_DIR ((const char *)"/etc/goenabled.d") /* generic */ 119#define GOENABLED_DIR ((const char *)"/etc/goenabled.d") /* generic */
120#define GOENABLED_WORKER_DIR ((const char *)"/etc/goenabled.d/worker") 120#define GOENABLED_WORKER_DIR ((const char *)"/etc/goenabled.d/worker")
diff --git a/mtce-common/src/common/nodeUtil.cpp b/mtce-common/src/common/nodeUtil.cpp
index 9aa30dc..a7aaed2 100755
--- a/mtce-common/src/common/nodeUtil.cpp
+++ b/mtce-common/src/common/nodeUtil.cpp
@@ -1188,73 +1188,6 @@ bool string_contains ( string buffer, string sequence )
1188} 1188}
1189 1189
1190 1190
1191extern char *program_invocation_short_name;
1192
1193
1194string get_bm_password ( const char * uuid )
1195{
1196 #define STR_LEN 128
1197 int rc = RETRY ;
1198 string value = "" ;
1199
1200 daemon_signal_hdlr ();
1201
1202 if ( uuid == NULL )
1203 {
1204 slog ("failed ; Null uuid\n" );
1205 return (value);
1206 }
1207
1208 string temp_file = "/tmp/." ;
1209 temp_file.append(program_invocation_short_name);
1210 temp_file.append("_bmc.tmp");
1211
1212 /* If the keyring dir is not present then set the password to unknown */
1213 DIR *d = opendir(daemon_get_cfg_ptr()->keyring_directory);
1214 if (d)
1215 {
1216 char str [STR_LEN] ;
1217 memset (&str[0],0,STR_LEN);
1218 sprintf(&str[0], "/usr/bin/keyring get BM %s > %s", uuid, temp_file.data() );
1219 /* This system call can take 1 sec */
1220 rc = system(str) ;
1221 {
1222 int parms ;
1223 usleep(10);
1224 FILE *fp = fopen(temp_file.c_str(), "r");
1225 if (fp)
1226 {
1227 memset (&str[0],0,STR_LEN);
1228 if ( (parms = fscanf(fp, "%128s", &str[0])) == 1 )
1229 {
1230 value = str ; /* get the value we are looking for */
1231 rc = PASS ;
1232 }
1233 fclose(fp);
1234 }
1235 else
1236 {
1237 wlog ("Failed to open %s\n", temp_file.c_str() );
1238 }
1239 }
1240 closedir(d);
1241 }
1242 else
1243 {
1244 wlog ("Failed to open credentials directory '%s'\n", daemon_get_cfg_ptr()->keyring_directory );
1245 }
1246
1247 if ( rc != PASS )
1248 {
1249 wlog ("password for uuid '%s' not found\n", uuid);
1250 }
1251
1252 /* Don't leave the temp file containing the password around */
1253 daemon_remove_file ( temp_file.data() );
1254
1255 return (value);
1256}
1257
1258static int health = NODE_HEALTH_UNKNOWN ; 1191static int health = NODE_HEALTH_UNKNOWN ;
1259int get_node_health ( string hostname ) 1192int get_node_health ( string hostname )
1260{ 1193{
diff --git a/mtce-common/src/common/nodeUtil.h b/mtce-common/src/common/nodeUtil.h
index 712a725..f8765af 100755
--- a/mtce-common/src/common/nodeUtil.h
+++ b/mtce-common/src/common/nodeUtil.h
@@ -41,10 +41,10 @@ typedef struct
41} msgSock_type ; 41} msgSock_type ;
42 42
43int send_log_message ( msgSock_type * sock_ptr, 43int send_log_message ( msgSock_type * sock_ptr,
44 const char * hostname, 44 const char * hostname,
45 const char * filename, 45 const char * filename,
46 const char * log_str ); 46 const char * log_str );
47 47
48msgSock_type * get_mtclogd_sockPtr ( void ) ; 48msgSock_type * get_mtclogd_sockPtr ( void ) ;
49 49
50void mem_log_list_init ( void ); 50void mem_log_list_init ( void );
@@ -70,14 +70,13 @@ const char * get_iface_name_str ( int iface );
70unsigned int get_host_function_mask ( string & nodeType_str ); 70unsigned int get_host_function_mask ( string & nodeType_str );
71bool is_combo_system (unsigned int nodetype_mask ); 71bool is_combo_system (unsigned int nodetype_mask );
72 72
73int set_host_functions ( string nodetype_str, 73int set_host_functions ( string nodetype_str,
74 unsigned int * nodetype_bits_ptr, 74 unsigned int * nodetype_bits_ptr,
75 unsigned int * nodetype_function_ptr, 75 unsigned int * nodetype_function_ptr,
76 unsigned int * nodetype_subfunction_ptr ); 76 unsigned int * nodetype_subfunction_ptr );
77 77
78bool is_goenabled ( int nodeType, bool pass ); 78bool is_goenabled ( int nodeType, bool pass );
79 79
80string get_bm_password ( const char * username );
81string get_strings_in_string_list ( std::list<string> & l ); 80string get_strings_in_string_list ( std::list<string> & l );
82bool is_string_in_string_list ( std::list<string> & l , string & str ); 81bool is_string_in_string_list ( std::list<string> & l , string & str );
83bool is_int_in_int_list ( std::list<int> & l , int & val ); 82bool is_int_in_int_list ( std::list<int> & l , int & val );
diff --git a/mtce-common/src/common/secretUtil.cpp b/mtce-common/src/common/secretUtil.cpp
new file mode 100755
index 0000000..c92251c
--- /dev/null
+++ b/mtce-common/src/common/secretUtil.cpp
@@ -0,0 +1,348 @@
1/*
2 * Copyright (c) 2019 Wind River Systems, Inc.
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 *
6 */
7
8 /**
9 * @file
10 * Wind River CGTS Platform Controller Maintenance
11 * Access to Openstack Barbican via REST API Interface.
12 *
13 * This file implements the a set of secret utilities that maintenance
14 * calls upon to get/read Barbican secrets from the Barbican Secret storage.
15 *
16 * The APIs exposed from this file are
17 *
18 * secretUtil_get_secret - gets the Barbican secret, filtered by name
19 * secretUtil_read_secret - reads the payload for a specified secret uuid
20 *
21 * Each utility is paired with a private handler.
22 *
23 * secretUtil_handler - handles response for Barbican requests
24 *
25 * Warning: These calls cannot be nested.
26 *
27 **/
28
29#ifdef __AREA__
30#undef __AREA__
31#endif
32#define __AREA__ "pwd"
33
34#include <map>
35#include "nodeBase.h" /* for ... Base Service Header */
36#include "nodeUtil.h" /* for ... Utility Service Header */
37#include "hostUtil.h" /* for ... Host Service Header */
38#include "jsonUtil.h" /* for ... Json utilities */
39#include "secretUtil.h" /* this .. module header */
40
41std::map<string, barbicanSecret_type> secretList;
42
43barbicanSecret_type * secretUtil_find_secret ( string & host_uuid )
44{
45 std::map<string, barbicanSecret_type>::iterator it;
46 it = secretList.find( host_uuid );
47 if ( it != secretList.end() )
48 {
49 return &it->second;
50 }
51 return NULL;
52}
53
54
55barbicanSecret_type * secretUtil_manage_secret ( libEvent & event,
56 string & host_uuid,
57 struct mtc_timer & secret_timer,
58 void (*handler)(int, siginfo_t*, void*))
59{
60 int rc = PASS;
61 std::map<string, barbicanSecret_type>::iterator it;
62 it = secretList.find( host_uuid );
63 if ( it == secretList.end() )
64 {
65 barbicanSecret_type secret;
66 secret.stage = MTC_SECRET__START;
67 it = secretList.insert( std::pair<string, barbicanSecret_type>( host_uuid, secret ) ).first;
68 }
69
70 if ( it->second.stage == MTC_SECRET__START )
71 {
72 it->second.reference.clear();
73 it->second.payload.clear();
74 }
75
76 if ( it->second.stage == MTC_SECRET__START ||
77 it->second.stage == MTC_SECRET__GET_REF_FAIL )
78 {
79 if ( secret_timer.ring == true )
80 {
81 rc = secretUtil_get_secret ( event, host_uuid );
82 if (rc)
83 {
84 wlog ( "%s getting secret reference failed \n", host_uuid.c_str() );
85 it->second.stage = MTC_SECRET__GET_REF_FAIL;
86 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
87 }
88 else
89 {
90 mtcTimer_start( secret_timer, handler, SECRET_REPLY_DELAY );
91 }
92 }
93 else if ( event.base )
94 {
95 httpUtil_free_conn ( event );
96 httpUtil_free_base ( event );
97 }
98 }
99 else if ( it->second.stage == MTC_SECRET__GET_REF_RECV ||
100 it->second.stage == MTC_SECRET__GET_PWD_FAIL )
101 {
102 if ( secret_timer.ring == true )
103 {
104 rc = secretUtil_read_secret ( event, host_uuid );
105 if (rc)
106 {
107 wlog ( "%s getting secret payload failed \n", host_uuid.c_str() );
108 it->second.stage = MTC_SECRET__GET_PWD_FAIL;
109 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
110 }
111 else
112 {
113 mtcTimer_start( secret_timer, handler, SECRET_REPLY_DELAY );
114 }
115 }
116 else if ( event.base )
117 {
118 httpUtil_free_conn ( event );
119 httpUtil_free_base ( event );
120 }
121 }
122 else if ( it->second.stage == MTC_SECRET__GET_REF ||
123 it->second.stage == MTC_SECRET__GET_PWD )
124 {
125 if ( event.active == true )
126 {
127 /* Look for the response */
128 if ( event.base )
129 {
130 event_base_loop( event.base, EVLOOP_NONBLOCK );
131 }
132 else
133 {
134 /* should not get here. event active while base is null
135 * try and recover from this error case. */
136 event.active = false ;
137 }
138 }
139 else if ( event.base )
140 {
141 if ( it->second.stage == MTC_SECRET__GET_REF )
142 {
143 wlog ( "%s getting secret reference timeout \n", host_uuid.c_str() );
144 it->second.stage = MTC_SECRET__GET_REF_FAIL ;
145 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
146 }
147 if ( it->second.stage == MTC_SECRET__GET_PWD )
148 {
149 wlog ( "%s getting secret payload timeout \n", host_uuid.c_str() );
150 it->second.stage = MTC_SECRET__GET_PWD_FAIL ;
151 mtcTimer_start( secret_timer, handler, SECRET_RETRY_DELAY );
152 }
153 httpUtil_free_conn ( event );
154 httpUtil_free_base ( event );
155 }
156 }
157 return & it->second ;
158}
159
160/***********************************************************************
161 *
162 * Name : secretUtil_get_secret
163 *
164 * Purpose : Issue an Barbican GET request for a specified secret name
165 * to manage secret's reference.
166 *
167 */
168
169int secretUtil_get_secret ( libEvent & event, string & host_uuid )
170{
171 httpUtil_event_init ( &event,
172 host_uuid,
173 "secretUtil_get_secret",
174 hostUtil_getServiceIp (SERVICE_SECRET),
175 hostUtil_getServicePort(SERVICE_SECRET));
176
177 std::map<string, barbicanSecret_type>::iterator it;
178 it = secretList.find( host_uuid );
179 if ( it != secretList.end() )
180 {
181 it->second.stage = MTC_SECRET__GET_REF;
182 }
183 else
184 {
185 elog ("%s failed to find secret record\n", host_uuid.c_str());
186 return FAIL;
187 }
188
189 event.hostname = _hn();
190 event.uuid = host_uuid;
191
192 event.token.url = MTC_SECRET_LABEL;
193 event.token.url.append(MTC_SECRET_NAME);
194 event.token.url.append(host_uuid);
195 event.token.url.append(MTC_SECRET_BATCH);
196 event.token.url.append(MTC_SECRET_BATCH_MAX);
197 event.address = event.token.url;
198
199 event.blocking = false;
200 event.request = BARBICAN_GET_SECRET;
201 event.operation = "get secret reference";
202 event.type = EVHTTP_REQ_GET ;
203 event.timeout = HTTP_SECRET_TIMEOUT ;
204 event.handler = &secretUtil_handler ;
205
206 dlog ("Path:%s\n", event.token.url.c_str() );
207
208 return ( httpUtil_api_request ( event ) ) ;
209}
210
211/* ******************************************************************
212 *
213 * Name: secretUtil_read_secret
214 *
215 * Purpose: Issue an Barbican GET request for a specified secret uuid
216 * to read secret's payload, ie password itself.
217 *
218 *********************************************************************/
219
220int secretUtil_read_secret ( libEvent & event, string & host_uuid )
221{
222 httpUtil_event_init ( &event,
223 host_uuid,
224 "secretUtil_get_secret",
225 hostUtil_getServiceIp (SERVICE_SECRET),
226 hostUtil_getServicePort(SERVICE_SECRET));
227
228 string bm_pw_reference;
229 std::map<string, barbicanSecret_type>::iterator it;
230 it = secretList.find( host_uuid );
231 if ( it != secretList.end() )
232 {
233 bm_pw_reference = it->second.reference;
234 it->second.stage = MTC_SECRET__GET_PWD;
235 }
236 else
237 {
238 elog ("%s failed to find secret record\n", host_uuid.c_str());
239 return FAIL;
240 }
241
242 event.hostname = _hn();
243 event.uuid = host_uuid;
244
245 event.token.url = MTC_SECRET_LABEL;
246 event.token.url.append("/");
247 event.token.url.append(bm_pw_reference);
248 event.token.url.append("/");
249 event.token.url.append(MTC_SECRET_PAYLOAD);
250 event.address = event.token.url;
251
252 event.blocking = false;
253 event.request = BARBICAN_READ_SECRET ;
254 event.operation = "get secret payload";
255 event.type = EVHTTP_REQ_GET ;
256 event.timeout = HTTP_SECRET_TIMEOUT ;
257 event.handler = &secretUtil_handler ;
258
259 dlog ("Path:%s\n", event.token.url.c_str() );
260
261 return ( httpUtil_api_request ( event ) ) ;
262}
263
264
265/*******************************************************************
266 *
267 * Name : secretUtil_handler
268 *
269 * Description: The handles the barbican get request
270 * responses for the following messages
271 *
272 * BARBICAN_GET_SECRET,
273 * BARBICAN_READ_SECRET
274 *
275 *******************************************************************/
276
277int secretUtil_handler ( libEvent & event )
278{
279 /* Declare and clean the json info object string containers */
280 jsonUtil_secret_type json_info ;
281
282 string hn = event.hostname ;
283 int rc = event.status ;
284
285 std::map<string, barbicanSecret_type>::iterator it;
286 it = secretList.find( event.uuid );
287 if ( it == secretList.end() )
288 {
289 elog ("%s failed to find secret record\n", hn.c_str());
290 return ( rc ) ;
291 }
292
293 if ( event.request == BARBICAN_GET_SECRET )
294 {
295 if ( event.status )
296 {
297 elog ("%s failed to get secret - error code (%d) \n", hn.c_str(), event.status );
298 it->second.stage = MTC_SECRET__GET_REF_FAIL;
299 return ( rc ) ;
300 }
301 rc = jsonUtil_secret_load ( event.uuid,
302 (char*)event.response.data(),
303 json_info );
304 if ( rc != PASS )
305 {
306 elog ( "%s failed to parse secret response (%s)\n",
307 event.hostname.c_str(),
308 event.response.c_str() );
309 event.status = FAIL_JSON_PARSE ;
310 it->second.stage = MTC_SECRET__GET_REF_FAIL;
311 }
312 else
313 {
314 size_t pos = json_info.secret_ref.find_last_of( '/' );
315 it->second.reference = json_info.secret_ref.substr( pos+1 );
316 if ( it->second.reference.empty() )
317 {
318 ilog ("%s no barbican secret reference found \n", hn.c_str() );
319 it->second.stage = MTC_SECRET__GET_PWD_RECV;
320 }
321 else
322 {
323 it->second.stage = MTC_SECRET__GET_REF_RECV;
324 }
325 }
326 }
327 else if ( event.request == BARBICAN_READ_SECRET )
328 {
329 if ( event.status == HTTP_NOTFOUND )
330 {
331 ilog ("%s no barbican secret payload found \n", hn.c_str() );
332 }
333 else if ( event.status != PASS )
334 {
335 elog ("%s failed to read secret - error code (%d) \n", hn.c_str(), event.status );
336 it->second.stage = MTC_SECRET__GET_REF_FAIL;
337 return ( rc ) ;
338 }
339
340 it->second.payload = event.response;
341 it->second.stage = MTC_SECRET__GET_PWD_RECV;
342 }
343 else
344 {
345 elog ("%s unsupported secret request (%d)\n", hn.c_str(), event.request );
346 }
347 return ( rc ) ;
348}
diff --git a/mtce-common/src/common/secretUtil.h b/mtce-common/src/common/secretUtil.h
new file mode 100755
index 0000000..c222da6
--- /dev/null
+++ b/mtce-common/src/common/secretUtil.h
@@ -0,0 +1,63 @@
1#ifndef __INCLUDE_MTCSECRETUTIL_H__
2#define __INCLUDE_MTCSECRETUTIL_H__
3
4/*
5 * Copyright (c) 2019 Wind River Systems, Inc.
6*
7* SPDX-License-Identifier: Apache-2.0
8*
9 */
10
11 /**
12 * @file
13 * Wind River CGCS Platform - Maintenance - Openstack Barbican UTIL Header
14 */
15
16/**
17 * @addtogroup secretUtil
18 * @{
19 *
20 * This file implements the a set of secretUtil utilities that maintenance
21 * calls upon to get/read Barbican secrets from the Barbican Secret storage.
22 *
23 * The UTILs exposed from this file are
24 *
25 * secretUtil_get_secret - gets all the Barbican secrets, filtered by name
26 * secretUtil_read_secret - reads the payload for a specified secret
27 *
28 * See nodeClass.h for these prototypes
29 *
30 * Each utility is paired with a private handler.
31 *
32 * secretUtil_handler - handles response for secretUtil_get/read_secret
33 *
34 * Warning: These calls cannot be nested.
35 *
36 **/
37
38using namespace std;
39
40#include "logMacros.h"
41#include "httpUtil.h"
42
43#define MTC_SECRET_LABEL "/v1/secrets" /**< barbican secrets url label */
44#define MTC_SECRET_NAME "?name=" /**< name of barbican secret prefix */
45#define MTC_SECRET_BATCH "&limit=" /**< batch read limit specified prefix */
46#define MTC_SECRET_BATCH_MAX "1" /**< maximum allowed batched read */
47#define MTC_SECRET_PAYLOAD "payload" /**< barbican secret payload label */
48
49#define SECRET_START_DELAY (1)
50#define SECRET_REPLY_DELAY (1)
51#define SECRET_RETRY_DELAY (8)
52
53barbicanSecret_type * secretUtil_find_secret ( string & host_uuid );
54barbicanSecret_type * secretUtil_manage_secret ( libEvent & event,
55 string & host_uuid,
56 struct mtc_timer & secret_timer,
57 void (*handler)(int, siginfo_t*, void*) );
58
59int secretUtil_handler ( libEvent & event );
60int secretUtil_get_secret ( libEvent & event, string & host_uuid );
61int secretUtil_read_secret ( libEvent & event, string & host_uuid );
62
63#endif /* __INCLUDE_MTCSECRETUTIL_H__ */
diff --git a/mtce-common/src/common/tokenUtil.cpp b/mtce-common/src/common/tokenUtil.cpp
index 251ecf5..c4cfa72 100644
--- a/mtce-common/src/common/tokenUtil.cpp
+++ b/mtce-common/src/common/tokenUtil.cpp
@@ -7,7 +7,7 @@
7 7
8 /** 8 /**
9 * @file 9 * @file
10 * Wind River Titanium Cloud 10 * Wind River Titanium Cloud
11 * Common Keystone Token Authentication Utility API 11 * Common Keystone Token Authentication Utility API
12 * 12 *
13 * tokenUtil_handler - handle response 13 * tokenUtil_handler - handle response
@@ -410,18 +410,18 @@ string _get_keystone_prefix_path ( )
410 return (prefix_path); 410 return (prefix_path);
411} 411}
412 412
413/* http://localhost:5000/v2.0/tokens -X POST -H "Content-Type: application/json" 413/* http://localhost:5000/v2.0/tokens -X POST -H "Content-Type: application/json"
414 * -H "Accept: application/json" 414 * -H "Accept: application/json"
415 * -H "User-Agent: python-keyclient" 415 * -H "User-Agent: python-keyclient"
416 * -H "Connection: close" 416 * -H "Connection: close"
417 * 417 *
418 * { 418 * {
419 * "auth": 419 * "auth":
420 * { 420 * {
421 * "tenantName": "admin", 421 * "tenantName": "admin",
422 * "passwordCredentials": 422 * "passwordCredentials":
423 * { 423 * {
424 * "username": "admin", 424 * "username": "admin",
425 * "password": "password" 425 * "password": "password"
426 * } 426 * }
427 * } 427 * }
@@ -433,12 +433,12 @@ string _get_keystone_prefix_path ( )
433 * 433 *
434 * Name : tokenUtil_handler 434 * Name : tokenUtil_handler
435 * 435 *
436 * Description: The handles the keystone get request 436 * Description: The handles the keystone get request
437 * responses for the following messages 437 * responses for the following messages
438 * 438 *
439 * KEYSTONE_GET_TOKEN, 439 * KEYSTONE_GET_TOKEN,
440 * KEYSTONE_GET_SERVICE_LIST 440 * KEYSTONE_GET_SERVICE_LIST
441 * KEYSTONE_GET_ENDPOINT_LIST 441 * KEYSTONE_GET_ENDPOINT_LIST
442 * 442 *
443 *******************************************************************/ 443 *******************************************************************/
444int tokenUtil_handler ( libEvent & event ) 444int tokenUtil_handler ( libEvent & event )
@@ -486,12 +486,12 @@ int tokenUtil_handler ( libEvent & event )
486 } 486 }
487 else if ( event.request == KEYSTONE_GET_ENDPOINT_LIST ) 487 else if ( event.request == KEYSTONE_GET_ENDPOINT_LIST )
488 { 488 {
489 /* Response: {"endpoints": 489 /* Response: {"endpoints":
490 * [{ 490 * [{
491 * "service_id": "067...b60", 491 * "service_id": "067...b60",
492 * "region": "RegionOne", 492 * "region": "RegionOne",
493 * "enabled": true, 493 * "enabled": true,
494 * "id": "410ab64a37114a418d188f450300aa48", 494 * "id": "410ab64a37114a418d188f450300aa48",
495 * "interface": "internal", 495 * "interface": "internal",
496 * ""links": { 496 * ""links": {
497 * "self": "http://192.168.204.2:5000/v3/endpoints/410ab64a37114a418d188f450300aa48" 497 * "self": "http://192.168.204.2:5000/v3/endpoints/410ab64a37114a418d188f450300aa48"
@@ -592,28 +592,28 @@ int tokenUtil_handler ( libEvent & event )
592 { 592 {
593 /* Response: {"services": 593 /* Response: {"services":
594 [ 594 [
595 {"id": "49fc93c32d734c78a9d9f975c22f1703", "type": "network", "name": "neutron", "description": "Neutron Networking Service"}, 595 {"id": "49fc93c32d734c78a9d9f975c22f1703", "type": "network", "name": "neutron", "description": "Neutron Networking Service"},
596 {"id": "0900a982ff114e7ba62c317443b43362", "type": "metering", "name": "ceilometer", "description": "Openstack Metering Service"}, 596 {"id": "0900a982ff114e7ba62c317443b43362", "type": "metering", "name": "ceilometer", "description": "Openstack Metering Service"},
597 {"id": "97940d057bec47cc989cc190b4293aad", "type": "ec2", "name": "nova_ec2", "description": "EC2 Service"}, 597 {"id": "97940d057bec47cc989cc190b4293aad", "type": "ec2", "name": "nova_ec2", "description": "EC2 Service"},
598 {"id": "7ce51d481d024b1f8b80bb1127b80752", "type": "volumev2", "name": "cinderv2", "description": "Cinder Service v2"}, 598 {"id": "7ce51d481d024b1f8b80bb1127b80752", "type": "volumev2", "name": "cinderv2", "description": "Cinder Service v2"},
599 {"id": "3ed8ae6ccf85445ebdf2e93bbce9f5fb", "type": "computev3", "name": "novav3", "description": "Openstack Compute Service v3"}, 599 {"id": "3ed8ae6ccf85445ebdf2e93bbce9f5fb", "type": "computev3", "name": "novav3", "description": "Openstack Compute Service v3"},
600 {"id": "564bf663693c49cf9fee24e2fdbdba3a", "type": "identity", "name": "keystone", "description": "OpenStack Identity Service"}, 600 {"id": "564bf663693c49cf9fee24e2fdbdba3a", "type": "identity", "name": "keystone", "description": "OpenStack Identity Service"},
601 {"id": "7e0cadd9db444342b7fddb0005c4ce5f", "type": "platform", "name": "sysinv", "description": "SysInv Service"}, 601 {"id": "7e0cadd9db444342b7fddb0005c4ce5f", "type": "platform", "name": "sysinv", "description": "SysInv Service"},
602 {"id": "be7afccda91c4ba19ac2e53f613c6b63", "type": "volume", "name": "cinder", "description": "Cinder Service"}, 602 {"id": "be7afccda91c4ba19ac2e53f613c6b63", "type": "volume", "name": "cinder", "description": "Cinder Service"},
603 {"id": "edf60a37f4f84b9baba215d8346b814f", "type": "image", "name": "glance", "description": "Openstack Image Service"}, 603 {"id": "edf60a37f4f84b9baba215d8346b814f", "type": "image", "name": "glance", "description": "Openstack Image Service"},
604 {"id": "0673921c7b094178989455a5b157fb60", "type": "patching", "name": "patching", "description": "Patching Service"}, 604 {"id": "0673921c7b094178989455a5b157fb60", "type": "patching", "name": "patching", "description": "Patching Service"},
605 {"id": "d7621026166f43c0a1c74e0e9784cce6", "type": "compute", "name": "nova", "description": "Openstack Compute Service"}, 605 {"id": "d7621026166f43c0a1c74e0e9784cce6", "type": "compute", "name": "nova", "description": "Openstack Compute Service"},
606 {"id": "aef585311e3144e0b1267ea25dc40b70", "type": "orchestration", "name": "heat", "description": "Openstack Orchestration Service"}, 606 {"id": "aef585311e3144e0b1267ea25dc40b70", "type": "orchestration", "name": "heat", "description": "Openstack Orchestration Service"},
607 {"id": "0a67bc174fa0469e9b837daf23d83aaf", "type": "cloudformation", "name": "heat-cfn", "description": "Openstack Cloudformation Service"} 607 {"id": "0a67bc174fa0469e9b837daf23d83aaf", "type": "cloudformation", "name": "heat-cfn", "description": "Openstack Cloudformation Service"}
608 ]} */ 608 ]} */
609 609
610 bool found = false ; 610 bool found = false ;
611 list<string> service_list ; service_list.clear() ; 611 list<string> service_list ; service_list.clear() ;
612 rc = jsonUtil_get_list ( (char*)event.response.data(), (char*)event.label.data(), service_list ); 612 rc = jsonUtil_get_list ( (char*)event.response.data(), (char*)event.label.data(), service_list );
613 if ( rc == PASS ) 613 if ( rc == PASS )
614 { 614 {
615 std::list<string>::iterator iter_ptr ; 615 std::list<string>::iterator iter_ptr ;
616 616
617 for ( iter_ptr = service_list.begin() ; 617 for ( iter_ptr = service_list.begin() ;
618 iter_ptr != service_list.end() ; 618 iter_ptr != service_list.end() ;
619 iter_ptr++ ) 619 iter_ptr++ )
@@ -625,16 +625,16 @@ int tokenUtil_handler ( libEvent & event )
625 if ( jsonUtil_get_key_val ( (char*)iter_ptr->data(), "id", event.result ) == PASS ) 625 if ( jsonUtil_get_key_val ( (char*)iter_ptr->data(), "id", event.result ) == PASS )
626 { 626 {
627 found = true ; 627 found = true ;
628 ilog ("%s '%s' service uuid is '%s'\n", 628 ilog ("%s '%s' service uuid is '%s'\n",
629 event.hostname.c_str(), 629 event.hostname.c_str(),
630 event.information.c_str(), 630 event.information.c_str(),
631 event.result.c_str()); 631 event.result.c_str());
632 break ; 632 break ;
633 } 633 }
634 else 634 else
635 { 635 {
636 wlog ("%s '%s' service uuid not found\n", 636 wlog ("%s '%s' service uuid not found\n",
637 event.hostname.c_str(), 637 event.hostname.c_str(),
638 event.information.c_str()); 638 event.information.c_str());
639 event.status = FAIL_KEY_VALUE_PARSE ; 639 event.status = FAIL_KEY_VALUE_PARSE ;
640 } 640 }
@@ -642,8 +642,8 @@ int tokenUtil_handler ( libEvent & event )
642 } 642 }
643 else 643 else
644 { 644 {
645 wlog ("%s '%s' service not found\n", 645 wlog ("%s '%s' service not found\n",
646 event.hostname.c_str(), 646 event.hostname.c_str(),
647 event.information.c_str()); 647 event.information.c_str());
648 } 648 }
649 } 649 }
@@ -707,13 +707,13 @@ int tokenUtil_new_token ( libEvent & event, string hostname, bool blocking )
707 ilog ("%s Requesting Authentication Token\n", hostname.c_str()); 707 ilog ("%s Requesting Authentication Token\n", hostname.c_str());
708 708
709 httpUtil_event_init ( &event, 709 httpUtil_event_init ( &event,
710 hostname, 710 hostname,
711 "tokenUtil_new_token", 711 "tokenUtil_new_token",
712 _get_ip(), 712 _get_ip(),
713 daemon_get_cfg_ptr()->keystone_port); 713 daemon_get_cfg_ptr()->keystone_port);
714 714
715 event.hostname = _hn (); 715 event.hostname = _hn ();
716 716
717 dlog ("%s fetching new token\n", event.hostname.c_str()); 717 dlog ("%s fetching new token\n", event.hostname.c_str());
718 718
719 event.prefix_path = _get_keystone_prefix_path(); 719 event.prefix_path = _get_keystone_prefix_path();
@@ -724,7 +724,7 @@ int tokenUtil_new_token ( libEvent & event, string hostname, bool blocking )
724 event.type = EVHTTP_REQ_POST ; 724 event.type = EVHTTP_REQ_POST ;
725 event.timeout = HTTP_TOKEN_TIMEOUT ; 725 event.timeout = HTTP_TOKEN_TIMEOUT ;
726 event.handler = &tokenUtil_handler ; 726 event.handler = &tokenUtil_handler ;
727 727
728 return ( httpUtil_api_request ( event )); 728 return ( httpUtil_api_request ( event ));
729} 729}
730 730
@@ -732,11 +732,11 @@ int tokenUtil_new_token ( libEvent & event, string hostname, bool blocking )
732string tokenUtil_get_svc_uuid ( libEvent & event, string service_name ) 732string tokenUtil_get_svc_uuid ( libEvent & event, string service_name )
733{ 733{
734 httpUtil_event_init ( &event, 734 httpUtil_event_init ( &event,
735 service_name, 735 service_name,
736 "tokenUtil_get_svc_uuid", 736 "tokenUtil_get_svc_uuid",
737 _get_ip(), 737 _get_ip(),
738 5000 ) ; // get_keystone_admin_port() ; 738 5000 ) ; // get_keystone_admin_port() ;
739 739
740 event.hostname = _hn() ; 740 event.hostname = _hn() ;
741 741
742 /* The type of HTTP request */ 742 /* The type of HTTP request */
@@ -766,8 +766,8 @@ string tokenUtil_get_svc_uuid ( libEvent & event, string service_name )
766int tokenUtil_get_endpoints ( libEvent & event, string service_uuid ) 766int tokenUtil_get_endpoints ( libEvent & event, string service_uuid )
767{ 767{
768 httpUtil_event_init ( &event, 768 httpUtil_event_init ( &event,
769 service_uuid, 769 service_uuid,
770 "tokenUtil_get_endpoints", 770 "tokenUtil_get_endpoints",
771 _get_ip(), 771 _get_ip(),
772 5000 ); // get_keystone_admin_port(); 772 5000 ); // get_keystone_admin_port();
773 773
@@ -799,7 +799,7 @@ int tokenUtil_get_endpoints ( libEvent & event, string service_uuid )
799 return ( event.status ); 799 return ( event.status );
800} 800}
801 801
802int keystone_config_handler ( void * user, 802int keystone_config_handler ( void * user,
803 const char * section, 803 const char * section,
804 const char * name, 804 const char * name,
805 const char * value) 805 const char * value)
@@ -833,33 +833,28 @@ int keystone_config_handler ( void * user,
833 } 833 }
834 } 834 }
835 } 835 }
836 else if (MATCH("agent", "keyring_directory"))
837 {
838 config_ptr->keyring_directory = strdup(value);
839 ilog("Keyring Directory : %s\n", config_ptr->keyring_directory );
840 }
841 else if (MATCH("agent", "keystone_auth_username")) 836 else if (MATCH("agent", "keystone_auth_username"))
842 { 837 {
843 config_ptr->keystone_auth_username = strdup(value); 838 config_ptr->keystone_auth_username = strdup(value);
844 ilog("Mtce Keystone username : %s\n", 839 ilog("Mtce Keystone username : %s\n",
845 config_ptr->keystone_auth_username ); 840 config_ptr->keystone_auth_username );
846 } 841 }
847 else if (MATCH("agent", "keystone_auth_pw")) 842 else if (MATCH("agent", "keystone_auth_pw"))
848 { 843 {
849 config_ptr->keystone_auth_pw = strdup(value); 844 config_ptr->keystone_auth_pw = strdup(value);
850 dlog("Mtce Keystone pw : %s\n", 845 dlog("Mtce Keystone pw : %s\n",
851 config_ptr->keystone_auth_pw ); 846 config_ptr->keystone_auth_pw );
852 } 847 }
853 else if (MATCH("agent", "keystone_auth_project")) 848 else if (MATCH("agent", "keystone_auth_project"))
854 { 849 {
855 config_ptr->keystone_auth_project = strdup(value); 850 config_ptr->keystone_auth_project = strdup(value);
856 ilog("Mtce Keystone project : %s\n", 851 ilog("Mtce Keystone project : %s\n",
857 config_ptr->keystone_auth_project ); 852 config_ptr->keystone_auth_project );
858 } 853 }
859 else if (MATCH("agent", "keystone_user_domain")) 854 else if (MATCH("agent", "keystone_user_domain"))
860 { 855 {
861 config_ptr->keystone_user_domain = strdup(value); 856 config_ptr->keystone_user_domain = strdup(value);
862 ilog("Mtce Keystone user domain : %s\n", 857 ilog("Mtce Keystone user domain : %s\n",
863 config_ptr->keystone_user_domain ); 858 config_ptr->keystone_user_domain );
864 } 859 }
865 else if (MATCH("agent", "keystone_project_domain")) 860 else if (MATCH("agent", "keystone_project_domain"))
diff --git a/mtce-common/src/common/tokenUtil.h b/mtce-common/src/common/tokenUtil.h
index 7e26956..b0f5437 100644
--- a/mtce-common/src/common/tokenUtil.h
+++ b/mtce-common/src/common/tokenUtil.h
@@ -26,13 +26,11 @@
26 26
27using namespace std; 27using namespace std;
28 28
29#include "logMacros.h" 29#include "logMacros.h"
30#include "httpUtil.h" /* for ... libEvent */ 30#include "httpUtil.h" /* for ... libEvent */
31 31
32#define MTC_POST_KEY_LABEL "/v3/auth/tokens" 32#define MTC_POST_KEY_LABEL "/v3/auth/tokens"
33 33
34#define KEYSTONE_SIG "token"
35
36/* The invalidation window is 5 minutes according 34/* The invalidation window is 5 minutes according
37 * to the testing of token expiration time */ 35 * to the testing of token expiration time */
38#define STALE_TOKEN_DURATION 300 //5 minutes 36#define STALE_TOKEN_DURATION 300 //5 minutes
diff --git a/mtce-common/src/daemon/daemon_common.h b/mtce-common/src/daemon/daemon_common.h
index 6215dcb..efd48d3 100755
--- a/mtce-common/src/daemon/daemon_common.h
+++ b/mtce-common/src/daemon/daemon_common.h
@@ -169,6 +169,11 @@ int sysinv_config_handler ( void * user,
169 const char * name, 169 const char * name,
170 const char * value); 170 const char * value);
171 171
172int barbican_config_handler ( void * user,
173 const char * section,
174 const char * name,
175 const char * value);
176
172int client_timeout_handler ( void * user, 177int client_timeout_handler ( void * user,
173 const char * section, 178 const char * section,
174 const char * name, 179 const char * name,
@@ -225,6 +230,7 @@ int daemon_run_testhead ( void );
225#define CONFIG_MTC_TO_HBS_CMD_PORT 0x04000000 /**< Mtce to Hbs Command Port */ 230#define CONFIG_MTC_TO_HBS_CMD_PORT 0x04000000 /**< Mtce to Hbs Command Port */
226#define CONFIG_HBS_TO_MTC_EVENT_PORT 0x08000000 /**< Hbs to Mtc Event Port */ 231#define CONFIG_HBS_TO_MTC_EVENT_PORT 0x08000000 /**< Hbs to Mtc Event Port */
227#define CONFIG_CLIENT_PULSE_PORT 0x10000000 /**< Pmon pulse port */ 232#define CONFIG_CLIENT_PULSE_PORT 0x10000000 /**< Pmon pulse port */
233#define CONFIG_AGENT_SECRET_PORT 0x20000000 /**< Barbican HTTP port */
228#define CONFIG_AGENT_VIM_EVENT_PORT 0x40000000 /**< VIM Event Port Mask */ 234#define CONFIG_AGENT_VIM_EVENT_PORT 0x40000000 /**< VIM Event Port Mask */
229#define CONFIG_CLIENT_RMON_PORT 0x80000000 /**< Rmon client port */ 235#define CONFIG_CLIENT_RMON_PORT 0x80000000 /**< Rmon client port */
230 236
diff --git a/mtce-common/src/daemon/daemon_config.cpp b/mtce-common/src/daemon/daemon_config.cpp
index e11212c..0fb7109 100644
--- a/mtce-common/src/daemon/daemon_config.cpp
+++ b/mtce-common/src/daemon/daemon_config.cpp
@@ -40,7 +40,6 @@ void daemon_config_default ( daemon_config_type* config_ptr )
40 config_ptr->keystone_auth_uri = strdup(""); 40 config_ptr->keystone_auth_uri = strdup("");
41 config_ptr->keystone_auth_host = strdup(""); 41 config_ptr->keystone_auth_host = strdup("");
42 config_ptr->keystone_region_name = strdup("none"); 42 config_ptr->keystone_region_name = strdup("none");
43 config_ptr->keyring_directory = strdup("");
44 config_ptr->sysinv_mtc_inv_label = strdup("none"); 43 config_ptr->sysinv_mtc_inv_label = strdup("none");
45 config_ptr->mgmnt_iface = strdup("none"); 44 config_ptr->mgmnt_iface = strdup("none");
46 config_ptr->infra_iface = strdup("none"); 45 config_ptr->infra_iface = strdup("none");
@@ -48,6 +47,7 @@ void daemon_config_default ( daemon_config_type* config_ptr )
48 config_ptr->mode = strdup("none"); 47 config_ptr->mode = strdup("none");
49 config_ptr->fit_host = strdup("none"); 48 config_ptr->fit_host = strdup("none");
50 config_ptr->multicast = strdup("none"); 49 config_ptr->multicast = strdup("none");
50 config_ptr->barbican_api_host = strdup("none");
51 51
52 config_ptr->debug_all = 0 ; 52 config_ptr->debug_all = 0 ;
53 config_ptr->debug_json = 0 ; 53 config_ptr->debug_json = 0 ;
@@ -264,6 +264,27 @@ int sysinv_config_handler ( void * user,
264 return (PASS); 264 return (PASS);
265} 265}
266 266
267/* Openstack Barbican Config Reader */
268int barbican_config_handler ( void * user,
269 const char * section,
270 const char * name,
271 const char * value)
272{
273 daemon_config_type* config_ptr = (daemon_config_type*)user;
274
275 if (MATCH("DEFAULT", "bind_port")) // bind_port=9311
276 {
277 config_ptr->barbican_api_port = atoi(value);
278 ilog("Barbican Port : %d\n", config_ptr->barbican_api_port );
279 }
280 else if (MATCH("DEFAULT", "bind_host")) // bind_host=192.168.204.2
281 {
282 config_ptr->barbican_api_host = strdup(value);
283 ilog("Barbican Host : %s\n", config_ptr->barbican_api_host );
284 }
285 return (PASS);
286}
287
267#define EMPTY "----" 288#define EMPTY "----"
268 289
269void daemon_dump_cfg ( void ) 290void daemon_dump_cfg ( void )
@@ -306,7 +327,8 @@ void daemon_dump_cfg ( void )
306 if ( ptr->keystone_user_domain ) { ilog ("keystone_user_domain = %s\n", ptr->keystone_user_domain );} 327 if ( ptr->keystone_user_domain ) { ilog ("keystone_user_domain = %s\n", ptr->keystone_user_domain );}
307 if ( ptr->keystone_project_domain ) { ilog ("keystone_project_domain = %s\n", ptr->keystone_project_domain );} 328 if ( ptr->keystone_project_domain ) { ilog ("keystone_project_domain = %s\n", ptr->keystone_project_domain );}
308 if ( ptr->keystone_region_name ) { ilog ("keystone_region_name = %s\n", ptr->keystone_region_name );} 329 if ( ptr->keystone_region_name ) { ilog ("keystone_region_name = %s\n", ptr->keystone_region_name );}
309 if ( ptr->keyring_directory ) { ilog ("keyring_directory = %s\n", ptr->keyring_directory );} 330 if ( ptr->barbican_api_port ) { ilog ("barbican_api_port = %d\n", ptr->barbican_api_port );}
331 if ( ptr->barbican_api_host ) { ilog ("barbican_api_host = %s\n", ptr->barbican_api_host );}
310 332
311 if ( ptr->mtc_rx_mgmnt_port ) { ilog ("mtc_rx_mgmnt_port = %d\n", ptr->mtc_rx_mgmnt_port );} 333 if ( ptr->mtc_rx_mgmnt_port ) { ilog ("mtc_rx_mgmnt_port = %d\n", ptr->mtc_rx_mgmnt_port );}
312 if ( ptr->mtc_rx_infra_port ) { ilog ("mtc_rx_infra_port = %d\n", ptr->mtc_rx_infra_port );} 334 if ( ptr->mtc_rx_infra_port ) { ilog ("mtc_rx_infra_port = %d\n", ptr->mtc_rx_infra_port );}
diff --git a/mtce/src/common/nodeClass.cpp b/mtce/src/common/nodeClass.cpp
index 2069cdc..49c73d2 100755
--- a/mtce/src/common/nodeClass.cpp
+++ b/mtce/src/common/nodeClass.cpp
@@ -28,6 +28,7 @@ using namespace std;
28#include "threadUtil.h" 28#include "threadUtil.h"
29#include "nodeClass.h" 29#include "nodeClass.h"
30#include "nodeUtil.h" 30#include "nodeUtil.h"
31#include "secretUtil.h"
31#include "mtcNodeMsg.h" /* for ... send_mtc_cmd */ 32#include "mtcNodeMsg.h" /* for ... send_mtc_cmd */
32#include "nlEvent.h" /* for ... get_netlink_events */ 33#include "nlEvent.h" /* for ... get_netlink_events */
33#include "daemon_common.h" 34#include "daemon_common.h"
@@ -649,6 +650,7 @@ nodeLinkClass::node* nodeLinkClass::addNode( string hostname )
649 ptr->cfgEvent.base = NULL ; 650 ptr->cfgEvent.base = NULL ;
650 ptr->sysinvEvent.base= NULL ; 651 ptr->sysinvEvent.base= NULL ;
651 ptr->vimEvent.base = NULL ; 652 ptr->vimEvent.base = NULL ;
653 ptr->secretEvent.base= NULL ;
652 654
653 ptr->httpReq.base = NULL ; 655 ptr->httpReq.base = NULL ;
654 ptr->libEvent_done_fifo.clear(); 656 ptr->libEvent_done_fifo.clear();
@@ -664,17 +666,19 @@ nodeLinkClass::node* nodeLinkClass::addNode( string hostname )
664 ptr->sysinvEvent.conn= NULL ; 666 ptr->sysinvEvent.conn= NULL ;
665 ptr->vimEvent.conn = NULL ; 667 ptr->vimEvent.conn = NULL ;
666 ptr->httpReq.conn = NULL ; 668 ptr->httpReq.conn = NULL ;
669 ptr->secretEvent.conn= NULL ;
667 670
668 ptr->cfgEvent.req = NULL ; 671 ptr->cfgEvent.req = NULL ;
669 ptr->sysinvEvent.req = NULL ; 672 ptr->sysinvEvent.req = NULL ;
670 ptr->vimEvent.req = NULL ; 673 ptr->vimEvent.req = NULL ;
671 ptr->httpReq.req = NULL ; 674 ptr->httpReq.req = NULL ;
672 675 ptr->secretEvent.req = NULL ;
673 676
674 ptr->cfgEvent.buf = NULL ; 677 ptr->cfgEvent.buf = NULL ;
675 ptr->sysinvEvent.buf = NULL ; 678 ptr->sysinvEvent.buf = NULL ;
676 ptr->vimEvent.buf = NULL ; 679 ptr->vimEvent.buf = NULL ;
677 ptr->httpReq.buf = NULL ; 680 ptr->httpReq.buf = NULL ;
681 ptr->secretEvent.buf = NULL ;
678 682
679 /* log throttles */ 683 /* log throttles */
680 ptr->stall_recovery_log_throttle = 0 ; 684 ptr->stall_recovery_log_throttle = 0 ;
@@ -838,10 +842,21 @@ struct nodeLinkClass::node* nodeLinkClass::getEventBaseNode ( libEvent_enum requ
838 return ptr ; 842 return ptr ;
839 } 843 }
840 } 844 }
845 case BARBICAN_GET_SECRET:
846 case BARBICAN_READ_SECRET:
847 {
848 if ( ptr->secretEvent.base == base_ptr )
849 {
850 hlog1 ("%s Found secretEvent Base Pointer (%p) \n",
851 ptr->hostname.c_str(), ptr->secretEvent.base);
852
853 return ptr ;
854 }
855 }
841 default: 856 default:
842 ; 857 ;
843 } /* End Switch */ 858 } /* End Switch */
844 859
845 if (( ptr->next == NULL ) || ( ptr == tail )) 860 if (( ptr->next == NULL ) || ( ptr == tail ))
846 break ; 861 break ;
847 } 862 }
@@ -2428,9 +2443,10 @@ int nodeLinkClass::mod_host ( node_inv_type & inv )
2428 /* BM is already provisioned but is now deprovisioned */ 2443 /* BM is already provisioned but is now deprovisioned */
2429 else if (( bm_type_was_valid == true ) && ( bm_type_now_valid == false )) 2444 else if (( bm_type_was_valid == true ) && ( bm_type_now_valid == false ))
2430 { 2445 {
2431 node_ptr->bm_type = NONE ; 2446 node_ptr->bm_type = NONE ;
2432 node_ptr->bm_ip = NONE ; 2447 node_ptr->bm_ip = NONE ;
2433 node_ptr->bm_un = NONE ; 2448 node_ptr->bm_un = NONE ;
2449 node_ptr->bm_pw = NONE ;
2434 mtcAlarm_log ( node_ptr->hostname, MTC_LOG_ID__COMMAND_BM_DEPROVISIONED ); 2450 mtcAlarm_log ( node_ptr->hostname, MTC_LOG_ID__COMMAND_BM_DEPROVISIONED );
2435 set_bm_prov ( node_ptr, false ); 2451 set_bm_prov ( node_ptr, false );
2436 } 2452 }
@@ -3953,10 +3969,16 @@ int nodeLinkClass::set_bm_prov ( struct nodeLinkClass::node * node_ptr, bool sta
3953 bmc_access_data_init ( node_ptr ); 3969 bmc_access_data_init ( node_ptr );
3954 node_ptr->bm_ping_info.timer_handler = &mtcTimer_handler ; 3970 node_ptr->bm_ping_info.timer_handler = &mtcTimer_handler ;
3955 3971
3956 node_ptr->thread_extra_info.bm_pw = 3972 barbicanSecret_type * secret = secretUtil_find_secret( node_ptr->uuid );
3957 node_ptr->bm_pw = 3973 if ( secret )
3958 get_bm_password (node_ptr->uuid.data()); 3974 {
3975 secret->reference.clear() ;
3976 secret->payload.clear() ;
3977 secret->stage = MTC_SECRET__START ;
3978 }
3979 mtcTimer_start( node_ptr->bm_timer, mtcTimer_handler, SECRET_START_DELAY );
3959 3980
3981 node_ptr->thread_extra_info.bm_pw.clear() ;
3960 node_ptr->thread_extra_info.bm_ip = node_ptr->bm_ip ; 3982 node_ptr->thread_extra_info.bm_ip = node_ptr->bm_ip ;
3961 node_ptr->thread_extra_info.bm_un = node_ptr->bm_un ; 3983 node_ptr->thread_extra_info.bm_un = node_ptr->bm_un ;
3962 3984
diff --git a/mtce/src/common/nodeClass.h b/mtce/src/common/nodeClass.h
index f879351..bd38d78 100755
--- a/mtce/src/common/nodeClass.h
+++ b/mtce/src/common/nodeClass.h
@@ -35,7 +35,7 @@ using namespace std;
35#include "httpUtil.h" /* for ... libevent stuff */ 35#include "httpUtil.h" /* for ... libevent stuff */
36#include "ipmiUtil.h" /* for ... mc_info_type */ 36#include "ipmiUtil.h" /* for ... mc_info_type */
37#include "mtcHttpUtil.h" /* for ... libevent stuff */ 37#include "mtcHttpUtil.h" /* for ... libevent stuff */
38#include "mtcSmgrApi.h" /* */ 38#include "mtcSmgrApi.h" /* for ... mtcSmgrApi_request/handler */
39#include "alarmUtil.h" /* for ... SFmAlarmDataT */ 39#include "alarmUtil.h" /* for ... SFmAlarmDataT */
40#include "mtcAlarm.h" /* for ... MTC_ALARM_ID__xx and utils */ 40#include "mtcAlarm.h" /* for ... MTC_ALARM_ID__xx and utils */
41#include "mtcThreads.h" /* for ... mtcThread_ipmitool */ 41#include "mtcThreads.h" /* for ... mtcThread_ipmitool */
@@ -455,8 +455,9 @@ private:
455 * based on each service */ 455 * based on each service */
456 456
457 libEvent sysinvEvent; /**< Sysinv REST API Handling for host */ 457 libEvent sysinvEvent; /**< Sysinv REST API Handling for host */
458 libEvent cfgEvent; /**< Sysinv REST API Handling for config changes */ 458 libEvent cfgEvent ; /**< Sysinv REST API Handling for config changes */
459 libEvent vimEvent ; /**< VIM Event REST API Handling */ 459 libEvent vimEvent ; /**< VIM Event REST API Handling */
460 libEvent secretEvent;
460 461
461 libEvent httpReq ; /**< Http libEvent Request Handling */ 462 libEvent httpReq ; /**< Http libEvent Request Handling */
462 libEvent thisReq ; /**< Http libEvent Request Handling */ 463 libEvent thisReq ; /**< Http libEvent Request Handling */
@@ -1110,7 +1111,7 @@ private:
1110 int mtcSmgrApi_request ( struct nodeLinkClass::node * node_ptr, mtc_cmd_enum operation, int retries ); 1111 int mtcSmgrApi_request ( struct nodeLinkClass::node * node_ptr, mtc_cmd_enum operation, int retries );
1111 1112
1112 /* Private VIM API */ 1113 /* Private VIM API */
1113 int mtcVimApi_state_change ( struct nodeLinkClass::node * node_ptr, libEvent_enum operation, int retries ); 1114 int mtcVimApi_state_change ( struct nodeLinkClass::node * node_ptr, libEvent_enum operation, int retries );
1114 1115
1115 int set_bm_prov ( struct nodeLinkClass::node * node_ptr, bool state ); 1116 int set_bm_prov ( struct nodeLinkClass::node * node_ptr, bool state );
1116 1117
@@ -1926,12 +1927,6 @@ public:
1926 1927
1927 void mtcHttpUtil_handler ( struct evhttp_request *req, void *arg ); 1928 void mtcHttpUtil_handler ( struct evhttp_request *req, void *arg );
1928 1929
1929 /* Update the authentication token as a work queue'd command */
1930 int mtcKeyApi_refresh_token ( string hostname );
1931
1932 /* Update the authentication token now ; as a blocking request */
1933 int mtcKeyApi_get_token ( string hostname );
1934
1935 /*********************** Public Heartbeat Interfaces *********************/ 1930 /*********************** Public Heartbeat Interfaces *********************/
1936 1931
1937 /** Creates a linked list of nodes to heartbeat for the specified port 1932 /** Creates a linked list of nodes to heartbeat for the specified port
diff --git a/mtce/src/heartbeat/Makefile b/mtce/src/heartbeat/Makefile
index 549f0e0..e36de53 100755
--- a/mtce/src/heartbeat/Makefile
+++ b/mtce/src/heartbeat/Makefile
@@ -9,7 +9,7 @@ SHELL = /bin/bash
9SRCS = hbsAlarm.cpp hbsClient.cpp hbsAgent.cpp hbsPmon.cpp hbsUtil.cpp hbsCluster.cpp hbsStubs.cpp 9SRCS = hbsAlarm.cpp hbsClient.cpp hbsAgent.cpp hbsPmon.cpp hbsUtil.cpp hbsCluster.cpp hbsStubs.cpp
10OBJS = $(SRCS:.cpp=.o) 10OBJS = $(SRCS:.cpp=.o)
11 11
12LDLIBS = -lstdc++ -ldaemon -lcommon -lthreadUtil -lpthread -lfmcommon -lalarm -lrt -lamon -lcrypto -luuid -ljson-c 12LDLIBS = -lstdc++ -ldaemon -lcommon -lthreadUtil -lpthread -lfmcommon -lalarm -lrt -lamon -lcrypto -luuid -ljson-c -levent
13INCLUDES = -I. -I/usr/include/mtce-daemon -I/usr/include/mtce-common 13INCLUDES = -I. -I/usr/include/mtce-daemon -I/usr/include/mtce-common
14INCLUDES += -I../common -I../alarm -I../maintenance -I../public 14INCLUDES += -I../common -I../alarm -I../maintenance -I../public
15 15
diff --git a/mtce/src/heartbeat/hbsStubs.cpp b/mtce/src/heartbeat/hbsStubs.cpp
index fbd6806..d0675d8 100644
--- a/mtce/src/heartbeat/hbsStubs.cpp
+++ b/mtce/src/heartbeat/hbsStubs.cpp
@@ -226,7 +226,6 @@ int nodeLinkClass::mtcSmgrApi_request ( struct nodeLinkClass::node * node_ptr, m
226 return(PASS); 226 return(PASS);
227} 227}
228 228
229
230void mtcTimer_handler ( int sig, siginfo_t *si, void *uc) 229void mtcTimer_handler ( int sig, siginfo_t *si, void *uc)
231{ 230{
232 UNUSED(sig); 231 UNUSED(sig);
diff --git a/mtce/src/hwmon/hwmonClass.cpp b/mtce/src/hwmon/hwmonClass.cpp
index f758709..b897ab1 100644
--- a/mtce/src/hwmon/hwmonClass.cpp
+++ b/mtce/src/hwmon/hwmonClass.cpp
@@ -7,6 +7,7 @@
7 7
8#include "nodeBase.h" 8#include "nodeBase.h"
9#include "tokenUtil.h" 9#include "tokenUtil.h"
10#include "secretUtil.h"
10#include "hwmonClass.h" 11#include "hwmonClass.h"
11#include "hwmonUtil.h" 12#include "hwmonUtil.h"
12#include "hwmonIpmi.h" 13#include "hwmonIpmi.h"
@@ -128,6 +129,7 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::addHost( string hostname )
128 ptr->ping_info.timer_handler = &hwmonTimer_handler ; 129 ptr->ping_info.timer_handler = &hwmonTimer_handler ;
129 mtcTimer_init ( ptr->hostTimer, ptr->hostname, "host timer" ); 130 mtcTimer_init ( ptr->hostTimer, ptr->hostname, "host timer" );
130 mtcTimer_init ( ptr->addTimer, ptr->hostname, "add timer" ); 131 mtcTimer_init ( ptr->addTimer, ptr->hostname, "add timer" );
132 mtcTimer_init ( ptr->secretTimer, ptr->hostname, "secret timer" );
131 mtcTimer_init ( ptr->relearnTimer, ptr->hostname, "relearn timer" ); 133 mtcTimer_init ( ptr->relearnTimer, ptr->hostname, "relearn timer" );
132 134
133 mtcTimer_init ( ptr->ping_info.timer, ptr->hostname, "ping monitor timer" ); 135 mtcTimer_init ( ptr->ping_info.timer, ptr->hostname, "ping monitor timer" );
@@ -144,6 +146,11 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::addHost( string hostname )
144 ptr->event.req = NULL ; 146 ptr->event.req = NULL ;
145 ptr->event.buf = NULL ; 147 ptr->event.buf = NULL ;
146 148
149 ptr->secretEvent.base= NULL ;
150 ptr->secretEvent.conn= NULL ;
151 ptr->secretEvent.req = NULL ;
152 ptr->secretEvent.buf = NULL ;
153
147 /* If the host list is empty add it to the head */ 154 /* If the host list is empty add it to the head */
148 if( hwmon_head == NULL ) 155 if( hwmon_head == NULL )
149 { 156 {
@@ -180,6 +187,7 @@ void hwmonHostClass::free_host_timers ( struct hwmon_host * ptr )
180{ 187{
181 mtcTimer_fini ( ptr->hostTimer ); 188 mtcTimer_fini ( ptr->hostTimer );
182 mtcTimer_fini ( ptr->addTimer ); 189 mtcTimer_fini ( ptr->addTimer );
190 mtcTimer_fini ( ptr->secretTimer );
183 mtcTimer_fini ( ptr->relearnTimer ); 191 mtcTimer_fini ( ptr->relearnTimer );
184 mtcTimer_fini ( ptr->ping_info.timer ); 192 mtcTimer_fini ( ptr->ping_info.timer );
185 193
@@ -195,7 +203,7 @@ int hwmonHostClass::remHost( string hostname )
195 203
196 if ( hwmon_head == NULL ) 204 if ( hwmon_head == NULL )
197 return -ENXIO ; 205 return -ENXIO ;
198 206
199 struct hwmon_host * ptr = hwmonHostClass::getHost ( hostname ); 207 struct hwmon_host * ptr = hwmonHostClass::getHost ( hostname );
200 208
201 if ( ptr == NULL ) 209 if ( ptr == NULL )
@@ -263,15 +271,15 @@ struct hwmonHostClass::hwmon_host* hwmonHostClass::getHost ( string hostname )
263} 271}
264 272
265/* 273/*
266 * Allocates memory for a new host and stores its the address in host_ptrs 274 * Allocates memory for a new host and stores its the address in host_ptrs
267 * 275 *
268 * @param void 276 * @param void
269 * @return pointer to the newly allocted host memory 277 * @return pointer to the newly allocted host memory
270 */ 278 */
271struct hwmonHostClass::hwmon_host * hwmonHostClass::newHost ( void ) 279struct hwmonHostClass::hwmon_host * hwmonHostClass::newHost ( void )
272{ 280{
273 struct hwmonHostClass::hwmon_host * temp_host_ptr = NULL ; 281 struct hwmonHostClass::hwmon_host * temp_host_ptr = NULL ;
274 282
275 if ( memory_allocs == 0 ) 283 if ( memory_allocs == 0 )
276 { 284 {
277 memset ( host_ptrs, 0 , sizeof(struct hwmon_host *)*MAX_HOSTS); 285 memset ( host_ptrs, 0 , sizeof(struct hwmon_host *)*MAX_HOSTS);
@@ -428,7 +436,7 @@ void hwmonHostClass::degrade_state_audit ( struct hwmonHostClass::hwmon_host * h
428} 436}
429 437
430/* Frees the memory of a pre-allocated host and removes 438/* Frees the memory of a pre-allocated host and removes
431 * it from the host_ptrs list 439 * it from the host_ptrs list
432 * @param host * pointer to the host memory address to be freed 440 * @param host * pointer to the host memory address to be freed
433 * @return int return code { PASS or -EINVAL } 441 * @return int return code { PASS or -EINVAL }
434 */ 442 */
@@ -451,14 +459,14 @@ int hwmonHostClass::delHost ( struct hwmonHostClass::hwmon_host * host_ptr )
451 } 459 }
452 else 460 else
453 elog ( "Error: Free memory called when there is no memory to free\n" ); 461 elog ( "Error: Free memory called when there is no memory to free\n" );
454 462
455 return -EINVAL ; 463 return -EINVAL ;
456} 464}
457 465
458void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * host_ptr ) 466void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * host_ptr )
459{ 467{
460 /* Loop over all sensors and groups 468 /* Loop over all sensors and groups
461 * - clear any outstanding alarms 469 * - clear any outstanding alarms
462 * - clear degrade of host 470 * - clear degrade of host
463 * ... while we deprovision the BMC */ 471 * ... while we deprovision the BMC */
464 for ( int i = 0 ; i < host_ptr->sensors ; i++ ) 472 for ( int i = 0 ; i < host_ptr->sensors ; i++ )
@@ -475,9 +483,9 @@ void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * h
475 { 483 {
476 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORGROUP, host_ptr->group[g].group_name, REASON_DEPROVISIONED ); 484 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORGROUP, host_ptr->group[g].group_name, REASON_DEPROVISIONED );
477 } 485 }
478 486
479 /* send the degrade anyway , just to be safe */ 487 /* send the degrade anyway , just to be safe */
480 hwmon_send_event ( host_ptr->hostname, MTC_DEGRADE_CLEAR , "sensors" ); 488 hwmon_send_event ( host_ptr->hostname, MTC_DEGRADE_CLEAR , "sensors" );
481 489
482 /* Bug Fix: This was outside the if bm_provisioned clause causing it 490 /* Bug Fix: This was outside the if bm_provisioned clause causing it
483 * to be called even if the bmc was not already provisioned 491 * to be called even if the bmc was not already provisioned
@@ -485,9 +493,6 @@ void hwmonHostClass::clear_bm_assertions ( struct hwmonHostClass::hwmon_host * h
485 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORCFG, "sensors", REASON_DEPROVISIONED ); 493 hwmonAlarm_clear ( host_ptr->hostname, HWMON_ALARM_ID__SENSORCFG, "sensors", REASON_DEPROVISIONED );
486} 494}
487 495
488
489
490
491int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr, bool state ) 496int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr, bool state )
492{ 497{
493 int rc = FAIL_HOSTNAME_LOOKUP ; 498 int rc = FAIL_HOSTNAME_LOOKUP ;
@@ -510,7 +515,18 @@ int hwmonHostClass::set_bm_prov ( struct hwmonHostClass::hwmon_host * host_ptr,
510 host_ptr->ping_info.ip = host_ptr->bm_ip ; 515 host_ptr->ping_info.ip = host_ptr->bm_ip ;
511 host_ptr->ping_info.hostname = host_ptr->hostname ; 516 host_ptr->ping_info.hostname = host_ptr->hostname ;
512 ipmi_bmc_data_init ( host_ptr ); 517 ipmi_bmc_data_init ( host_ptr );
513 host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = get_bm_password (hostBase.get_uuid(host_ptr->hostname).data()); 518
519 string host_uuid = hostBase.get_uuid( host_ptr->hostname );
520 barbicanSecret_type * secret = secretUtil_find_secret( host_uuid );
521 if ( secret )
522 {
523 secret->reference.clear() ;
524 secret->payload.clear() ;
525 secret->stage = MTC_SECRET__START ;
526 }
527 mtcTimer_start( host_ptr->secretTimer, hwmonTimer_handler, SECRET_START_DELAY );
528
529 host_ptr->thread_extra_info.bm_pw.clear() ;
514 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ; 530 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ;
515 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ; 531 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ;
516 } 532 }
@@ -709,6 +725,7 @@ int hwmonHostClass::add_host ( node_inv_type & inv )
709 host_ptr->sensor_query_count = 0 ; 725 host_ptr->sensor_query_count = 0 ;
710 726
711 /* Sensor Monitoring Thread 'Extra Request Information' */ 727 /* Sensor Monitoring Thread 'Extra Request Information' */
728 host_ptr->empty_secret_log_throttle = 0 ;
712 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ; 729 host_ptr->thread_extra_info.bm_ip = host_ptr->bm_ip ;
713 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ; 730 host_ptr->thread_extra_info.bm_un = host_ptr->bm_un ;
714 host_ptr->thread_extra_info.bm_pw.clear() ; 731 host_ptr->thread_extra_info.bm_pw.clear() ;
@@ -779,7 +796,7 @@ int hwmonHostClass::rem_host ( string hostname )
779 hwmonHostClass::remHost ( hostname ); 796 hwmonHostClass::remHost ( hostname );
780 slog ("potential memory leak !\n"); 797 slog ("potential memory leak !\n");
781 } 798 }
782 799
783 /* Now remove the service specific component */ 800 /* Now remove the service specific component */
784 hostlist.remove ( hostname ); 801 hostlist.remove ( hostname );
785 } 802 }
@@ -814,7 +831,7 @@ int hwmonHostClass::del_host ( string hostname )
814{ 831{
815 int rc = FAIL_DEL_UNKNOWN ; 832 int rc = FAIL_DEL_UNKNOWN ;
816 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname ); 833 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname );
817 if ( hwmon_host_ptr ) 834 if ( hwmon_host_ptr )
818 { 835 {
819 rc = rem_host ( hostname ); 836 rc = rem_host ( hostname );
820 if ( rc == PASS ) 837 if ( rc == PASS )
@@ -838,7 +855,7 @@ int hwmonHostClass::mon_host ( string hostname, bool monitor )
838{ 855{
839 int rc = FAIL_UNKNOWN_HOSTNAME ; 856 int rc = FAIL_UNKNOWN_HOSTNAME ;
840 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname ); 857 hwmonHostClass::hwmon_host * hwmon_host_ptr = hwmonHostClass::getHost( hostname );
841 if ( hwmon_host_ptr ) 858 if ( hwmon_host_ptr )
842 { 859 {
843 bool change = false ; 860 bool change = false ;
844 string want_state = "" ; 861 string want_state = "" ;
@@ -1013,6 +1030,10 @@ struct hwmonHostClass::hwmon_host * hwmonHostClass::getHost_timer ( timer_t tid
1013 { 1030 {
1014 return host_ptr ; 1031 return host_ptr ;
1015 } 1032 }
1033 if ( host_ptr->secretTimer.tid == tid )
1034 {
1035 return host_ptr ;
1036 }
1016 if ( host_ptr->ping_info.timer.tid == tid ) 1037 if ( host_ptr->ping_info.timer.tid == tid )
1017 { 1038 {
1018 return host_ptr ; 1039 return host_ptr ;
@@ -1166,7 +1187,7 @@ int hwmonHostClass::add_sensor ( string hostname, sensor_type & sensor )
1166 1187
1167 if ( rc ) 1188 if ( rc )
1168 { 1189 {
1169 elog ("%s '%s' sensor add failed\n", hostname.c_str() , 1190 elog ("%s '%s' sensor add failed\n", hostname.c_str(),
1170 sensor.sensorname.c_str()); 1191 sensor.sensorname.c_str());
1171 } 1192 }
1172 return (rc); 1193 return (rc);
@@ -1197,8 +1218,8 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_sensorgroup ( string hostna
1197 { 1218 {
1198 if ( !host_ptr->group[g].sensor_ptr[s]->sensorname.compare(entity_path) ) 1219 if ( !host_ptr->group[g].sensor_ptr[s]->sensorname.compare(entity_path) )
1199 { 1220 {
1200 blog ("%s '%s' sensor found in '%s' group\n", 1221 blog ("%s '%s' sensor found in '%s' group\n",
1201 hostname.c_str(), 1222 hostname.c_str(),
1202 host_ptr->group[g].sensor_ptr[s]->sensorname.c_str(), 1223 host_ptr->group[g].sensor_ptr[s]->sensorname.c_str(),
1203 host_ptr->group[g].group_name.c_str()); 1224 host_ptr->group[g].group_name.c_str());
1204 1225
@@ -1229,7 +1250,7 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_sensorgroup ( string hostna
1229 * 1250 *
1230 * Name : hwmon_get_group 1251 * Name : hwmon_get_group
1231 * 1252 *
1232 * Description : Returns a pointer to the sensor group that matches the supplied 1253 * Description : Returns a pointer to the sensor group that matches the supplied
1233 * group name. 1254 * group name.
1234 * 1255 *
1235 **********************************************************************************/ 1256 **********************************************************************************/
@@ -1247,8 +1268,8 @@ struct sensor_group_type * hwmonHostClass::hwmon_get_group ( string hostname, st
1247 { 1268 {
1248 if ( !group_name.compare(host_ptr->group[i].group_name)) 1269 if ( !group_name.compare(host_ptr->group[i].group_name))
1249 { 1270 {
1250 blog ("%s '%s' sensor group found\n", 1271 blog ("%s '%s' sensor group found\n",
1251 hostname.c_str(), 1272 hostname.c_str(),
1252 host_ptr->group[i].group_name.c_str()); 1273 host_ptr->group[i].group_name.c_str());
1253 1274
1254 return (&host_ptr->group[i]) ; 1275 return (&host_ptr->group[i]) ;
@@ -1306,7 +1327,7 @@ int hwmonHostClass::hwmon_add_group ( string hostname, struct sensor_group_type
1306 1327
1307 host_ptr->group[i].hostname = hostname ; 1328 host_ptr->group[i].hostname = hostname ;
1308 host_ptr->interval_changed = true ; 1329 host_ptr->interval_changed = true ;
1309 1330
1310 host_ptr->group[i].group_interval = group.group_interval ; 1331 host_ptr->group[i].group_interval = group.group_interval ;
1311 1332
1312 host_ptr->group[i].sensortype = group.sensortype ; 1333 host_ptr->group[i].sensortype = group.sensortype ;
@@ -1349,7 +1370,7 @@ int hwmonHostClass::hwmon_add_group ( string hostname, struct sensor_group_type
1349 1370
1350 if ( rc ) 1371 if ( rc )
1351 { 1372 {
1352 elog ("%s '%s' sensor group add failed\n", hostname.c_str() , 1373 elog ("%s '%s' sensor group add failed\n", hostname.c_str(),
1353 group.group_name.c_str()); 1374 group.group_name.c_str());
1354 } 1375 }
1355 return (rc); 1376 return (rc);
@@ -1377,8 +1398,8 @@ int hwmonHostClass::add_group_uuid ( string & hostname, string & group_name, st
1377 { 1398 {
1378 if ( !group_name.compare(host_ptr->group[i].group_name)) 1399 if ( !group_name.compare(host_ptr->group[i].group_name))
1379 { 1400 {
1380 blog1 ("%s '%s' sensor group found\n", 1401 blog1 ("%s '%s' sensor group found\n",
1381 hostname.c_str(), 1402 hostname.c_str(),
1382 host_ptr->group[i].group_name.c_str()); 1403 host_ptr->group[i].group_name.c_str());
1383 1404
1384 host_ptr->group[i].group_uuid = uuid ; 1405 host_ptr->group[i].group_uuid = uuid ;
@@ -1418,8 +1439,8 @@ int hwmonHostClass::add_sensor_uuid ( string & hostname, string & sensorname, s
1418 { 1439 {
1419 if ( !sensorname.compare(host_ptr->sensor[i].sensorname)) 1440 if ( !sensorname.compare(host_ptr->sensor[i].sensorname))
1420 { 1441 {
1421 blog1 ("%s '%s' sensor found\n", 1442 blog1 ("%s '%s' sensor found\n",
1422 hostname.c_str(), 1443 hostname.c_str(),
1423 host_ptr->sensor[i].sensorname.c_str()); 1444 host_ptr->sensor[i].sensorname.c_str());
1424 1445
1425 host_ptr->sensor[i].uuid = uuid ; 1446 host_ptr->sensor[i].uuid = uuid ;
@@ -2352,7 +2373,6 @@ void hwmonHostClass::mem_log_groups ( struct hwmonHostClass::hwmon_host * host_p
2352 done = true ; 2373 done = true ;
2353 } 2374 }
2354 if ((( x % 8 == 0 ) & ( x != 0 )) || ( done == true )) 2375 if ((( x % 8 == 0 ) & ( x != 0 )) || ( done == true ))
2355 // if ( done == true )
2356 { 2376 {
2357 if ( first == true ) 2377 if ( first == true )
2358 { 2378 {
diff --git a/mtce/src/hwmon/hwmonClass.h b/mtce/src/hwmon/hwmonClass.h
index 7cb7b6c..b1afd73 100644
--- a/mtce/src/hwmon/hwmonClass.h
+++ b/mtce/src/hwmon/hwmonClass.h
@@ -49,6 +49,10 @@ class hwmonHostClass
49 49
50 bool bm_provisioned ; 50 bool bm_provisioned ;
51 51
52 int empty_secret_log_throttle ;
53
54 libEvent secretEvent ;
55
52 /** set true once a connection is estabished and 56 /** set true once a connection is estabished and
53 * set false when error recovery is performed on the connection 57 * set false when error recovery is performed on the connection
54 **/ 58 **/
@@ -91,12 +95,13 @@ class hwmonHostClass
91 95
92 /** Pointer to the previous host in the list */ 96 /** Pointer to the previous host in the list */
93 struct hwmon_host * prev; 97 struct hwmon_host * prev;
94 98
95 /** Pointer to the next host in the list */ 99 /** Pointer to the next host in the list */
96 struct hwmon_host * next; 100 struct hwmon_host * next;
97 101
98 struct mtc_timer hostTimer ; 102 struct mtc_timer hostTimer ;
99 struct mtc_timer addTimer ; 103 struct mtc_timer addTimer ;
104 struct mtc_timer secretTimer ;
100 105
101 bool monitor ; /* true if host's sensors are to be monitored */ 106 bool monitor ; /* true if host's sensors are to be monitored */
102 107
@@ -232,9 +237,9 @@ class hwmonHostClass
232 int memory_allocs ; 237 int memory_allocs ;
233 238
234 /** A memory used counter 239 /** A memory used counter
235 * 240 *
236 * A variable storing the accumulated host memory 241 * A variable storing the accumulated host memory
237 */ 242 */
238 int memory_used ; 243 int memory_used ;
239 244
240 struct hwmon_host * hwmon_head ; /**< Host Linked List Head pointer */ 245 struct hwmon_host * hwmon_head ; /**< Host Linked List Head pointer */
@@ -458,7 +463,7 @@ class hwmonHostClass
458 463
459 void timer_handler ( int sig, siginfo_t *si, void *uc); 464 void timer_handler ( int sig, siginfo_t *si, void *uc);
460 465
461 /** This is a list of host names. */ 466 /** This is a list of host names. */
462 std::list<string> hostlist ; 467 std::list<string> hostlist ;
463 std::list<string>::iterator hostlist_iter_ptr ; 468 std::list<string>::iterator hostlist_iter_ptr ;
464 469
@@ -476,7 +481,7 @@ class hwmonHostClass
476 int hosts ; 481 int hosts ;
477 482
478 /* This bool is set in the daemon_configure case to inform the 483 /* This bool is set in the daemon_configure case to inform the
479 * FSM that there has been a configuration reload. 484 * FSM that there has been a configuration reload.
480 * The initial purpose if this bool is to trigger a full sensor 485 * The initial purpose if this bool is to trigger a full sensor
481 * dump of all hosts on demand */ 486 * dump of all hosts on demand */
482 bool config_reload ; 487 bool config_reload ;
@@ -506,7 +511,7 @@ class hwmonHostClass
506 * Name: get_sensor 511 * Name: get_sensor
507 * 512 *
508 * Description: Returns a pointer to the host sensor 513 * Description: Returns a pointer to the host sensor
509 * that matches the supplied sensor name. 514 * that matches the supplied sensor name.
510 * 515 *
511 ****************************************************************************/ 516 ****************************************************************************/
512 sensor_type * get_sensor ( string hostname, string sensorname ); 517 sensor_type * get_sensor ( string hostname, string sensorname );
@@ -515,7 +520,7 @@ class hwmonHostClass
515 * 520 *
516 * Name: add_sensor 521 * Name: add_sensor
517 * 522 *
518 * Description: If the return code is PASS then the supplied sensor is 523 * Description: If the return code is PASS then the supplied sensor is
519 * provisioned against this host. If the sensor already exists 524 * provisioned against this host. If the sensor already exists
520 * then it is updated with all the new information. Otherwise 525 * then it is updated with all the new information. Otherwise
521 * (normally) a new sensor is added. 526 * (normally) a new sensor is added.
@@ -532,13 +537,13 @@ class hwmonHostClass
532 * 537 *
533 ****************************************************************************/ 538 ****************************************************************************/
534 int add_sensor_uuid ( string & hostname, string & name, string & uuid ); 539 int add_sensor_uuid ( string & hostname, string & name, string & uuid );
535 540
536 /**************************************************************************** 541 /****************************************************************************
537 * 542 *
538 * Name: hwmon_get_group 543 * Name: hwmon_get_group
539 * 544 *
540 * Description: Returns a pointer to the host sensor group 545 * Description: Returns a pointer to the host sensor group
541 * that matches the supplied sensor group name. 546 * that matches the supplied sensor group name.
542 ****************************************************************************/ 547 ****************************************************************************/
543 struct sensor_group_type * hwmon_get_group ( string hostname, string group_name ); 548 struct sensor_group_type * hwmon_get_group ( string hostname, string group_name );
544 549
@@ -547,7 +552,7 @@ class hwmonHostClass
547 * Name: hwmon_get_sensorgroup 552 * Name: hwmon_get_sensorgroup
548 * 553 *
549 * Description: Returns a pointer to the host sensor group 554 * Description: Returns a pointer to the host sensor group
550 * that matches the supplied sensor name. 555 * that matches the supplied sensor name.
551 ****************************************************************************/ 556 ****************************************************************************/
552 struct sensor_group_type * hwmon_get_sensorgroup ( string hostname, string sensorname ); 557 struct sensor_group_type * hwmon_get_sensorgroup ( string hostname, string sensorname );
553 558
@@ -555,7 +560,7 @@ class hwmonHostClass
555 * 560 *
556 * Name: hwmon_add_group 561 * Name: hwmon_add_group
557 * 562 *
558 * Description: If the return code is PASS then the supplied sensor group is 563 * Description: If the return code is PASS then the supplied sensor group is
559 * provisioned against this host. If the group already exists 564 * provisioned against this host. If the group already exists
560 * then it is updated with all the new information. Otherwise 565 * then it is updated with all the new information. Otherwise
561 * (normally) a new group is added to the hwmon class struct. 566 * (normally) a new group is added to the hwmon class struct.
diff --git a/mtce/src/hwmon/hwmonFsm.cpp b/mtce/src/hwmon/hwmonFsm.cpp
index 6faa216..789a298 100644
--- a/mtce/src/hwmon/hwmonFsm.cpp
+++ b/mtce/src/hwmon/hwmonFsm.cpp
@@ -16,7 +16,7 @@
16#include "hwmonHttp.h" 16#include "hwmonHttp.h"
17#include "hwmonSensor.h" 17#include "hwmonSensor.h"
18#include "hwmonThreads.h" /* for ... ipmitool_thread */ 18#include "hwmonThreads.h" /* for ... ipmitool_thread */
19 19#include "secretUtil.h"
20 20
21 21
22/************************************************************************** 22/**************************************************************************
@@ -155,9 +155,19 @@ void hwmonHostClass::hwmon_fsm ( void )
155#endif 155#endif
156 if (( host_ptr->thread_extra_info.bm_pw.empty ()) && ( host_ptr->ping_info.ok == true )) 156 if (( host_ptr->thread_extra_info.bm_pw.empty ()) && ( host_ptr->ping_info.ok == true ))
157 { 157 {
158 wlog ( "%s bm password is empty ; learning and forcing reconnect\n", host_ptr->hostname.c_str()); 158 string host_uuid = hostBase.get_uuid(host_ptr->hostname);
159 host_ptr->ping_info.ok = false ; 159 wlog_throttled ( host_ptr->empty_secret_log_throttle, 20,
160 host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = get_bm_password (hostBase.get_uuid(host_ptr->hostname).data()); 160 "%s bm password is empty ; learning and forcing reconnect\n",
161 host_ptr->hostname.c_str());
162 barbicanSecret_type * secret = secretUtil_manage_secret( host_ptr->secretEvent,
163 host_uuid,
164 host_ptr->secretTimer,
165 hwmonTimer_handler );
166 if ( secret->stage == MTC_SECRET__GET_PWD_RECV )
167 {
168 host_ptr->ping_info.ok = false ;
169 host_ptr->thread_extra_info.bm_pw = host_ptr->bm_pw = secret->payload ;
170 }
161 } 171 }
162 else if ( host_ptr->accessible ) 172 else if ( host_ptr->accessible )
163 { 173 {
diff --git a/mtce/src/hwmon/hwmonHdlr.cpp b/mtce/src/hwmon/hwmonHdlr.cpp
index 9520045..304fb55 100644
--- a/mtce/src/hwmon/hwmonHdlr.cpp
+++ b/mtce/src/hwmon/hwmonHdlr.cpp
@@ -236,6 +236,12 @@ void hwmonHostClass::timer_handler ( int sig, siginfo_t *si, void *uc)
236 hwmon_host_ptr->relearn = false ; 236 hwmon_host_ptr->relearn = false ;
237 return ; 237 return ;
238 } 238 }
239 else if (( *tid_ptr == hwmon_host_ptr->secretTimer.tid ) )
240 {
241 mtcTimer_stop_int_safe ( hwmon_host_ptr->secretTimer );
242 hwmon_host_ptr->secretTimer.ring = true ;
243 return ;
244 }
239 } 245 }
240 } 246 }
241 mtcTimer_stop_tid_int_safe (tid_ptr); 247 mtcTimer_stop_tid_int_safe (tid_ptr);
diff --git a/mtce/src/hwmon/hwmonInit.cpp b/mtce/src/hwmon/hwmonInit.cpp
index 9217400..70f76ff 100644
--- a/mtce/src/hwmon/hwmonInit.cpp
+++ b/mtce/src/hwmon/hwmonInit.cpp
@@ -151,6 +151,12 @@ int daemon_configure ( void )
151 return (FAIL_LOAD_INI); 151 return (FAIL_LOAD_INI);
152 } 152 }
153 153
154 if (ini_parse(SECRET_CFG_FILE, barbican_config_handler, &hwmon_config) < 0)
155 {
156 elog ("Can't load '%s'\n", SECRET_CFG_FILE );
157 return (FAIL_LOAD_INI);
158 }
159
154 /* tell the host service that there has been a config reload */ 160 /* tell the host service that there has been a config reload */
155 obj_ptr->config_reload = true ; 161 obj_ptr->config_reload = true ;
156 162
diff --git a/mtce/src/maintenance/Makefile b/mtce/src/maintenance/Makefile
index 875178f..d2a1348 100755
--- a/mtce/src/maintenance/Makefile
+++ b/mtce/src/maintenance/Makefile
@@ -21,7 +21,6 @@ SRCS += mtcHttpSvr.cpp
21SRCS += mtcWorkQueue.cpp 21SRCS += mtcWorkQueue.cpp
22SRCS += mtcInvApi.cpp 22SRCS += mtcInvApi.cpp
23SRCS += mtcSmgrApi.cpp 23SRCS += mtcSmgrApi.cpp
24SRCS += mtcKeyApi.cpp
25SRCS += mtcCmdHdlr.cpp 24SRCS += mtcCmdHdlr.cpp
26SRCS += mtcNodeMnfa.cpp 25SRCS += mtcNodeMnfa.cpp
27SRCS += mtcVimApi.cpp 26SRCS += mtcVimApi.cpp
@@ -42,7 +41,6 @@ CONTROL_OBJS += mtcCtrlMsg.o
42CONTROL_OBJS += mtcWorkQueue.o 41CONTROL_OBJS += mtcWorkQueue.o
43CONTROL_OBJS += mtcInvApi.o 42CONTROL_OBJS += mtcInvApi.o
44CONTROL_OBJS += mtcSmgrApi.o 43CONTROL_OBJS += mtcSmgrApi.o
45CONTROL_OBJS += mtcKeyApi.o
46CONTROL_OBJS += mtcHttpUtil.o 44CONTROL_OBJS += mtcHttpUtil.o
47CONTROL_OBJS += mtcHttpSvr.o 45CONTROL_OBJS += mtcHttpSvr.o
48CONTROL_OBJS += mtcCmdHdlr.o 46CONTROL_OBJS += mtcCmdHdlr.o
diff --git a/mtce/src/maintenance/mtcHttpUtil.cpp b/mtce/src/maintenance/mtcHttpUtil.cpp
index 73cce49..71c30f7 100755
--- a/mtce/src/maintenance/mtcHttpUtil.cpp
+++ b/mtce/src/maintenance/mtcHttpUtil.cpp
@@ -680,6 +680,7 @@ int mtcHttpUtil_api_request ( libEvent & event )
680 event.type = EVHTTP_REQ_PATCH ; 680 event.type = EVHTTP_REQ_PATCH ;
681 } 681 }
682 } 682 }
683
683 else 684 else
684 { 685 {
685 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request); 686 slog ("%s Unsupported Request (%d)\n", event.hostname.c_str(), event.request);
@@ -826,6 +827,7 @@ int mtcHttpUtil_api_request ( libEvent & event )
826 } 827 }
827 else 828 else
828 { 829 {
830 jlog ("%s API Address : %s\n", event.hostname.c_str(), event.token.url.c_str());
829 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.token.url.data()); 831 event.status = evhttp_make_request ( event.conn, event.req, event.type, event.token.url.data());
830 } 832 }
831 if ( event.status == PASS ) 833 if ( event.status == PASS )
diff --git a/mtce/src/maintenance/mtcInvApi.cpp b/mtce/src/maintenance/mtcInvApi.cpp
index b90c652..242626d 100755
--- a/mtce/src/maintenance/mtcInvApi.cpp
+++ b/mtce/src/maintenance/mtcInvApi.cpp
@@ -49,7 +49,6 @@
49#include "nodeUtil.h" /* for ... Utility Service Header */ 49#include "nodeUtil.h" /* for ... Utility Service Header */
50#include "jsonUtil.h" /* for ... Json utilities */ 50#include "jsonUtil.h" /* for ... Json utilities */
51#include "mtcInvApi.h" /* this .. module header */ 51#include "mtcInvApi.h" /* this .. module header */
52#include "mtcKeyApi.h" /* for ... keystone service utilities */
53#include "mtcNodeHdlrs.h" /* for ... mtcTimer_handler ( .. ) */ 52#include "mtcNodeHdlrs.h" /* for ... mtcTimer_handler ( .. ) */
54 53
55 54
@@ -70,11 +69,6 @@ int mtcInvApi_read_inventory ( int batch )
70 69
71 nodeLinkClass * obj_ptr = get_mtcInv_ptr (); 70 nodeLinkClass * obj_ptr = get_mtcInv_ptr ();
72 string hostname = obj_ptr->get_my_hostname(); 71 string hostname = obj_ptr->get_my_hostname();
73 if ( rc != PASS )
74 {
75 wlog ("Failed to get an authentication token ... requesting retry\n");
76 return (RETRY);
77 }
78 72
79 rc = mtcHttpUtil_event_init ( &obj_ptr->sysinvEvent, 73 rc = mtcHttpUtil_event_init ( &obj_ptr->sysinvEvent,
80 obj_ptr->my_hostname, 74 obj_ptr->my_hostname,
diff --git a/mtce/src/maintenance/mtcKeyApi.cpp b/mtce/src/maintenance/mtcKeyApi.cpp
deleted file mode 100755
index e1f99ed..0000000
--- a/mtce/src/maintenance/mtcKeyApi.cpp
+++ /dev/null
@@ -1,183 +0,0 @@
1/*
2 * Copyright (c) 2013, 2015 Wind River Systems, Inc.
3*
4* SPDX-License-Identifier: Apache-2.0
5*
6 */
7
8 /**
9 * @file
10 * Wind River CGTS Platform Controller Maintenance
11 * Authentication Utility API
12 *
13 * mtcKeyApi_get_token
14 * _key_POST_request - Request a authentication token
15 * jsonApi_auth_request
16 * mtcHttpUtil_connect_new
17 * mtcHttpUtil_request_new
18 * mtcHttpUtil_header_add
19 * mtcHttpUtil_request_make
20 * evhttp_connection_set_timeout
21 * event_base_dispatch
22 *
23 * _key_POST_handler - called by libevent like an interrupt handler
24 * evbuffer_remove - reads the response data out of da resp buffer
25 * jsonApi_auth_load - extract the data we want from resp json string
26 * tokenid - load data: the 3604 byte authentication token
27 * adminURL - load data: the key address
28 * issued - load data: can use this later so that we
29 * expiry - load data: don't have to keep requesting tokens
30 * event_base_loopbreak - end the interrupt handler
31*/
32
33#ifdef __AREA__
34#undef __AREA__
35#endif
36#define __AREA__ "key"
37
38#include "nodeClass.h" /* for ... maintenance class nodeLinkClass */
39#include "nodeUtil.h"
40#include "httpUtil.h" /* for ... libEvent */
41#include "mtcKeyApi.h" /* for ... this module header */
42#include "jsonUtil.h" /* for ... Json utilities */
43
44/* Token info is stored in the common public
45 * area of the maintenance nodelinkClass structure */
46
47/* http://localhost:5000/v2.0/tokens -X POST -H "Content-Type: application/json"
48 * -H "Accept: application/json"
49 * -H "User-Agent: python-keyclient"
50 * -H "Connection: close"
51 *
52 * {
53 * "auth":
54 * {
55 * "tenantName": "services",
56 * "passwordCredentials":
57 * {
58 * "username": "mtce",
59 * "password": "password"
60 * }
61 * }
62 * }
63 *
64 */
65int throttle = 0 ;
66
67/* The handles the keystone POST request's response message */
68int mtcKeyApi_handler ( libEvent & event )
69{
70 jsonUtil_auth_type info ;
71 string hn = event.hostname ;
72 int rc = PASS ;
73
74 nodeLinkClass * obj_ptr = get_mtcInv_ptr () ;
75
76 /* Copy the token info into the static libEvent tokenEvent struct */
77 obj_ptr->tokenEvent = event ;
78
79 if ( event.status )
80 {
81 rc = obj_ptr->tokenEvent.status ;
82 elog ( "%s Token Request Failed (%d) \n", hn.c_str(), rc );
83 }
84 else if ( jsonApi_auth_load ( hn, (char*)obj_ptr->tokenEvent.response.data(), info ) )
85 {
86 rc = obj_ptr->tokenEvent.status = FAIL_JSON_PARSE ;
87 elog ( "%s Token Request Failed - Json Parse Error\n", hn.c_str());
88 }
89 else
90 {
91 jlog ("%s Token Exp: %s\n", hn.c_str(), info.expiry.c_str() );
92 jlog ("%s Admin URL: %s\n" ,hn.c_str(), info.adminURL.c_str() );
93 jlog ("%s Token Len: %ld\n",hn.c_str(), info.tokenid.length() );
94 obj_ptr->tokenEvent.token.issued = info.issued ;
95 obj_ptr->tokenEvent.token.expiry = info.expiry ;
96 obj_ptr->tokenEvent.token.token = info.tokenid ;
97 obj_ptr->tokenEvent.token.url = info.adminURL ;
98 obj_ptr->tokenEvent.status = PASS ;
99 if ( obj_ptr->token_refresh_rate )
100 {
101 ilog ( "Token Refresh: [%s] [Expiry: %s %s]\n",
102 md5sum_string ( obj_ptr->tokenEvent.token.token).c_str(),
103 obj_ptr->tokenEvent.token.expiry.substr(0,10).c_str(),
104 obj_ptr->tokenEvent.token.expiry.substr(11,8).c_str());
105 }
106 }
107
108 /* Check for a response string */
109 if ( obj_ptr->tokenEvent.token.token.empty() )
110 {
111 elog ("%s Failed to get token\n",
112 obj_ptr->tokenEvent.hostname.c_str());
113 rc = FAIL_TOKEN_GET;
114 }
115
116 /* Check for Key URL */
117 else if ( obj_ptr->tokenEvent.token.url.empty() )
118 {
119 elog ("%s Failed to get token URL\n",
120 obj_ptr->tokenEvent.hostname.c_str());
121 rc = FAIL_TOKEN_URL;
122 }
123 else
124 {
125 dlog ("%s Token Refresh O.K.\n", obj_ptr->tokenEvent.hostname.c_str());
126 }
127 return (rc);
128}
129
130void corrupt_token ( keyToken_type & key )
131{
132 key.token.replace ( 800, 50, "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" );
133}
134
135/* fetches an authorization token as a blocking request */
136int nodeLinkClass::mtcKeyApi_get_token ( string hostname )
137{
138 mtcHttpUtil_event_init ( &this->tokenEvent,
139 hostname,
140 "mtcKeyApi_get_token",
141 hostUtil_getServiceIp ( SERVICE_TOKEN ),
142 hostUtil_getServicePort ( SERVICE_TOKEN ));
143
144 this->tokenEvent.prefix_path = hostUtil_getPrefixPath();
145 this->tokenEvent.blocking = true ;
146 this->tokenEvent.request = KEYSTONE_TOKEN ;
147 this->tokenEvent.operation = KEYSTONE_SIG ;
148
149 this->tokenEvent.token.token.clear() ;
150 this->tokenEvent.token.url.clear();
151 this->tokenEvent.token.issued.clear();
152 this->tokenEvent.token.expiry.clear();
153
154 ilog ("%s Prefix path: %s\n", hostname.c_str(), this->tokenEvent.prefix_path.c_str() );
155 return ( mtcHttpUtil_api_request ( this->tokenEvent ));
156}
157
158/* fetches an authorization token and key URL and UUID info */
159int nodeLinkClass::mtcKeyApi_refresh_token ( string hostname )
160{
161 GET_NODE_PTR(hostname);
162 mtcHttpUtil_event_init ( &node_ptr->httpReq,
163 hostname,
164 "mtcKeyApi_refresh_token",
165 hostUtil_getServiceIp ( SERVICE_TOKEN ),
166 hostUtil_getServicePort ( SERVICE_TOKEN ));
167
168 node_ptr->httpReq.prefix_path = hostUtil_getPrefixPath();
169 node_ptr->httpReq.hostname = hostname ;
170 node_ptr->httpReq.uuid = node_ptr->uuid ;
171 node_ptr->httpReq.request = KEYSTONE_TOKEN ;
172 node_ptr->httpReq.operation = KEYSTONE_SIG ;
173 node_ptr->httpReq.max_retries = 3 ;
174 node_ptr->httpReq.cur_retries = 0 ;
175
176 node_ptr->httpReq.token.token.clear() ;
177 node_ptr->httpReq.token.url.clear();
178 node_ptr->httpReq.token.issued.clear();
179 node_ptr->httpReq.token.expiry.clear();
180
181 ilog ("%s Prefix path: %s\n", hostname.c_str(), this->tokenEvent.prefix_path.c_str() );
182 return(this->workQueue_enqueue ( node_ptr->httpReq));
183}
diff --git a/mtce/src/maintenance/mtcKeyApi.h b/mtce/src/maintenance/mtcKeyApi.h
deleted file mode 100755
index 6e53aad..0000000
--- a/mtce/src/maintenance/mtcKeyApi.h
+++ /dev/null
@@ -1,25 +0,0 @@
1#ifndef __INCLUDE_MTCKEYAPI_H__
2#define __INCLUDE_MTCKEYAPI_H__
3/*
4 * Copyright (c) 2013, 2016 Wind River Systems, Inc.
5*
6* SPDX-License-Identifier: Apache-2.0
7*
8 */
9
10#include <iostream>
11#include <string>
12
13#include "mtcHttpUtil.h"
14
15//#define MTC_POST_KEY_ADDR "localhost"
16//#define MTC_POST_KEY_PORT 5000
17#define MTC_POST_KEY_LABEL "/v3/auth/tokens"
18
19int mtcKeyApi_init ( string ip, int port );
20
21int mtcKeyApi_handler ( libEvent & event );
22
23void corrupt_token ( keyToken_type & key );
24
25#endif /* __INCLUDE_MTCKEYAPI_H__ */
diff --git a/mtce/src/maintenance/mtcNodeCtrl.cpp b/mtce/src/maintenance/mtcNodeCtrl.cpp
index 75c2685..12c35fa 100644
--- a/mtce/src/maintenance/mtcNodeCtrl.cpp
+++ b/mtce/src/maintenance/mtcNodeCtrl.cpp
@@ -53,7 +53,7 @@ using namespace std;
53#include "mtcHttpSvr.h" /* for ... mtcHttpSvr_init/_fini/_look */ 53#include "mtcHttpSvr.h" /* for ... mtcHttpSvr_init/_fini/_look */
54#include "mtcInvApi.h" /* */ 54#include "mtcInvApi.h" /* */
55#include "mtcSmgrApi.h" /* */ 55#include "mtcSmgrApi.h" /* */
56#include "nlEvent.h" /* for ... open_netlink_socket */ 56#include "nlEvent.h" /* for ... open_netlink_socket */
57 57
58/************************************************************** 58/**************************************************************
59 * Implementation Structure 59 * Implementation Structure
@@ -237,19 +237,16 @@ static int mtc_config_handler ( void * user,
237 config_ptr->ha_port = atoi(value); 237 config_ptr->ha_port = atoi(value);
238 config_ptr->mask |= CONFIG_AGENT_HA_PORT ; 238 config_ptr->mask |= CONFIG_AGENT_HA_PORT ;
239 } 239 }
240
241 else if (MATCH("agent", "inv_event_port")) 240 else if (MATCH("agent", "inv_event_port"))
242 { 241 {
243 config_ptr->inv_event_port = atoi(value); 242 config_ptr->inv_event_port = atoi(value);
244 config_ptr->mask |= CONFIG_AGENT_INV_EVENT_PORT ; 243 config_ptr->mask |= CONFIG_AGENT_INV_EVENT_PORT ;
245 } 244 }
246
247 else if (MATCH("agent", "keystone_port")) 245 else if (MATCH("agent", "keystone_port"))
248 { 246 {
249 config_ptr->keystone_port = atoi(value); 247 config_ptr->keystone_port = atoi(value);
250 config_ptr->mask |= CONFIG_AGENT_KEY_PORT ; 248 config_ptr->mask |= CONFIG_AGENT_KEY_PORT ;
251 } 249 }
252
253 else if (MATCH("agent", "mtc_agent_port")) 250 else if (MATCH("agent", "mtc_agent_port"))
254 { 251 {
255 config_ptr->mtc_agent_port = atoi(value); 252 config_ptr->mtc_agent_port = atoi(value);
@@ -482,6 +479,12 @@ int daemon_configure ( void )
482 return (FAIL_LOAD_INI); 479 return (FAIL_LOAD_INI);
483 } 480 }
484 481
482 if (ini_parse(SECRET_CFG_FILE, barbican_config_handler, &mtc_config) < 0)
483 {
484 elog ("Can't load '%s'\n", SECRET_CFG_FILE );
485 return (FAIL_LOAD_INI);
486 }
487
485 /* Loads key Mtce debug values that can override the defaults */ 488 /* Loads key Mtce debug values that can override the defaults */
486 if (ini_parse(MTCE_CONF_FILE, debug_config_handler, &mtc_config) < 0) 489 if (ini_parse(MTCE_CONF_FILE, debug_config_handler, &mtc_config) < 0)
487 { 490 {
@@ -653,6 +656,8 @@ int daemon_configure ( void )
653 ilog("guestAgent : %d (port)\n", mtc_config.mtc_to_guest_cmd_port ); 656 ilog("guestAgent : %d (port)\n", mtc_config.mtc_to_guest_cmd_port );
654 ilog("hwmond : %d (port)\n", mtc_config.hwmon_cmd_port ); 657 ilog("hwmond : %d (port)\n", mtc_config.hwmon_cmd_port );
655 ilog("auth_host : %s \n", mtc_config.keystone_auth_host ); 658 ilog("auth_host : %s \n", mtc_config.keystone_auth_host );
659 ilog("Barbican Port: %d (rx)\n", mtc_config.barbican_api_port );
660 ilog("Barbican Address : %s (tx)\n", mtc_config.barbican_api_host );
656 661
657 /* log system wide service based auto recovery control values */ 662 /* log system wide service based auto recovery control values */
658 ilog("AR Config : %d (threshold) %d sec (retry interval)", 663 ilog("AR Config : %d (threshold) %d sec (retry interval)",
diff --git a/mtce/src/maintenance/mtcNodeHdlrs.cpp b/mtce/src/maintenance/mtcNodeHdlrs.cpp
index 5ac7f72..35343c3 100755
--- a/mtce/src/maintenance/mtcNodeHdlrs.cpp
+++ b/mtce/src/maintenance/mtcNodeHdlrs.cpp
@@ -37,6 +37,7 @@ using namespace std;
37 37
38#include "jsonUtil.h" /* for ... jsonApi_array_value */ 38#include "jsonUtil.h" /* for ... jsonApi_array_value */
39#include "tokenUtil.h" 39#include "tokenUtil.h"
40#include "secretUtil.h"
40#include "regexUtil.h" /* for ... regexUtil_pattern_match */ 41#include "regexUtil.h" /* for ... regexUtil_pattern_match */
41 42
42#include "nodeClass.h" /* All base stuff */ 43#include "nodeClass.h" /* All base stuff */
@@ -5833,6 +5834,18 @@ int nodeLinkClass::bm_handler ( struct nodeLinkClass::node * node_ptr )
5833 mtcTimer_start ( node_ptr->bmc_access_timer, mtcTimer_handler, MTC_MINS_2 ); 5834 mtcTimer_start ( node_ptr->bmc_access_timer, mtcTimer_handler, MTC_MINS_2 );
5834 } 5835 }
5835 5836
5837 if (( node_ptr->thread_extra_info.bm_pw.empty ()) && ( node_ptr->bm_ping_info.ok == true ))
5838 {
5839 barbicanSecret_type * secret = secretUtil_manage_secret( node_ptr->secretEvent,
5840 node_ptr->uuid,
5841 node_ptr->bm_timer,
5842 mtcTimer_handler );
5843 if ( secret->stage == MTC_SECRET__GET_PWD_RECV )
5844 {
5845 node_ptr->thread_extra_info.bm_pw = node_ptr->bm_pw = secret->payload ;
5846 }
5847 }
5848
5836 /* This block queries and logs BMC Info and last Reset Cause */ 5849 /* This block queries and logs BMC Info and last Reset Cause */
5837 if (( node_ptr->bm_accessible == false ) && 5850 if (( node_ptr->bm_accessible == false ) &&
5838 ( node_ptr->bm_ping_info.ok == true ) && 5851 ( node_ptr->bm_ping_info.ok == true ) &&
@@ -5968,8 +5981,8 @@ int nodeLinkClass::bm_handler ( struct nodeLinkClass::node * node_ptr )
5968 node_ptr->power_status_query_done = true ; 5981 node_ptr->power_status_query_done = true ;
5969 node_ptr->ipmitool_thread_ctrl.done = true ; 5982 node_ptr->ipmitool_thread_ctrl.done = true ;
5970 node_ptr->ipmitool_thread_info.command = 0 ; 5983 node_ptr->ipmitool_thread_info.command = 0 ;
5971 node_ptr->bm_accessible = true ;
5972 node_ptr->bm_accessible = true ; 5984 node_ptr->bm_accessible = true ;
5985 node_ptr->bm_ping_info.ok = true;
5973 mtcTimer_reset ( node_ptr->bmc_access_timer ); 5986 mtcTimer_reset ( node_ptr->bmc_access_timer );
5974 5987
5975 ilog ("%s %s\n", node_ptr->hostname.c_str(), 5988 ilog ("%s %s\n", node_ptr->hostname.c_str(),
diff --git a/mtce/src/scripts/mtc.conf b/mtce/src/scripts/mtc.conf
index 898e8a3..0060df6 100644
--- a/mtce/src/scripts/mtc.conf
+++ b/mtce/src/scripts/mtc.conf
@@ -25,6 +25,7 @@ mtc_to_hbs_cmd_port = 2104 ; Mtc to Hbs Command Port Number
25mtc_to_guest_cmd_port = 2108 ; Mtc to guestAgent Command port 25mtc_to_guest_cmd_port = 2108 ; Mtc to guestAgent Command port
26hbs_to_mtc_event_port = 2107 ; Hbs to Mtc Event Port Number 26hbs_to_mtc_event_port = 2107 ; Hbs to Mtc Event Port Number
27inv_event_port = 2112 ; The Inventory Event Port Number 27inv_event_port = 2112 ; The Inventory Event Port Number
28barbican_port = 9311 ; The Barbican Port Number
28 29
29token_refresh_rate = 1200 ; Authentication token refresh rate in seconds. 30token_refresh_rate = 1200 ; Authentication token refresh rate in seconds.
30 ; A value of zero means no refresh. 31 ; A value of zero means no refresh.