brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aleds...@apache.org
Subject [1/7] incubator-brooklyn git commit: Support logging VM credentials
Date Mon, 22 Dec 2014 14:07:40 GMT
Repository: incubator-brooklyn
Updated Branches:
  refs/heads/master fda04de83 -> 1d32eb284


Support logging VM credentials

- In JcloudsLocation, if config says so then log the password/privateKey
- Useful for when debugging failing to ssh (e.g. in vcloud-director!), 
  but config should never be used in production!

Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/970826d9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/970826d9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/970826d9

Branch: refs/heads/master
Commit: 970826d97fcab4f88f27aef8e3980611c63b9343
Parents: 3cb52e5
Author: Aled Sage <aled.sage@gmail.com>
Authored: Tue Dec 16 21:04:00 2014 +0000
Committer: Aled Sage <aled.sage@gmail.com>
Committed: Tue Dec 16 21:04:00 2014 +0000

----------------------------------------------------------------------
 .../location/cloud/CloudLocationConfig.java     |  5 +++
 .../location/jclouds/JcloudsLocation.java       | 38 +++++++++++++++-----
 2 files changed, 34 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/970826d9/core/src/main/java/brooklyn/location/cloud/CloudLocationConfig.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/brooklyn/location/cloud/CloudLocationConfig.java b/core/src/main/java/brooklyn/location/cloud/CloudLocationConfig.java
index a7bd5ac..4d868ae 100644
--- a/core/src/main/java/brooklyn/location/cloud/CloudLocationConfig.java
+++ b/core/src/main/java/brooklyn/location/cloud/CloudLocationConfig.java
@@ -63,6 +63,11 @@ public interface CloudLocationConfig {
             "Whether and how long to wait for a newly provisioned VM to be accessible via
ssh; " +
             "if 'false', won't check; if 'true' uses default duration; otherwise accepts
a time string e.g. '5m' (the default) or a number of milliseconds", "5m");
 
+    public static final ConfigKey<Boolean> LOG_CREDENTIALS = ConfigKeys.newBooleanConfigKey(
+            "logCredentials", 
+            "Whether to log credentials of a new VM - strongly recommended never be used
in production, as it is a big security hole!",
+            false);
+
     public static final ConfigKey<Object> CALLER_CONTEXT = LocationConfigKeys.CALLER_CONTEXT;
 
     public static final ConfigKey<Boolean> DESTROY_ON_FAILURE = ConfigKeys.newBooleanConfigKey("destroyOnFailure",
"Whether to destroy the VM if provisioningLocation.obtain() fails", true);

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/970826d9/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
index 7c74ed5..a5f32a0 100644
--- a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
+++ b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
@@ -765,11 +765,16 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation
im
             customizedTimestamp = Duration.of(provisioningStopwatch);
             
             LOG.info("Finished VM "+setup.getDescription()+" creation:"
-                + " "+sshMachineLocation.getUser()+"@"+sshMachineLocation.getAddress() +
" ready after "+Duration.of(provisioningStopwatch).toStringRounded()
-                + " ("+template+" template built in "+Duration.of(templateTimestamp).toStringRounded()+";"
-                + " "+node+" provisioned in "+Duration.of(provisionTimestamp).subtract(templateTimestamp).toStringRounded()+";"
-                + " "+sshMachineLocation+" ssh usable in "+Duration.of(usableTimestamp).subtract(provisionTimestamp).toStringRounded()+";"
-                + " and os customized in "+Duration.of(customizedTimestamp).subtract(usableTimestamp).toStringRounded()+"
- "+Joiner.on(", ").join(customisationForLogging)+")");
+                    + " "+sshMachineLocation.getUser()+"@"+sshMachineLocation.getAddress()+":"+sshMachineLocation.getPort()
+                    + (Boolean.TRUE.equals(setup.get(LOG_CREDENTIALS))
+                              ? "password=" + (initialCredentials.getOptionalPassword().isPresent()
? initialCredentials.getOptionalPassword() : "<absent>")
+                                      + " && key=" + (initialCredentials.getOptionalPrivateKey().isPresent()
? initialCredentials.getOptionalPrivateKey() : "<absent>")
+                              : "")
+                    + " ready after "+Duration.of(provisioningStopwatch).toStringRounded()
+                    + " ("+template+" template built in "+Duration.of(templateTimestamp).toStringRounded()+";"
+                    + " "+node+" provisioned in "+Duration.of(provisionTimestamp).subtract(templateTimestamp).toStringRounded()+";"
+                    + " "+sshMachineLocation+" ssh usable in "+Duration.of(usableTimestamp).subtract(provisionTimestamp).toStringRounded()+";"
+                    + " and os customized in "+Duration.of(customizedTimestamp).subtract(usableTimestamp).toStringRounded()+"
- "+Joiner.on(", ").join(customisationForLogging)+")");
 
             return sshMachineLocation;
         } catch (Exception e) {
@@ -1759,10 +1764,25 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation
im
             delayMs = Time.parseTimeString(WAIT_FOR_SSHABLE.getDefaultValue());
         
         String user = expectedCredentials.getUser();
-        LOG.debug("VM {}: reported online, now waiting {} for it to be sshable on {}@{}:{}{}",
new Object[] {
-                setup.getDescription(), Time.makeTimeStringRounded(delayMs),
-                user, vmIp, vmPort,
-                Objects.equal(user, getUser(setup)) ? "" : " (setup user is different: "+getUser(setup)+")"});
+        if (LOG.isDebugEnabled()) {
+            Optional<String> password;
+            Optional<String> key;
+            if (Boolean.TRUE.equals(setup.get(LOG_CREDENTIALS))) {
+                password = expectedCredentials.getOptionalPassword();
+                key = expectedCredentials.getOptionalPrivateKey();
+            } else {
+                password = expectedCredentials.getOptionalPassword().isPresent() ? Optional.of("******")
: Optional.<String>absent();
+                key = expectedCredentials.getOptionalPrivateKey().isPresent() ? Optional.of("******")
: Optional.<String>absent();
+            }
+            LOG.debug("VM {}: reported online, now waiting {} for it to be sshable on {}@{}:{}{};
using credentials password={}; key={}", 
+                    new Object[] {
+                            setup.getDescription(), Time.makeTimeStringRounded(delayMs),
+                            user, vmIp, vmPort,
+                            Objects.equal(user, getUser(setup)) ? "" : " (setup user is different:
"+getUser(setup)+")",
+                            (password.isPresent() ? password.get() : "<absent>"),
+                            (key.isPresent() ? key.get() : "<absent>"),
+                    });
+        }
         
         Callable<Boolean> checker;
         if (hostAndPortOverride.isPresent()) {


Mime
View raw message