From: Oliver Kurth Date: Fri, 15 Sep 2017 18:23:52 +0000 (-0700) Subject: CAF - Preconfigure the listener + follow guest proxy X-Git-Tag: stable-10.2.0~83 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3633fa4ab2b5cbd97bfed0cdc14cda842675bd9e;p=thirdparty%2Fopen-vm-tools.git CAF - Preconfigure the listener + follow guest proxy Listener is auto configured during the install upon MA being started. Listener is started/stopped automatically when tunnel is enabled/disabled. --- diff --git a/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.cpp b/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.cpp index 38435f2d6..d153289dc 100644 --- a/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.cpp +++ b/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.cpp @@ -1286,6 +1286,32 @@ std::string FileSystemUtils::getTempFilename(const std::string& filename_templat } CAF_CM_EXIT; CAF_CM_VALIDATE_STRING(filename); - + return filename; } + +std::string FileSystemUtils::executeScript( + const std::string& scriptPath, + const std::string& scriptResultsDir) { + CAF_CM_STATIC_FUNC_LOG_VALIDATE("FileSystemUtils", "executeScript"); + CAF_CM_VALIDATE_STRING(scriptPath); + CAF_CM_VALIDATE_STRING(scriptResultsDir); + + Cdeqstr argv; + argv.push_back(scriptPath); + + const std::string basename = FileSystemUtils::getBasename(scriptPath); + const std::string stdoutPath = FileSystemUtils::buildPath( + scriptResultsDir, basename + ".stdout"); + const std::string stderrPath = FileSystemUtils::buildPath( + scriptResultsDir, basename + ".stderr"); + + ProcessUtils::runSyncToFiles(argv, stdoutPath, stderrPath); + + std::string rc; + if (FileSystemUtils::doesFileExist(stdoutPath)) { + rc = FileSystemUtils::loadTextFile(stdoutPath); + } + + return rc; +} diff --git a/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.h b/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.h index c3fbd2a94..c89bf9f38 100644 --- a/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.h +++ b/open-vm-tools/common-agent/Cpp/Framework/Framework/src/Common/CFileSystemUtils.h @@ -178,11 +178,15 @@ public: const std::string &path); static int64 getFileSize(const std::string& filename); - + static std::string saveTempTextFile(const std::string& filename_template, const std::string& contents); - + static std::string getTempFilename(const std::string& filename_template); + static std::string executeScript( + const std::string& scriptPath, + const std::string& scriptResultsDir); + private: static void saveFileSafely( const std::string& filePath, diff --git a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/include/CMonitorReadingMessageSource.h b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/include/CMonitorReadingMessageSource.h index 795240555..66ac5a319 100644 --- a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/include/CMonitorReadingMessageSource.h +++ b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/include/CMonitorReadingMessageSource.h @@ -77,6 +77,8 @@ private: int32 _listenerRetryCnt; int32 _listenerRetryMax; + SmartPtrCMonitorListener _monitorListener; + private: CAF_CM_CREATE; CAF_CM_CREATE_LOG; diff --git a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.cpp b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.cpp index ec20955a8..c26e3adfd 100644 --- a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.cpp +++ b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.cpp @@ -42,6 +42,9 @@ void CConfigEnv::initialize( _persistenceRemove = persistenceRemove; } } else { + _monitorListener.CreateInstance(); + _monitorListener->initialize(); + _persistenceRemove = persistenceRemove; _persistenceDir = AppConfigUtils::getRequiredString("persistence_dir"); @@ -78,16 +81,20 @@ SmartPtrCPersistenceDoc CConfigEnv::getUpdated( CAF_CM_LOCK_UNLOCK; CAF_CM_PRECOND_ISINITIALIZED(_isInitialized); + bool preConfigDoneNow = _monitorListener->preConfigureListener(); if (FileSystemUtils::doesFileExist(_listenerConfiguredStage1Path)) { - if (_persistence.IsNull()) { + if (_persistence.IsNull() || preConfigDoneNow) { _persistence = CPersistenceUtils::loadPersistence(_persistenceDir); if (FileSystemUtils::doesFileExist(_listenerConfiguredStage2Path)) { _persistenceUpdated = _persistence; } } - const SmartPtrCPersistenceDoc persistenceTmp = - CConfigEnvMerge::mergePersistence(_persistence, _cacertPath, _vcidPath); + SmartPtrCPersistenceDoc persistenceTmp; + if (preConfigDoneNow) { + persistenceTmp = CConfigEnvMerge::mergePersistence( + _persistence, _cacertPath, _vcidPath); + } if (! persistenceTmp.IsNull()) { CPersistenceUtils::savePersistence(persistenceTmp, _persistenceDir); _persistence = CPersistenceUtils::loadPersistence(_persistenceDir); @@ -117,6 +124,8 @@ void CConfigEnv::update( CAF_CM_LOCK_UNLOCK; CAF_CM_PRECOND_ISINITIALIZED(_isInitialized); + getUpdated(0); + const SmartPtrCPersistenceDoc persistenceTmp1 = CPersistenceMerge::mergePersistence(_persistence, persistence); diff --git a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.h b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.h index 35a19eeac..4931a0704 100644 --- a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.h +++ b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnv.h @@ -91,6 +91,7 @@ private: SmartPtrCPersistenceDoc _persistence; SmartPtrCPersistenceDoc _persistenceUpdated; SmartPtrIPersistence _persistenceRemove; + SmartPtrCMonitorListener _monitorListener; private: CAF_CM_CREATE; diff --git a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnvMerge.h b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnvMerge.h index 50c66f2be..7d2a6729a 100644 --- a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnvMerge.h +++ b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CConfigEnvMerge.h @@ -23,6 +23,8 @@ public: const std::string& cacertPath, const std::string& vcidPath); + static bool isTunnelEnabledFunc(); + private: static std::deque mergePersistenceProtocolCollectionInner( const std::deque& persistenceProtocolCollectionInner, @@ -43,8 +45,6 @@ private: const std::string& cacert); private: - static bool isTunnelEnabledFunc(); - static std::string loadTextFile( const std::string& path); diff --git a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CMonitorReadingMessageSource.cpp b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CMonitorReadingMessageSource.cpp index e31b09c91..d5fd0f1c7 100644 --- a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CMonitorReadingMessageSource.cpp +++ b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/CMonitorReadingMessageSource.cpp @@ -15,6 +15,8 @@ using namespace Caf; +#define LISTENER_STARTUP_TYPE_AUTOMATIC "Automatic" + CMonitorReadingMessageSource::CMonitorReadingMessageSource() : _isInitialized(false), _listenerStartTimeMs(0), @@ -38,6 +40,10 @@ void CMonitorReadingMessageSource::initialize( const SmartPtrIDocument pollerDoc = configSection->findOptionalChild("poller"); setPollerMetadata(pollerDoc); + + _monitorListener.CreateInstance(); + _monitorListener->initialize(); + _monitorDir = AppConfigUtils::getRequiredString("monitor_dir"); _restartListenerPath = FileSystemUtils::buildPath(_monitorDir, "restartListener.txt"); _listenerConfiguredStage2Path = FileSystemUtils::buildPath(_monitorDir, "listenerConfiguredStage2.txt"); @@ -89,6 +95,10 @@ SmartPtrIIntMessage CMonitorReadingMessageSource::doReceive( } std::string reason; + // If Listener is pre-configured and Tunnel enabled, start listener + // Sets startup type if it is following tunnel + _monitorListener->followTunnel(_listenerStartupType); + if (FileSystemUtils::doesFileExist(_listenerConfiguredStage2Path)) { if (FileSystemUtils::doesFileExist(_restartListenerPath)) { reason = FileSystemUtils::loadTextFile(_restartListenerPath); @@ -115,7 +125,7 @@ SmartPtrIIntMessage CMonitorReadingMessageSource::doReceive( + CStringConv::toString(_listenerRetryMax); _listenerRetryCnt++; _listenerStartTimeMs = CDateTimeUtils::getTimeMs(); - startListener(reason); + _monitorListener->startListener(reason); } else { reason = "Listener not running... Retries exhausted - " + CStringConv::toString(_listenerRetryCnt + 1) + " of " diff --git a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/stdafx.h b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/stdafx.h index d5706154b..7b151e19e 100644 --- a/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/stdafx.h +++ b/open-vm-tools/common-agent/Cpp/ManagementAgent/Subsystems/MaIntegration/src/stdafx.h @@ -30,6 +30,8 @@ #include "CPersistenceInboundChannelAdapterInstance.h" #include "CPersistenceOutboundChannelAdapterInstance.h" +#include "CMonitorListener.h" + #include "CPersistenceMerge.h" #include "CConfigEnvMerge.h" #include "CConfigEnv.h" @@ -37,7 +39,6 @@ #include "CConfigEnvInboundChannelAdapterInstance.h" #include "CConfigEnvOutboundChannelAdapterInstance.h" - #include "CCollectSchemaExecutor.h" #include "CProviderCollectSchemaExecutor.h" #include "CProviderExecutor.h" diff --git a/open-vm-tools/common-agent/etc/config/CommAmqpListener-appconfig b/open-vm-tools/common-agent/etc/config/CommAmqpListener-appconfig index b34e55751..e5825e251 100644 --- a/open-vm-tools/common-agent/etc/config/CommAmqpListener-appconfig +++ b/open-vm-tools/common-agent/etc/config/CommAmqpListener-appconfig @@ -40,9 +40,9 @@ channel_cache_size=4 reply_timeout=5000 [security] -cms_policy=CAF_Encrypted_And_Signed -is_signing_enforced=true -is_encryption_enforced=true +cms_policy=None +is_signing_enforced=false +is_encryption_enforced=false tls_protocol=TLSv1_2 tls_ciphers=SRP-RSA-AES-128-CBC-SHA diff --git a/open-vm-tools/common-agent/etc/config/ma-appconfig b/open-vm-tools/common-agent/etc/config/ma-appconfig index 1818b9bac..4393ac706 100644 --- a/open-vm-tools/common-agent/etc/config/ma-appconfig +++ b/open-vm-tools/common-agent/etc/config/ma-appconfig @@ -8,6 +8,7 @@ tmp_dir=${output_dir}/tmp bean_config_file=${config_dir}/ma-context.xml log_config_file=${config_dir}/ma-log4cpp_config scripts_dir=${config_dir}/../scripts +install_dir=${config_dir}/../install thread_stack_size_kb=0 @@ -17,7 +18,7 @@ schema_location_root=${input_dir}/schemas/caf remap_logging_location=false [security] -cms_policy=CAF_Encrypted_And_Signed +cms_policy=None [managementAgent] host_delay_sec=5 @@ -49,6 +50,8 @@ diagFileAlias_IntBeanConfigFile=file://${root_dir}/config/IntBeanConfigFile.xml? listener_retry_max=-1 listener_startup_type=Automatic listener_restart_hours=48 +listener_ctrl_preconfigure=1 +listener_ctrl_follow_tunnel=1 nsdb_poller_signal_file=${monitor_dir}/nsdbPollerSignal.txt nsdb_polling_interval_secs=86400 diff --git a/open-vm-tools/common-agent/etc/config/providerFx-appconfig b/open-vm-tools/common-agent/etc/config/providerFx-appconfig index 94858c318..50e775ac9 100644 --- a/open-vm-tools/common-agent/etc/config/providerFx-appconfig +++ b/open-vm-tools/common-agent/etc/config/providerFx-appconfig @@ -21,4 +21,4 @@ provider_reg_dir=${input_dir}/providerReg common_packages_dir=${input_dir}/commonPackages [security] -cms_policy=CAF_Encrypted_And_Signed \ No newline at end of file +cms_policy=None \ No newline at end of file diff --git a/open-vm-tools/common-agent/etc/install/preconfigure-listener.sh b/open-vm-tools/common-agent/etc/install/preconfigure-listener.sh new file mode 100644 index 000000000..75d49b6bf --- /dev/null +++ b/open-vm-tools/common-agent/etc/install/preconfigure-listener.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +#Standard env +SCRIPT=`basename "$0"` + +installDir=$(dirname $(readlink -f $0)) +scriptsDir=$installDir/../scripts +configDir=$installDir/../config + +set_caf_pme_paths() +{ + PATH=$PATH:$installDir:$scriptsDir + PERSISTENCE_DIR=${CAF_INPUT_DIR}/persistence + CERTS_DIR=${CERTS_DIR:-'/etc/vmware-tools/GuestProxyData/server'} +} + +configure_caf_common() +{ + mkdir -p ${PERSISTENCE_DIR}/local + mkdir -p ${PERSISTENCE_DIR}/remote/remote_default/cmsCertCollection + mkdir -p ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsCertCollection + mkdir -p ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsCipherCollection/ + + echo "amqpBroker_default" > ${PERSISTENCE_DIR}/remote/remote_default/protocolName.txt + echo "remote_default" > ${PERSISTENCE_DIR}/remote/remote_default/remoteId.txt + echo "des-ede3-cbc" > ${PERSISTENCE_DIR}/remote/remote_default/cmsCipherName.txt + + echo "SRP-RSA-AES-128-CBC-SHA" > ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsCipherCollection/tlsCipher0.txt + echo "amqpBroker_default" > ${PERSISTENCE_DIR}/protocol/amqpBroker_default/protocolName.txt + echo "TLSv1" > ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsProtocol.txt + + cp -rf ${CERTS_DIR}/cert.pem ${PERSISTENCE_DIR}/local/cert.pem + cp -rf ${CERTS_DIR}/key.pem ${PERSISTENCE_DIR}/local/privateKey.pem + + cp -rf ${CERTS_DIR}/cert.pem ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsCert.pem + cp -rf ${CERTS_DIR}/cert.pem ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsCertCollection/tlsCert0.pem + + cp -rf ${CERTS_DIR}/cert.pem ${PERSISTENCE_DIR}/remote/remote_default/cmsCertCollection/cmsCert0.pem + cp -rf ${CERTS_DIR}/cert.pem ${PERSISTENCE_DIR}/remote/remote_default/cmsCert.pem + + /usr/bin/vmware-guestproxycerttool -a ${PERSISTENCE_DIR}/local/cert.pem + /usr/bin/vmware-guestproxycerttool -a ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsCert.pem + /usr/bin/vmware-guestproxycerttool -a ${PERSISTENCE_DIR}/protocol/amqpBroker_default/tlsCertCollection/tlsCert0.pem + +} + +##============================================================================= +## Main +##============================================================================= +. $scriptsDir/caf-common +sourceCafenv "$configDir" + +set_caf_pme_paths +configure_caf_common + +#echo QUIT | openssl s_client -connect localhost:6672 -cert ${CERTS_DIR}/cert.pem -key ${CERTS_DIR}/key.pem -CAfile ${CERTS_DIR}/cert.pem -tls1_2 +#echo QUIT | openssl s_client -connect localhost:6672 -cert ${CERTS_DIR}/cert.pem -key ${CERTS_DIR}/key.pem -CAfile ${CERTS_DIR}/cert.pem -tls1_2 + +echo -n true +