Improve the keytab deployment tool. kerby-2.0.0
authorplusplusjiajia <jiajia.li@intel.com>
Fri, 24 Aug 2018 06:16:01 +0000 (14:16 +0800)
committerplusplusjiajia <jiajia.li@intel.com>
Fri, 24 Aug 2018 06:22:08 +0000 (14:22 +0800)
has-project/docs/has-start.md
kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java [deleted file]
kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/KeytabCommand.java [new file with mode: 0644]
kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/hclient/HasClientLoginTool.java

index 20cd4555d64950541cd26b896a9b60dc825aa475..5fa17336202b16f51150a1f37e4ae57e4f3987d2 100644 (file)
@@ -192,22 +192,17 @@ admin.local: exit
 ```
 The admin.keytab file is created by the has-init. In local and remote admin tool, you can type "?" for help.
 
-#### Get hostRoles list:
-```
-cd kerby-dist/has-dist
-// Start local or remote hadmin tool
-sh bin/admin-local.sh(bin/admin-remote.sh) <conf_dir> -k <keytab>
-admin.local: hostroles
-admin.local: exit
+#### Export and deploy keytabs:
 ```
+// Start local admin tool
+sh bin/admin-local.sh <conf_dir> -k <keytab>
 
-#### Export service keytabs:
-```
-cd kerby-dist/has-dist
-// Start local or remote hadmin tool
-sh bin/admin-local.sh(bin/admin-remote.sh) <conf_dir> -k <keytab>
-// An example of exporting keytabs of localhost(hostname):
-admin.local: expkeytabs localhost
+// keytab deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]
+// Where-to-Deploy: The place to store the keytabs
+// UserName: The host user name
+// Password: The host password
+// All the hosts with the same user and password
+admin.local: keytab deploy hosts.txt 22 /etc/has/ username password
 admin.local: exit
 ```
 
@@ -225,12 +220,12 @@ echo { \
 // Start local admin tool
 sh bin/admin-local.sh <conf_dir> -k <keytab>
 
-// deploy_keytabs [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]
+// keytab create_deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]
 // Where-to-Deploy: The place to store the keytabs
 // UserName: The host user name
 // Password: The host password
 // All the hosts with the same user and password
-admin.local: deploy_keytabs hosts.txt 22 /etc/has/ username password
+admin.local: keytab create_deploy hosts.txt 22 /etc/has/ username password
 admin.local: exit
 ```
 Note: The admin.keytab file is created by the `has-init`. In local admin tool, you can type "?" for help.
index f4cc8799286508e9bd9d558d9c24096776b397e4..6c787bdae1905bbcf139de5138388431d01479de 100644 (file)
@@ -26,7 +26,7 @@ import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
 import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
 import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
-import org.apache.kerby.kerberos.tool.admin.local.cmd.AddPrincipalsAndDeployKeytabsCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.KeytabCommand;
 import org.apache.kerby.kerberos.tool.admin.local.cmd.AddPrincipalsCommand;
 import org.apache.kerby.kerberos.tool.admin.local.cmd.DeployHTTPSCertsCommand;
 import org.apache.kerby.kerberos.tool.admin.local.cmd.DisableConfigureCommand;
@@ -110,8 +110,8 @@ public class AdminLocalTool {
         + "                         Enable configure\n"
         + "disable_configure, disable\n"
         + "                         Disable configure\n"
-        + "deploy_keytabs, depkeytabs\n"
-        + "                         Deploy keytabs\n"
+        + "keytab\n"
+        + "                         Add principals, export keytabs, and deploy keytabs\n"
         + "deploy_https, dephttps\n"
         + "                         Deploy https\n";
 
@@ -163,9 +163,8 @@ public class AdminLocalTool {
         } else if (cmd.startsWith("disable_configure")
             || cmd.startsWith("disable")) {
             hadminExecutor = new DisableConfigureCommand(hadmin);
-        } else if (cmd.startsWith("deploy_keytabs")
-            || cmd.startsWith("depkeytabs")) {
-            hadminExecutor = new AddPrincipalsAndDeployKeytabsCommand(hadmin);
+        } else if (cmd.startsWith("keytab")) {
+            hadminExecutor = new KeytabCommand(hadmin);
         } else if (cmd.startsWith("deploy_https")
             || cmd.startsWith("dephttps")) {
             hadminExecutor = new DeployHTTPSCertsCommand(hadmin);
@@ -297,7 +296,7 @@ public class AdminLocalTool {
         Completer completer = new StringsCompleter("add_principal",
                 "delete_principal", "rename_principal", "change_password", "list_principals",
                 "get_principal", "ktadd", "get_hostroles", "export_keytabs", "add_principals",
-                "enable_configure", "disable_configure", "deploy_keytabs", "deploy_https");
+                "enable_configure", "disable_configure", "keytab", "deploy_https");
 
         Terminal terminal = null;
         try {
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java
deleted file mode 100644 (file)
index 865f1c6..0000000
+++ /dev/null
@@ -1,177 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.local.cmd;
-
-
-import com.jcraft.jsch.ChannelSftp;
-import com.jcraft.jsch.JSch;
-import com.jcraft.jsch.JSchException;
-import com.jcraft.jsch.Session;
-import com.jcraft.jsch.SftpException;
-import org.apache.kerby.has.common.HasException;
-import org.apache.kerby.has.server.admin.LocalHadmin;
-import org.codehaus.jettison.json.JSONArray;
-import org.codehaus.jettison.json.JSONException;
-import org.codehaus.jettison.json.JSONObject;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-
-public class AddPrincipalsAndDeployKeytabsCommand extends HadminCommand {
-    private static final String USAGE
-        = "\nUsage: deploy_keytabs [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
-        + "\tExample:\n"
-        + "\t\tdeploy_keytabs hostroles.txt /etc/has/ 22 username password\n";
-
-    public AddPrincipalsAndDeployKeytabsCommand(LocalHadmin hadmin) {
-        super(hadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws HasException {
-
-        if (items.length < 5 || items.length > 6) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        File hostfile = new File(items[1]);
-        if (!hostfile.exists()) {
-            throw new HasException("HostRoles file is not exists.");
-        }
-        String pathToDeploy = items[2];
-        int port = Integer.valueOf(items[3]);
-        String username = items[4];
-        String password = "";
-        if (items.length == 6) {
-            password = items[5];
-        }
-
-        BufferedReader reader;
-        try {
-            reader = new BufferedReader(new FileReader(hostfile));
-        } catch (FileNotFoundException e) {
-            throw new HasException("The host roles file: " + hostfile + "is not exist. " + e.getMessage());
-        }
-        StringBuilder sb = new StringBuilder();
-        String tempString;
-        try {
-            while ((tempString = reader.readLine()) != null) {
-                sb.append(tempString);
-            }
-        } catch (IOException e) {
-            throw new HasException("Failed to read file: " + e.getMessage());
-        }
-        JSONArray hostArray;
-        try {
-            hostArray = new JSONObject(sb.toString()).optJSONArray("HOSTS");
-        } catch (JSONException e) {
-            throw new HasException(e.getMessage());
-        }
-        for (int i = 0; i < hostArray.length(); i++) {
-            JSONObject host;
-            try {
-                host = (JSONObject) hostArray.get(i);
-            } catch (JSONException e) {
-                throw new HasException(e.getMessage());
-            }
-            String hostname;
-            try {
-                hostname = host.getString("name");
-            } catch (JSONException e) {
-                throw new HasException(e.getMessage());
-            }
-            String[] roles;
-            try {
-                roles = host.getString("hostRoles").split(",");
-            } catch (JSONException e) {
-                throw new HasException(e.getMessage());
-            }
-            List<File> keytabs = new ArrayList<>();
-            for (String role : roles) {
-                // Add principal.
-                System.out.println(getHadmin().addPrincByRole(hostname,
-                    role.toUpperCase()));
-                // Export keytab
-                File keytab = getHadmin().getKeytabByHostAndRole(hostname, role);
-
-                keytabs.add(keytab);
-            }
-
-            JSch jsch = new JSch();
-            Session session;
-            try {
-                session = jsch.getSession(username, hostname, port);
-            } catch (JSchException e) {
-                throw new HasException(e.getMessage());
-            }
-            session.setPassword(password);
-
-            java.util.Properties config = new java.util.Properties();
-            config.put("StrictHostKeyChecking", "no");
-            session.setConfig(config);
-
-            ChannelSftp channel;
-            try {
-                session.connect();
-                channel = (ChannelSftp) session.openChannel("sftp");
-                channel.connect();
-            } catch (JSchException e) {
-                throw new HasException("Failed to set the session: " + e.getMessage());
-            }
-            try {
-                String path = "";
-                String[] paths = pathToDeploy.split("/");
-                for (int j = 1; j < paths.length; j++) {
-                    path = path + "/" + paths[i];
-
-                    try {
-                        channel.cd(path);
-                    } catch (SftpException e) {
-                        if (e.id == ChannelSftp.SSH_FX_NO_SUCH_FILE) {
-                            channel.mkdir(path);
-                        } else {
-                            throw new HasException(e.getMessage());
-                        }
-                    }
-                }
-            } catch (SftpException e) {
-                throw new HasException("Failed to mkdir path: " + e.getMessage());
-            }
-
-            for (File keytab : keytabs) {
-                // Send the keytab to remote
-                try {
-                    channel.put(keytab.getAbsolutePath(), pathToDeploy + keytab.getName());
-                } catch (SftpException e) {
-                    throw new HasException("Failed to send the keytab file: " + keytab.getName());
-                }
-            }
-            channel.disconnect();
-        }
-    }
-}
-
-
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/KeytabCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/KeytabCommand.java
new file mode 100644 (file)
index 0000000..09bf0a9
--- /dev/null
@@ -0,0 +1,220 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local.cmd;
+
+
+import com.jcraft.jsch.ChannelSftp;
+import com.jcraft.jsch.JSch;
+import com.jcraft.jsch.JSchException;
+import com.jcraft.jsch.Session;
+import com.jcraft.jsch.SftpException;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+import org.codehaus.jettison.json.JSONArray;
+import org.codehaus.jettison.json.JSONException;
+import org.codehaus.jettison.json.JSONObject;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class KeytabCommand extends HadminCommand {
+    private static final String KEYTAB_CREATE_USAGE
+        = "\nUsage: keytab create [HostRoles-File]\n"
+        + "\tAdd principals in backend.\n"
+        + "\tExample:\n"
+        + "\t\tkeytab create hostroles.txt\n";
+
+    private static final String KEYTAB_DEPLOY_USAGE
+        = "\nUsage: keytab deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
+        + "\tExport and deploy keytabs.\n"
+        + "\tExample:\n"
+        + "\t\tkeytab deploy hostroles.txt /etc/has/ 22 username password\n";
+
+    private static final String KEYTAB_CREATE_DEPLOY_USAGE
+        = "\nUsage: keytab create_deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
+        + "\tAdd principals, export and deploy keytabs.\n"
+        + "\tExample:\n"
+        + "\t\tkeytab create_deploy hostroles.txt /etc/has/ 22 username password\n";
+
+    public KeytabCommand(LocalHadmin hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws HasException {
+
+        if (items.length < 3) {
+            System.err.println(KEYTAB_CREATE_USAGE);
+            System.err.println(KEYTAB_DEPLOY_USAGE);
+            System.err.println(KEYTAB_CREATE_DEPLOY_USAGE);
+            return;
+        }
+
+        String cmd = items[1];
+
+        File hostfile = new File(items[2]);
+        if (!hostfile.exists()) {
+            throw new HasException("Host roles file: " + items[2] + " is not exists.");
+        }
+
+        BufferedReader reader;
+        try {
+            reader = new BufferedReader(new FileReader(hostfile));
+        } catch (FileNotFoundException e) {
+            throw new HasException("The host roles file: " + hostfile
+                + " is not exist. " + e.getMessage());
+        }
+        StringBuilder sb = new StringBuilder();
+        String tempString;
+        try {
+            while ((tempString = reader.readLine()) != null) {
+                sb.append(tempString);
+            }
+        } catch (IOException e) {
+            throw new HasException("Failed to read file: " + e.getMessage());
+        }
+        JSONArray hostArray;
+        try {
+            hostArray = new JSONObject(sb.toString()).optJSONArray("HOSTS");
+        } catch (JSONException e) {
+            throw new HasException(e.getMessage());
+        }
+
+        for (int i = 0; i < hostArray.length(); i++) {
+            JSONObject host;
+            try {
+                host = (JSONObject) hostArray.get(i);
+            } catch (JSONException e) {
+                throw new HasException(e.getMessage());
+            }
+            String hostname;
+            try {
+                hostname = host.getString("name");
+            } catch (JSONException e) {
+                throw new HasException(e.getMessage());
+            }
+            String[] roles;
+            try {
+                roles = host.getString("hostRoles").split(",");
+            } catch (JSONException e) {
+                throw new HasException(e.getMessage());
+            }
+
+            if (cmd.equals("create")) {
+                if (items.length != 3) {
+                    System.err.println(KEYTAB_CREATE_USAGE);
+                    return;
+                }
+                for (String role : roles) {
+                    // Add principal.
+                    System.out.println(getHadmin().addPrincByRole(hostname,
+                        role.toUpperCase()));
+                }
+            } else if (cmd.equals("deploy") || cmd.equals("create_deploy")) {
+                if (items.length < 6 || items.length > 7) {
+                    if (cmd.equals("deploy")) {
+                        System.err.println(KEYTAB_DEPLOY_USAGE);
+                    } else {
+                        System.err.println(KEYTAB_CREATE_DEPLOY_USAGE);
+                    }
+                    return;
+                }
+                String pathToDeploy = items[3];
+                int port = Integer.valueOf(items[4]);
+                String username = items[5];
+                String password = "";
+                if (items.length == 7) {
+                    password = items[6];
+                }
+                List<File> keytabs = new ArrayList<>();
+                for (String role : roles) {
+                    if (cmd.equals("create_deploy")) {
+                        // Add principal.
+                        System.out.println(getHadmin().addPrincByRole(hostname,
+                            role.toUpperCase()));
+                    }
+
+                    // Export keytab
+                    File keytab = getHadmin().getKeytabByHostAndRole(hostname, role);
+
+                    keytabs.add(keytab);
+                }
+
+                JSch jsch = new JSch();
+                Session session;
+                try {
+                    session = jsch.getSession(username, hostname, port);
+                } catch (JSchException e) {
+                    throw new HasException(e.getMessage());
+                }
+                session.setPassword(password);
+
+                java.util.Properties config = new java.util.Properties();
+                config.put("StrictHostKeyChecking", "no");
+                session.setConfig(config);
+
+                ChannelSftp channel;
+                try {
+                    session.connect();
+                    channel = (ChannelSftp) session.openChannel("sftp");
+                    channel.connect();
+                } catch (JSchException e) {
+                    throw new HasException("Failed to set the session: " + e.getMessage());
+                }
+                try {
+                    String path = "";
+                    String[] paths = pathToDeploy.split("/");
+                    for (int j = 1; j < paths.length; j++) {
+                        path = path + "/" + paths[i];
+
+                        try {
+                            channel.cd(path);
+                        } catch (SftpException e) {
+                            if (e.id == ChannelSftp.SSH_FX_NO_SUCH_FILE) {
+                                channel.mkdir(path);
+                            } else {
+                                throw new HasException(e.getMessage());
+                            }
+                        }
+                    }
+                } catch (SftpException e) {
+                    throw new HasException("Failed to mkdir path: " + e.getMessage());
+                }
+
+                for (File keytab : keytabs) {
+                    // Send the keytabs to remote
+                    try {
+                        channel.put(keytab.getAbsolutePath(), pathToDeploy + keytab.getName());
+                    } catch (SftpException e) {
+                        throw new HasException("Failed to send the keytab file: " + keytab.getName());
+                    }
+                }
+                channel.disconnect();
+            }
+        }
+    }
+}
+
+
index de8aed1a6b5fd944b401b9edfa5e8400032b54df..99c3dd4b92194b75f48a5345ce9474d9043e43e9 100644 (file)
@@ -82,7 +82,7 @@ public class HasClientLoginTool {
                 subject = JaasKrbUtil.loginUsingKeytab(principalList.get(index),
                     keytabList.get(index));
             } catch (LoginException e) {
-                System.err.println("Fail to login using keytab. " + e);
+                System.err.println("Failed to login using keytab. " + e);
             }
             System.out.println("Login succeeded for user: "
                 + subject.getPrincipals().iterator().next());
@@ -179,7 +179,7 @@ public class HasClientLoginTool {
 
             HasAuthAdminClient authHasAdminClient = null;
             File confFile = new File(confDir, "admin.conf");
-            HasConfig hasConfig = null;
+            HasConfig hasConfig;
             try {
                 hasConfig = HasUtil.getHasConfig(confFile);
             } catch (HasException e) {