diff --git a/install.sh b/install.sh index ef2958f090..58c12263e0 100755 --- a/install.sh +++ b/install.sh @@ -1354,7 +1354,8 @@ RUBY_OPENNEBULA_LIB_FILES="src/oca/ruby/opennebula/acl_pool.rb \ src/oca/ruby/opennebula/marketplace_pool.rb \ src/oca/ruby/opennebula/marketplace.rb \ src/oca/ruby/opennebula/marketplaceapp_pool.rb \ - src/oca/ruby/opennebula/marketplaceapp.rb" + src/oca/ruby/opennebula/marketplaceapp.rb \ + src/oca/ruby/opennebula/utils.rb" #------------------------------------------------------------------------------- # Common Cloud Files diff --git a/src/cli/one_helper.rb b/src/cli/one_helper.rb index 86fc98526c..138bfc3bd0 100644 --- a/src/cli/one_helper.rb +++ b/src/cli/one_helper.rb @@ -492,20 +492,6 @@ EOT end - # receive a object key => value format - # returns hashed values - def encrypt(opts, token) - res = {} - opts.each do |key, value| - cipher = OpenSSL::Cipher::AES.new(256,:CBC) - cipher.encrypt.key = token[0..31] - encrypted = cipher.update(value) + cipher.final - res[key] = Base64::encode64(encrypted) - end - - return res - end - def list_pool(options, top=false, filter_flag=nil) if options[:describe] table = format_pool(options) diff --git a/src/oca/ruby/opennebula.rb b/src/oca/ruby/opennebula.rb index 9a2d079a2a..7df86fbf9b 100644 --- a/src/oca/ruby/opennebula.rb +++ b/src/oca/ruby/opennebula.rb @@ -27,6 +27,7 @@ require 'pp' require 'opennebula/xml_utils' require 'opennebula/client' require 'opennebula/error' +require 'opennebula/utils' require 'opennebula/virtual_machine' require 'opennebula/virtual_machine_pool' require 'opennebula/virtual_network' diff --git a/src/oca/ruby/opennebula/utils.rb b/src/oca/ruby/opennebula/utils.rb new file mode 100644 index 0000000000..2469590329 --- /dev/null +++ b/src/oca/ruby/opennebula/utils.rb @@ -0,0 +1,35 @@ +# -------------------------------------------------------------------------- # +# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +module OpenNebula + # we use this file to extend opennebula oca functionalities + # It contains generic methods that can be used in oca context + # to help other components + + # receive a object key => value format + # returns hashed values + def self.encrypt(opts, token) + res = {} + opts.each do |key, value| + cipher = OpenSSL::Cipher::AES.new(256,:CBC) + cipher.encrypt.key = token[0..31] + encrypted = cipher.update(value) + cipher.final + res[key] = Base64::encode64(encrypted).gsub("\n", "") + end + return res + end + +end diff --git a/src/onedb/local/4.90.0_to_5.3.80.rb b/src/onedb/local/4.90.0_to_5.3.80.rb index 03aebfc182..2cdab4d331 100644 --- a/src/onedb/local/4.90.0_to_5.3.80.rb +++ b/src/onedb/local/4.90.0_to_5.3.80.rb @@ -19,7 +19,7 @@ require 'set' require 'base64' require 'zlib' require 'pathname' - +require 'yaml' require 'opennebula' $: << File.dirname(__FILE__) @@ -38,6 +38,8 @@ module Migrator def up init_log_time() + feature_5136() + feature_4901() feature_5005() @@ -47,7 +49,6 @@ module Migrator bug_3705() feature_4809() - log_time() return true @@ -64,6 +65,54 @@ module Migrator end end + ############################################################################ + # Feature 5136. Improve ec2 keys_ids_security + # + ############################################################################ + def feature_5136 + ec2_driver_conf = "#{ETC_LOCATION}/ec2_driver.conf" + token = File.read(VAR_LOCATION+'/.one/one_key') + opts = {} + + begin + ec2_conf = YAML::load(File.read(ec2_driver_conf)) + rescue Exception => e + str_error="ec2_driver.conf invalid syntax!" + raise str_error + end + + regions = ec2_conf["regions"] + @db.run "ALTER TABLE host_pool RENAME TO old_host_pool;" + create_table(:host_pool) + + @db.transaction do + @db.fetch("SELECT * FROM old_host_pool") do |row| + doc = Nokogiri::XML(row[:body], nil, NOKOGIRI_ENCODING) { |c| + c.default_xml.noblanks + } + template = doc.root.at_xpath("TEMPLATE") + + if xpath(doc, "TEMPLATE/HYPERVISOR").to_s == "ec2" + + host_name = xpath(doc, "NAME").to_s + host_info = ( regions[host_name].nil? ? regions["default"] : regions[host_name] ) + + opts["EC2_ACCESS"]=host_info["access_key_id"] + opts["EC2_SECRET"]=host_info["secret_access_key"] + + OpenNebula.encrypt(opts, token).each { |k, v| + template.add_child(doc.create_element k, v) + } + end + + row[:body] = doc.root.to_s + @db[:host_pool].insert(row) + end + end + + @db.run "DROP TABLE old_host_pool;" + end + ############################################################################ # Feature 4921. Adds TOTAL_CPU and TOTAL_MEM to HOST/HOST_SHARE to compute # MAX_CPU and MAX_MEM when RESERVED_CPU/MEM is updated