Persist IP addresses related to VM access via CPVM (#9534)
diff --git a/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java b/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
index ccd0d97..26f9d4b 100644
--- a/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
+++ b/agent/src/main/java/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
@@ -397,9 +397,8 @@
}
public String authenticateConsoleAccess(String host, String port, String vmId, String sid, String ticket,
- Boolean isReauthentication, String sessionToken) {
-
- ConsoleAccessAuthenticationCommand cmd = new ConsoleAccessAuthenticationCommand(host, port, vmId, sid, ticket, sessionToken);
+ Boolean isReauthentication, String sessionToken, String clientAddress) {
+ ConsoleAccessAuthenticationCommand cmd = new ConsoleAccessAuthenticationCommand(host, port, vmId, sid, ticket, sessionToken, clientAddress);
cmd.setReauthenticating(isReauthentication);
ConsoleProxyAuthenticationResult result = new ConsoleProxyAuthenticationResult();
diff --git a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
index 5bd9699..23b571e 100644
--- a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
+++ b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
@@ -44,7 +44,7 @@
void removeSessions(String[] sessionUuids);
- void acquireSession(String sessionUuid);
+ void acquireSession(String sessionUuid, String clientAddress);
String genAccessTicket(String host, String port, String sid, String tag, String sessionUuid);
String genAccessTicket(String host, String port, String sid, String tag, Date normalizedHashTime, String sessionUuid);
diff --git a/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java b/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java
index 683d4af..ac6f15e 100644
--- a/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java
+++ b/core/src/main/java/com/cloud/agent/api/ConsoleAccessAuthenticationCommand.java
@@ -27,6 +27,7 @@
private String _sid;
private String _ticket;
private String sessionUuid;
+ private String clientAddress;
private boolean _isReauthenticating;
@@ -35,13 +36,14 @@
}
public ConsoleAccessAuthenticationCommand(String host, String port, String vmId, String sid, String ticket,
- String sessiontkn) {
+ String sessiontkn, String clientAddress) {
_host = host;
_port = port;
_vmId = vmId;
_sid = sid;
_ticket = ticket;
sessionUuid = sessiontkn;
+ this.clientAddress = clientAddress;
}
public String getHost() {
@@ -79,4 +81,12 @@
public void setSessionUuid(String sessionUuid) {
this.sessionUuid = sessionUuid;
}
+
+ public String getClientAddress() {
+ return clientAddress;
+ }
+
+ public void setClientAddress(String clientAddress) {
+ this.clientAddress = clientAddress;
+ }
}
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java b/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
index abf8604..1e3b3a7 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/DatabaseUpgradeChecker.java
@@ -89,6 +89,7 @@
import com.cloud.upgrade.dao.Upgrade41900to41910;
import com.cloud.upgrade.dao.Upgrade41910to42000;
import com.cloud.upgrade.dao.Upgrade42000to42010;
+import com.cloud.upgrade.dao.Upgrade42010to42100;
import com.cloud.upgrade.dao.Upgrade420to421;
import com.cloud.upgrade.dao.Upgrade421to430;
import com.cloud.upgrade.dao.Upgrade430to440;
@@ -232,6 +233,7 @@
.next("4.19.0.0", new Upgrade41900to41910())
.next("4.19.1.0", new Upgrade41910to42000())
.next("4.20.0.0", new Upgrade42000to42010())
+ .next("4.20.1.0", new Upgrade42010to42100())
.build();
}
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
new file mode 100644
index 0000000..06a68ec
--- /dev/null
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade42010to42100.java
@@ -0,0 +1,83 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.upgrade.dao;
+
+import com.cloud.upgrade.SystemVmTemplateRegistration;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+import java.io.InputStream;
+import java.sql.Connection;
+
+public class Upgrade42010to42100 extends DbUpgradeAbstractImpl implements DbUpgrade, DbUpgradeSystemVmTemplate {
+ private SystemVmTemplateRegistration systemVmTemplateRegistration;
+
+ @Override
+ public String[] getUpgradableVersionRange() {
+ return new String[] {"4.20.1.0", "4.21.0.0"};
+ }
+
+ @Override
+ public String getUpgradedVersion() {
+ return "4.21.0.0";
+ }
+
+ @Override
+ public boolean supportsRollingUpgrade() {
+ return false;
+ }
+
+ @Override
+ public InputStream[] getPrepareScripts() {
+ final String scriptFile = "META-INF/db/schema-42010to42100.sql";
+ final InputStream script = Thread.currentThread().getContextClassLoader().getResourceAsStream(scriptFile);
+ if (script == null) {
+ throw new CloudRuntimeException("Unable to find " + scriptFile);
+ }
+
+ return new InputStream[] {script};
+ }
+
+ @Override
+ public void performDataMigration(Connection conn) {
+ }
+
+ @Override
+ public InputStream[] getCleanupScripts() {
+ final String scriptFile = "META-INF/db/schema-42010to42100-cleanup.sql";
+ final InputStream script = Thread.currentThread().getContextClassLoader().getResourceAsStream(scriptFile);
+ if (script == null) {
+ throw new CloudRuntimeException("Unable to find " + scriptFile);
+ }
+
+ return new InputStream[] {script};
+ }
+
+ private void initSystemVmTemplateRegistration() {
+ systemVmTemplateRegistration = new SystemVmTemplateRegistration("");
+ }
+
+ @Override
+ public void updateSystemVmTemplates(Connection conn) {
+ logger.debug("Updating System Vm template IDs");
+ initSystemVmTemplateRegistration();
+ try {
+ systemVmTemplateRegistration.updateSystemVmTemplates(conn);
+ } catch (Exception e) {
+ throw new CloudRuntimeException("Failed to find / register SystemVM template(s)");
+ }
+ }
+}
diff --git a/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java b/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java
index 81a1124..ef777be 100644
--- a/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java
+++ b/engine/schema/src/main/java/com/cloud/vm/ConsoleSessionVO.java
@@ -64,6 +64,12 @@
@Column(name = "removed")
private Date removed;
+ @Column(name = "console_endpoint_creator_address")
+ private String consoleEndpointCreatorAddress;
+
+ @Column(name = "client_address")
+ private String clientAddress;
+
public long getId() {
return id;
}
@@ -135,4 +141,20 @@
public void setAcquired(Date acquired) {
this.acquired = acquired;
}
+
+ public String getConsoleEndpointCreatorAddress() {
+ return consoleEndpointCreatorAddress;
+ }
+
+ public void setConsoleEndpointCreatorAddress(String consoleEndpointCreatorAddress) {
+ this.consoleEndpointCreatorAddress = consoleEndpointCreatorAddress;
+ }
+
+ public String getClientAddress() {
+ return clientAddress;
+ }
+
+ public void setClientAddress(String clientAddress) {
+ this.clientAddress = clientAddress;
+ }
}
diff --git a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java
index 79158dd..95ced88 100644
--- a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java
+++ b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDao.java
@@ -33,7 +33,7 @@
int expungeSessionsOlderThanDate(Date date);
- void acquireSession(String sessionUuid);
+ void acquireSession(String sessionUuid, String clientAddress);
int expungeByVmList(List<Long> vmIds, Long batchSize);
}
diff --git a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java
index 4870967..3d11789 100644
--- a/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java
+++ b/engine/schema/src/main/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java
@@ -62,9 +62,10 @@
}
@Override
- public void acquireSession(String sessionUuid) {
+ public void acquireSession(String sessionUuid, String clientAddress) {
ConsoleSessionVO consoleSessionVO = findByUuid(sessionUuid);
consoleSessionVO.setAcquired(new Date());
+ consoleSessionVO.setClientAddress(clientAddress);
update(consoleSessionVO.getId(), consoleSessionVO);
}
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100-cleanup.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100-cleanup.sql
new file mode 100644
index 0000000..5f257f2
--- /dev/null
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100-cleanup.sql
@@ -0,0 +1,20 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+--;
+-- Schema upgrade cleanup from 4.20.1.0 to 4.21.0.0
+--;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
new file mode 100644
index 0000000..91223ba
--- /dev/null
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -0,0 +1,26 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+--;
+-- Schema upgrade from 4.20.1.0 to 4.21.0.0
+--;
+
+-- Add console_endpoint_creator_address column to cloud.console_session table
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.console_session', 'console_endpoint_creator_address', 'VARCHAR(45)');
+
+-- Add client_address column to cloud.console_session table
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.console_session', 'client_address', 'VARCHAR(45)');
diff --git a/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java b/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
index 4ba0d7f..93cf1e3 100644
--- a/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
@@ -89,6 +89,7 @@
String ticketInUrl = cmd.getTicket();
String sessionUuid = cmd.getSessionUuid();
+ String clientAddress = cmd.getClientAddress();
if (ticketInUrl == null) {
logger.error("Access ticket could not be found, you could be running an old version of console proxy. vmId: " + cmd.getVmId());
@@ -111,7 +112,7 @@
}
logger.debug(String.format("Acquiring session [%s] as it was just used.", sessionUuid));
- consoleAccessManager.acquireSession(sessionUuid);
+ consoleAccessManager.acquireSession(sessionUuid, clientAddress);
if (!ticket.equals(ticketInUrl)) {
Date now = new Date();
diff --git a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
index 124ca05..0116069 100644
--- a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
+++ b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
@@ -248,8 +248,8 @@
}
@Override
- public void acquireSession(String sessionUuid) {
- consoleSessionDao.acquireSession(sessionUuid);
+ public void acquireSession(String sessionUuid, String clientAddress) {
+ consoleSessionDao.acquireSession(sessionUuid, clientAddress);
}
protected boolean checkSessionPermission(VirtualMachine vm, Account account) {
@@ -389,7 +389,7 @@
String url = generateConsoleAccessUrl(rootUrl, param, token, vncPort, vm, hostVo, details);
logger.debug("Adding allowed session: " + sessionUuid);
- persistConsoleSession(sessionUuid, vm.getId(), hostVo.getId());
+ persistConsoleSession(sessionUuid, vm.getId(), hostVo.getId(), addr);
managementServer.setConsoleAccessForVm(vm.getId(), sessionUuid);
ConsoleEndpoint consoleEndpoint = new ConsoleEndpoint(true, url);
@@ -403,13 +403,14 @@
return consoleEndpoint;
}
- protected void persistConsoleSession(String sessionUuid, long instanceId, long hostId) {
+ protected void persistConsoleSession(String sessionUuid, long instanceId, long hostId, String consoleEndpointCreatorAddress) {
ConsoleSessionVO consoleSessionVo = new ConsoleSessionVO();
consoleSessionVo.setUuid(sessionUuid);
consoleSessionVo.setAccountId(CallContext.current().getCallingAccountId());
consoleSessionVo.setUserId(CallContext.current().getCallingUserId());
consoleSessionVo.setInstanceId(instanceId);
consoleSessionVo.setHostId(hostId);
+ consoleSessionVo.setConsoleEndpointCreatorAddress(consoleEndpointCreatorAddress);
consoleSessionDao.persist(consoleSessionVo);
}
diff --git a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java
index 22922f4..cf59129 100644
--- a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java
+++ b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxy.java
@@ -183,7 +183,6 @@
}
public static ConsoleProxyAuthenticationResult authenticateConsoleAccess(ConsoleProxyClientParam param, boolean reauthentication) {
-
ConsoleProxyAuthenticationResult authResult = new ConsoleProxyAuthenticationResult();
authResult.setSuccess(true);
authResult.setReauthentication(reauthentication);
@@ -227,7 +226,7 @@
try {
result =
authMethod.invoke(ConsoleProxy.context, param.getClientHostAddress(), String.valueOf(param.getClientHostPort()), param.getClientTag(),
- param.getClientHostPassword(), param.getTicket(), reauthentication, param.getSessionUuid());
+ param.getClientHostPassword(), param.getTicket(), reauthentication, param.getSessionUuid(), param.getClientIp());
} catch (IllegalAccessException e) {
LOGGER.error("Unable to invoke authenticateConsoleAccess due to IllegalAccessException" + " for vm: " + param.getClientTag(), e);
authResult.setSuccess(false);
@@ -301,7 +300,7 @@
final ClassLoader loader = Thread.currentThread().getContextClassLoader();
Class<?> contextClazz = loader.loadClass("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource");
authMethod = contextClazz.getDeclaredMethod("authenticateConsoleAccess", String.class, String.class,
- String.class, String.class, String.class, Boolean.class, String.class);
+ String.class, String.class, String.class, Boolean.class, String.class, String.class);
reportMethod = contextClazz.getDeclaredMethod("reportLoadInfo", String.class);
ensureRouteMethod = contextClazz.getDeclaredMethod("ensureRoute", String.class);
} catch (SecurityException e) {