def handle(self): salt = uuid4().hex input = self.request.input input.password = tech_account_password(uuid4().hex, salt) input.salt = salt with closing(self.odb.session()) as session: cluster = session.query(Cluster).filter_by(id=input.cluster_id).first() # Let's see if we already have an account of that name before committing # any stuff into the database. existing_one = session.query(TechnicalAccount).\ filter(Cluster.id==input.cluster_id).\ filter(TechnicalAccount.name==input.name).first() if existing_one: raise Exception('Technical account [{0}] already exists on this cluster'.format(input.name)) try: tech_account = TechnicalAccount(None, input.name, input.is_active, input.password, salt, cluster=cluster) session.add(tech_account) session.commit() except Exception, e: msg = 'Could not create a technical account, e:[{e}]'.format(e=format_exc(e)) self.logger.error(msg) session.rollback() raise else:
def execute(self, args, show_output=True): engine = self._get_engine(args) session = self._get_session(engine) cluster = Cluster() cluster.name = args.cluster_name cluster.description = 'Created by {} on {} (UTC)'.format(self._get_user_host(), datetime.utcnow().isoformat()) for name in('odb_type', 'odb_host', 'odb_port', 'odb_user', 'odb_db_name', 'broker_host', 'broker_port', 'lb_host', 'lb_port', 'lb_agent_port'): setattr(cluster, name, getattr(args, name)) session.add(cluster) salt = uuid4().hex password = tech_account_password(args.tech_account_password, salt) tech_account = TechnicalAccount(None, args.tech_account_name, True, password, salt, cluster) session.add(tech_account) self.add_soap_services(session, cluster, tech_account) self.add_json_services(session, cluster, tech_account) self.add_ping_services(session, cluster) try: session.commit() except IntegrityError, e: msg = 'Cluster name [{}] already exists'.format(cluster.name) if self.verbose: msg += '. Caught an exception:[{}]'.format(format_exc(e)) self.logger.error(msg) self.logger.error(msg) session.rollback() return self.SYS_ERROR.CLUSTER_NAME_ALREADY_EXISTS
def handle(self): salt = uuid4().hex input = self.request.input input.password = tech_account_password(uuid4().hex, salt) with closing(self.odb.session()) as session: cluster = session.query(Cluster).filter_by(id=input.cluster_id).first() # Let's see if we already have an account of that name before committing # any stuff into the database. existing_one = session.query(TechnicalAccount).\ filter(Cluster.id==input.cluster_id).\ filter(TechnicalAccount.name==input.name).first() if existing_one: raise Exception('Technical account [{0}] already exists on this cluster'.format(input.name)) try: tech_account = TechnicalAccount(None, input.name, input.is_active, input.password, salt, cluster=cluster) session.add(tech_account) session.commit() except Exception, e: msg = 'Could not create a technical account, e:[{e}]'.format(e=format_exc(e)) self.logger.error(msg) session.rollback() raise else:
def handle(self, *args, **kwargs): with closing(self.server.odb.session()) as session: payload = kwargs.get("payload") request_params = ["cluster_id", "name", "is_active"] params = _get_params(payload, request_params, "data.") cluster_id = params["cluster_id"] name = params["name"] cluster = session.query(Cluster).filter_by(id=cluster_id).first() salt = uuid4().hex password = tech_account_password(uuid4().hex, salt) # Let's see if we already have an account of that name before committing # any stuff into the database. existing_one = ( session.query(TechnicalAccount) .filter(Cluster.id == cluster_id) .filter(TechnicalAccount.name == name) .first() ) if existing_one: raise Exception("Technical account [{0}] already exists on this cluster".format(name)) tech_account_elem = Element("tech_account") try: tech_account = TechnicalAccount(None, name, password, salt, params["is_active"], cluster=cluster) session.add(tech_account) session.commit() tech_account_elem.id = tech_account.id except Exception, e: msg = "Could not create a technical account, e=[{e}]".format(e=format_exc(e)) self.logger.error(msg) session.rollback() raise else:
def _auth(instance, password): instance.password = tech_account_password(password, salt) instance.salt = salt
def _auth(instance, password): salt = uuid4().hex instance.password = tech_account_password(password, salt) instance.salt = salt
def execute(self, args): try: # Make sure the ODB tables exists. # Note: Also make sure that's always at the very top of the method # as otherwise the 'quickstart' command will fail on a pristine # database, one that hasn't been used with Zato yet. create_odb.CreateODB().execute(args) args.cluster_name = "ZatoQuickstart" args.server_name = "ZatoServer" engine = self._get_engine(args) print("\nPinging database..") engine.execute(ping_queries[args.odb_type]) print("Ping OK\n") session = self._get_session(engine) next_id = self.get_next_id( session, Cluster, Cluster.name, "ZatoQuickstartCluster-%", Cluster.id.desc(), "#" ) cluster_name = "ZatoQuickstartCluster-#{next_id}".format(next_id=next_id) ca_dir = os.path.abspath(os.path.join(self.target_dir, "./ca")) lb_dir = os.path.abspath(os.path.join(self.target_dir, "./load-balancer")) server_dir = os.path.abspath(os.path.join(self.target_dir, "./server")) zato_admin_dir = os.path.abspath(os.path.join(self.target_dir, "./zato-admin")) broker_dir = os.path.abspath(os.path.join(self.target_dir, "./broker")) # Create the CA. os.mkdir(ca_dir) ca_create_ca.CreateCA(ca_dir).execute(args) # Create the broker cb = create_broker.CreateBroker(broker_dir) cb.execute(args) # Create crypto stuff for each component (but not for the broker) lb_format_args = ca_create_lb_agent.CreateLBAgent(ca_dir).execute(args) server_format_args = ca_create_server.CreateServer(ca_dir).execute(args) zato_admin_format_args = ca_create_zato_admin.CreateZatoAdmin(ca_dir).execute(args) # Create the LB agent os.mkdir(lb_dir) create_lb.CreateLoadBalancer(lb_dir).execute(args) # .. copy the LB agent's crypto material over to its directory shutil.copy2(lb_format_args["priv_key_name"], os.path.join(lb_dir, "config", "lba-priv-key.pem")) shutil.copy2(lb_format_args["cert_name"], os.path.join(lb_dir, "config", "lba-cert.pem")) shutil.copy2( os.path.join(ca_dir, "ca-material/ca-cert.pem"), os.path.join(lb_dir, "config", "ca-chain.pem") ) # Create the server os.mkdir(server_dir) cs = create_server.CreateServer(server_dir, cluster_name) # Copy crypto stuff to the newly created directories. We're doing # it here because CreateServer's execute expects the pub_key to be # already at its place. cs.prepare_directories() shutil.copy2(server_format_args["priv_key_name"], os.path.join(server_dir, "config/repo/zs-priv-key.pem")) shutil.copy2(server_format_args["pub_key_name"], os.path.join(server_dir, "config/repo/zs-pub-key.pem")) shutil.copy2(server_format_args["cert_name"], os.path.join(server_dir, "config/repo/zs-cert.pem")) shutil.copy2( os.path.join(ca_dir, "ca-material/ca-cert.pem"), os.path.join(server_dir, "config/repo/ca-chain.pem") ) cs.execute(args) # Create the web admin now. tech_account_name = "zato-{random}".format(random=uuid4().hex[:10]) tech_account_password_clear = uuid4().hex os.mkdir(zato_admin_dir) create_zato_admin.CreateZatoAdmin(zato_admin_dir, tech_account_name, tech_account_password_clear).execute( args ) # .. copy the web admin's material over to its directory # Will be used later on. priv_key_path = os.path.join(zato_admin_dir, "zato-admin-priv-key.pem") shutil.copy2(zato_admin_format_args["priv_key_name"], priv_key_path) shutil.copy2(zato_admin_format_args["cert_name"], os.path.join(zato_admin_dir, "zato-admin-cert.pem")) shutil.copy2(os.path.join(ca_dir, "ca-material/ca-cert.pem"), os.path.join(zato_admin_dir, "ca-chain.pem")) print("Setting up ODB objects..") # # Cluster # cluster = Cluster( None, cluster_name, "An automatically generated quickstart cluster", args.odb_type, args.odb_host, args.odb_port, args.odb_user, args.odb_dbname, args.odb_schema, args.broker_host, args.broker_start_port, cb.token, "localhost", 20151, 11223, ) # # Server # server = Server( None, "ZatoQuickstartServer-(cluster-#{next_id})".format(next_id=next_id), cluster, cs.odb_token, "ACCEPTED", datetime.now(), "zato-quickstart/" + current_host(), ) session.add(server) # # SOAP Services # soap_services = { # SQL connection pools "zato:pool.sql.get-list": "zato.server.service.internal.sql.GetSQLConnectionPoolList", "zato:pool.sql.create": "zato.server.service.internal.sql.CreateSQLConnectionPool", "zato:pool.sql.edit": "zato.server.service.internal.sql.EditSQLConnectionPool", "zato:pool.sql.delete": "zato.server.service.internal.sql.DeleteSQLConnectionPool", "zato:pool.sql.change-password": "******", "zato:pool.sql.ping": "zato.server.service.internal.sql.PingSQLConnectionPool", # Scheduler "zato:scheduler.job.get-list": "zato.server.service.internal.scheduler.GetList", "zato:scheduler.job.create": "zato.server.service.internal.scheduler.Create", "zato:scheduler.job.edit": "zato.server.service.internal.scheduler.Edit", "zato:scheduler.job.execute": "zato.server.service.internal.scheduler.Execute", "zato:scheduler.job.delete": "zato.server.service.internal.scheduler.Delete", # Services "zato:service.get-list": "zato.server.service.internal.service.GetList", "zato:service.get-by-id": "zato.server.service.internal.service.GetByID", "zato:service.create": "zato.server.service.internal.service.Create", "zato:service.edit": "zato.server.service.internal.service.Edit", "zato:service.delete": "zato.server.service.internal.service.Delete", # SOAP channels "zato:channel.soap.get-list": "zato.server.service.internal.channel.soap.GetList", # Security "zato:security.get-list": "zato.server.service.internal.security.GetList", # Technical accounts "zato:security.tech-account.get-list": "zato.server.service.internal.security.tech_account.GetList", "zato:security.tech-account.get-by-id": "zato.server.service.internal.security.tech_account.GetByID", "zato:security.tech-account.create": "zato.server.service.internal.security.tech_account.Create", "zato:security.tech-account.edit": "zato.server.service.internal.security.tech_account.Edit", "zato:security.tech-account.change-password": "******", "zato:security.tech-account.delete": "zato.server.service.internal.security.tech_account.Delete", # WS-Security "zato:security.wss.get-list": "zato.server.service.internal.security.wss.GetList", "zato:security.wss.create": "zato.server.service.internal.security.wss.Create", "zato:security.wss.edit": "zato.server.service.internal.security.wss.Edit", "zato:security.wss.change-password": "******", "zato:security.wss.delete": "zato.server.service.internal.security.wss.Delete", # HTTP Basic Auth "zato:security.basic-auth.get-list": "zato.server.service.internal.security.basic_auth.GetList", "zato:security.basic-auth.create": "zato.server.service.internal.security.basic_auth.Create", "zato:security.basic-auth.edit": "zato.server.service.internal.security.basic_auth.Edit", "zato:security.basic-auth.change-password": "******", "zato:security.basic-auth.delete": "zato.server.service.internal.security.basic_auth.Delete", # Definitions - AMQP "zato:definition.amqp.get-list": "zato.server.service.internal.definition.amqp.GetList", "zato:definition.amqp.get-by-id": "zato.server.service.internal.definition.amqp.GetByID", "zato:definition.amqp.create": "zato.server.service.internal.definition.amqp.Create", "zato:definition.amqp.change-password": "******", "zato:definition.amqp.edit": "zato.server.service.internal.definition.amqp.Edit", "zato:definition.amqp.delete": "zato.server.service.internal.definition.amqp.Delete", # Definitions - JMS WebSphere MQ "zato:definition.jms_wmq.get-list": "zato.server.service.internal.definition.jms_wmq.GetList", "zato:definition.jms_wmq.get-by-id": "zato.server.service.internal.definition.jms_wmq.GetByID", "zato:definition.jms_wmq.create": "zato.server.service.internal.definition.jms_wmq.Create", "zato:definition.jms_wmq.edit": "zato.server.service.internal.definition.jms_wmq.Edit", "zato:definition.jms_wmq.delete": "zato.server.service.internal.definition.jms_wmq.Delete", # Channels - AMQP "zato:channel.amqp.get-list": "zato.server.service.internal.channel.amqp.GetList", "zato:channel.amqp.create": "zato.server.service.internal.channel.amqp.Create", "zato:channel.amqp.edit": "zato.server.service.internal.channel.amqp.Edit", "zato:channel.amqp.delete": "zato.server.service.internal.channel.amqp.Delete", # Channels - JMS WebSphere MQ "zato:channel.jms_wmq.get-list": "zato.server.service.internal.channel.jms_wmq.GetList", "zato:channel.jms_wmq.create": "zato.server.service.internal.channel.jms_wmq.Create", "zato:channel.jms_wmq.edit": "zato.server.service.internal.channel.jms_wmq.Edit", "zato:channel.jms_wmq.delete": "zato.server.service.internal.channel.jms_wmq.Delete", # Channels - ZeroMQ "zato:channel.zmq.get-list": "zato.server.service.internal.channel.zmq.GetList", "zato:channel.zmq.create": "zato.server.service.internal.channel.zmq.Create", "zato:channel.zmq.edit": "zato.server.service.internal.channel.zmq.Edit", "zato:channel.zmq.delete": "zato.server.service.internal.channel.zmq.Delete", # Outgoing connections - AMQP "zato:outgoing.amqp.get-list": "zato.server.service.internal.outgoing.amqp.GetList", "zato:outgoing.amqp.create": "zato.server.service.internal.outgoing.amqp.Create", "zato:outgoing.amqp.edit": "zato.server.service.internal.outgoing.amqp.Edit", "zato:outgoing.amqp.delete": "zato.server.service.internal.outgoing.amqp.Delete", # Outgoing connections - JMS WebSphere MQ "zato:outgoing.jms_wmq.get-list": "zato.server.service.internal.outgoing.jms_wmq.GetList", "zato:outgoing.jms_wmq.create": "zato.server.service.internal.outgoing.jms_wmq.Create", "zato:outgoing.jms_wmq.edit": "zato.server.service.internal.outgoing.jms_wmq.Edit", "zato:outgoing.jms_wmq.delete": "zato.server.service.internal.outgoing.jms_wmq.Delete", # Outgoing connections - S3 "zato:outgoing.s3.get-list": "zato.server.service.internal.outgoing.s3.GetList", "zato:outgoing.s3.create": "zato.server.service.internal.outgoing.s3.Create", "zato:outgoing.s3.edit": "zato.server.service.internal.outgoing.s3.Edit", "zato:outgoing.s3.delete": "zato.server.service.internal.outgoing.s3.Delete", # Outgoing connections - FTP "zato:outgoing.ftp.get-list": "zato.server.service.internal.outgoing.ftp.GetList", "zato:outgoing.ftp.create": "zato.server.service.internal.outgoing.ftp.Create", "zato:outgoing.ftp.edit": "zato.server.service.internal.outgoing.ftp.Edit", "zato:outgoing.ftp.delete": "zato.server.service.internal.outgoing.ftp.Delete", "zato:outgoing.ftp.change-password": "******", # Outgoing connections - ZeroMQ "zato:outgoing.zmq.get-list": "zato.server.service.internal.outgoing.zmq.GetList", "zato:outgoing.zmq.create": "zato.server.service.internal.outgoing.zmq.Create", "zato:outgoing.zmq.edit": "zato.server.service.internal.outgoing.zmq.Edit", "zato:outgoing.zmq.delete": "zato.server.service.internal.outgoing.zmq.Delete", # HTTP SOAP "zato:http_soap.get-list": "zato.server.service.internal.http_soap.GetList", "zato:http_soap.create": "zato.server.service.internal.http_soap.Create", "zato:http_soap.edit": "zato.server.service.internal.http_soap.Edit", "zato:http_soap.delete": "zato.server.service.internal.http_soap.Delete", } # # TechnicalAccount # salt = uuid4().hex password = tech_account_password(tech_account_password_clear, salt) tech_account = TechnicalAccount( None, tech_account_name, True, password, salt, security_def_type.tech_account, cluster ) session.add(tech_account) # # HTTPSOAP + services # zato_soap_channels = [] for soap_action, service_name in soap_services.iteritems(): service = Service(None, service_name, True, service_name, True, cluster) session.add(service) zato_soap = HTTPSOAP( None, soap_action, True, True, "channel", "soap", "/zato/soap", None, soap_action, "1.1", service=service, cluster=cluster, security_id=tech_account.id, ) session.add(zato_soap) zato_soap_channels.append(zato_soap) # # Security definition for all the other admin services uses a technical account. # # sec_def = SecurityDefinition(None, security_def_type.tech_account) # session.add(sec_def) # # HTTPSOAPSecurity # # for soap_channel in zato_soap_channels: # chan_url_sec = HTTPSOAPSecurity(soap_channel, sec_def) # session.add(chan_url_sec) # Ping services # self.add_ping(session, cluster) # Commit all the stuff. session.commit() print("ODB objects created") print("") print("Quickstart OK. You can now start the newly created Zato components.\n") print( """To start the server, type 'zato start {server_dir}'. To start the load-balancer's agent, type 'zato start {lb_dir}'. To start the ZatoAdmin web console, type 'zato start {zato_admin_dir}'. """.format( server_dir=server_dir, lb_dir=lb_dir, zato_admin_dir=zato_admin_dir ) ) except Exception, e: print("\nAn exception has been caught, quitting now!\n") traceback.print_exc() print("")