Fix IPA initialisation

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
index e6f903d393179003f2862331a9ab131f0133de11..2e294722046e9aed1b9e8315cad7a36495c934dd 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
@@ -54,7 +54,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin {
        private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class);
 
        // GSS API
-       private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH);
+       private Path nodeKeyTab = null;
        private GSSCredential acceptorCredentials;
 
        private boolean singleUser = false;
@@ -271,7 +271,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin {
                Optional<String> realm = userDirectory.getRealm();
                if (realm.isPresent()) {
                        loadIpaJaasConfiguration();
-                       if (Files.exists(nodeKeyTab)) {
+                       if (nodeKeyTab != null && Files.exists(nodeKeyTab)) {
                                String servicePrincipal = getKerberosServicePrincipal(realm.get());
                                if (servicePrincipal != null) {
                                        CallbackHandler callbackHandler = new CallbackHandler() {
@@ -313,6 +313,17 @@ public class CmsUserAdmin extends AggregatingUserAdmin {
 
        private void loadIpaJaasConfiguration() {
                if (CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) {
+                       if (System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB) == null) {
+                               System.setProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB,
+                                               KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH).toString());
+                       }
+                       Path kt = Paths.get(System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB));
+                       if (nodeKeyTab != null) {
+                               if (!nodeKeyTab.equals(kt))
+                                       throw new IllegalStateException("A node keytab is already set");
+                       } else {
+                               nodeKeyTab = kt;
+                       }
                        String jaasConfig = KernelConstants.JAAS_CONFIG_IPA;
                        URL url = getClass().getClassLoader().getResource(jaasConfig);
                        KernelUtils.setJaasConfiguration(url);
@@ -321,7 +332,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin {
        }
 
        protected String getKerberosServicePrincipal(String realm) {
-               if (!Files.exists(nodeKeyTab))
+               if (nodeKeyTab == null || !Files.exists(nodeKeyTab))
                        return null;
                List<String> dns = CmsStateImpl.getDeployProperties(cmsState, CmsDeployProperty.DNS);
                String hostname = CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.HOST);

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelConstants.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelConstants.java
index e6ca1ba605a56057908722f209dbe742cf92a64c..c1bf42a470f65593c105539bcd73beebbfd797a2 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelConstants.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelConstants.java
@@ -8,6 +8,11 @@ interface KernelConstants {
        String DIR_PRIVATE = "private";
 
        // Files
+       /**
+        * Kerberos 5 keytab which will be common to all IPA-enabled children
+        * frameworks.
+        */
+       String PROP_ARGEO_NODE_KRB5_KEYTAB = "argeo.node.krb5.keytab";
        String NODE_KEY_TAB_PATH = DIR_PRIVATE + "/krb5.keytab";
        String NODE_SSHD_AUTHORIZED_KEYS_PATH = DIR_PRIVATE + "/authorized_keys";
 

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelUtils.java
index db33ff9d407bb2fcdbb0ae3cd470954ba6732753..fe9e3581cf8811eb54d4b5ff71ab57ff008dd935 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/KernelUtils.java
@@ -12,9 +12,7 @@ import java.util.Dictionary;
 import java.util.Hashtable;
 import java.util.Properties;
 import java.util.TreeMap;
-import java.util.TreeSet;
 
-import org.argeo.api.cms.CmsLog;
 import org.argeo.cms.internal.osgi.CmsActivator;
 
 /** Package utilities */
@@ -97,8 +95,8 @@ class KernelUtils implements KernelConstants {
        static String getFrameworkProp(String key, String def) {
                String value;
                value = CmsActivator.getFrameworkProperty(key);
-               if (value == null)
-                       value = System.getProperty(key);
+//             if (value == null)
+//                     value = System.getProperty(key);
                if (value == null)
                        return def;
                return value;
@@ -108,11 +106,11 @@ class KernelUtils implements KernelConstants {
                return getFrameworkProp(key, null);
        }
 
-       static void logFrameworkProperties(CmsLog log) {
-               for (Object sysProp : new TreeSet<Object>(System.getProperties().keySet())) {
-                       log.debug(sysProp + "=" + getFrameworkProp(sysProp.toString()));
-               }
-       }
+//     static void logFrameworkProperties(CmsLog log) {
+//             for (Object sysProp : new TreeSet<Object>(System.getProperties().keySet())) {
+//                     log.debug(sysProp + "=" + getFrameworkProp(sysProp.toString()));
+//             }
+//     }
 
        static void printSystemProperties(PrintStream out) {
                TreeMap<String, String> display = new TreeMap<>();

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
index 0ef142f4aed07132db1d29a7145a1df5b5ede851..10102fcbca783596e1560f0a8613e432c87fa6db 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
@@ -18,7 +18,7 @@ DATA_ADMIN {
 
 NODE {
     com.sun.security.auth.module.Krb5LoginModule optional
-     keyTab="${osgi.instance.area}private/krb5.keytab" 
+     keyTab="${argeo.node.krb5.keytab}" 
      useKeyTab=true
      storeKey=true;
     org.argeo.cms.auth.DataAdminLoginModule requisite;

diff --git a/org.argeo.init/src/org/argeo/api/init/InitConstants.java b/org.argeo.init/src/org/argeo/api/init/InitConstants.java
index fae934638dfce241233dda078e356f38b1017be4..1074eacbe5852b4537dc04c093143d633028998a 100644 (file)
--- a/org.argeo.init/src/org/argeo/api/init/InitConstants.java
+++ b/org.argeo.init/src/org/argeo/api/init/InitConstants.java
@@ -2,12 +2,6 @@ package org.argeo.api.init;
 
 /** Supported init constants. */
 public interface InitConstants {
-       /** Read-only configuration area */
-       String PROP_ARGEO_CONFIG_AREA = "argeo.configArea";
-       /** Read-write persistent data area */
-       String PROP_ARGEO_STATE_AREA = "argeo.stateArea";
-       /** Read-write cache area */
-       String PROP_ARGEO_CACHE_AREA = "argeo.cacheArea";
 
        String PROP_ARGEO_OSGI_SOURCES = "argeo.osgi.sources";
        String PROP_ARGEO_OSGI_START = "argeo.osgi.start";
@@ -22,6 +16,14 @@ public interface InitConstants {
        String PROP_OSGI_BUNDLES_DEFAULTSTARTLEVEL = "osgi.bundles.defaultStartLevel";
        String PROP_OSGI_STARTLEVEL = "osgi.startLevel";
 
+       // System properties
+       /** Read-only configuration area */
+       String PROP_ARGEO_CONFIG_AREA = "argeo.configArea";
+       /** Read-write persistent data area */
+       String PROP_ARGEO_STATE_AREA = "argeo.stateArea";
+       /** Read-write cache area */
+       String PROP_ARGEO_CACHE_AREA = "argeo.cacheArea";
+
        // FOREIGN RUNTIME PROPERTIES
        /**
         * UUID of the parent framework. It is set by the parent runtime and marks a
@@ -34,7 +36,7 @@ public interface InitConstants {
        String PROP_ARGEO_OSGI_EXPORT_CATEGORIES = "argeo.osgi.export.categories";
        String PROP_ARGEO_OSGI_EXPORT_ENABLED = "argeo.osgi.export.enabled";
 
-       // Symbolic names
+       // BUndle symbolic names
        String SYMBOLIC_NAME_INIT = "org.argeo.init";
        String SYMBOLIC_NAME_EQUINOX = "org.eclipse.osgi";
 

diff --git a/org.argeo.init/src/org/argeo/api/init/RuntimeManager.java b/org.argeo.init/src/org/argeo/api/init/RuntimeManager.java
index 2344a86884fee44978dd2bc03aca3bd00db0223f..649ae17f50884486baa75d538ca7f75b487e1b46 100644 (file)
--- a/org.argeo.init/src/org/argeo/api/init/RuntimeManager.java
+++ b/org.argeo.init/src/org/argeo/api/init/RuntimeManager.java
@@ -85,7 +85,7 @@ public interface RuntimeManager {
 
        /**
         * Load config from a {@link Properties} formatted stream. If a property value
-        * starts with a '+' character, itis expected that the last character is a
+        * starts with a '+' character, it is expected that the last character is a
         * separator and it will be prepended to the existing value.
         */
        @Deprecated

diff --git a/org.argeo.init/src/org/argeo/init/RuntimeManagerMain.java b/org.argeo.init/src/org/argeo/init/RuntimeManagerMain.java
index 29ae5eb06541b1ccafd533062c3a19cd4684357f..27778427c2df7638e8e91d593913a4d3be50947c 100644 (file)
--- a/org.argeo.init/src/org/argeo/init/RuntimeManagerMain.java
+++ b/org.argeo.init/src/org/argeo/init/RuntimeManagerMain.java
@@ -31,15 +31,23 @@ public class RuntimeManagerMain {
        RuntimeManagerMain(Path configArea, Path stateArea, Path cacheArea) {
                RuntimeManager.loadDefaults(configuration);
 
+               configuration.put(InitConstants.PROP_OSGI_USE_SYSTEM_PROPERTIES, "false");
+
+               configuration.put(InitConstants.PROP_ARGEO_CONFIG_AREA, configArea.toString());
+               configuration.put(InitConstants.PROP_ARGEO_STATE_AREA, stateArea.toString());
+               configuration.put(InitConstants.PROP_ARGEO_CACHE_AREA, cacheArea.toString());
+
                configuration.put(InitConstants.PROP_OSGI_SHARED_CONFIGURATION_AREA, configArea.toUri().toString());
                configuration.put(InitConstants.PROP_OSGI_SHARED_CONFIGURATION_AREA_RO, "true");
-//             configuration.put(InitConstants.PROP_OSGI_USE_SYSTEM_PROPERTIES, "false");
 
                configuration.put(InitConstants.PROP_OSGI_CONFIGURATION_AREA,
                                cacheArea.resolve(RuntimeManager.OSGI_STORAGE_DIRNAME).toUri().toString());
                configuration.put(InitConstants.PROP_OSGI_INSTANCE_AREA,
                                stateArea.resolve(RuntimeManager.DATA).toUri().toString());
 
+               // TODO find a cleaner way to configure Jackrabbit indexes
+               configuration.put("argeo.node.repo.indexesBase", cacheArea.resolve("indexes").toString());
+
                logger.log(Level.TRACE, () -> "Runtime manager configuration: " + configuration);
        }
 
@@ -84,20 +92,22 @@ public class RuntimeManagerMain {
                ThinLoggerFinder.reloadConfiguration();
                logger.log(Logger.Level.DEBUG, () -> "Argeo Init starting with PID " + ProcessHandle.current().pid());
 
-               Path writableArea = getLocalPath(InitConstants.PROP_ARGEO_STATE_AREA, ENV_STATE_DIRECTORY);
-               Path configArea =getLocalPath(InitConstants.PROP_ARGEO_CONFIG_AREA, ENV_CONFIGURATION_DIRECTORY);
-               Path cacheArea = getLocalPath(InitConstants.PROP_ARGEO_CACHE_AREA, ENV_CACHE_DIRECTORY);
+               Path writableArea = getLocalPath(InitConstants.PROP_ARGEO_STATE_AREA, ENV_STATE_DIRECTORY, null);
+               Path configArea = getLocalPath(InitConstants.PROP_ARGEO_CONFIG_AREA, ENV_CONFIGURATION_DIRECTORY, null);
+               Path cacheArea = getLocalPath(InitConstants.PROP_ARGEO_CACHE_AREA, ENV_CACHE_DIRECTORY, writableArea);
                RuntimeManagerMain runtimeManager = new RuntimeManagerMain(configArea, writableArea, cacheArea);
                runtimeManager.run();
        }
 
-       private static Path getLocalPath(String systemProperty, String environmentVariable) {
+       private static Path getLocalPath(String systemProperty, String environmentVariable, Path defaultPath) {
                String prop = System.getProperty(systemProperty);
                if (prop != null)
                        return Paths.get(prop);
                String env = System.getenv().get(environmentVariable);
                if (env != null)
                        return Paths.get(env);
+               if (defaultPath != null)
+                       return defaultPath;
                throw new IllegalStateException("No local path set with system property " + systemProperty
                                + " or environment variable " + environmentVariable);
                // TODO allocate a temporary directory? or defaults based on working directory ?