private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class);
// GSS API
- private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH);
+ private Path nodeKeyTab = null;
private GSSCredential acceptorCredentials;
private boolean singleUser = false;
Optional<String> realm = userDirectory.getRealm();
if (realm.isPresent()) {
loadIpaJaasConfiguration();
- if (Files.exists(nodeKeyTab)) {
+ if (nodeKeyTab != null && Files.exists(nodeKeyTab)) {
String servicePrincipal = getKerberosServicePrincipal(realm.get());
if (servicePrincipal != null) {
CallbackHandler callbackHandler = new CallbackHandler() {
private void loadIpaJaasConfiguration() {
if (CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) {
+ if (System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB) == null) {
+ System.setProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB,
+ KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH).toString());
+ }
+ Path kt = Paths.get(System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB));
+ if (nodeKeyTab != null) {
+ if (!nodeKeyTab.equals(kt))
+ throw new IllegalStateException("A node keytab is already set");
+ } else {
+ nodeKeyTab = kt;
+ }
String jaasConfig = KernelConstants.JAAS_CONFIG_IPA;
URL url = getClass().getClassLoader().getResource(jaasConfig);
KernelUtils.setJaasConfiguration(url);
}
protected String getKerberosServicePrincipal(String realm) {
- if (!Files.exists(nodeKeyTab))
+ if (nodeKeyTab == null || !Files.exists(nodeKeyTab))
return null;
List<String> dns = CmsStateImpl.getDeployProperties(cmsState, CmsDeployProperty.DNS);
String hostname = CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.HOST);
String DIR_PRIVATE = "private";
// Files
+ /**
+ * Kerberos 5 keytab which will be common to all IPA-enabled children
+ * frameworks.
+ */
+ String PROP_ARGEO_NODE_KRB5_KEYTAB = "argeo.node.krb5.keytab";
String NODE_KEY_TAB_PATH = DIR_PRIVATE + "/krb5.keytab";
String NODE_SSHD_AUTHORIZED_KEYS_PATH = DIR_PRIVATE + "/authorized_keys";
import java.util.Hashtable;
import java.util.Properties;
import java.util.TreeMap;
-import java.util.TreeSet;
-import org.argeo.api.cms.CmsLog;
import org.argeo.cms.internal.osgi.CmsActivator;
/** Package utilities */
static String getFrameworkProp(String key, String def) {
String value;
value = CmsActivator.getFrameworkProperty(key);
- if (value == null)
- value = System.getProperty(key);
+// if (value == null)
+// value = System.getProperty(key);
if (value == null)
return def;
return value;
return getFrameworkProp(key, null);
}
- static void logFrameworkProperties(CmsLog log) {
- for (Object sysProp : new TreeSet<Object>(System.getProperties().keySet())) {
- log.debug(sysProp + "=" + getFrameworkProp(sysProp.toString()));
- }
- }
+// static void logFrameworkProperties(CmsLog log) {
+// for (Object sysProp : new TreeSet<Object>(System.getProperties().keySet())) {
+// log.debug(sysProp + "=" + getFrameworkProp(sysProp.toString()));
+// }
+// }
static void printSystemProperties(PrintStream out) {
TreeMap<String, String> display = new TreeMap<>();
NODE {
com.sun.security.auth.module.Krb5LoginModule optional
- keyTab="${osgi.instance.area}private/krb5.keytab"
+ keyTab="${argeo.node.krb5.keytab}"
useKeyTab=true
storeKey=true;
org.argeo.cms.auth.DataAdminLoginModule requisite;
/** Supported init constants. */
public interface InitConstants {
- /** Read-only configuration area */
- String PROP_ARGEO_CONFIG_AREA = "argeo.configArea";
- /** Read-write persistent data area */
- String PROP_ARGEO_STATE_AREA = "argeo.stateArea";
- /** Read-write cache area */
- String PROP_ARGEO_CACHE_AREA = "argeo.cacheArea";
String PROP_ARGEO_OSGI_SOURCES = "argeo.osgi.sources";
String PROP_ARGEO_OSGI_START = "argeo.osgi.start";
String PROP_OSGI_BUNDLES_DEFAULTSTARTLEVEL = "osgi.bundles.defaultStartLevel";
String PROP_OSGI_STARTLEVEL = "osgi.startLevel";
+ // System properties
+ /** Read-only configuration area */
+ String PROP_ARGEO_CONFIG_AREA = "argeo.configArea";
+ /** Read-write persistent data area */
+ String PROP_ARGEO_STATE_AREA = "argeo.stateArea";
+ /** Read-write cache area */
+ String PROP_ARGEO_CACHE_AREA = "argeo.cacheArea";
+
// FOREIGN RUNTIME PROPERTIES
/**
* UUID of the parent framework. It is set by the parent runtime and marks a
String PROP_ARGEO_OSGI_EXPORT_CATEGORIES = "argeo.osgi.export.categories";
String PROP_ARGEO_OSGI_EXPORT_ENABLED = "argeo.osgi.export.enabled";
- // Symbolic names
+ // BUndle symbolic names
String SYMBOLIC_NAME_INIT = "org.argeo.init";
String SYMBOLIC_NAME_EQUINOX = "org.eclipse.osgi";
/**
* Load config from a {@link Properties} formatted stream. If a property value
- * starts with a '+' character, itis expected that the last character is a
+ * starts with a '+' character, it is expected that the last character is a
* separator and it will be prepended to the existing value.
*/
@Deprecated
RuntimeManagerMain(Path configArea, Path stateArea, Path cacheArea) {
RuntimeManager.loadDefaults(configuration);
+ configuration.put(InitConstants.PROP_OSGI_USE_SYSTEM_PROPERTIES, "false");
+
+ configuration.put(InitConstants.PROP_ARGEO_CONFIG_AREA, configArea.toString());
+ configuration.put(InitConstants.PROP_ARGEO_STATE_AREA, stateArea.toString());
+ configuration.put(InitConstants.PROP_ARGEO_CACHE_AREA, cacheArea.toString());
+
configuration.put(InitConstants.PROP_OSGI_SHARED_CONFIGURATION_AREA, configArea.toUri().toString());
configuration.put(InitConstants.PROP_OSGI_SHARED_CONFIGURATION_AREA_RO, "true");
-// configuration.put(InitConstants.PROP_OSGI_USE_SYSTEM_PROPERTIES, "false");
configuration.put(InitConstants.PROP_OSGI_CONFIGURATION_AREA,
cacheArea.resolve(RuntimeManager.OSGI_STORAGE_DIRNAME).toUri().toString());
configuration.put(InitConstants.PROP_OSGI_INSTANCE_AREA,
stateArea.resolve(RuntimeManager.DATA).toUri().toString());
+ // TODO find a cleaner way to configure Jackrabbit indexes
+ configuration.put("argeo.node.repo.indexesBase", cacheArea.resolve("indexes").toString());
+
logger.log(Level.TRACE, () -> "Runtime manager configuration: " + configuration);
}
ThinLoggerFinder.reloadConfiguration();
logger.log(Logger.Level.DEBUG, () -> "Argeo Init starting with PID " + ProcessHandle.current().pid());
- Path writableArea = getLocalPath(InitConstants.PROP_ARGEO_STATE_AREA, ENV_STATE_DIRECTORY);
- Path configArea =getLocalPath(InitConstants.PROP_ARGEO_CONFIG_AREA, ENV_CONFIGURATION_DIRECTORY);
- Path cacheArea = getLocalPath(InitConstants.PROP_ARGEO_CACHE_AREA, ENV_CACHE_DIRECTORY);
+ Path writableArea = getLocalPath(InitConstants.PROP_ARGEO_STATE_AREA, ENV_STATE_DIRECTORY, null);
+ Path configArea = getLocalPath(InitConstants.PROP_ARGEO_CONFIG_AREA, ENV_CONFIGURATION_DIRECTORY, null);
+ Path cacheArea = getLocalPath(InitConstants.PROP_ARGEO_CACHE_AREA, ENV_CACHE_DIRECTORY, writableArea);
RuntimeManagerMain runtimeManager = new RuntimeManagerMain(configArea, writableArea, cacheArea);
runtimeManager.run();
}
- private static Path getLocalPath(String systemProperty, String environmentVariable) {
+ private static Path getLocalPath(String systemProperty, String environmentVariable, Path defaultPath) {
String prop = System.getProperty(systemProperty);
if (prop != null)
return Paths.get(prop);
String env = System.getenv().get(environmentVariable);
if (env != null)
return Paths.get(env);
+ if (defaultPath != null)
+ return defaultPath;
throw new IllegalStateException("No local path set with system property " + systemProperty
+ " or environment variable " + environmentVariable);
// TODO allocate a temporary directory? or defaults based on working directory ?