academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix TLS logic so containers can be started multiple times

Browse Source
This commit is contained in:
Rob Parker
2018-04-30 13:54:09 +01:00
parent 8eb937b8e0
commit 04bb404eee
2 changed files with 42 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
cmd/runmqdevserver/keystore.go
View File

@@ -56,14 +56,31 @@ func NewCMSKeyStore(filename, password string) *KeyStore {
// Create a key store, if it doesn't already exist // Create a key store, if it doesn't already exist
func (ks *KeyStore) Create() error { func (ks *KeyStore) Create() error {
_, err := os.Stat(ks.Filename) _, err := os.Stat(ks.Filename)
if err != nil { if err == nil {
if os.IsNotExist(err) { // Keystore already exists so we should refresh it by deleting it.
_, _, err := command.Run(ks.command, "-keydb", "-create", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password, "-stash") extension := filepath.Ext(ks.Filename)
if err != nil { log.Debugf("Refreshing keystore: %v", ks.Filename)
return fmt.Errorf("error running \"%v -keydb -create\": %v", ks.command, err) if ks.keyStoreType == "cms" {
} // Only delete these when we are refreshing the kdb keystore
stashFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".sth"
rdbFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".rdb"
crlFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".crl"
os.Remove(stashFile)
os.Remove(rdbFile)
os.Remove(crlFile)
} }
os.Remove(ks.Filename)
} else if !os.IsNotExist(err) {
// If the keystore exists but cannot be accessed then return the error
return err
} }
// Create the keystore now we're sure it doesn't exist
out, _, err := command.Run(ks.command, "-keydb", "-create", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password, "-stash")
if err != nil {
return fmt.Errorf("error running \"%v -keydb -create\": %v %s", ks.command, err, out)
}
mqmUID, mqmGID, err := command.LookupMQM() mqmUID, mqmGID, err := command.LookupMQM()
if err != nil { if err != nil {
log.Error(err) log.Error(err)
@@ -85,9 +102,9 @@ func (ks *KeyStore) CreateStash() error {
_, err := os.Stat(stashFile) _, err := os.Stat(stashFile)
if err != nil { if err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
_, _, err := command.Run(ks.command, "-keydb", "-stashpw", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password) out, _, err := command.Run(ks.command, "-keydb", "-stashpw", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password)
if err != nil { if err != nil {
return fmt.Errorf("error running \"%v -keydb -stashpw\": %v", ks.command, err) return fmt.Errorf("error running \"%v -keydb -stashpw\": %v %s", ks.command, err, out)
} }
} }
return err return err
@@ -107,9 +124,9 @@ func (ks *KeyStore) CreateStash() error {
// Import imports a certificate file in the keystore // Import imports a certificate file in the keystore
func (ks *KeyStore) Import(inputFile, password string) error { func (ks *KeyStore) Import(inputFile, password string) error {
_, _, err := command.Run(ks.command, "-cert", "-import", "-file", inputFile, "-pw", password, "-target", ks.Filename, "-target_pw", ks.Password, "-target_type", ks.keyStoreType) out, _, err := command.Run(ks.command, "-cert", "-import", "-file", inputFile, "-pw", password, "-target", ks.Filename, "-target_pw", ks.Password, "-target_type", ks.keyStoreType)
if err != nil { if err != nil {
return fmt.Errorf("error running \"%v -cert -import\": %v", ks.command, err) return fmt.Errorf("error running \"%v -cert -import\": %v %s", ks.command, err, out)
} }
return nil return nil
} }
@@ -118,7 +135,7 @@ func (ks *KeyStore) Import(inputFile, password string) error {
func (ks *KeyStore) GetCertificateLabels() ([]string, error) { func (ks *KeyStore) GetCertificateLabels() ([]string, error) {
out, _, err := command.Run(ks.command, "-cert", "-list", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password) out, _, err := command.Run(ks.command, "-cert", "-list", "-type", ks.keyStoreType, "-db", ks.Filename, "-pw", ks.Password)
if err != nil { if err != nil {
return nil, fmt.Errorf("error running \"%v -cert -list\": %v", ks.command, err) return nil, fmt.Errorf("error running \"%v -cert -list\": %v %s", ks.command, err, out)
} }
scanner := bufio.NewScanner(strings.NewReader(out)) scanner := bufio.NewScanner(strings.NewReader(out))
var labels []string var labels []string
@@ -138,9 +155,9 @@ func (ks *KeyStore) GetCertificateLabels() ([]string, error) {
// RenameCertificate renames the specified certificate // RenameCertificate renames the specified certificate
func (ks *KeyStore) RenameCertificate(from, to string) error { func (ks *KeyStore) RenameCertificate(from, to string) error {
_, _, err := command.Run(ks.command, "-cert", "-rename", "-db", ks.Filename, "-pw", ks.Password, "-label", from, "-new_label", to) out, _, err := command.Run(ks.command, "-cert", "-rename", "-db", ks.Filename, "-pw", ks.Password, "-label", from, "-new_label", to)
if err != nil { if err != nil {
return fmt.Errorf("error running \"%v -cert -rename\": %v", ks.command, err) return fmt.Errorf("error running \"%v -cert -rename\": %v %s", ks.command, err, out)
} }
return nil return nil
} }

13
cmd/runmqdevserver/tls.go
View File

@@ -51,10 +51,21 @@ func configureWebTLS(cms *KeyStore) error {
if err != nil { if err != nil {
return err return err
} }
err = os.Rename(newTLSConfig, tlsConfig) // we symlink here to prevent issues on restart
err = os.Symlink(newTLSConfig, tlsConfig)
if err != nil { if err != nil {
return err return err
} }
mqmUID, mqmGID, err := command.LookupMQM()
if err != nil {
log.Error(err)
return err
}
err = os.Chown(tlsConfig, mqmUID, mqmGID)
if err != nil {
log.Error(err)
return err
}
return nil return nil
} }