public key pem auth

Author: fulei

cachecloud-open-common/src/main/java/com/sohu/cache/enums/SshAuthTypeEnum.java

@@ -0,0 +1,32 @@
+package com.sohu.cache.enums;
+
+/**
+ * ssh授权方式
+ * @author leifu
+ * @date 2018年6月15日
+ * @time 下午5:56:59
+ */
+public enum SshAuthTypeEnum {
+	
+	PASSWORD(1, "用户密码"),
+	PUBLIC_KEY(2, "公钥");
+	
+	private int value;
+	
+	private String info;
+
+	private SshAuthTypeEnum(int value, String info) {
+		this.value = value;
+		this.info = info;
+	}
+
+	public int getValue() {
+		return value;
+	}
+
+	public String getInfo() {
+		return info;
+	}
+	
+	
+}

cachecloud-open-common/src/main/java/com/sohu/cache/util/ConstUtils.java

@@ -4,6 +4,8 @@
 import java.util.List;
 import java.util.ResourceBundle;
 
+import com.sohu.cache.enums.SshAuthTypeEnum;
+
 /**
  * cachecloud常量
  * @author leifu
@@ -227,6 +229,12 @@ public static String getRedisMigrateToolDir() {
     public static String DEFAULT_CACHECLOUD_BASE_DIR = "/opt";
     public static String CACHECLOUD_BASE_DIR = DEFAULT_CACHECLOUD_BASE_DIR;
 
+    /**
+     * MNON_DIR根目录
+     */
+    public static String DEFAULT_NMON_DIR = "/opt/cachecloud";
+    public static String NMON_DIR = DEFAULT_NMON_DIR;
+    
     /**
      * 是否定期清理各种统计数据：(详见CleanUpStatisticsJob)
      */
@@ -248,6 +256,18 @@ public static String getRedisMigrateToolDir() {
     public static int MACHINE_STATS_CRON_MINUTE = DEFAULT_MACHINE_STATS_CRON_MINUTE;
 
 
+    /**
+     * ssh授权方式：参考SshAuthTypeEnum
+     */
+    public static int DEFAULT_SSH_AUTH_TYPE = SshAuthTypeEnum.PASSWORD.getValue();
+    public static int SSH_AUTH_TYPE = DEFAULT_SSH_AUTH_TYPE;
+    
+    /**
+     * public key pem
+     */
+    public static String DEFAULT_PUBLIC_KEY_PEM = "";
+    public static String PUBLIC_KEY_PEM = DEFAULT_PUBLIC_KEY_PEM;
+    
     /**
      * 网站域名
      */

cachecloud-open-web/pom.xml

@@ -159,6 +159,11 @@
             <groupId>commons-lang</groupId>
             <artifactId>commons-lang</artifactId>
         </dependency>
+        
+        <dependency>
+		    <groupId>commons-io</groupId>
+		    <artifactId>commons-io</artifactId>
+		</dependency>
 
         <dependency>
             <groupId>net.sf.json-lib</groupId>

cachecloud-open-web/src/main/java/com/sohu/cache/server/nmon/NMONService.java

@@ -10,6 +10,7 @@
 import com.sohu.cache.ssh.SSHTemplate.DefaultLineProcessor;
 import com.sohu.cache.ssh.SSHTemplate.Result;
 import com.sohu.cache.ssh.SSHTemplate.SSHSession;
+import com.sohu.cache.util.ConstUtils;
 import com.sohu.cache.util.NMONFileFactory;
 import com.sohu.cache.util.OSFactory;
 /**
@@ -20,13 +21,7 @@ public class NMONService {
 	//获取系统版本位数命令
 	public static final String OS_INFO_CMD = "/bin/uname -a; /bin/cat /etc/issue";
 	//nmon路径
-	public static final String NMON_DIR = "/opt/cachecloud/soft/";
-	//nmon文件名
 	public static final String NMON = "nmon";
-	//nmon完整路径
-	public static final String NMON_FILE = NMON_DIR + NMON;
-	//获取nmon版本
-	public static final String NMON_VERSION = "[ -e \""+NMON_FILE+"\" ] && "+NMON_FILE+" -V";
 	//nmon输出的结果文件
 	public static final String NMON_LOG = "/tmp/nmon.log";
 	//nmon输出的老结果文件
@@ -35,12 +30,6 @@ public class NMONService {
 	public static final String SOCK_LOG = "/tmp/sock.log";
 	//ulimit输出的结果文件
 	public static final String ULIMIT_LOG = "/tmp/ulimit.log";
-	//nmon监控启动
-	public static final String START_SERVER_COLLECT = NMON_FILE+" -F " + NMON_LOG + " -s0 -c1;" +
-			"/bin/grep TCP /proc/net/sockstat > " + SOCK_LOG + 
-			";ulimit -n -u > " + ULIMIT_LOG;
-	//创建nmon路径
-	public static final String MK_NMON_DIR = "/bin/mkdir -p /opt/cachecloud/soft/";
 
 	/**
 	 * 启动nmon收集系统状况
@@ -49,7 +38,7 @@ public class NMONService {
 	 * @return @OSInfo 收集到的操作系统信息
 	 */
 	public OSInfo start(String ip, SSHSession session) {
-		Result startCollectResult = session.executeCommand(START_SERVER_COLLECT);
+		Result startCollectResult = session.executeCommand(getStartServerCollect());
 		if(!startCollectResult.isSuccess()) {
 			logger.error("start nmon "+ip+" err:"+startCollectResult.getResult(), 
 					startCollectResult.getExcetion());
@@ -62,6 +51,7 @@ public OSInfo start(String ip, SSHSession session) {
 		return null;
 	}
 
+	
 	/**
 	 * 尝试修复启动失败的错误
 	 * @param ip
@@ -75,12 +65,12 @@ private OSInfo initNmon(String ip, SSHSession session) {
 		OS os = null;
 		//nmon文件不存在，需要根据操作系统识别是否支持
 		if(null == version) {
-			logger.warn("{} not exist {}", ip, NMON_FILE);
+			logger.warn("{} not exist {}", ip, getNmonFile());
 			//将原始信息转换为可识别的操作系统
 			os = OSFactory.getOS(osInfo);
 		} else {
 			//nmon存在，但是版本有问题，此时不应该再判断系统信息了，直接用默认的  
-			logger.warn("{} {} version err:"+version, ip, NMON_FILE);
+			logger.warn("{} {} version err:"+version, ip, getNmonFile());
 			os = OSFactory.getDefaultOS(osInfo);
 		}
 		if(os == null) {
@@ -106,11 +96,11 @@ private OSInfo initNmon(String ip, SSHSession session) {
 	 * @return 存在返回版本，不存在返回null, 执行错误返回异常
 	 */
 	private String getNMONVersion(String ip, SSHSession session) {
-		Result nmonVersionResult = session.executeCommand(NMON_VERSION);
+		Result nmonVersionResult = session.executeCommand(getNmonVersion());
 		if(nmonVersionResult.isSuccess()) {
 			return nmonVersionResult.getResult();
 		} else {
-			logger.error(NMON_VERSION+" err:"+nmonVersionResult.getResult(), nmonVersionResult.getExcetion());
+			logger.error(getNmonVersion()+" err:"+nmonVersionResult.getResult(), nmonVersionResult.getExcetion());
 		}
 		return null;
 	}
@@ -144,16 +134,43 @@ public void process(String line, int lineNum) throws Exception {
 	 * @param nmonFile
 	 */
 	private void sendNMONToServer(String ip, SSHSession session, File nmonFile) {
-		Result mkResult = session.executeCommand(MK_NMON_DIR);
+		Result mkResult = session.executeCommand(getMkNmonDir());
 		if(!mkResult.isSuccess()) {
 			logger.error("mkdir err:"+mkResult.getResult(), mkResult.getExcetion());
 			return;
 		}
-		Result scpRst = session.scpToFile(nmonFile.getAbsolutePath(), NMON, NMON_DIR);
+		Result scpRst = session.scpToFile(nmonFile.getAbsolutePath(), NMON, getMmonDir());
 		if(scpRst.isSuccess()) {
 			logger.info("scp {} to {} success", nmonFile.getAbsolutePath(), ip);
 		} else {
 			logger.error("scp to "+ip+" err", scpRst.getExcetion());
 		}
 	}
+	
+	/**
+	 * nmon监控启动
+	 * @return
+	 */
+	private String getStartServerCollect() {
+		return getNmonFile() +" -F " + NMON_LOG + " -s0 -c1;" +
+				"/bin/grep TCP /proc/net/sockstat > " + SOCK_LOG + 
+				";ulimit -n -u > " + ULIMIT_LOG;
+	}
+	
+	private String getMmonDir() {
+		return ConstUtils.NMON_DIR;
+	}
+	
+	private String getNmonFile() {
+		return getMmonDir() + "/" + NMON;
+	}
+	
+	private String getMkNmonDir() {
+		return "/bin/mkdir -p " + getMmonDir();
+	}
+	
+	private String getNmonVersion() {
+		return "[ -e \""+ getNmonFile() +"\" ] && "+ getNmonFile() +" -V";
+	}
+	
 }

cachecloud-open-web/src/main/java/com/sohu/cache/ssh/SSHTemplate.java

@@ -1,6 +1,7 @@
 package com.sohu.cache.ssh;
 
 import java.io.BufferedReader;
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -21,6 +22,7 @@
 import ch.ethz.ssh2.StreamGobbler;
 
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
+import com.sohu.cache.enums.SshAuthTypeEnum;
 import com.sohu.cache.exception.SSHException;
 import com.sohu.cache.util.ConstUtils;
 /**
@@ -77,10 +79,21 @@ private Connection getConnection(String ip, int port,
     		String username, String password) throws Exception {
     	Connection conn = new Connection(ip, port);
         conn.connect(null, CONNCET_TIMEOUT, CONNCET_TIMEOUT);
-        boolean isAuthenticated = conn.authenticateWithPassword(username, password);
+        boolean isAuthenticated = false;
+        if (ConstUtils.SSH_AUTH_TYPE == SshAuthTypeEnum.PASSWORD.getValue()) {
+        	isAuthenticated = conn.authenticateWithPassword(username, password);
+        } else if (ConstUtils.SSH_AUTH_TYPE == SshAuthTypeEnum.PUBLIC_KEY.getValue()) {
+        	isAuthenticated = conn.authenticateWithPublicKey(username, new File(ConstUtils.PUBLIC_KEY_PEM), password);
+        } 
         if (isAuthenticated == false) {
-            throw new Exception("SSH authentication failed with [ userName: " + 
-            		username + ", password: " + password + "]");
+        	if (ConstUtils.SSH_AUTH_TYPE == SshAuthTypeEnum.PASSWORD.getValue()) {
+        		throw new Exception("SSH authentication failed with [ userName: " + 
+                		username + ", password: " + password + "]");
+            } else if (ConstUtils.SSH_AUTH_TYPE == SshAuthTypeEnum.PUBLIC_KEY.getValue()) {
+            	throw new Exception("SSH authentication failed with [ userName: " + 
+                		username + ", pemfile: " + ConstUtils.PUBLIC_KEY_PEM + "]");
+            }
+            
         }
         return conn;
     }

cachecloud-open-web/src/main/java/com/sohu/cache/web/service/impl/ConfigServiceImpl.java

@@ -172,6 +172,17 @@ public void reloadSystemConfig() {
         ConstUtils.MACHINE_STATS_CRON_MINUTE = MapUtils.getIntValue(configMap, "cachecloud.machine.stats.cron.minute", ConstUtils.DEFAULT_MACHINE_STATS_CRON_MINUTE);
         logger.info("{}: {}", "ConstUtils.MACHINE_STATS_CRON_MINUTE", ConstUtils.MACHINE_STATS_CRON_MINUTE);
 
+        //ssh授权方式
+        ConstUtils.SSH_AUTH_TYPE = MapUtils.getIntValue(configMap, "cachecloud.ssh.auth.type", ConstUtils.DEFAULT_SSH_AUTH_TYPE);
+        logger.info("{}: {}", "ConstUtils.SSH_AUTH", ConstUtils.SSH_AUTH_TYPE);
+        
+        //public key pem
+        ConstUtils.PUBLIC_KEY_PEM = MapUtils.getString(configMap, "cachecloud.public.key.pem", ConstUtils.DEFAULT_PUBLIC_KEY_PEM);
+        logger.info("{}: {}", "ConstUtils.PUBLIC_KEY_PEM", ConstUtils.PUBLIC_KEY_PEM);
+        
+        //nmon根目录
+        ConstUtils.NMON_DIR = MapUtils.getString(configMap, "cachecloud.nmon.dir", ConstUtils.DEFAULT_NMON_DIR);
+        logger.info("{}: {}", "ConstUtils.NMON_DIR", ConstUtils.NMON_DIR);
 
         logger.info("===========ConfigServiceImpl reload config end============");
     }

cachecloud-open-web/src/main/webapp/WEB-INF/jsp/manage/config/initConfigDetail.jsp

@@ -64,6 +64,16 @@
 																	</option>
 																</select>
 															</c:when>
+															<c:when test="${config.configKey == 'cachecloud.ssh.auth.type'}">
+																<select name="${config.configKey}" class="form-control">
+																	<option value="1" <c:if test="${config.configValue == '1'}">selected</c:if>>
+																		密码
+																	</option>
+																	<option value="2" <c:if test="${config.configValue == '2'}">selected</c:if>>
+																		public key
+																	</option>
+																</select>
+															</c:when>
 															<c:otherwise>
 																<input type="text" name="${config.configKey}" class="form-control" value="${config.configValue}" />
 															</c:otherwise>

pom.xml

@@ -35,6 +35,7 @@
         <maven.clean.plugin>2.5</maven.clean.plugin>
         <ganymed.ssh.version>build210</ganymed.ssh.version>
         <commons.collections.version>3.2.1</commons.collections.version>
+        <commons.io.version>2.4</commons.io.version>
         <guava.version>15.0</guava.version>
         <commons-lang.version>2.3</commons-lang.version>
         <json-lib.version>2.2.1</json-lib.version>
@@ -142,6 +143,12 @@
                 <artifactId>commons-collections4</artifactId>
                 <version>${apache.commons.collections}</version>
             </dependency>
+            
+            <dependency>
+			    <groupId>commons-io</groupId>
+			    <artifactId>commons-io</artifactId>
+			    <version>${commons.io.version}</version>
+			</dependency>
 
             <dependency>
                 <groupId>com.google.guava</groupId>