cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei Zhou" <>
Subject Re: Review Request: (CLOUDSTACK-1475) update keystore in SSVM and change download iso/template url after Update SSL Certificate
Date Fri, 15 Mar 2013 09:54:38 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated March 15, 2013, 9:54 a.m.)

Review request for cloudstack, Nitin Mehta and Jayapal Reddy.

Description (updated)

This patch is for issue CLOUDSTACK-1475 (RegisterISO error after Update SSL Certificate)
on CloudStack 4.0.1. 

Changes include:
(1) update realhostip.keystore in SSVM (see the change in
(2) change suffix of download iso/template url rom to domain_suffix in SSL
(3) validate download URL because ssvm publicip or domain suffix may change.

This addresses bug CLOUDSTACK-1475.


  agent/src/com/cloud/agent/resource/consoleproxy/ 48f5079 
  console-proxy/scripts/ 8d80c47 
  core/src/com/cloud/storage/resource/ c606fca 
  core/src/com/cloud/storage/resource/ 155210d 
  server/src/com/cloud/configuration/ dbcc97a 
  server/src/com/cloud/consoleproxy/ 01b4720 
  server/src/com/cloud/consoleproxy/ 6172780 
  server/src/com/cloud/consoleproxy/ d2df83c 
  server/src/com/cloud/server/ 3368c9b 
  server/src/com/cloud/storage/download/ 2736777 
  server/src/com/cloud/storage/upload/ 4231be8 


Testing (updated)

Testing manually ok.

To test:
(1) generate update the SSL certificate and it.  see "17.3.1. Changing the Console Proxy SSL
Certificate and Domain" part in CloudPlatform3.0.6AdminGuide

(2) visit instance via console. 

(3) Download ISO/Template. The browser will show the download url.
Before patch: the domain suffix of url always be ""
after patch: the domain suffix of url is "" which you set in step(1).

(4) Register ISO/Template using the url in step(3).
Before patch: When the domain suffix is not "", it fails with error message
" PKIX path building failed:
unable to find valid certification path to requested target".
after patch: successful.

(5) Destroy SSVM, and a new one will be created. 
Before patch: the url in step(3) does not change. the url still be the ip address of old SSVM,
and old domain suffix.
after patch: the url will contain the ip address of new SSVM. If the "" changes,
the url will also contain the new domain suffix.

(6) If you do not have a DNS server (which can resolve domain), please add an
entry in /etc/hosts file of the client.
aaa-bbb-ccc-ddd        # aaa.bbb.ccc.ddd is the console proxy
ip. and ssvm as well.

We need to restart management-server after Update SSL Certificate.


Wei Zhou

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message