cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei Zhou" <w.z...@leaseweb.com>
Subject Re: Review Request: (CLOUDSTACK-1475) update keystore in SSVM and change download iso/template url after Update SSL Certificate
Date Fri, 15 Mar 2013 09:55:30 GMT


> On March 15, 2013, 5:56 a.m., Nitin Mehta wrote:
> > Can you please also tell me a list of tests done for this ?

Nitin, I add a list of tests in "Testing Done" part. Please have a look.

consoleproxy.url.domain is not used in any source codes. We use "company.com" which is set
in SSL certificate update as the domain suffix of console url.

I can define a new constant in SecondaryStorageVmManager which is same to ConsoleProxyManager.CERTIFICATE_NAME,
but I think it is not necessary.

The list "token" is the result I split the download url of ISO/Template by "/". For example,
url is https://10-11-101-112.realhostip.com/userdata/2fdd9a70-9c4a-4a04-b1d5-1e41c221a1f9.iso.
the token[2] is 10-11-101-112.realhostip.com. 


> On March 15, 2013, 5:56 a.m., Nitin Mehta wrote:
> > server/src/com/cloud/configuration/Config.java, line 120
> > <https://reviews.apache.org/r/9696/diff/2/?file=264869#file264869line120>
> >
> >     are there any dependencies on this flag in the code ?
> >     We need to remove this flag during migration as well.

consoleproxy.url.domain is not used in any source codes. We use "company.com" which is set
in SSL certificate update as the domain suffix of console url.


> On March 15, 2013, 5:56 a.m., Nitin Mehta wrote:
> > server/src/com/cloud/storage/download/DownloadMonitorImpl.java, line 202
> > <https://reviews.apache.org/r/9696/diff/2/?file=264874#file264874line202>
> >
> >     can you please use SecondaryStorageVmManager instead ?

I can define a new constant in SecondaryStorageVmManager which is same to ConsoleProxyManager.CERTIFICATE_NAME,
but I think it is not necessary.


> On March 15, 2013, 5:56 a.m., Nitin Mehta wrote:
> > server/src/com/cloud/storage/upload/UploadMonitorImpl.java, line 225
> > <https://reviews.apache.org/r/9696/diff/2/?file=264875#file264875line225>
> >
> >     can you put an example here...seems some hardcoding

The list "token" is the result I split the download url of ISO/Template by "/". For example,
url is https://10-11-101-112.realhostip.com/userdata/2fdd9a70-9c4a-4a04-b1d5-1e41c221a1f9.iso.
the token[2] is 10-11-101-112.realhostip.com. 


- Wei


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/9696/#review17961
-----------------------------------------------------------


On March 15, 2013, 9:54 a.m., Wei Zhou wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/9696/
> -----------------------------------------------------------
> 
> (Updated March 15, 2013, 9:54 a.m.)
> 
> 
> Review request for cloudstack, Nitin Mehta and Jayapal Reddy.
> 
> 
> Description
> -------
> 
> This patch is for issue CLOUDSTACK-1475 (RegisterISO error after Update SSL Certificate)
> on CloudStack 4.0.1. 
> 
> 
> Changes include:
> (1) update realhostip.keystore in SSVM (see the change in config_ssl.sh)
> (2) change suffix of download iso/template url rom realhostip.com to domain_suffix in
SSL Certificate.
> (3) validate download URL because ssvm publicip or domain suffix may change.
> 
> 
> This addresses bug CLOUDSTACK-1475.
> 
> 
> Diffs
> -----
> 
>   agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java 48f5079 
>   console-proxy/scripts/config_ssl.sh 8d80c47 
>   core/src/com/cloud/storage/resource/CifsSecondaryStorageResource.java c606fca 
>   core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java 155210d 
>   server/src/com/cloud/configuration/Config.java dbcc97a 
>   server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java 01b4720 
>   server/src/com/cloud/consoleproxy/AgentBasedStandaloneConsoleProxyManager.java 6172780

>   server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java d2df83c 
>   server/src/com/cloud/server/ConfigurationServerImpl.java 3368c9b 
>   server/src/com/cloud/storage/download/DownloadMonitorImpl.java 2736777 
>   server/src/com/cloud/storage/upload/UploadMonitorImpl.java 4231be8 
> 
> Diff: https://reviews.apache.org/r/9696/diff/
> 
> 
> Testing
> -------
> 
> Testing manually ok.
> 
> 
> To test:
> (1) generate update the SSL certificate and it.  see "17.3.1. Changing the Console Proxy
SSL Certificate and Domain" part in CloudPlatform3.0.6AdminGuide
> http://support.citrix.com/servlet/KbServlet/download/33425-102-696517/CloudPlatform3.0.6AdminGuide.pdf
> 
> (2) visit instance via console. 
> 
> (3) Download ISO/Template. The browser will show the download url.
> Before patch: the domain suffix of url always be "realhostip.com"
> after patch: the domain suffix of url is "company.com" which you set in step(1).
> 
> (4) Register ISO/Template using the url in step(3).
> Before patch: When the domain suffix is not "realhostip.com", it fails with error message
"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target".
> after patch: successful.
> 
> (5) Destroy SSVM, and a new one will be created. 
> Before patch: the url in step(3) does not change. the url still be the ip address of
old SSVM, and old domain suffix.
> after patch: the url will contain the ip address of new SSVM. If the "company.com" changes,
the url will also contain the new domain suffix.
> 
> (6) If you do not have a DNS server (which can resolve company.com domain), please add
an entry in /etc/hosts file of the client.
> aaa-bbb-ccc-ddd aaa-bbb-ccc-ddd.company.com        # aaa.bbb.ccc.ddd is the console proxy
ip. and ssvm as well.
> 
> 
> We need to restart management-server after Update SSL Certificate.
> 
> 
> Thanks,
> 
> Wei Zhou
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message