cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chip Childers <chip.child...@sungard.com>
Subject Re: Review Request: (CLOUDSTACK-1475) update keystore in SSVM and change download iso/template url after Update SSL Certificate
Date Mon, 20 May 2013 14:39:08 GMT
On Fri, May 17, 2013 at 06:24:21AM +0000, Wei Zhou wrote:
> 
> 
> > On May 17, 2013, 5:18 a.m., Nitin Mehta wrote:
> > > Ship It!
> > 
> > Animesh Chaturvedi wrote:
> >     Nitin can you commit the patch
> > 
> > Nitin Mehta wrote:
> >     Some files seem to be removed or atleast the location has changed. Needs to
rebased. Wei - can you please take a look and commit it ?
> >
> 
> ok. I will.

I didn't think anyone was planning on releasing out of the 4.0 branch
again...  so is this needed?

> 
> 
> - Wei
> 
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/9696/#review20681
> -----------------------------------------------------------
> 
> 
> On March 15, 2013, 9:54 a.m., Wei Zhou wrote:
> > 
> > -----------------------------------------------------------
> > This is an automatically generated e-mail. To reply, visit:
> > https://reviews.apache.org/r/9696/
> > -----------------------------------------------------------
> > 
> > (Updated March 15, 2013, 9:54 a.m.)
> > 
> > 
> > Review request for cloudstack, Nitin Mehta and Jayapal Reddy.
> > 
> > 
> > Description
> > -------
> > 
> > This patch is for issue CLOUDSTACK-1475 (RegisterISO error after Update SSL Certificate)
> > on CloudStack 4.0.1. 
> > 
> > 
> > Changes include:
> > (1) update realhostip.keystore in SSVM (see the change in config_ssl.sh)
> > (2) change suffix of download iso/template url rom realhostip.com to domain_suffix
in SSL Certificate.
> > (3) validate download URL because ssvm publicip or domain suffix may change.
> > 
> > 
> > This addresses bug CLOUDSTACK-1475.
> > 
> > 
> > Diffs
> > -----
> > 
> >   agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java 48f5079

> >   console-proxy/scripts/config_ssl.sh 8d80c47 
> >   core/src/com/cloud/storage/resource/CifsSecondaryStorageResource.java c606fca

> >   core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java 155210d 
> >   server/src/com/cloud/configuration/Config.java dbcc97a 
> >   server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java 01b4720 
> >   server/src/com/cloud/consoleproxy/AgentBasedStandaloneConsoleProxyManager.java
6172780 
> >   server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java d2df83c 
> >   server/src/com/cloud/server/ConfigurationServerImpl.java 3368c9b 
> >   server/src/com/cloud/storage/download/DownloadMonitorImpl.java 2736777 
> >   server/src/com/cloud/storage/upload/UploadMonitorImpl.java 4231be8 
> > 
> > Diff: https://reviews.apache.org/r/9696/diff/
> > 
> > 
> > Testing
> > -------
> > 
> > Testing manually ok.
> > 
> > 
> > To test:
> > (1) generate update the SSL certificate and it.  see "17.3.1. Changing the Console
Proxy SSL Certificate and Domain" part in CloudPlatform3.0.6AdminGuide
> > http://support.citrix.com/servlet/KbServlet/download/33425-102-696517/CloudPlatform3.0.6AdminGuide.pdf
> > 
> > (2) visit instance via console. 
> > 
> > (3) Download ISO/Template. The browser will show the download url.
> > Before patch: the domain suffix of url always be "realhostip.com"
> > after patch: the domain suffix of url is "company.com" which you set in step(1).
> > 
> > (4) Register ISO/Template using the url in step(3).
> > Before patch: When the domain suffix is not "realhostip.com", it fails with error
message "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target".
> > after patch: successful.
> > 
> > (5) Destroy SSVM, and a new one will be created. 
> > Before patch: the url in step(3) does not change. the url still be the ip address
of old SSVM, and old domain suffix.
> > after patch: the url will contain the ip address of new SSVM. If the "company.com"
changes, the url will also contain the new domain suffix.
> > 
> > (6) If you do not have a DNS server (which can resolve company.com domain), please
add an entry in /etc/hosts file of the client.
> > aaa-bbb-ccc-ddd aaa-bbb-ccc-ddd.company.com        # aaa.bbb.ccc.ddd is the console
proxy ip. and ssvm as well.
> > 
> > 
> > We need to restart management-server after Update SSL Certificate.
> > 
> > 
> > Thanks,
> > 
> > Wei Zhou
> > 
> >
> 

Mime
View raw message