cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Hoffman (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-8337) Applying new systemvm certificate fails silently
Date Fri, 20 Mar 2015 15:57:39 GMT
Dave Hoffman created CLOUDSTACK-8337:
----------------------------------------

             Summary: Applying new systemvm certificate fails silently
                 Key: CLOUDSTACK-8337
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8337
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: SystemVM
    Affects Versions: 4.3.2
            Reporter: Dave Hoffman


When trying to apply a new system SSL certificate in the UI, it says the certificate was applied
successfully and restarts the system vms.  When they come back up, they are still loaded with
the realhostip certificates.

Managment log shows the following:

2015-03-19 13:15:31,040 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
2015-03-19 13:15:31,041 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located
at /etc/cloudstack/management/cloudmanagementserver.keystore
2015-03-19 13:15:31,047 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey
-keystore /etc/cloudstack/management/cloudmanagementserver.keystore -storepass vmops.com -keypass
vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="domain",o="domain",c="Unknown"
2015-03-19 13:15:31,062 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
2015-03-19 13:15:31,063 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass
program specified
2015-03-19 13:15:31,064 WARN  [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe
keystore to continue.
java.io.IOException: Fail to generate certificate!: sudo: no tty present and no askpass program
specified
        at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:577)
        at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:598)
        at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:288)
        at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:152)
        at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:117)
        at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:156)
        at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:113)
        at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:59)
        at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167)
        at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
        at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339)
        at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143)
        at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:141)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:119)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:239)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:227)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:115)
        at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:78)
        at org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37)
        at org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:69)
        at org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:56)
        at org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:60)
        at org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:51)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
        at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:516)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-03-19 13:15:31,084 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Processing updateKeyPairs
2015-03-19 13:15:31,084 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Keypairs already
in database, updating local copy
2015-03-19 13:15:31,115 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Going to update
systemvm iso with generated keypairs if needed
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in the classpath
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) System resource: null
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Classpath resource: null
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Current binaries reside at /usr/share/cloudstack-management/webapps/client/WEB-INF/lib
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/share/cloudstack-management/webapps/client/WEB-INF/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/share/cloudstack-management/webapps/client/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/share/cloudstack-management/webapps/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/share/cloudstack-management/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/share/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /usr/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,117 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
in /scripts/vm/systemvm/injectkeys.sh



If I run the command in the command line it works just fine: 
sudo keytool -genkey -keystore /etc/cloudstack/management/cloudmanagementserver.keystore -storepass
vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="domainRemoved",o="domain",c="Unknown"

After destroying the system vms they get the updated certificate and the console proxy works
just fine.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message