Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cloudstack.apache.org
Date: Tue, 24 Oct 2017 04:39:00 +0000 (UTC)
From: "ASF GitHub Bot (JIRA)" <jira@apache.org>
To: cloudstack-issues@incubator.apache.org
Message-ID: <JIRA.13103807.1505965175000.41437.1508819940089@Atlassian.JIRA>
In-Reply-To: <JIRA.13103807.1505965175000@Atlassian.JIRA>
References: <JIRA.13103807.1505965175000@Atlassian.JIRA> <JIRA.13103807.1505965175544@jira-lw-us.apache.org>
Subject: [jira] [Commented] (CLOUDSTACK-10087) Template registration errors
 out when template URL is https
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
archived-at: Tue, 24 Oct 2017 04:39:10 -0000


    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10087?page=3Dcom.atl=
assian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=
=3D16216290#comment-16216290 ]=20

ASF GitHub Bot commented on CLOUDSTACK-10087:
---------------------------------------------

karuturi commented on a change in pull request #2271: CLOUDSTACK-10087 Temp=
late registration errors out when template URL i=E2=80=A6
URL: https://github.com/apache/cloudstack/pull/2271#discussion_r146451794
=20
=20

 ##########
 File path: systemvm/patches/debian/config/etc/init.d/cloud-early-config
 ##########
 @@ -1302,6 +1303,18 @@ EOF
   cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
 }
=20
+import_jvm_cacerts(){
+ log_it "importing jvm keystore to realhostip keystore"
+ keyStore=3D/usr/local/cloud/systemvm/certs/realhostip.keystore
+ storepass=3D"vmops.com"
+ java_home=3D$(readlink -f $(which java) | sed "s:/bin/java::")
=20
 Review comment:
   JAVA_HOMe is defined in cloud-agent script https://github.com/apache/clo=
udstack/blob/master/agent/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-agent.=
in#L54

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
=20
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Template registration errors out when template URL is https
> -----------------------------------------------------------
>
>                 Key: CLOUDSTACK-10087
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-100=
87
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the defa=
ult.)=20
>            Reporter: sudharma jain
>
> *Management server logs:*
> 2017-08-23 08:55:36,706 DEBUG [c.c.a.t.Request] (AgentManager-Handler-5:n=
ull) (logid:) Seq 4-7842174326135586819: Processing:  { Ans: , MgmtId: 4278=
190080, via: 4, Ver: v1, Flags: 110, [{"com.cloud.agent.api.Answer":{"resul=
t":false,"details":"com.amazonaws.SdkClientException: Unable to execute HTT=
P request: sun.security.validator.ValidatorException: PKIX path building fa=
iled: sun.security.provider.certpath.SunCertPathBuilderException: unable to=
 find valid certification path to requested target\n\tat com.amazonaws.http=
.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:972)\=
n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonH=
ttpClient.java:676)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecut=
or.executeWithTimer(AmazonHttpClient.java:650)\n\tat com.amazonaws.http.Ama=
zonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:633)\n\tat com.=
amazonaws.http.AmazonHttpClient$RequestExecutor.access$300(AmazonHttpClient=
.java:601)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilde=
rImpl.execute(AmazonHttpClient.java:583)\n\tat com.amazonaws.http.AmazonHtt=
pClient.execute(AmazonHttpClient.java:447)\n\tat com.amazonaws.services.s3.=
AmazonS3Client.invoke(AmazonS3Client.java:4137)\n\tat com.amazonaws.service=
s.s3.AmazonS3Client.getBucketRegionViaHeadRequest(AmazonS3Client.java:4856)=
\n\tat com.amazonaws.services.s3.AmazonS3Client.fetchRegionFromCache(Amazon=
S3Client.java:4830)\n\tat com.amazonaws.services.s3.AmazonS3Client.invoke(A=
mazonS3Client.java:4122)\n\tat com.amazonaws.services.s3.AmazonS3Client.inv=
oke(AmazonS3Client.java:4079)\n\tat com.amazonaws.services.s3.AmazonS3Clien=
t.listObjects(AmazonS3Client.java:819)\n\tat com.cloud.utils.storage.S3.S3U=
tils.listDirectory(S3Utils.java:179)\n\tat org.apache.cloudstack.storage.re=
source.NfsSecondaryStorageResource.s3ListVolume(NfsSecondaryStorageResource=
.java:1667)\n\tat org.apache.cloudstack.storage.resource.NfsSecondaryStorag=
eResource.execute(NfsSecondaryStorageResource.java:1721)\n\tat org.apache.c=
loudstack.storage.resource.NfsSecondaryStorageResource.executeRequest(NfsSe=
condaryStorageResource.java:277)\n\tat com.cloud.storage.resource.PremiumSe=
condaryStorageResource.defaultAction(PremiumSecondaryStorageResource.java:6=
4)\n\tat com.cloud.storage.resource.PremiumSecondaryStorageResource.execute=
Request(PremiumSecondaryStorageResource.java:60)\n\tat com.cloud.agent.Agen=
t.processRequest(Agent.java:525)\n\tat com.cloud.agent.Agent$AgentRequestHa=
ndler.doTask(Agent.java:833)\n\tat com.cloud.utils.nio.Task.call(Task.java:=
83)\n\tat com.cloud.utils.nio.Task.call(Task.java:29)\n\tat java.util.concu=
rrent.FutureTask.run(FutureTask.java:266)\n\tat java.util.concurrent.Thread=
PoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tat java.util.concur=
rent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n\tat java.=
lang.Thread.run(Thread.java:745)\nCaused by: javax.net.ssl.SSLHandshakeExce=
ption: sun.security.validator.ValidatorException: PKIX path building failed=
: sun.security.provider.certpath.SunCertPathBuilderException: unable to fin=
d valid certification path to requested target\n\tat sun.security.ssl.Alert=
s.getSSLException(Alerts.java:192)\n\tat sun.security.ssl.SSLSocketImpl.fat=
al(SSLSocketImpl.java:1949)\n\tat sun.security.ssl.Handshaker.fatalSE(Hands=
haker.java:302)\n\tat sun.security.ssl.Handshaker.fatalSE(Handshaker.java:2=
96)\n\tat sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandsha=
ker.java:1509)\n\tat sun.security.ssl.ClientHandshaker.processMessage(Clien=
tHandshaker.java:216)\n\tat sun.security.ssl.Handshaker.processLoop(Handsha=
ker.java:979)\n\tat sun.security.ssl.Handshaker.process_record(Handshaker.j=
ava:914)\n\tat sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java=
:1062)\n\tat sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSock=
etImpl.java:1375)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSo=
cketImpl.java:1403)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSL=
SocketImpl.java:1387)\n\tat org.apache.http.conn.ssl.SSLConnectionSocketFac=
tory.createLayeredSocket(SSLConnectionSocketFactory.java:394)\n\tat org.apa=
che.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSoc=
ketFactory.java:353)\n\tat com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.=
connectSocket(SdkTLSSocketFactory.java:132)\n\tat org.apache.http.impl.conn=
.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOpe=
rator.java:141)\n\tat org.apache.http.impl.conn.PoolingHttpClientConnection=
Manager.connect(PoolingHttpClientConnectionManager.java:353)\n\tat sun.refl=
ect.GeneratedMethodAccessor14.invoke(Unknown Source)\n\tat sun.reflect.Dele=
gatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat=
 java.lang.reflect.Method.invoke(Method.java:498)\n\tat com.amazonaws.http.=
conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerF=
actory.java:76)\n\tat com.amazonaws.http.conn.$Proxy6.connect(Unknown Sourc=
e)\n\tat org.apache.http.impl.execchain.MainClientExec.establishRoute(MainC=
lientExec.java:380)\n\tat org.apache.http.impl.execchain.MainClientExec.exe=
cute(MainClientExec.java:236)\n\tat org.apache.http.impl.execchain.Protocol=
Exec.execute(ProtocolExec.java:184)\n\tat org.apache.http.impl.client.Inter=
nalHttpClient.doExecute(InternalHttpClient.java:184)\n\tat org.apache.http.=
impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)\n\tat =
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient=
.java:55)\n\tat com.amazonaws.http.apache.client.impl.SdkHttpClient.execute=
(SdkHttpClient.java:72)\n\tat com.amazonaws.http.AmazonHttpClient$RequestEx=
ecutor.executeOneRequest(AmazonHttpClient.java:1115)\n\tat com.amazonaws.ht=
tp.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:964=
)\n\t... 26 more\nCaused by: sun.security.validator.ValidatorException: PKI=
X path building failed: sun.security.provider.certpath.SunCertPathBuilderEx=
ception: unable to find valid certification path to requested target\n\tat =
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)\n\tat =
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)=
\n\tat sun.security.validator.Validator.validate(Validator.java:260)\n\tat =
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:32=
4)\n\tat sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManage=
rImpl.java:229)\n\tat sun.security.ssl.X509TrustManagerImpl.checkServerTrus=
ted(X509TrustManagerImpl.java:124)\n\tat sun.security.ssl.ClientHandshaker.=
serverCertificate(ClientHandshaker.java:1491)\n\t... 52 more\nCaused by: su=
n.security.provider.certpath.SunCertPathBuilderException: unable to find va=
lid certification path to requested target\n\tat sun.security.provider.cert=
path.SunCertPathBuilder.build(SunCertPathBuilder.java:141)\n\tat sun.securi=
ty.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java=
:126)\n\tat java.security.cert.CertPathBuilder.build(CertPathBuilder.java:2=
80)\n\tat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:3=
82)\n\t... 58 more\n","wait":0}}] }
> *SSVM logs:*
> 2017-09-21 03:04:16,887 INFO  [commons.httpclient.HttpMethodDirector] (po=
ol-1-thread-1:null) I/O exception (javax.net.ssl.SSLHandshakeException) cau=
ght when processing request: sun.security.validator.ValidatorException: PKI=
X path building failed: sun.security.provider.certpath.SunCertPathBuilderEx=
ception: unable to find valid certification path to requested target
> 2017-09-21 03:04:16,888 INFO  [commons.httpclient.HttpMethodDirector] (po=
ol-1-thread-1:null) Retrying request
> 2017-09-21 03:04:17,204 INFO  [storage.template.DownloadManagerImpl] (poo=
l-1-thread-1:null) Download Completion for jobId: 3554c733-93bb-49da-9324-c=
451aa182556, status=3DUNRECOVERABLE_ERROR
> 2017-09-21 03:04:17,204 INFO  [storage.template.DownloadManagerImpl] (poo=
l-1-thread-1:null) local: /mnt/SecStorage/c4bb9aa7-9bc5-3042-aa00-3ab0cc758=
443/template/tmpl/2/202/dnld1724449062341770888tmp_, bytes=3D0, error=3Dsun=
.security.validator.ValidatorException: PKIX path building failed: sun.secu=
rity.provider.certpath.SunCertPathBuilderException: unable to find valid ce=
rtification path to requested target, pct=3D0
> 2017-09-21 03:04:18,757 DEBUG [cloud.agent.Agent] (agentRequest-Handler-9=
:null) Seq 5-4165548180340998163:  { Ans: , MgmtId: 4278190080, via: 5, Ver=
: v1, Flags: 10, [{"com.cloud.agent.api.storage.DownloadAnswer":{"jobId":"3=
554c733-93bb-49da-9324-c451aa182556","downloadPct":0,"errorString":"sun.sec=
urity.validator.ValidatorException: PKIX path building failed: sun.security=
.provider.certpath.SunCertPathBuilderException: unable to find valid certif=
ication path to requested target","downloadStatus":"DOWNLOAD_ERROR","downlo=
adPath":"/mnt/SecStorage/c4bb9aa7-9bc5-3042-aa00-3ab0cc758443/template/tmpl=
/2/202/dnld1724449062341770888tmp_","installPath":"template/tmpl/2/202","te=
mplateSize":0,"templatePhySicalSize":0,"result":true,"details":"sun.securit=
y.validator.ValidatorException: PKIX path building failed: sun.security.pro=
vider.certpath.SunCertPathBuilderException: unable to find valid certificat=
ion path to requested target","wait":0}}] }


--
This message was sent by Atlassian JIRA
(v6.4.14#64029)