From users-return-30476-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Mon Apr 30 11:29:43 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id DC967180647 for ; Mon, 30 Apr 2018 11:29:42 +0200 (CEST) Received: (qmail 65610 invoked by uid 500); 30 Apr 2018 09:29:41 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 65588 invoked by uid 99); 30 Apr 2018 09:29:40 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Apr 2018 09:29:40 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id CFD64C00E1 for ; Mon, 30 Apr 2018 09:29:39 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.999 X-Spam-Level: * X-Spam-Status: No, score=1.999 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=dimsi1.onmicrosoft.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 0Sjt23mv0AwP for ; Mon, 30 Apr 2018 09:29:36 +0000 (UTC) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40123.outbound.protection.outlook.com [40.107.4.123]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 504225F1EE for ; Mon, 30 Apr 2018 09:29:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=DIMSI1.onmicrosoft.com; s=selector1-dimsi-fr; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9TFamE2pB9L0/DQwiAt3xTjzfMhSrtmte0tb87IPfFs=; b=OyaRqgrnzVxTw9sU5wZzLmq5UwIMVE8HjzuPvi+ubaidcSReFPrUSKKSWy2cP2V3eQZqr1yXAOPxFvzE0PjYF7b23n8jao3FCKfzeYGmx5reozp08zS+HUGM35BiDKgcDeH2fMihGJ45qOFftBB/yFEoF5tIHNEVPs2SehEsGzE= Received: from VI1PR0701MB1869.eurprd07.prod.outlook.com (10.167.197.17) by VI1PR0701MB3006.eurprd07.prod.outlook.com (10.173.72.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.735.6; Mon, 30 Apr 2018 09:29:29 +0000 Received: from VI1PR0701MB1869.eurprd07.prod.outlook.com ([fe80::4959:d1a1:c8a4:c414]) by VI1PR0701MB1869.eurprd07.prod.outlook.com ([fe80::4959:d1a1:c8a4:c414%7]) with mapi id 15.20.0735.006; Mon, 30 Apr 2018 09:29:29 +0000 From: Nicolas Bouige To: "users@cloudstack.apache.org" Subject: certificate issue second mgmt-server Thread-Topic: certificate issue second mgmt-server Thread-Index: AQHT4GO4BUWJzNuk/k+vYfTRcvtXHQ== Date: Mon, 30 Apr 2018 09:29:29 +0000 Message-ID: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [2a01:e34:ef3b:7040:e55b:bbf9:ece5:5060] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;VI1PR0701MB3006;7:Xb2z4w2dUi00D/lxuXlnRGiYC7Y7x4pBelHjOKbxqq4EPnlLGBY+CTsTqO61KNCYfkuPzsQny0B4MTAJKVs5i4nB5LUT9i8Dklto4jJSGcEvk6eQjeRNJlkRBYxF/1974FbwWNjXkniGNGU8+AOuiKL/iCgQoSsqlpnllQddyFTDemwezdfTv+wClBcRfbFL95fYheBbd2nMoOKtu73vnlIWxw0ZBi+ze0TsQODWd4ysPqpY6biG3vMb1NQuKc7b x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(7021125)(5600026)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020);SRVR:VI1PR0701MB3006; x-ms-traffictypediagnostic: VI1PR0701MB3006: authentication-results: spf=none (sender IP is ) smtp.mailfrom=n.bouige@dimsi.fr; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(21532816269658); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(6041310)(20161123558120)(20161123564045)(20161123560045)(2016111802025)(20161123562045)(6043046)(6072148)(201708071742011);SRVR:VI1PR0701MB3006;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0701MB3006; x-forefront-prvs: 0658BAF71F x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39830400003)(39380400002)(396003)(366004)(376002)(346002)(189003)(53754006)(377424004)(199004)(606006)(53386004)(478600001)(5250100002)(2501003)(97736004)(46003)(105586002)(316002)(6606003)(102836004)(106356001)(6916009)(551544002)(2906002)(5660300001)(14454004)(19627405001)(486006)(6116002)(7736002)(2900100001)(476003)(25786009)(59450400001)(3280700002)(3660700001)(2351001)(86362001)(55016002)(74482002)(8936002)(33656002)(6306002)(236005)(6436002)(1730700003)(81156014)(81166006)(6506007)(7696005)(54896002)(186003)(68736007)(74316002)(9686003)(8676002)(5640700003)(99286004)(53936002);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR0701MB3006;H:VI1PR0701MB1869.eurprd07.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: dimsi.fr does not designate permitted sender hosts) x-microsoft-antispam-message-info: FbO7p7OuYVCAiUx6+xoAIp1vMq4kFnJcFpqC3kr8R+i9PPIqH7WpmRNvSUwSRosstxpfUJc6f0H3G/d+jtMl91n8drOWPyuP0jZiwyKv5eKmRwlNF9qzPC2C0VJOnItj4TM0icVHBnmBp3/Rj3aDPvc0RGCwqWbMAbmkPdN6uUxk1U2oR5T9s/mn67SMLDx1 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB18696F235B4FA17C4A28DD7FE9820VI1PR0701MB1869_" MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 0b97c66a-6e6a-420c-87be-08d5ae7cdfdb X-OriginatorOrg: dimsi.fr X-MS-Exchange-CrossTenant-Network-Message-Id: 0b97c66a-6e6a-420c-87be-08d5ae7cdfdb X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2018 09:29:29.7326 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bab0ba86-ddf4-4ac4-b09f-d48f7eb9d905 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB3006 --_000_VI1PR0701MB18696F235B4FA17C4A28DD7FE9820VI1PR0701MB1869_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hello All, I have an issue with one of my Cloudstack mgmt-server (4.11) The second node has been deployed with the command "cloudstack-setup-datab= ases cloud:dbpassword@dbhost" i didnt have any problem during few days and now sometimes i got an error o= n web GUI when i perfom some basic task, the error is "Resource [Host:1] is= unreachable: Host 1: Unable to reach the peer that the agent is connected" After a quick investigation, i had to stop cloudstack-management service fr= om second mgmt-server and i noticed a lot of messages related with ca-certi= ficate used by cloudstack : 2018-04-27 11:18:24,076 ERROR [c.c.u.n.Link] (StatsCollector-1:ctx-82335701= ) (logid:95fda6d7) SSL error caught during unwrap data: Received fatal aler= t: certificate_unknown, for local address=3D/172.16.22.61:60128, remote add= ress=3D/172.16.22.60:8250. The client may have invalid ca-certificates. 2018-04-27 11:18:24,076 WARN [c.c.a.m.ClusteredAgentManagerImpl] (StatsCol= lector-1:ctx-82335701) (logid:95fda6d7) Unable to connect to peer managemen= t server: 130719784044197, ip: 172.16.22.60 due to SSL: Fail to init SSL! j= ava.io.IOException: SSL: Handshake failed with peer management server '1307= 19784044197' on 172.16.22.60:8250 java.io.IOException: SSL: Fail to init SSL! java.io.IOException: SSL: Hands= hake failed with peer management server '130719784044197' on 172.16.22.60:8= 250 at com.cloud.agent.manager.ClusteredAgentManagerImpl.connectToPeer(= ClusteredAgentManagerImpl.java:529) at com.cloud.agent.manager.ClusteredAgentAttache.send(ClusteredAgen= tAttache.java:177) at com.cloud.agent.manager.AgentAttache.send(AgentAttache.java:398) at com.cloud.agent.manager.AgentManagerImpl.send(AgentManagerImpl.j= ava:456) at com.cloud.agent.manager.AgentManagerImpl.send(AgentManagerImpl.j= ava:362) at com.cloud.agent.manager.AgentManagerImpl.easySend(AgentManagerIm= pl.java:954) at com.cloud.resource.ResourceManagerImpl.getHostStatistics(Resourc= eManagerImpl.java:2645) at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod= AccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingRef= lection(AopUtils.java:338) at org.springframework.aop.framework.ReflectiveMethodInvocation.inv= okeJoinpoint(ReflectiveMethodInvocation.java:197) at org.springframework.aop.framework.ReflectiveMethodInvocation.pro= ceed(ReflectiveMethodInvocation.java:163) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.= invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.pro= ceed(ReflectiveMethodInvocation.java:185) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkD= ynamicAopProxy.java:212) at com.sun.proxy.$Proxy178.getHostStatistics(Unknown Source) at com.cloud.server.StatsCollector$HostCollector.runInContext(Stats= Collector.java:438) at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.r= un(ManagedContextRunnable.java:49) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext= $1.call(DefaultManagedContext.java:56) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext= .callWithContext(DefaultManagedContext.java:103) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext= .runWithContext(DefaultManagedContext.java:53) at org.apache.cloudstack.managed.context.ManagedContextRunnable.run= (ManagedContextRunnable.java:46) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.ja= va:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFuture= Task.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFuture= Task.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec= utor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe= cutor.java:624) at java.lang.Thread.run(Thread.java:748) 2018-04-27 11:18:24,077 DEBUG [c.c.a.m.ClusteredAgentAttache] (StatsCollect= or-1:ctx-82335701) (logid:95fda6d7) Seq 9-9075597674081682614: Unable to fo= rward null 2018-04-27 11:18:24,177 ERROR [c.c.u.n.Link] (StatsCollector-1:ctx-82335701= ) (logid:95fda6d7) SSL error caught during unwrap data: Received fatal aler= t: certificate_unknown, for local address=3D/172.16.22.61:60130, remote add= ress=3D/172.16.22.60:8250. The client may have invalid ca-certificates. 2018-04-27 11:18:24,177 WARN [c.c.a.m.ClusteredAgentManagerImpl] (StatsCol= lector-1:ctx-82335701) (logid:95fda6d7) Unable to connect to peer managemen= t server: 130719784044197, ip: 172.16.22.60 due to SSL: Fail to init SSL! j= ava.io.IOException: SSL: Handshake failed with peer management server '1307= 19784044197' on 172.16.22.60:8250 Im not familiar with the using of self-signed certificate in cloudstack, do= you know where i can find out more information to investigate deeper ? or = if you have any idea ? I tried to check keystore on both mgmt-server but i need a password i havnt= ... Thanks upfront, Have a nice day, Best regards, Nicolas Bouige DIMSI cloud.dimsi.fr 4, avenue Laurent Cely Tour d=92Asni=E8re =96 92600 Asni=E8re sur Seine T/ +33 (0)6 28 98 53 40 --_000_VI1PR0701MB18696F235B4FA17C4A28DD7FE9820VI1PR0701MB1869_--