Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 48929DF03 for ; Fri, 15 Mar 2013 09:54:41 +0000 (UTC) Received: (qmail 62774 invoked by uid 500); 15 Mar 2013 09:54:40 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 62572 invoked by uid 500); 15 Mar 2013 09:54:40 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 62542 invoked by uid 99); 15 Mar 2013 09:54:39 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Mar 2013 09:54:39 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id 00C011C10F6; Fri, 15 Mar 2013 09:54:38 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============4582209735314954305==" MIME-Version: 1.0 Subject: Re: Review Request: (CLOUDSTACK-1475) update keystore in SSVM and change download iso/template url after Update SSL Certificate From: "Wei Zhou" To: "Jayapal Reddy" , "Nitin Mehta" Cc: "cloudstack" , "Wei Zhou" Date: Fri, 15 Mar 2013 09:54:38 -0000 Message-ID: <20130315095438.1181.22869@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org Auto-Submitted: auto-generated Sender: "Wei Zhou" X-ReviewGroup: cloudstack X-ReviewRequest-URL: https://reviews.apache.org/r/9696/ X-Sender: "Wei Zhou" References: <20130306100604.27098.34237@reviews.apache.org> In-Reply-To: <20130306100604.27098.34237@reviews.apache.org> Reply-To: "Wei Zhou" --===============4582209735314954305== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/9696/ ----------------------------------------------------------- (Updated March 15, 2013, 9:54 a.m.) Review request for cloudstack, Nitin Mehta and Jayapal Reddy. Description (updated) ------- This patch is for issue CLOUDSTACK-1475 (RegisterISO error after Update SSL= Certificate) on CloudStack 4.0.1. = Changes include: (1) update realhostip.keystore in SSVM (see the change in config_ssl.sh) (2) change suffix of download iso/template url rom realhostip.com to domain= _suffix in SSL Certificate. (3) validate download URL because ssvm publicip or domain suffix may change. This addresses bug CLOUDSTACK-1475. Diffs ----- agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java= 48f5079 = console-proxy/scripts/config_ssl.sh 8d80c47 = core/src/com/cloud/storage/resource/CifsSecondaryStorageResource.java c60= 6fca = core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java 1552= 10d = server/src/com/cloud/configuration/Config.java dbcc97a = server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java 01b4= 720 = server/src/com/cloud/consoleproxy/AgentBasedStandaloneConsoleProxyManager= .java 6172780 = server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java d2df83c = server/src/com/cloud/server/ConfigurationServerImpl.java 3368c9b = server/src/com/cloud/storage/download/DownloadMonitorImpl.java 2736777 = server/src/com/cloud/storage/upload/UploadMonitorImpl.java 4231be8 = Diff: https://reviews.apache.org/r/9696/diff/ Testing (updated) ------- Testing manually ok. To test: (1) generate update the SSL certificate and it. see "17.3.1. Changing the = Console Proxy SSL Certificate and Domain" part in CloudPlatform3.0.6AdminGu= ide http://support.citrix.com/servlet/KbServlet/download/33425-102-696517/Cloud= Platform3.0.6AdminGuide.pdf (2) visit instance via console. = (3) Download ISO/Template. The browser will show the download url. Before patch: the domain suffix of url always be "realhostip.com" after patch: the domain suffix of url is "company.com" which you set in ste= p(1). (4) Register ISO/Template using the url in step(3). Before patch: When the domain suffix is not "realhostip.com", it fails with= error message "sun.security.validator.ValidatorException: PKIX path buildi= ng failed: sun.security.provider.certpath.SunCertPathBuilderException: unab= le to find valid certification path to requested target". after patch: successful. (5) Destroy SSVM, and a new one will be created. = Before patch: the url in step(3) does not change. the url still be the ip a= ddress of old SSVM, and old domain suffix. after patch: the url will contain the ip address of new SSVM. If the "compa= ny.com" changes, the url will also contain the new domain suffix. (6) If you do not have a DNS server (which can resolve company.com domain),= please add an entry in /etc/hosts file of the client. aaa-bbb-ccc-ddd aaa-bbb-ccc-ddd.company.com # aaa.bbb.ccc.ddd is the= console proxy ip. and ssvm as well. We need to restart management-server after Update SSL Certificate. Thanks, Wei Zhou --===============4582209735314954305==--