On Mon, Mar 04, 2013 at 11:08:32AM -0500, John Burwell wrote: > Chip, > > I opened CLOUDSTACK-1389 for the exact issue described by Sebastien. As > noted in the ticket, I believe the behavior implemented by the script > represents a security vulnerability(with or without the use of sudo).
Have any thoughts on how to resolve it? > > Thanks, > -John > > > On Mon, Mar 4, 2013 at 10:59 AM, Chip Childers > <chip.child...@sungard.com>wrote: > > > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote: > > > There's a bug for this, I think it's related to passwordless sudo for > > > cloud user on management server. > > > > Is this the one? > > > > https://issues.apache.org/jira/browse/CLOUDSTACK-1389 > > > > > > > > On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen <run...@gmail.com> > > wrote: > > > > Hi I am trying to test the latest 4.1 (and 4.1l10n branch). > > > > > > > > I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going. > > > > > > > > and after a 'clean install' I get stuck with: > > > > > > > > Password:WARN [utils.script.Script] (Script-1:) Interrupting script. > > > > WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey > > -keystore > > /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > > -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname > > cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is: > > > > WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use > > fail-safe keystore to continue. > > > > java.io.IOException: Fail to generate certificate!: timeout > > > > at > > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491) > > > > at > > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512) > > > > at > > com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269) > > > > at > > com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143) > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > > > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > > > at java.lang.reflect.Method.invoke(Method.java:601) > > > > at > > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) > > > > at > > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) > > > > at > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > > > > at > > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) > > > > at > > com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) > > > > at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source) > > > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > > > at java.lang.reflect.Method.invoke(Method.java:601) > > > > at > > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) > > > > at > > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) > > > > at > > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65) > > > > at > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > > > > at > > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90) > > > > at > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > > > > at > > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) > > > > at $Proxy388.configure(Unknown Source) > > > > at > > com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110) > > > > at > > com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50) > > > > at java.util.TimerThread.mainLoop(Timer.java:555) > > > > at java.util.TimerThread.run(Timer.java:505) > > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing > > updateKeyPairs > > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs > > already in database > > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs > > already in database, skip updating local copy (not running as cloud user) > > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to > > update systemvm iso with generated keypairs if needed > > > > Password: > > > > > > > > ? > > > > > > > > -sebastien > > > > >
