deajan commented on issue #10703: URL: https://github.com/apache/cloudstack/issues/10703#issuecomment-2804795183
`grep -ri "cloudstack\-setup" /var/log/cloudstack` didn't produce any results on the management server, nor the KVM host. I did some more tests. I found that my SCAP profile sets the following values, preventing sudo runs to succeed. ``` Defaults noexec Defaults requiretty Defaults nopty ``` I commented all those out in order for the script run to succed. Perhaps this can be added to the KVM wiki. I didn't expect root to run the command with `sudo`. With those variables setup, adding the host via UI still failed. I modified the sources of `/usr/share/cloudstack-common/scripts/util/keystore-setup`, changing all redirections to /dev/null to a log file. I found the following results in my log file: ``` mar. 15 avril 2025 12:32:28 CEST - starting keystore-setup erreur keytool : java.io.IOException: keystore password was incorrect erreur keytool : java.io.IOException: keystore password was incorrect erreur keytool : java.io.IOException: keystore password was incorrect Found ip:10.13.37.2,ip:10.131.37.1, for CSR ``` Investigating further, I noticed that commented passwords are still used in the regex of the keystore-setup script. I've improved the script to add logs and restricted the regex. I've tested my script for another host. How about I make a PR for that one ? and Perhaps the wiki entry for adding checks on sudoers file ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
