Re: [PR] systemvm: fix failed to get script version when patch system vm or router [cloudstack]

Tue, 08 Jul 2025 01:27:51 -0700 


Copilot commented on code in PR #10962:
URL: https://github.com/apache/cloudstack/pull/10962#discussion_r2191833723


##########
systemvm/patch-sysvms.sh:
##########
@@ -122,8 +122,10 @@ patch_systemvm() {
     echo "Restored keystore file and certs using backup" >> $logfile 2>&1
   fi
 
-  # Import global cacerts into 'cloud' service's keystore
-  keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts 
-destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass 
changeit -deststorepass vmops.com -noprompt || true
+  if [ "$TYPE" = "consoleproxy" ] || [ "$TYPE" = "secstorage" ]; then

Review Comment:
   The conditional excludes the 'router' system VM type, so the keystore import 
won’t run when patching routers. If the import is needed for routers, add `TYPE 
= "router"` to the condition.
   ```suggestion
     if [ "$TYPE" = "consoleproxy" ] || [ "$TYPE" = "secstorage" ] || [ "$TYPE" 
= "router" ]; then
   ```



##########
systemvm/patch-sysvms.sh:
##########
@@ -122,8 +122,10 @@ patch_systemvm() {
     echo "Restored keystore file and certs using backup" >> $logfile 2>&1
   fi
 
-  # Import global cacerts into 'cloud' service's keystore
-  keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts 
-destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass 
changeit -deststorepass vmops.com -noprompt || true
+  if [ "$TYPE" = "consoleproxy" ] || [ "$TYPE" = "secstorage" ]; then
+    # Import global cacerts into 'cloud' service's keystore
+    keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts 
-destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass 
changeit -deststorepass vmops.com -noprompt 2>/dev/null || true

Review Comment:
   [nitpick] Redirecting stderr to `/dev/null` silences all keytool errors, 
which could hide real failures. Consider logging or handling unexpected errors 
explicitly instead of suppressing them completely.
   ```suggestion
       keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts 
-destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass 
changeit -deststorepass vmops.com -noprompt 2>>$logfile || true
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to