rhtyd commented on a change in pull request #2616: 4.11.1.0: Stabilization and
blocker/issues fixes
URL: https://github.com/apache/cloudstack/pull/2616#discussion_r185726831
##########
File path: systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh
##########
@@ -37,6 +37,8 @@ patch_systemvm() {
echo "Restored keystore file and certs using backup" >> $logfile
fi
rm -fr $backupfolder
+ # Import global cacerts into 'cloud' service's keystore
+ keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts
-destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass
changeit -deststorepass vmops.com -noprompt || true
Review comment:
For historic reasons, the keystore used by agent is at
/usr/local/cloud/systemvm/cert in systemvm. This code/change ensures that the
global ca cert (java) is imported into that local keystore. The reason `||
true` is used to ensure that this does not fail patching in case the keystore
already has certs imported (say an already patched systemvm stopped and
started).
The letsencrypt cacert is imported during systemvmtemplate building, the
change in patchsystemvm.sh will ensure that we import cacerts during systemvm
patching.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
