Hello, One instance of a reactor was done by design. Can you please provide steps how do you use the code and why do you need to change .truststore?
Thanks, Piotr On Wed, Dec 27, 2017 at 2:16 AM, pengyixiang <[email protected]> wrote: > hello > If we add a new node, we generate vdsm certs and scp them to node, > then we add it to .truststore in [1], so that our engine can connect to > vdsm. > so If .truststore changed, "getSslStompReactor" still use the old > .truststore and connect failed. I made a mistake, changed certs is > .truststore rather than engine.p12 > > > [1] > openssl genrsa \ > -out client/vdsmkey.pem 2048 > > openssl req \ > -new \ > -out requests/$1.req \ > -key client/vdsmkey.pem \ > -subj "${subject}" > > openssl ca \ > -batch \ > -config openssl.conf \ > -extfile cacert2.conf \ > -extensions v3_ca \ > -in requests/$1.req \ > -out certs/$1.cer \ > -keyfile private/ca.pem \ > -subj /O=Linx/CN=$1 \ > -utf8 \ > -days "3650" \ > -startdate "$(date --utc --date "now -1 days" > +"%y%m%d%H%M%SZ")" > > cp ca.pem client/cacert.pem > cp certs/$1.cer client/vdsmcert.pem > cp install.sh client > > keytool -import -noprompt -trustcacerts -alias $1$(date --utc --date > "now +1 days" +"%y%m%d%H%M%SZ")$(cat /dev/urandom | head -n 10 | md5sum | > head -c 10) -keypass mypass -file certs/$1.cer -keystore .truststore > -storepass mypass > > > > > > > At 2017-12-26 16:37:33, "Irit Goihman" <[email protected]> wrote: > > Hi, > Can you explain your question? > Why engine certs are changed? > > Thanks, > Irit > > On Mon, Dec 25, 2017 at 3:26 AM, pengyixiang <[email protected]> wrote: > >> hello, everyone! >> I use ScenarioClient to call vdsm-jsonrpc-client, but I find after >> my engine connected to one node, I new a node, then the certs(engine.p12) >> is changed, >> but engine can not connected to new node, at last, I find the problem in >> there [1], and I think rpc's certs to node that is still old, so I try to >> changed code to [2], >> then repeat the test way, it works well, the ovirt's engine doesn't meet >> the trouble and how did you do? client is created like this [3]. >> >> >> >> >> [1] https://github.com/oVirt/vdsm-jsonrpc-java/blob/078233e60c24 >> f8b8525b3bf5fb1c5ab9f1c4e0f4/client/src/main/java/org/ >> ovirt/vdsm/jsonrpc/client/reactors/ReactorFactory.java#L76 >> >> [2] >> >> private static Reactor getSslStompReactor(ManagerProvider provider) >> throws ClientConnectionException { >> // if (sslStompReactor != null) { >> // return sslStompReactor; >> // } >> synchronized (ReactorFactory.class) { >> // if (sslStompReactor != null) { >> // return sslStompReactor; >> // } >> try { >> sslStompReactor = new >> SSLStompReactor(provider.getSSLContext()); >> } catch (IOException | GeneralSecurityException e) { >> throw new ClientConnectionException(e); >> } >> } >> return sslStompReactor; >> } >> >> [3] >> public ScenarioClient(String hostname, int port) throws >> ClientConnectionException { >> this.reactor = ReactorFactory.getReactor(ProviderFactory.getProvider(), >> ReactorType.STOMP); >> final ReactorClient client = this.reactor.createClient(hostname, port); >> client.setClientPolicy(new DefaultStompConnectionPolicy()); >> this.worker = ReactorFactory.getWorker(PARALLELISM); >> this.jsonClient = this.worker.register(client); >> this.jsonClient.setRetryPolicy(new DefaultStompClientPolicy()); >> } >> >> >> >> >> >> _______________________________________________ >> Devel mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/devel >> > > > > -- > > IRIT GOIHMAN > > SOFTWARE ENGINEER > > EMEA VIRTUALIZATION R&D > > Red Hat EMEA <https://www.redhat.com/> > > <https://red.ht/sig> > TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> > @redhatnews <https://twitter.com/redhatnews> Red Hat > <https://www.linkedin.com/company/red-hat> Red Hat > <https://www.facebook.com/RedHatInc> > > > > > > _______________________________________________ > Devel mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/devel >
_______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
