Dave Hoffman created CLOUDSTACK-8337:
----------------------------------------
Summary: Applying new systemvm certificate fails silently
Key: CLOUDSTACK-8337
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8337
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: SystemVM
Affects Versions: 4.3.2
Reporter: Dave Hoffman
When trying to apply a new system SSL certificate in the UI, it says the
certificate was applied successfully and restarts the system vms. When they
come back up, they are still loaded with the realhostip certificates.
Managment log shows the following:
2015-03-19 13:15:31,040 INFO [c.c.s.ConfigurationServerImpl] (main:null)
Processing updateSSLKeyStore
2015-03-19 13:15:31,041 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL
keystore located at /etc/cloudstack/management/cloudmanagementserver.keystore
2015-03-19 13:15:31,047 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo
keytool -genkey -keystore
/etc/cloudstack/management/cloudmanagementserver.keystore -storepass vmops.com
-keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack
User",ou="domain",o="domain",c="Unknown"
2015-03-19 13:15:31,062 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
2015-03-19 13:15:31,063 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present
and no askpass program specified
2015-03-19 13:15:31,064 WARN [c.c.s.ConfigurationServerImpl] (main:null) Would
use fail-safe keystore to continue.
java.io.IOException: Fail to generate certificate!: sudo: no tty present and no
askpass program specified
at
com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:577)
at
com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:598)
at
com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:288)
at
com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:152)
at
org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:117)
at
org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:156)
at
org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:113)
at
org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:59)
at
org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167)
at
org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
at
org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339)
at
org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143)
at
org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108)
at
org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:141)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:119)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:239)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:227)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:115)
at
org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:78)
at
org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37)
at
org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:69)
at
org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:56)
at
org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:60)
at
org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:51)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:516)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-03-19 13:15:31,084 INFO [c.c.s.ConfigurationServerImpl] (main:null)
Processing updateKeyPairs
2015-03-19 13:15:31,084 INFO [c.c.s.ConfigurationServerImpl] (main:null)
Keypairs already in database, updating local copy
2015-03-19 13:15:31,115 INFO [c.c.s.ConfigurationServerImpl] (main:null) Going
to update systemvm iso with generated keypairs if needed
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in the classpath
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) System resource: null
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Classpath resource:
null
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Current binaries
reside at /usr/share/cloudstack-management/webapps/client/WEB-INF/lib
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in
/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in
/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in
/usr/share/cloudstack-management/webapps/client/WEB-INF/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in
/usr/share/cloudstack-management/webapps/client/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in
/usr/share/cloudstack-management/webapps/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in
/usr/share/cloudstack-management/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in
/usr/share/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in /usr/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,117 DEBUG [c.c.u.s.Script] (main:null) Looking for
scripts/vm/systemvm/injectkeys.sh in /scripts/vm/systemvm/injectkeys.sh
If I run the command in the command line it works just fine:
sudo keytool -genkey -keystore
/etc/cloudstack/management/cloudmanagementserver.keystore -storepass vmops.com
-keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack
User",ou="domainRemoved",o="domain",c="Unknown"
After destroying the system vms they get the updated certificate and the
console proxy works just fine.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
