[
https://issues.apache.org/jira/browse/CLOUDSTACK-8337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14632685#comment-14632685
]
Pierre-Luc Dion commented on CLOUDSTACK-8337:
---------------------------------------------
This should be already fix in 4.4 and over.
> Applying new systemvm certificate fails silently
> ------------------------------------------------
>
> Key: CLOUDSTACK-8337
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8337
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: SystemVM
> Affects Versions: 4.3.2
> Reporter: Dave Hoffman
>
> When trying to apply a new system SSL certificate in the UI, it says the
> certificate was applied successfully and restarts the system vms. When they
> come back up, they are still loaded with the realhostip certificates.
> Managment log shows the following:
> 2015-03-19 13:15:31,040 INFO [c.c.s.ConfigurationServerImpl] (main:null)
> Processing updateSSLKeyStore
> 2015-03-19 13:15:31,041 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL
> keystore located at /etc/cloudstack/management/cloudmanagementserver.keystore
> 2015-03-19 13:15:31,047 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo
> keytool -genkey -keystore
> /etc/cloudstack/management/cloudmanagementserver.keystore -storepass
> vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack
> User",ou="domain",o="domain",c="Unknown"
> 2015-03-19 13:15:31,062 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2015-03-19 13:15:31,063 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty
> present and no askpass program specified
> 2015-03-19 13:15:31,064 WARN [c.c.s.ConfigurationServerImpl] (main:null)
> Would use fail-safe keystore to continue.
> java.io.IOException: Fail to generate certificate!: sudo: no tty present and
> no askpass program specified
> at
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:577)
> at
> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:598)
> at
> com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:288)
> at
> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:152)
> at
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:117)
> at
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:156)
> at
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:113)
> at
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:59)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
> at
> org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108)
> at
> org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:141)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:119)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:239)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:227)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:115)
> at
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:78)
> at
> org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37)
> at
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:69)
> at
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:56)
> at
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:60)
> at
> org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:51)
> at
> org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)
> at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
> at
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
> at
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
> at
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
> at
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
> at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
> at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
> at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:516)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> 2015-03-19 13:15:31,084 INFO [c.c.s.ConfigurationServerImpl] (main:null)
> Processing updateKeyPairs
> 2015-03-19 13:15:31,084 INFO [c.c.s.ConfigurationServerImpl] (main:null)
> Keypairs already in database, updating local copy
> 2015-03-19 13:15:31,115 INFO [c.c.s.ConfigurationServerImpl] (main:null)
> Going to update systemvm iso with generated keypairs if needed
> 2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in the classpath
> 2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) System resource:
> null
> 2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Classpath
> resource: null
> 2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Current binaries
> reside at /usr/share/cloudstack-management/webapps/client/WEB-INF/lib
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in
> /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in
> /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in
> /usr/share/cloudstack-management/webapps/client/WEB-INF/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in
> /usr/share/cloudstack-management/webapps/client/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in
> /usr/share/cloudstack-management/webapps/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in
> /usr/share/cloudstack-management/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in
> /usr/share/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in /usr/scripts/vm/systemvm/injectkeys.sh
> 2015-03-19 13:15:31,117 DEBUG [c.c.u.s.Script] (main:null) Looking for
> scripts/vm/systemvm/injectkeys.sh in /scripts/vm/systemvm/injectkeys.sh
> If I run the command in the command line it works just fine:
> sudo keytool -genkey -keystore
> /etc/cloudstack/management/cloudmanagementserver.keystore -storepass
> vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack
> User",ou="domainRemoved",o="domain",c="Unknown"
> After destroying the system vms they get the updated certificate and the
> console proxy works just fine.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
