Duplicate of VR after disabling RvR
Hi All, Just opened this new bug, impacting 4.9.2: https://issues.apache.org/jira/browse/CLOUDSTACK-9884 And here’s a summary of some other VR related open issues I’ve noticed too: CLOUDSTACK-9692 Reset password service is not running on Redundant virtual routers. CLOUDSTACK-9712 Establishing Remote access VPN is failing due to mismatch of preshared secrets post Disable/Enable VPN. CLOUDSTACK-9735 VPN clients fail to authenticate when the password contains '#' CLOUDSTACK-9739 Network Update (editing n/w domain) to RVR NW fails to deploy rendundant VR's. CLOUDSTACK-9745 IPtable nat rules are not cleaned up on router, post disabling static nat on Public IP CLOUDSTACK-9747 Network Update with new N/W offering retains rules on UI but cleans up on Router CLOUDSTACK-9761 Custom NW offering with Default Egress policy as " Allow" : new ICMP rule is created as "accept" instead of " DROP" CLOUDSTACK-9878 Remote Access VPN that losing connection when new network configs are introduced
4.9.2 Issue with RvR and redundant state
Hi All, Following a migration to 4.9.2 from 4.5.2, xen 6.5, all RvR are unable to properly handle their redundant state. Issues are well described here: https://issues.apache.org/jira/browse/CLOUDSTACK-9385 https://issues.apache.org/jira/browse/CLOUDSTACK-9692 And addressed in this PR, mostly probably coming with the next release (if someone can confirm?): https://github.com/apache/cloudstack/pull/1871 We were massive users of RvR and missed this bug, it could be worth adding it in the known issues of the release notes. cheers
Re: api uploadsslcert encoding issue
Figured it out! some special characters within the certificate body itself were not correctly encoded. In the end, all special characters, as well as all line breaks should be encoded to reflect the exact certificate output and format. Will look at improving the doc available out there as this isn't crystal clear. From: Patrick W. <war...@hotmail.com> Sent: Monday, September 5, 2016 4:50 PM To: dev@cloudstack.apache.org Subject: Re: api uploadsslcert encoding issue I'm using 4.5.2 Yes you are right, I saw this issue: https://issues.apache.org/jira/browse/CLOUDSTACK-6864 but it was resolved in 4.4 Moreover I've tried the double encoding trick. From: Will Stevens <williamstev...@gmail.com> Sent: Monday, September 5, 2016 4:42 PM To: dev@cloudstack.apache.org Subject: Re: api uploadsslcert encoding issue What acs version are you using? I believe there was a problem with double encoding in some older releases. Maybe someone else can weigh in who knows for sure. On Sep 5, 2016 10:27 AM, "Patrick W." <war...@hotmail.com> wrote: > Has someone managed to upload a certificate, its chain and its key in a > single call, using the uploadsslcert API command? > > I've done attempts with cloudmonkey, in python, etc. tried all possible > formatting and encoding combinations but I always get errors > > - Expected X509 certificate. Failed due to String index out of range: > - Error parsing certificate data Invalid certificate format. Expected X509 > certificate > - Error parsing certificate data Invalid Certificate format. Failed due to > problem parsing cert: java.security.cert.CertificateException: > java.io.IOException: corrupted stream - out of bounds length found > > Has anybody succeeded with this? if yes, I'd be interested to reuse the > exact same approach. > > thanks! >
Re: api uploadsslcert encoding issue
I'm using 4.5.2 Yes you are right, I saw this issue: https://issues.apache.org/jira/browse/CLOUDSTACK-6864 but it was resolved in 4.4 Moreover I've tried the double encoding trick. From: Will Stevens <williamstev...@gmail.com> Sent: Monday, September 5, 2016 4:42 PM To: dev@cloudstack.apache.org Subject: Re: api uploadsslcert encoding issue What acs version are you using? I believe there was a problem with double encoding in some older releases. Maybe someone else can weigh in who knows for sure. On Sep 5, 2016 10:27 AM, "Patrick W." <war...@hotmail.com> wrote: > Has someone managed to upload a certificate, its chain and its key in a > single call, using the uploadsslcert API command? > > I've done attempts with cloudmonkey, in python, etc. tried all possible > formatting and encoding combinations but I always get errors > > - Expected X509 certificate. Failed due to String index out of range: > - Error parsing certificate data Invalid certificate format. Expected X509 > certificate > - Error parsing certificate data Invalid Certificate format. Failed due to > problem parsing cert: java.security.cert.CertificateException: > java.io.IOException: corrupted stream - out of bounds length found > > Has anybody succeeded with this? if yes, I'd be interested to reuse the > exact same approach. > > thanks! >
api uploadsslcert encoding issue
Has someone managed to upload a certificate, its chain and its key in a single call, using the uploadsslcert API command? I've done attempts with cloudmonkey, in python, etc. tried all possible formatting and encoding combinations but I always get errors - Expected X509 certificate. Failed due to String index out of range: - Error parsing certificate data Invalid certificate format. Expected X509 certificate - Error parsing certificate data Invalid Certificate format. Failed due to problem parsing cert: java.security.cert.CertificateException: java.io.IOException: corrupted stream - out of bounds length found Has anybody succeeded with this? if yes, I'd be interested to reuse the exact same approach. thanks!