Re: Cloudstack installation on Ubuntu Xenial
Hello Rohit, I'm glad you've noticed the thread. Thank you for clearance. It is definitely reproducible with the 4.11.0.0 and Ubuntu Xenial (16.4.04) - unfortunately I did't save any of the logs. In the process of adding the host, I couldn't authenticate with the "root" user (the default value of "PermitRootLogin" in /etc/ssh/sshd_config is "prohibit-password" - I simply overlooked that fact) so I used "sudoer" user and disabled strictness. After adding the host that way there were none of the keystore/certificate releted files in the /etc/cloudstack/agent directory (only agent.properties environment.properties and log4j-cloud.xml). I had to use provisionCertificate API to generate those. Regards Daniel On 2018/03/15 11:56:43, Rohit Yadav wrote: > Hi Daniel, > > > After you added the Ubuntu hosts, does it have cloud.jks at > /etc/cloudstack/agent? Can you confirm any errors seen during addition of KVM > host to the Ubuntu based management server? > > > The log: > > 2018-03-12 20:44:03,787 WARN [utils.nio.Link] (main:null) (logid:) Failed to > load keystore, using trust all manager > > > Suggests that your KVM host failed to be secured (i.e. have the keystore jks > file setup) which could be due to several reasons. Can you check/confirm that > the user used to add the Ubuntu based KVM host was indeed 'root'. A sudoer > user may fail to add/create a jks/keystore file if it does not have access in > the /etc/cloudstack/agent directory. > > > Furthermore, once the agent is up, with the auth strictness setting set to > false, you can re-attempt at re-securing your KVM host using the > provisionCertificate API and pass it a host id. However, if you can reproduce > the issue that fresh addition of KVM host fails to secure the host (i.e. > create the certificates and jks file) that indeed is an issue. > > > A similar issue was recently fixed and will make into 4.11.1.0: > > https://github.com/apache/cloudstack/pull/2454 (with this fix, addHost will > also fail in case it fails to secure the KVM host) > > > - Rohit > > <https://cloudstack.apache.org> > > > > > From: Daniel Coric > Sent: Thursday, March 15, 2018 2:03:36 AM > To: users@cloudstack.apache.org > Subject: Re: Cloudstack installation on Ubuntu Xenial > > Hello Rafael, > > I'm aware of it, thank you. I also assumed that there could be some problem > with it, that's why I shared a link (second one) in my first post, hopping > that someone could confirm me that assumption. > > After I have set ca.plugin.root.auth.strictness to false everything worked > just fine - although it shouldn't be needed to do that for freshly installed > environments. > > At least it was not needed on the CentoOS. The CA framework did "kick in" (as > the article says) and has done his job. > > Regards > Daniel Coric > > On 2018/03/14 00:48:11, Rafael Weingärtner > wrote: > > Looking at the logs you provided looks like something wrong with the > > certificate used to secure communication with your KVM agent. I am not > > familiar with KVM and ACS. I know however, that there is a CA pluging that > > can issue and install certificates on hosts. Have you tried that? > > > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > > On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric wrote: > > > > > Hello Rafael, > > > > > > Thank you for your response. > > > > > > I really did nothing except installing CS on a fresh installed Ubuntu VM - > > > as I did it on the CentOS. On the CentOS everything worked out of the box > > > - > > > on the Ubuntu problems. > > > > > > I tried to install it from different package repositories (community, > > > ShapeBlue, self-built), compared and followed Ubuntu specific installation > > > instructions from two different sources (ACS, ShapeBlue) every time same > > > errors in agent.log. > > > > > > So, I would rather say that there is something wrong either with the > > > source or Ubuntu - but, as the first time CS user I could be wrong, of > > > course. > > > > > > Regards > > > Daniel Coric > > > > > > On 2018/03/13 18:43:46, Rafael Weingärtner > > > > > > wrote: > > > > The MySQL thing is only a warning and should not cause problems in your > > > > POC. The other is an error. Ther
Re: Cloudstack installation on Ubuntu Xenial
Hello Rafael, I'm aware of it, thank you. I also assumed that there could be some problem with it, that's why I shared a link (second one) in my first post, hopping that someone could confirm me that assumption. After I have set ca.plugin.root.auth.strictness to false everything worked just fine - although it shouldn't be needed to do that for freshly installed environments. At least it was not needed on the CentoOS. The CA framework did "kick in" (as the article says) and has done his job. Regards Daniel Coric On 2018/03/14 00:48:11, Rafael Weingärtner wrote: > Looking at the logs you provided looks like something wrong with the > certificate used to secure communication with your KVM agent. I am not > familiar with KVM and ACS. I know however, that there is a CA pluging that > can issue and install certificates on hosts. Have you tried that? > > On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric wrote: > > > Hello Rafael, > > > > Thank you for your response. > > > > I really did nothing except installing CS on a fresh installed Ubuntu VM - > > as I did it on the CentOS. On the CentOS everything worked out of the box - > > on the Ubuntu problems. > > > > I tried to install it from different package repositories (community, > > ShapeBlue, self-built), compared and followed Ubuntu specific installation > > instructions from two different sources (ACS, ShapeBlue) every time same > > errors in agent.log. > > > > So, I would rather say that there is something wrong either with the > > source or Ubuntu - but, as the first time CS user I could be wrong, of > > course. > > > > Regards > > Daniel Coric > > > > On 2018/03/13 18:43:46, Rafael Weingärtner > > wrote: > > > The MySQL thing is only a warning and should not cause problems in your > > > POC. The other is an error. There is something wrong with your agent's > > > configurations/deployment. > > > > > > On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric wrote: > > > > > > > Hello Everyone, > > > > > > > > I'm getting myself familiar with CloudStack so please excuse if I have > > > > overlooked something obvious. > > > > > > > > Using build and install instructions from the official documentation I > > > > have managed to successfully install CloudStack 4.11 on the neasted > > CentOS > > > > 7.4 KVM (from both community provided package repositories and > > self-built > > > > packages). > > > > > > > > I have tried some of the basic operations like: uploading iso images, > > > > adding volumes and users, creating templates, creating and using VMs > > (both > > > > as admin and user) etc. > > > > As far as I can tell, everything worked as expected - except the fact > > that > > > > CentOS VM took about half an hour to shut down. > > > > > > > > Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu > > 16.04.4 > > > > VM shut down normally. > > > > > > > > But, that was also the only thing that worked as expected on that > > Ubuntu > > > > VM. > > > > > > > > I have tried to find some solution on internet but the closest I could > > get > > > > was this thread: > > > > https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html > > > > and this documentation: > > > > http://docs.cloudstack.apache.org/projects/cloudstack- > > > > administration/en/latest/hosts.html#security > > > > > > > > And I'm not even sure if I am on the right path to the solution - any > > > > assistance would be much appreciated. > > > > > > > > > > > > > > > > Ubuntu 16.04.4 cloudstack-management.err is filled with: > > > > > > > > Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without > > > > server's identity verification is not recommended. According to MySQL > > > > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be > > established > > > > by default if explicit option isn't set. For compliance with existing > > > > applications not using SSL the verifyServerCertificate property is set > > to > > > > 'false'. You need either to explicitly disable SSL by setting > > useSSL=false, > > > > or set useSSL=true and provide truststore for server certificate > > > > verification. > >
Re: Cloudstack installation on Ubuntu Xenial
Hello Rafael, Thank you for your response. I really did nothing except installing CS on a fresh installed Ubuntu VM - as I did it on the CentOS. On the CentOS everything worked out of the box - on the Ubuntu problems. I tried to install it from different package repositories (community, ShapeBlue, self-built), compared and followed Ubuntu specific installation instructions from two different sources (ACS, ShapeBlue) every time same errors in agent.log. So, I would rather say that there is something wrong either with the source or Ubuntu - but, as the first time CS user I could be wrong, of course. Regards Daniel Coric On 2018/03/13 18:43:46, Rafael Weingärtner wrote: > The MySQL thing is only a warning and should not cause problems in your > POC. The other is an error. There is something wrong with your agent's > configurations/deployment. > > On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric wrote: > > > Hello Everyone, > > > > I'm getting myself familiar with CloudStack so please excuse if I have > > overlooked something obvious. > > > > Using build and install instructions from the official documentation I > > have managed to successfully install CloudStack 4.11 on the neasted CentOS > > 7.4 KVM (from both community provided package repositories and self-built > > packages). > > > > I have tried some of the basic operations like: uploading iso images, > > adding volumes and users, creating templates, creating and using VMs (both > > as admin and user) etc. > > As far as I can tell, everything worked as expected - except the fact that > > CentOS VM took about half an hour to shut down. > > > > Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu 16.04.4 > > VM shut down normally. > > > > But, that was also the only thing that worked as expected on that Ubuntu > > VM. > > > > I have tried to find some solution on internet but the closest I could get > > was this thread: > > https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html > > and this documentation: > > http://docs.cloudstack.apache.org/projects/cloudstack- > > administration/en/latest/hosts.html#security > > > > And I'm not even sure if I am on the right path to the solution - any > > assistance would be much appreciated. > > > > > > > > Ubuntu 16.04.4 cloudstack-management.err is filled with: > > > > Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without > > server's identity verification is not recommended. According to MySQL > > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established > > by default if explicit option isn't set. For compliance with existing > > applications not using SSL the verifyServerCertificate property is set to > > 'false'. You need either to explicitly disable SSL by setting useSSL=false, > > or set useSSL=true and provide truststore for server certificate > > verification. > > > > Ubuntu 16.04.4 agent.log is filled with: > > > > 2018-03-12 20:43:58,782 INFO [utils.exception.CSExceptionErrorCode] > > (main:null) (logid:) Could not find exception: > > com.cloud.utils.exception.NioConnectionException > > in error code list for exceptions > > 2018-03-12 20:43:58,782 WARN [cloud.agent.Agent] (main:null) (logid:) NIO > > Connection Exception com.cloud.utils.exception.NioConnectionException: > > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 > > 2018-03-12 20:43:58,782 INFO [cloud.agent.Agent] (main:null) (logid:) > > Attempted to connect to the server, but received an unexpected exception, > > trying again... > > 2018-03-12 20:44:03,783 INFO [cloud.agent.Agent] (main:null) (logid:) > > Connecting to host:10.22.0.5 > > 2018-03-12 20:44:03,783 INFO [utils.nio.NioClient] (main:null) (logid:) > > Connecting to 10.22.0.5:8250 > > 2018-03-12 20:44:03,786 INFO [utils.nio.Link] (main:null) (logid:) Conf > > file found: /etc/cloudstack/agent/agent.properties > > 2018-03-12 20:44:03,787 WARN [utils.nio.Link] (main:null) (logid:) Failed > > to load keystore, using trust all manager > > 2018-03-12 20:44:03,858 ERROR [utils.nio.Link] (main:null) (logid:) SSL > > error caught during unwrap data: Received fatal alert: bad_certificate, for > > local address=/10.22.0.5:53356, remote address=/10.22.0.5:8250. The > > client may have invalid ca-certificates. > > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioClient] (main:null) (logid:) > > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 > > 2018-03-12 20:44:03,85
Cloudstack installation on Ubuntu Xenial
Hello Everyone, I'm getting myself familiar with CloudStack so please excuse if I have overlooked something obvious. Using build and install instructions from the official documentation I have managed to successfully install CloudStack 4.11 on the neasted CentOS 7.4 KVM (from both community provided package repositories and self-built packages). I have tried some of the basic operations like: uploading iso images, adding volumes and users, creating templates, creating and using VMs (both as admin and user) etc. As far as I can tell, everything worked as expected - except the fact that CentOS VM took about half an hour to shut down. Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu 16.04.4 VM shut down normally. But, that was also the only thing that worked as expected on that Ubuntu VM. I have tried to find some solution on internet but the closest I could get was this thread: https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html and this documentation: http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/hosts.html#security And I'm not even sure if I am on the right path to the solution - any assistance would be much appreciated. Ubuntu 16.04.4 cloudstack-management.err is filled with: Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. Ubuntu 16.04.4 agent.log is filled with: 2018-03-12 20:43:58,782 INFO [utils.exception.CSExceptionErrorCode] (main:null) (logid:) Could not find exception: com.cloud.utils.exception.NioConnectionException in error code list for exceptions 2018-03-12 20:43:58,782 WARN [cloud.agent.Agent] (main:null) (logid:) NIO Connection Exception com.cloud.utils.exception.NioConnectionException: SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 2018-03-12 20:43:58,782 INFO [cloud.agent.Agent] (main:null) (logid:) Attempted to connect to the server, but received an unexpected exception, trying again... 2018-03-12 20:44:03,783 INFO [cloud.agent.Agent] (main:null) (logid:) Connecting to host:10.22.0.5 2018-03-12 20:44:03,783 INFO [utils.nio.NioClient] (main:null) (logid:) Connecting to 10.22.0.5:8250 2018-03-12 20:44:03,786 INFO [utils.nio.Link] (main:null) (logid:) Conf file found: /etc/cloudstack/agent/agent.properties 2018-03-12 20:44:03,787 WARN [utils.nio.Link] (main:null) (logid:) Failed to load keystore, using trust all manager 2018-03-12 20:44:03,858 ERROR [utils.nio.Link] (main:null) (logid:) SSL error caught during unwrap data: Received fatal alert: bad_certificate, for local address=/10.22.0.5:53356, remote address=/10.22.0.5:8250. The client may have invalid ca-certificates. 2018-03-12 20:44:03,858 ERROR [utils.nio.NioClient] (main:null) (logid:) SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 2018-03-12 20:44:03,858 ERROR [utils.nio.NioConnection] (main:null) (logid:) Unable to initialize the threads. java.io.IOException: SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 at com.cloud.utils.nio.NioClient.init(NioClient.java:67) at com.cloud.utils.nio.NioConnection.start(NioConnection.java:95) at com.cloud.agent.Agent.start(Agent.java:263) at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:410) at com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShell.java:378) at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:362) at com.cloud.agent.AgentShell.start(AgentShell.java:467) at com.cloud.agent.AgentShell.main(AgentShell.java:502) Regards D.Coric
