Re: Cloudstack installation on Ubuntu Xenial

[Rohit Yadav]

Hi Daniel,


As mentioned, addition of host using sudoer user has been fixed and will make 
its way into 4.11.1.0+. For now, you can follow the method you've shared, or 
reconfigure hosts to allow ssh (permit root password) for root user with a 
password.


- Rohit

<https://cloudstack.apache.org>




From: Daniel Coric <cori...@gmail.com>
Sent: Friday, March 16, 2018 2:58:23 AM
To: users@cloudstack.apache.org
Subject: Re: Cloudstack installation on Ubuntu Xenial

Hello Rohit,

I'm glad you've noticed the thread. Thank you for clearance.

It is definitely reproducible with the 4.11.0.0 and Ubuntu Xenial (16.4.04) - 
unfortunately I did't save any of the logs.

In the process of adding the host, I couldn't authenticate with the "root" user 
(the default value of "PermitRootLogin" in /etc/ssh/sshd_config is 
"prohibit-password" - I simply overlooked that fact) so I used "sudoer" user 
and disabled strictness.

After adding the host that way there were none of the keystore/certificate 
releted files in the /etc/cloudstack/agent directory (only agent.properties 
environment.properties and log4j-cloud.xml). I had to use provisionCertificate 
API to generate those.

Regards
Daniel

On 2018/03/15 11:56:43, Rohit Yadav <rohit.ya...@shapeblue.com> wrote:
> Hi Daniel,
>
>
> After you added the Ubuntu hosts, does it have cloud.jks at 
> /etc/cloudstack/agent? Can you confirm any errors seen during addition of KVM 
> host to the Ubuntu based management server?
>
>
> The log:
>
> 2018-03-12 20:44:03,787 WARN  [utils.nio.Link] (main:null) (logid:) Failed to 
> load keystore, using trust all manager
>
>
> Suggests that your KVM host failed to be secured (i.e. have the keystore jks 
> file setup) which could be due to several reasons. Can you check/confirm that 
> the user used to add the Ubuntu based KVM host was indeed 'root'. A sudoer 
> user may fail to add/create a jks/keystore file if it does not have access in 
> the /etc/cloudstack/agent directory.
>
>
> Furthermore, once the agent is up, with the auth strictness setting set to 
> false, you can re-attempt at re-securing your KVM host using the 
> provisionCertificate API and pass it a host id. However, if you can reproduce 
> the issue that fresh addition of KVM host fails to secure the host (i.e. 
> create the certificates and jks file) that indeed is an issue.
>
>
> A similar issue was recently fixed and will make into 4.11.1.0:
>
> https://github.com/apache/cloudstack/pull/2454 (with this fix, addHost will 
> also fail in case it fails to secure the KVM host)
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________
> From: Daniel Coric <cori...@gmail.com>
> Sent: Thursday, March 15, 2018 2:03:36 AM
> To: users@cloudstack.apache.org
> Subject: Re: Cloudstack installation on Ubuntu Xenial
>
> Hello Rafael,
>
> I'm aware of it, thank you. I also assumed that there could be some problem 
> with it, that's why I shared a link (second one) in my first post, hopping 
> that someone could confirm me that assumption.
>
> After I have set ca.plugin.root.auth.strictness to false everything worked 
> just fine - although it shouldn't be needed to do that for freshly installed 
> environments.
>
> At least it was not needed on the CentoOS. The CA framework did "kick in" (as 
> the article says) and has done his job.
>
> Regards
> Daniel Coric
>
> On 2018/03/14 00:48:11, Rafael Weingärtner <rafaelweingart...@gmail.com> 
> wrote:
> > Looking at the logs you provided looks like something wrong with the
> > certificate used to secure communication with your KVM agent. I am not
> > familiar with KVM and ACS. I know however, that there is a CA pluging that
> > can issue and install certificates on hosts. Have you tried that?
> >
>
> rohit.ya...@shapeblue.comÂ
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
> 
rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

> On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric <cori...@gmail.com> wrote:
> >
> > > Hello Rafael,
> > >
> > > Thank you for your response.
> > >
> > > I really did nothing except installing CS on a fresh installed Ubuntu VM -
> > > as I did it on the CentOS. On the CentOS everything worked out of the box 
> > > -
> > > on the Ubuntu problems.
> > >
> > > I tried to install it from different package repositories (community,
> > > ShapeBlue, self-built), compared and follow

Re: Cloudstack installation on Ubuntu Xenial

[Daniel Coric]

Hello Rohit,

I'm glad you've noticed the thread. Thank you for clearance.

It is definitely reproducible with the 4.11.0.0 and Ubuntu Xenial (16.4.04) - 
unfortunately I did't save any of the logs.

In the process of adding the host, I couldn't authenticate with the "root" user 
(the default value of "PermitRootLogin" in /etc/ssh/sshd_config is 
"prohibit-password" - I simply overlooked that fact) so I used "sudoer" user 
and disabled strictness.

After adding the host that way there were none of the keystore/certificate 
releted files in the /etc/cloudstack/agent directory (only agent.properties 
environment.properties and log4j-cloud.xml). I had to use provisionCertificate 
API to generate those.

Regards
Daniel

On 2018/03/15 11:56:43, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: 
> Hi Daniel,
> 
> 
> After you added the Ubuntu hosts, does it have cloud.jks at 
> /etc/cloudstack/agent? Can you confirm any errors seen during addition of KVM 
> host to the Ubuntu based management server?
> 
> 
> The log:
> 
> 2018-03-12 20:44:03,787 WARN  [utils.nio.Link] (main:null) (logid:) Failed to 
> load keystore, using trust all manager
> 
> 
> Suggests that your KVM host failed to be secured (i.e. have the keystore jks 
> file setup) which could be due to several reasons. Can you check/confirm that 
> the user used to add the Ubuntu based KVM host was indeed 'root'. A sudoer 
> user may fail to add/create a jks/keystore file if it does not have access in 
> the /etc/cloudstack/agent directory.
> 
> 
> Furthermore, once the agent is up, with the auth strictness setting set to 
> false, you can re-attempt at re-securing your KVM host using the 
> provisionCertificate API and pass it a host id. However, if you can reproduce 
> the issue that fresh addition of KVM host fails to secure the host (i.e. 
> create the certificates and jks file) that indeed is an issue.
> 
> 
> A similar issue was recently fixed and will make into 4.11.1.0:
> 
> https://github.com/apache/cloudstack/pull/2454 (with this fix, addHost will 
> also fail in case it fails to secure the KVM host)
> 
> 
> - Rohit
> 
> <https://cloudstack.apache.org>
> 
> 
> 
> ________
> From: Daniel Coric <cori...@gmail.com>
> Sent: Thursday, March 15, 2018 2:03:36 AM
> To: users@cloudstack.apache.org
> Subject: Re: Cloudstack installation on Ubuntu Xenial
> 
> Hello Rafael,
> 
> I'm aware of it, thank you. I also assumed that there could be some problem 
> with it, that's why I shared a link (second one) in my first post, hopping 
> that someone could confirm me that assumption.
> 
> After I have set ca.plugin.root.auth.strictness to false everything worked 
> just fine - although it shouldn't be needed to do that for freshly installed 
> environments.
> 
> At least it was not needed on the CentoOS. The CA framework did "kick in" (as 
> the article says) and has done his job.
> 
> Regards
> Daniel Coric
> 
> On 2018/03/14 00:48:11, Rafael Weingärtner <rafaelweingart...@gmail.com> 
> wrote:
> > Looking at the logs you provided looks like something wrong with the
> > certificate used to secure communication with your KVM agent. I am not
> > familiar with KVM and ACS. I know however, that there is a CA pluging that
> > can issue and install certificates on hosts. Have you tried that?
> >
> 
> rohit.ya...@shapeblue.com 
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>   
>  
> 
> > On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric <cori...@gmail.com> wrote:
> >
> > > Hello Rafael,
> > >
> > > Thank you for your response.
> > >
> > > I really did nothing except installing CS on a fresh installed Ubuntu VM -
> > > as I did it on the CentOS. On the CentOS everything worked out of the box 
> > > -
> > > on the Ubuntu problems.
> > >
> > > I tried to install it from different package repositories (community,
> > > ShapeBlue, self-built), compared and followed Ubuntu specific installation
> > > instructions from two different sources (ACS, ShapeBlue) every time same
> > > errors in agent.log.
> > >
> > > So, I would rather say that there is something wrong either with the
> > > source or Ubuntu - but, as the first time CS user I could be wrong, of
> > > course.
> > >
> > > Regards
> > > Daniel Coric
> > >
> > > On 2018/03/13 18:43:46, Rafael Weingärtner 
> > > <rafaelweingart...@gmail.com>
> > > wrote:
> > > > The MySQL thing is on

Re: Cloudstack installation on Ubuntu Xenial

[Rohit Yadav]

Hi Daniel,


After you added the Ubuntu hosts, does it have cloud.jks at 
/etc/cloudstack/agent? Can you confirm any errors seen during addition of KVM 
host to the Ubuntu based management server?


The log:

2018-03-12 20:44:03,787 WARN  [utils.nio.Link] (main:null) (logid:) Failed to 
load keystore, using trust all manager


Suggests that your KVM host failed to be secured (i.e. have the keystore jks 
file setup) which could be due to several reasons. Can you check/confirm that 
the user used to add the Ubuntu based KVM host was indeed 'root'. A sudoer user 
may fail to add/create a jks/keystore file if it does not have access in the 
/etc/cloudstack/agent directory.


Furthermore, once the agent is up, with the auth strictness setting set to 
false, you can re-attempt at re-securing your KVM host using the 
provisionCertificate API and pass it a host id. However, if you can reproduce 
the issue that fresh addition of KVM host fails to secure the host (i.e. create 
the certificates and jks file) that indeed is an issue.


A similar issue was recently fixed and will make into 4.11.1.0:

https://github.com/apache/cloudstack/pull/2454 (with this fix, addHost will 
also fail in case it fails to secure the KVM host)


- Rohit

<https://cloudstack.apache.org>




From: Daniel Coric <cori...@gmail.com>
Sent: Thursday, March 15, 2018 2:03:36 AM
To: users@cloudstack.apache.org
Subject: Re: Cloudstack installation on Ubuntu Xenial

Hello Rafael,

I'm aware of it, thank you. I also assumed that there could be some problem 
with it, that's why I shared a link (second one) in my first post, hopping that 
someone could confirm me that assumption.

After I have set ca.plugin.root.auth.strictness to false everything worked just 
fine - although it shouldn't be needed to do that for freshly installed 
environments.

At least it was not needed on the CentoOS. The CA framework did "kick in" (as 
the article says) and has done his job.

Regards
Daniel Coric

On 2018/03/14 00:48:11, Rafael Weingärtner <rafaelweingart...@gmail.com> wrote:
> Looking at the logs you provided looks like something wrong with the
> certificate used to secure communication with your KVM agent. I am not
> familiar with KVM and ACS. I know however, that there is a CA pluging that
> can issue and install certificates on hosts. Have you tried that?
>

rohit.ya...@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

> On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric <cori...@gmail.com> wrote:
>
> > Hello Rafael,
> >
> > Thank you for your response.
> >
> > I really did nothing except installing CS on a fresh installed Ubuntu VM -
> > as I did it on the CentOS. On the CentOS everything worked out of the box -
> > on the Ubuntu problems.
> >
> > I tried to install it from different package repositories (community,
> > ShapeBlue, self-built), compared and followed Ubuntu specific installation
> > instructions from two different sources (ACS, ShapeBlue) every time same
> > errors in agent.log.
> >
> > So, I would rather say that there is something wrong either with the
> > source or Ubuntu - but, as the first time CS user I could be wrong, of
> > course.
> >
> > Regards
> > Daniel Coric
> >
> > On 2018/03/13 18:43:46, Rafael Weingärtner <rafaelweingart...@gmail.com>
> > wrote:
> > > The MySQL thing is only a warning and should not cause problems in your
> > > POC. The other is an error. There is something wrong with your agent's
> > > configurations/deployment.
> > >
> > > On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric <cori...@gmail.com> wrote:
> > >
> > > > Hello Everyone,
> > > >
> > > > I'm getting myself familiar with CloudStack so please excuse if I have
> > > > overlooked something obvious.
> > > >
> > > > Using build and install instructions from the official documentation I
> > > > have managed to successfully install CloudStack 4.11 on the neasted
> > CentOS
> > > > 7.4 KVM (from both community provided package repositories and
> > self-built
> > > > packages).
> > > >
> > > > I have tried some of the basic operations like: uploading iso images,
> > > > adding volumes and users, creating templates, creating and using VMs
> > (both
> > > > as admin and user) etc.
> > > > As far as I can tell, everything worked as expected - except the fact
> > that
> > > > CentOS VM took about half an hour to shut down.
> > > >
> > > > Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu
> > 16.

Re: Cloudstack installation on Ubuntu Xenial

[Rafael Weingärtner]

Looking at the logs you provided looks like something wrong with the
certificate used to secure communication with your KVM agent. I am not
familiar with KVM and ACS. I know however, that there is a CA pluging that
can issue and install certificates on hosts. Have you tried that?

On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric  wrote:

> Hello Rafael,
>
> Thank you for your response.
>
> I really did nothing except installing CS on a fresh installed Ubuntu VM -
> as I did it on the CentOS. On the CentOS everything worked out of the box -
> on the Ubuntu problems.
>
> I tried to install it from different package repositories (community,
> ShapeBlue, self-built), compared and followed Ubuntu specific installation
> instructions from two different sources (ACS, ShapeBlue) every time same
> errors in agent.log.
>
> So, I would rather say that there is something wrong either with the
> source or Ubuntu - but, as the first time CS user I could be wrong, of
> course.
>
> Regards
> Daniel Coric
>
> On 2018/03/13 18:43:46, Rafael Weingärtner 
> wrote:
> > The MySQL thing is only a warning and should not cause problems in your
> > POC. The other is an error. There is something wrong with your agent's
> > configurations/deployment.
> >
> > On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric  wrote:
> >
> > > Hello Everyone,
> > >
> > > I'm getting myself familiar with CloudStack so please excuse if I have
> > > overlooked something obvious.
> > >
> > > Using build and install instructions from the official documentation I
> > > have managed to successfully install CloudStack 4.11 on the neasted
> CentOS
> > > 7.4 KVM (from both community provided package repositories and
> self-built
> > > packages).
> > >
> > > I have tried some of the basic operations like: uploading iso images,
> > > adding volumes and users, creating templates, creating and using VMs
> (both
> > > as admin and user) etc.
> > > As far as I can tell, everything worked as expected - except the fact
> that
> > > CentOS VM took about half an hour to shut down.
> > >
> > > Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu
> 16.04.4
> > > VM shut down normally.
> > >
> > > But, that was also the only thing that worked as expected on that
> Ubuntu
> > > VM.
> > >
> > > I have tried to find some solution on internet but the closest I could
> get
> > > was this thread:
> > > https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html
> > > and this documentation:
> > > http://docs.cloudstack.apache.org/projects/cloudstack-
> > > administration/en/latest/hosts.html#security
> > >
> > > And I'm not even sure if I am on the right path to the solution - any
> > > assistance would be much appreciated.
> > >
> > >
> > >
> > > Ubuntu 16.04.4 cloudstack-management.err is filled with:
> > >
> > > Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without
> > > server's identity verification is not recommended. According to MySQL
> > > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be
> established
> > > by default if explicit option isn't set. For compliance with existing
> > > applications not using SSL the verifyServerCertificate property is set
> to
> > > 'false'. You need either to explicitly disable SSL by setting
> useSSL=false,
> > > or set useSSL=true and provide truststore for server certificate
> > > verification.
> > >
> > > Ubuntu 16.04.4 agent.log is filled with:
> > >
> > > 2018-03-12 20:43:58,782 INFO  [utils.exception.CSExceptionErrorCode]
> > > (main:null) (logid:) Could not find exception:
> com.cloud.utils.exception.NioConnectionException
> > > in error code list for exceptions
> > > 2018-03-12 20:43:58,782 WARN  [cloud.agent.Agent] (main:null) (logid:)
> NIO
> > > Connection Exception  com.cloud.utils.exception.
> NioConnectionException:
> > > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250
> > > 2018-03-12 20:43:58,782 INFO  [cloud.agent.Agent] (main:null) (logid:)
> > > Attempted to connect to the server, but received an unexpected
> exception,
> > > trying again...
> > > 2018-03-12 20:44:03,783 INFO  [cloud.agent.Agent] (main:null) (logid:)
> > > Connecting to host:10.22.0.5
> > > 2018-03-12 20:44:03,783 INFO  [utils.nio.NioClient] (main:null)
> (logid:)
> > > Connecting to 10.22.0.5:8250
> > > 2018-03-12 20:44:03,786 INFO  [utils.nio.Link] (main:null) (logid:)
> Conf
> > > file found: /etc/cloudstack/agent/agent.properties
> > > 2018-03-12 20:44:03,787 WARN  [utils.nio.Link] (main:null) (logid:)
> Failed
> > > to load keystore, using trust all manager
> > > 2018-03-12 20:44:03,858 ERROR [utils.nio.Link] (main:null) (logid:) SSL
> > > error caught during unwrap data: Received fatal alert:
> bad_certificate, for
> > > local address=/10.22.0.5:53356, remote address=/10.22.0.5:8250. The
> > > client may have invalid ca-certificates.
> > > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioClient] (main:null)
> (logid:)
> 

Re: Cloudstack installation on Ubuntu Xenial

[Daniel Coric]

Hello Rafael,

Thank you for your response. 

I really did nothing except installing CS on a fresh installed Ubuntu VM - as I 
did it on the CentOS. On the CentOS everything worked out of the box - on the 
Ubuntu problems. 

I tried to install it from different package repositories (community, 
ShapeBlue, self-built), compared and followed Ubuntu specific installation 
instructions from two different sources (ACS, ShapeBlue) every time same errors 
in agent.log.

So, I would rather say that there is something wrong either with the source or 
Ubuntu - but, as the first time CS user I could be wrong, of course.

Regards
Daniel Coric

On 2018/03/13 18:43:46, Rafael Weingärtner  
wrote: 
> The MySQL thing is only a warning and should not cause problems in your
> POC. The other is an error. There is something wrong with your agent's
> configurations/deployment.
> 
> On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric  wrote:
> 
> > Hello Everyone,
> >
> > I'm getting myself familiar with CloudStack so please excuse if I have
> > overlooked something obvious.
> >
> > Using build and install instructions from the official documentation I
> > have managed to successfully install CloudStack 4.11 on the neasted CentOS
> > 7.4 KVM (from both community provided package repositories and self-built
> > packages).
> >
> > I have tried some of the basic operations like: uploading iso images,
> > adding volumes and users, creating templates, creating and using VMs (both
> > as admin and user) etc.
> > As far as I can tell, everything worked as expected - except the fact that
> > CentOS VM took about half an hour to shut down.
> >
> > Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu 16.04.4
> > VM shut down normally.
> >
> > But, that was also the only thing that worked as expected on that Ubuntu
> > VM.
> >
> > I have tried to find some solution on internet but the closest I could get
> > was this thread:
> > https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html
> > and this documentation:
> > http://docs.cloudstack.apache.org/projects/cloudstack-
> > administration/en/latest/hosts.html#security
> >
> > And I'm not even sure if I am on the right path to the solution - any
> > assistance would be much appreciated.
> >
> >
> >
> > Ubuntu 16.04.4 cloudstack-management.err is filled with:
> >
> > Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without
> > server's identity verification is not recommended. According to MySQL
> > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established
> > by default if explicit option isn't set. For compliance with existing
> > applications not using SSL the verifyServerCertificate property is set to
> > 'false'. You need either to explicitly disable SSL by setting useSSL=false,
> > or set useSSL=true and provide truststore for server certificate
> > verification.
> >
> > Ubuntu 16.04.4 agent.log is filled with:
> >
> > 2018-03-12 20:43:58,782 INFO  [utils.exception.CSExceptionErrorCode]
> > (main:null) (logid:) Could not find exception: 
> > com.cloud.utils.exception.NioConnectionException
> > in error code list for exceptions
> > 2018-03-12 20:43:58,782 WARN  [cloud.agent.Agent] (main:null) (logid:) NIO
> > Connection Exception  com.cloud.utils.exception.NioConnectionException:
> > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250
> > 2018-03-12 20:43:58,782 INFO  [cloud.agent.Agent] (main:null) (logid:)
> > Attempted to connect to the server, but received an unexpected exception,
> > trying again...
> > 2018-03-12 20:44:03,783 INFO  [cloud.agent.Agent] (main:null) (logid:)
> > Connecting to host:10.22.0.5
> > 2018-03-12 20:44:03,783 INFO  [utils.nio.NioClient] (main:null) (logid:)
> > Connecting to 10.22.0.5:8250
> > 2018-03-12 20:44:03,786 INFO  [utils.nio.Link] (main:null) (logid:) Conf
> > file found: /etc/cloudstack/agent/agent.properties
> > 2018-03-12 20:44:03,787 WARN  [utils.nio.Link] (main:null) (logid:) Failed
> > to load keystore, using trust all manager
> > 2018-03-12 20:44:03,858 ERROR [utils.nio.Link] (main:null) (logid:) SSL
> > error caught during unwrap data: Received fatal alert: bad_certificate, for
> > local address=/10.22.0.5:53356, remote address=/10.22.0.5:8250. The
> > client may have invalid ca-certificates.
> > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioClient] (main:null) (logid:)
> > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250
> > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioConnection] (main:null)
> > (logid:) Unable to initialize the threads.
> > java.io.IOException: SSL Handshake failed while connecting to host:
> > 10.22.0.5 port: 8250
> > at com.cloud.utils.nio.NioClient.init(NioClient.java:67)
> > at com.cloud.utils.nio.NioConnection.start(NioConnection.java:95)
> > at com.cloud.agent.Agent.start(Agent.java:263)
> > at 

Re: Cloudstack installation on Ubuntu Xenial

[Rafael Weingärtner]

The MySQL thing is only a warning and should not cause problems in your
POC. The other is an error. There is something wrong with your agent's
configurations/deployment.

On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric  wrote:

> Hello Everyone,
>
> I'm getting myself familiar with CloudStack so please excuse if I have
> overlooked something obvious.
>
> Using build and install instructions from the official documentation I
> have managed to successfully install CloudStack 4.11 on the neasted CentOS
> 7.4 KVM (from both community provided package repositories and self-built
> packages).
>
> I have tried some of the basic operations like: uploading iso images,
> adding volumes and users, creating templates, creating and using VMs (both
> as admin and user) etc.
> As far as I can tell, everything worked as expected - except the fact that
> CentOS VM took about half an hour to shut down.
>
> Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu 16.04.4
> VM shut down normally.
>
> But, that was also the only thing that worked as expected on that Ubuntu
> VM.
>
> I have tried to find some solution on internet but the closest I could get
> was this thread:
> https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html
> and this documentation:
> http://docs.cloudstack.apache.org/projects/cloudstack-
> administration/en/latest/hosts.html#security
>
> And I'm not even sure if I am on the right path to the solution - any
> assistance would be much appreciated.
>
>
>
> Ubuntu 16.04.4 cloudstack-management.err is filled with:
>
> Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without
> server's identity verification is not recommended. According to MySQL
> 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established
> by default if explicit option isn't set. For compliance with existing
> applications not using SSL the verifyServerCertificate property is set to
> 'false'. You need either to explicitly disable SSL by setting useSSL=false,
> or set useSSL=true and provide truststore for server certificate
> verification.
>
> Ubuntu 16.04.4 agent.log is filled with:
>
> 2018-03-12 20:43:58,782 INFO  [utils.exception.CSExceptionErrorCode]
> (main:null) (logid:) Could not find exception: 
> com.cloud.utils.exception.NioConnectionException
> in error code list for exceptions
> 2018-03-12 20:43:58,782 WARN  [cloud.agent.Agent] (main:null) (logid:) NIO
> Connection Exception  com.cloud.utils.exception.NioConnectionException:
> SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250
> 2018-03-12 20:43:58,782 INFO  [cloud.agent.Agent] (main:null) (logid:)
> Attempted to connect to the server, but received an unexpected exception,
> trying again...
> 2018-03-12 20:44:03,783 INFO  [cloud.agent.Agent] (main:null) (logid:)
> Connecting to host:10.22.0.5
> 2018-03-12 20:44:03,783 INFO  [utils.nio.NioClient] (main:null) (logid:)
> Connecting to 10.22.0.5:8250
> 2018-03-12 20:44:03,786 INFO  [utils.nio.Link] (main:null) (logid:) Conf
> file found: /etc/cloudstack/agent/agent.properties
> 2018-03-12 20:44:03,787 WARN  [utils.nio.Link] (main:null) (logid:) Failed
> to load keystore, using trust all manager
> 2018-03-12 20:44:03,858 ERROR [utils.nio.Link] (main:null) (logid:) SSL
> error caught during unwrap data: Received fatal alert: bad_certificate, for
> local address=/10.22.0.5:53356, remote address=/10.22.0.5:8250. The
> client may have invalid ca-certificates.
> 2018-03-12 20:44:03,858 ERROR [utils.nio.NioClient] (main:null) (logid:)
> SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250
> 2018-03-12 20:44:03,858 ERROR [utils.nio.NioConnection] (main:null)
> (logid:) Unable to initialize the threads.
> java.io.IOException: SSL Handshake failed while connecting to host:
> 10.22.0.5 port: 8250
> at com.cloud.utils.nio.NioClient.init(NioClient.java:67)
> at com.cloud.utils.nio.NioConnection.start(NioConnection.java:95)
> at com.cloud.agent.Agent.start(Agent.java:263)
> at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:410)
> at com.cloud.agent.AgentShell.launchAgentFromClassInfo(
> AgentShell.java:378)
> at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:362)
> at com.cloud.agent.AgentShell.start(AgentShell.java:467)
> at com.cloud.agent.AgentShell.main(AgentShell.java:502)
>
>
>
> Regards
> D.Coric
>



-- 
Rafael Weingärtner