Hello Nico.
We also trying to use S3 as secondary storage, so several thoughts:
1. "peer not authenticated" - maybe problem with access id and secret
id? Can you authenticate with external client?
2. You cannot use self-signed certificate, it's not supported (actually
you can, but it must be added as trusted to local java keystore on all
nodes, including ssvm)
3. We also have problem with S3 via https and ssvm, because of ssvm
using custom java keystore file (/realhostip.keystore/) and in this file
only one trusted root certificate from godaddy.com. But even worse - in
source code it hard-coded that you can inject your custom certificate to
ssvm/cpvm (I mean trusted root cert here) only if secondary storage is NFS.
As workaround: after installation download and unpack systemvm.iso, find
realhostip.keystore file, add your trusted root or self-signed
certificate into it via keytool utility, recreate new iso file and
replace it on all management and KVM nodes.
check this
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name
and
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Implementation+details+and+troubleshooting+-+uploading+custom+domain+certificate+instead+of+using+realhostip.com
On 07/14/2015 03:58 PM, Nico Herzhauser wrote:
Hello cloudstack usergroup,
we like to try S3 style storage with cloudstack 4.5 but we cannot connect to
the S3 Storage.We think this is a certificate problem because the ssvm did not
get the right certificate.
We use a Wildcard SSL certificate.
At the storage-vm I see the following error in the log file:
2015-07-13 13:59:54,887 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Seq 40-6480961338762854402: { Ans: , MgmtId: 345049465082, via: 40, Ver: v1, Flags: 110,
[{"com.cloud.agent.api.Answer":{"result":true,"details":"","wait":0}}] }2015-07-13 13:59:55,020 DEBUG [cloud.agent.Agent] (agentRequest-Handler-3:null) Request:Seq 40-6480961338762854403: { Cmd , MgmtId: 345049465082, via: 40, Ver: v1,
Flags: 100111,
[{"com.cloud.agent.api.storage.ListVolumeCommand":{"store":{"com.cloud.agent.api.to.S3TO":{"id":15,"uuid":"51333282-9c81-43ca-9532-fac88f722df9","endPoint":"%fqdn%","bucketName":"secondary","httpsFlag":true,"created":"Jul
13, 2015 4:02:25 PM","enableRRS":false,"maxSingleUploadSizeInBytes":5368709120}},"wait":0}}] }2015-07-13 13:59:55,020 DEBUG [cloud.agent.Agent] (agentRequest-Handler-3:null) Processing command: com.cloud.agent.api.storage.ListVolumeCommand2015-07-13
13:59:55,031 DEBUG [cloud.utils.S3Utils] (agentRequest-Handler-3:null) Creating S3 client with configuration: [protocol: https, connectionTimeOut: 50000, maxErrorRetry: 3, socketTimeout: 50000]2015-07-13 13:59:55,160 DEBUG [cloud.utils.S3Utils] (agentRequest-Handler-3:null) Setting the
end point for S3 client com.amazonaws.services.s3.AmazonS3Client@6c05762a to %fqdn%.2015-07-13 13:59:55,549 INFO [amazonaws.http.AmazonHttpClient] (agentRequest-Handler-3:null) Unable to execute HTTP request: peer not authenticatedjavax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at
