That might due to the new dynamic role based access checker. https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
~Rajani Sent from phone. On 24 May 2017 7:10 p.m., "Jason Kinsella" <ja...@cloudpeople.com.au> wrote: > Hi All, > Based on the feedback it seems like the issue is related to CentOS > version, so I’ve built a new CentOS7 Management server using Blueshape > noredist. I’ve restored the 4.9.2.0 DB into this server and > management-server.logs look clean on boot. The only problem is that I can’t > log into the webUI. > > The logs show a successful login (user = kinsja), but the the API command > either is not allowed or doesn’t exist for the user. This means the UI > doesn’t load. > > Anyone seen this with a restored DB? > > 2017-05-24 09:26:08,239 DEBUG [c.c.u.AccountManagerImpl] > (catalina-exec-17:ctx-ee2c5e26) (logid:a8ca5ee5) User: kinsja in domain 1 > has successfully logged in > 2017-05-24 09:26:08,246 INFO [c.c.a.ApiServer] > (catalina-exec-17:ctx-ee2c5e26) > (logid:a8ca5ee5) Current user logged in under timezone > 2017-05-24 09:26:08,246 INFO [c.c.a.ApiServer] > (catalina-exec-17:ctx-ee2c5e26) > (logid:a8ca5ee5) Timezone offset from UTC is: 0.0 > 2017-05-24 09:26:08,251 DEBUG [c.c.a.ApiServlet] > (catalina-exec-17:ctx-ee2c5e26) > (logid:a8ca5ee5) ===END=== 192.168.10.38 -- POST > 2017-05-24 09:26:08,320 DEBUG [c.c.a.ApiServlet] > (catalina-exec-13:ctx-a1d38347) > (logid:3404c663) ===START=== 192.168.10.38 -- GET > command=listCapabilities&response=json&_=1495632368256 > 2017-05-24 09:26:08,325 DEBUG [c.c.a.ApiServer] > (catalina-exec-13:ctx-a1d38347 ctx-960796a5) (logid:3404c663) The user with > id:31 is not allowed to request the API command or the API command does not > exist: listCapabilities > > Thanks > Jason > > From: Jason Kinsella <ja...@cloudpeople.com.au> > Date: Tuesday, 23 May 2017 at 10:11 pm > To: "users@cloudstack.apache.org" <users@cloudstack.apache.org> > Subject: SSVM NIO SSL Handshake error > > Hi, > We recently upgraded from 4.5.0 to 4.9.2.0 and encountered a problem with > the SSVM and Console Proxy. They cannot connect to the management server. > The SSVM cloud.log repeats this error every couple of seconds. > > 2017-05-23 11:58:22,461 INFO [utils.nio.NioClient] (main:null) Connecting > to 192.168.12.1:8250 > 2017-05-23 11:58:22,465 WARN [utils.nio.Link] (main:null) This SSL engine > was forced to close inbound due to end of stream. > 2017-05-23 11:58:22,465 ERROR [utils.nio.Link] (main:null) Failed to send > server's CLOSE message due to socket channel's failure. > 2017-05-23 11:58:22,466 ERROR [utils.nio.NioClient] (main:null) SSL > Handshake failed while connecting to host: 192.168.12.1 port: 8250 > 2017-05-23 11:58:22,466 ERROR [utils.nio.NioConnection] (main:null) Unable > to initialize the threads. > java.io.IOException: SSL Handshake failed while connecting to host: > 192.168.12.1 port: 8250 > at com.cloud.utils.nio.NioClient.init(NioClient.java:67) > at com.cloud.utils.nio.NioConnection.start( > NioConnection.java:88) > at com.cloud.agent.Agent.start(Agent.java:237) > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java: > 399) > at com.cloud.agent.AgentShell.launchAgentFromClassInfo( > AgentShell.java:367) > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java: > 351) > at com.cloud.agent.AgentShell.start(AgentShell.java:456) > at com.cloud.agent.AgentShell.main(AgentShell.java:491) > 2017-05-23 11:58:22,468 INFO [utils.exception.CSExceptionErrorCode] > (main:null) Could not find exception: > com.cloud.utils.exception.NioConnectionException > in error code list for exceptions > 2017-05-23 11:58:22,468 WARN [cloud.agent.Agent] (main:null) NIO > Connection Exception com.cloud.utils.exception.NioConnectionException: > SSL Handshake failed while connecting to host: 192.168.12.1 port: 8250 > > The setup is very simple. Single management server and ports are open. > > Things checked / tried: > > · Destroyed SSVM multiple times – still same problem. > > · SSH to SSVM from MS using ssh -i > /var/cloudstack/management/.ssh/id_rsa > -p 3922 root@IPADDRESS – PASS > > · SSVM telnet on 8250 to MS – PASS > > I’ve also tested a restore of the DB into our working development 4.9.2.0 > server. It also exhibits the handshake errors, so most likely DB related. > > I’ve used up all my skills. Please help > > Regards, > Jason > >
