Hi Adam,
If you're upgrading to 4.11.0.0, please use the correct release notes: http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.11.0.0/ When you upgrade, you'll need to upgrade both management server(s) and kvm host agents to make it work. By default, the new CA service will keep the global setting 'ca.plugin.root.auth.strictness ' to false for an existing deployment (this is only true for new/fresh installations). When the above global setting is false, and you want legacy behaviour make sure you don't have any cloud.jks in your KVM hosts's /etc/cloudstack/agent/ path. On the management server side, 4.11.0.0 creates a cloud.jks which holds a random certificate (starting 4.11.1.0 this won't be necessary, and this file will not be created in mgmt server's /etc/cloudstack/management/ path). If you make any changes (and after upgrades), try to restart the management server(s) and kvm host agent(s). - Rohit <https://cloudstack.apache.org> ________________________________ From: Adam Witwicki <awitwi...@oakfordis.com> Sent: Friday, May 4, 2018 1:06:48 PM To: users@cloudstack.apache.org Subject: Upgrading from 4.9 to 4.11 Hello Upgrading from 4.9 t0 4.11 using this guide http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.10/upgrade/upgrade-4.9.html None of my KVM hosts are connecting with this in the management server log 2018-05-04 08:31:13,774 WARN [c.c.u.n.Link] (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL Handshake has taken more than 15s to connect to: /192.168.200.109:50492. Please investigate this connection. Any Ideas? Thanks Adam Witwicki Disclaimer Notice: This email has been sent by Oakford Technology Limited, while we have checked this e-mail and any attachments for viruses, we can not guarantee that they are virus-free. You must therefore take full responsibility for virus checking. This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please contact us, delete the message from your computer and destroy any copies. Any distribution or copying without our prior permission is prohibited. Internet communications are not always secure and therefore Oakford Technology Limited does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oakford Technology Limited. Registered address: Oakford Technology Limited, 10 Prince Maurice Court, Devizes, Wiltshire. SN10 2RT. Registered in England and Wales No. 5971519 rohit.ya...@shapeblue.comĀ www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
