You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Jayapal Reddy <ja...@citrix.com> on 2013/05/17 06:20:21 UTC
Re: Review Request: (CLOUDSTACK-1475) update keystore in SSVM and change
download iso/template url after Update SSL Certificate
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/9696/#review20678
-----------------------------------------------------------
Changes are looking fine.
Nithin can you also please review the changes.
- Jayapal Reddy
On March 15, 2013, 9:54 a.m., Wei Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/9696/
> -----------------------------------------------------------
>
> (Updated March 15, 2013, 9:54 a.m.)
>
>
> Review request for cloudstack, Nitin Mehta and Jayapal Reddy.
>
>
> Description
> -------
>
> This patch is for issue CLOUDSTACK-1475 (RegisterISO error after Update SSL Certificate)
> on CloudStack 4.0.1.
>
>
> Changes include:
> (1) update realhostip.keystore in SSVM (see the change in config_ssl.sh)
> (2) change suffix of download iso/template url rom realhostip.com to domain_suffix in SSL Certificate.
> (3) validate download URL because ssvm publicip or domain suffix may change.
>
>
> This addresses bug CLOUDSTACK-1475.
>
>
> Diffs
> -----
>
> agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java 48f5079
> console-proxy/scripts/config_ssl.sh 8d80c47
> core/src/com/cloud/storage/resource/CifsSecondaryStorageResource.java c606fca
> core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java 155210d
> server/src/com/cloud/configuration/Config.java dbcc97a
> server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java 01b4720
> server/src/com/cloud/consoleproxy/AgentBasedStandaloneConsoleProxyManager.java 6172780
> server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java d2df83c
> server/src/com/cloud/server/ConfigurationServerImpl.java 3368c9b
> server/src/com/cloud/storage/download/DownloadMonitorImpl.java 2736777
> server/src/com/cloud/storage/upload/UploadMonitorImpl.java 4231be8
>
> Diff: https://reviews.apache.org/r/9696/diff/
>
>
> Testing
> -------
>
> Testing manually ok.
>
>
> To test:
> (1) generate update the SSL certificate and it. see "17.3.1. Changing the Console Proxy SSL Certificate and Domain" part in CloudPlatform3.0.6AdminGuide
> http://support.citrix.com/servlet/KbServlet/download/33425-102-696517/CloudPlatform3.0.6AdminGuide.pdf
>
> (2) visit instance via console.
>
> (3) Download ISO/Template. The browser will show the download url.
> Before patch: the domain suffix of url always be "realhostip.com"
> after patch: the domain suffix of url is "company.com" which you set in step(1).
>
> (4) Register ISO/Template using the url in step(3).
> Before patch: When the domain suffix is not "realhostip.com", it fails with error message "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".
> after patch: successful.
>
> (5) Destroy SSVM, and a new one will be created.
> Before patch: the url in step(3) does not change. the url still be the ip address of old SSVM, and old domain suffix.
> after patch: the url will contain the ip address of new SSVM. If the "company.com" changes, the url will also contain the new domain suffix.
>
> (6) If you do not have a DNS server (which can resolve company.com domain), please add an entry in /etc/hosts file of the client.
> aaa-bbb-ccc-ddd aaa-bbb-ccc-ddd.company.com # aaa.bbb.ccc.ddd is the console proxy ip. and ssvm as well.
>
>
> We need to restart management-server after Update SSL Certificate.
>
>
> Thanks,
>
> Wei Zhou
>
>