You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Erik Weber <te...@gmail.com> on 2014/08/01 16:56:25 UTC
Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/
-----------------------------------------------------------
Review request for cloudstack and edison su.
Bugs: CLOUDSTACK-1389
https://issues.apache.org/jira/browse/CLOUDSTACK-1389
Repository: cloudstack-git
Description
-------
Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
,127 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
2014-08-01 17:25:07,150 WARN [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
Diffs
-----
python/lib/cloudutils/serviceConfig.py e0ea7a2
Diff: https://reviews.apache.org/r/24184/diff/
Testing
-------
Verified that the keystore now gets properly created
2014-08-01 18:50:58,336 INFO [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
2014-08-01 18:50:58,337 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
2014-08-01 18:50:59,413 INFO [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
2014-08-01 18:50:59,430 INFO [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.
Thanks,
Erik Weber
Re: Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool
Posted by Hugo Trippaers <ht...@schubergphilis.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/#review49346
-----------------------------------------------------------
Ship it!
Thanks for the fix!
commit 451e2ab851518832f44c77830347d9bbcb5da13f
Author: Erik Weber <te...@gmail.com>
Date: Fri Aug 1 16:23:04 2014 +0200
Adding keytool to the list of sudo commands for cloud user to allow certificate creation during startup
Signed-off-by: Hugo Trippaers <ht...@schubergphilis.com>
- Hugo Trippaers
On Aug. 1, 2014, 2:56 p.m., Erik Weber wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24184/
> -----------------------------------------------------------
>
> (Updated Aug. 1, 2014, 2:56 p.m.)
>
>
> Review request for cloudstack and edison su.
>
>
> Bugs: CLOUDSTACK-1389
> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
> ,127 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
> 2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
> 2014-08-01 17:25:07,150 WARN [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
>
>
> Diffs
> -----
>
> python/lib/cloudutils/serviceConfig.py e0ea7a2
>
> Diff: https://reviews.apache.org/r/24184/diff/
>
>
> Testing
> -------
>
> Verified that the keystore now gets properly created
>
> 2014-08-01 18:50:58,336 INFO [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
> 2014-08-01 18:50:58,337 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
> 2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
> 2014-08-01 18:50:59,413 INFO [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
> 2014-08-01 18:50:59,430 INFO [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.
>
>
> Thanks,
>
> Erik Weber
>
>
Re: Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool
Posted by Hugo Trippaers <ht...@schubergphilis.com>.
> On Aug. 1, 2014, 3:07 p.m., Rohit Yadav wrote:
> > Thanks Eric for picking this up, looks good but need to test.
Sorry, didn't see your review before i committed mine. Anyway it works for me.
- Hugo
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/#review49343
-----------------------------------------------------------
On Aug. 1, 2014, 2:56 p.m., Erik Weber wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24184/
> -----------------------------------------------------------
>
> (Updated Aug. 1, 2014, 2:56 p.m.)
>
>
> Review request for cloudstack and edison su.
>
>
> Bugs: CLOUDSTACK-1389
> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
> ,127 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
> 2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
> 2014-08-01 17:25:07,150 WARN [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
>
>
> Diffs
> -----
>
> python/lib/cloudutils/serviceConfig.py e0ea7a2
>
> Diff: https://reviews.apache.org/r/24184/diff/
>
>
> Testing
> -------
>
> Verified that the keystore now gets properly created
>
> 2014-08-01 18:50:58,336 INFO [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
> 2014-08-01 18:50:58,337 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
> 2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
> 2014-08-01 18:50:59,413 INFO [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
> 2014-08-01 18:50:59,430 INFO [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.
>
>
> Thanks,
>
> Erik Weber
>
>
Re: Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool
Posted by Rohit Yadav <bh...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/#review49343
-----------------------------------------------------------
Thanks Eric for picking this up, looks good but need to test.
- Rohit Yadav
On Aug. 1, 2014, 2:56 p.m., Erik Weber wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24184/
> -----------------------------------------------------------
>
> (Updated Aug. 1, 2014, 2:56 p.m.)
>
>
> Review request for cloudstack and edison su.
>
>
> Bugs: CLOUDSTACK-1389
> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
> ,127 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
> 2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
> 2014-08-01 17:25:07,150 WARN [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
>
>
> Diffs
> -----
>
> python/lib/cloudutils/serviceConfig.py e0ea7a2
>
> Diff: https://reviews.apache.org/r/24184/diff/
>
>
> Testing
> -------
>
> Verified that the keystore now gets properly created
>
> 2014-08-01 18:50:58,336 INFO [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
> 2014-08-01 18:50:58,337 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown"
> 2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
> 2014-08-01 18:50:59,413 INFO [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
> 2014-08-01 18:50:59,430 INFO [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.
>
>
> Thanks,
>
> Erik Weber
>
>