You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Erik Weber <te...@gmail.com> on 2014/08/01 16:56:25 UTC

Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/
-----------------------------------------------------------

Review request for cloudstack and edison su.


Bugs: CLOUDSTACK-1389
    https://issues.apache.org/jira/browse/CLOUDSTACK-1389


Repository: cloudstack-git


Description
-------

Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
,127 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
2014-08-01 17:25:07,150 WARN  [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.


Diffs
-----

  python/lib/cloudutils/serviceConfig.py e0ea7a2 

Diff: https://reviews.apache.org/r/24184/diff/


Testing
-------

Verified that the keystore now gets properly created

2014-08-01 18:50:58,336 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
2014-08-01 18:50:58,337 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
2014-08-01 18:50:59,413 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
2014-08-01 18:50:59,430 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.


Thanks,

Erik Weber

Re: Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool

Posted by Hugo Trippaers <ht...@schubergphilis.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/#review49346
-----------------------------------------------------------

Ship it!


Thanks for the fix!

commit 451e2ab851518832f44c77830347d9bbcb5da13f
Author: Erik Weber <te...@gmail.com>
Date:   Fri Aug 1 16:23:04 2014 +0200

    Adding keytool to the list of sudo commands for cloud user to allow certificate creation during startup
    
    Signed-off-by: Hugo Trippaers <ht...@schubergphilis.com>


- Hugo Trippaers


On Aug. 1, 2014, 2:56 p.m., Erik Weber wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24184/
> -----------------------------------------------------------
> 
> (Updated Aug. 1, 2014, 2:56 p.m.)
> 
> 
> Review request for cloudstack and edison su.
> 
> 
> Bugs: CLOUDSTACK-1389
>     https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
> ,127 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
> 2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
> 2014-08-01 17:25:07,150 WARN  [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
> 
> 
> Diffs
> -----
> 
>   python/lib/cloudutils/serviceConfig.py e0ea7a2 
> 
> Diff: https://reviews.apache.org/r/24184/diff/
> 
> 
> Testing
> -------
> 
> Verified that the keystore now gets properly created
> 
> 2014-08-01 18:50:58,336 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
> 2014-08-01 18:50:58,337 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
> 2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
> 2014-08-01 18:50:59,413 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
> 2014-08-01 18:50:59,430 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.
> 
> 
> Thanks,
> 
> Erik Weber
> 
>

Re: Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool

Posted by Hugo Trippaers <ht...@schubergphilis.com>.


> On Aug. 1, 2014, 3:07 p.m., Rohit Yadav wrote:
> > Thanks Eric for picking this up, looks good but need to test.

Sorry, didn't see your review before i committed mine. Anyway it works for me.


- Hugo


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/#review49343
-----------------------------------------------------------


On Aug. 1, 2014, 2:56 p.m., Erik Weber wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24184/
> -----------------------------------------------------------
> 
> (Updated Aug. 1, 2014, 2:56 p.m.)
> 
> 
> Review request for cloudstack and edison su.
> 
> 
> Bugs: CLOUDSTACK-1389
>     https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
> ,127 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
> 2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
> 2014-08-01 17:25:07,150 WARN  [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
> 
> 
> Diffs
> -----
> 
>   python/lib/cloudutils/serviceConfig.py e0ea7a2 
> 
> Diff: https://reviews.apache.org/r/24184/diff/
> 
> 
> Testing
> -------
> 
> Verified that the keystore now gets properly created
> 
> 2014-08-01 18:50:58,336 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
> 2014-08-01 18:50:58,337 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
> 2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
> 2014-08-01 18:50:59,413 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
> 2014-08-01 18:50:59,430 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.
> 
> 
> Thanks,
> 
> Erik Weber
> 
>

Re: Review Request 24184: CLOUDSTACK-1389 Fixing sudo access to keytool

Posted by Rohit Yadav <bh...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/24184/#review49343
-----------------------------------------------------------


Thanks Eric for picking this up, looks good but need to test.

- Rohit Yadav


On Aug. 1, 2014, 2:56 p.m., Erik Weber wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/24184/
> -----------------------------------------------------------
> 
> (Updated Aug. 1, 2014, 2:56 p.m.)
> 
> 
> Review request for cloudstack and edison su.
> 
> 
> Bugs: CLOUDSTACK-1389
>     https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> Since commit 45e4d4fc3bb52f73eb6e687a144cd48587fad2d4 the cloud user has been missing sudo access to keytool, thereby giving errors like:
> ,127 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 17:25:07,133 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
> 2014-08-01 17:25:07,147 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
> 2014-08-01 17:25:07,148 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
> 2014-08-01 17:25:07,150 WARN  [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
> 
> 
> Diffs
> -----
> 
>   python/lib/cloudutils/serviceConfig.py e0ea7a2 
> 
> Diff: https://reviews.apache.org/r/24184/diff/
> 
> 
> Testing
> -------
> 
> Verified that the keystore now gets properly created
> 
> 2014-08-01 18:50:58,336 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
> 2014-08-01 18:50:58,337 INFO  [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloud.keystore
> 2014-08-01 18:50:58,338 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="acs44-mgmt1.localdomain",o="acs44-mgmt1.localdomain",c="Unknown" 
> 2014-08-01 18:50:59,413 DEBUG [c.c.u.s.Script] (main:null) Execution is successful.
> 2014-08-01 18:50:59,413 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Generated SSL keystore.
> 2014-08-01 18:50:59,430 INFO  [c.c.s.ConfigurationServerImpl] (main:null) Stored SSL keystore to database.
> 
> 
> Thanks,
> 
> Erik Weber
> 
>