You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2023/01/16 09:20:38 UTC

[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7090: KVM: revert libvirtd config and retry if fail to add a host

DaanHoogland commented on code in PR #7090:
URL: https://github.com/apache/cloudstack/pull/7090#discussion_r1069100013


##########
scripts/util/keystore-setup:
##########
@@ -46,6 +47,27 @@ keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyal
 rm -f "$CSR_FILE"
 addresses=$(ip address | grep inet | awk '{print $2}' | sed 's/\/.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | egrep -v '^::1|^fe80' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ',')
 keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" > /dev/null 2>&1
+
+if [ $? -ne 0 ];then
+    echo "Failed to generate CSR file, retrying after removing existing settings"
+
+    if [ -f "$LIBVIRTD_FILE" ]; then
+        echo "Reverting libvirtd to not listen on TLS"
+        sed -i "s,^listen_tls=1,listen_tls=0,g" $LIBVIRTD_FILE
+        systemctl restart libvirtd
+    fi
+
+    echo "Removing cloud.* files in /etc/cloudstack/agent"
+    rm -f /etc/cloudstack/agent/cloud.*
+
+    echo "Retrying to generate CSR file"
+    keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" >/dev/null 2>&1
+    if [ $? -ne 0 ];then
+        echo "Failed to generate CSR file while retrying"
+        exit 1
+    fi

Review Comment:
   as an improvement we can make this a while loop with configurable length.



##########
server/src/main/java/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java:
##########
@@ -260,10 +260,11 @@ private void setupAgentSecurity(final Connection sshConnection, final String age
 
             final String privateKey = _configDao.getValue("ssh.privatekey");
             if (!SSHCmdHelper.acquireAuthorizedConnectionWithPublicKey(sshConnection, username, privateKey)) {
-                s_logger.error("Failed to authenticate with ssh key");
                 if (org.apache.commons.lang3.StringUtils.isEmpty(password)) {
+                    s_logger.error("Failed to authenticate with ssh key");

Review Comment:
   if we already know we are retrying, shouldn´t this be a WARN?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org