You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Sebastien Goasguen <ru...@gmail.com> on 2013/03/04 14:52:19 UTC
issue with 4.1
Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
and after a 'clean install' I get stuck with:
Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -keystore /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use fail-safe keystore to continue.
java.io.IOException: Fail to generate certificate!: timeout
at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy388.configure(Unknown Source)
at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateKeyPairs
INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database
INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database, skip updating local copy (not running as cloud user)
INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to update systemvm iso with generated keypairs if needed
Password:
?
-sebastien
Re: issue with 4.1
Posted by Sebastien Goasguen <ru...@gmail.com>.
Interesting, after 20 minutes or even more it went through with:
WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Failed to inject generated public key into systemvm iso injectkeys.sh: Failed to mount original iso /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/vms/systemvm.isoinjectkeys.sh: Failed to backup original iso /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/vms/systemvm.isoinjectkeys.sh: Failed to copy from original iso /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/vms/systemvm.isoinjectkeys.sh: Failed to copy key /Users/sebastiengoasguen/.ssh/id_rsa.pub from original iso to new iso injectkeys.sh: Failed to unmount old iso from /Users/sebastiengoasguen/systemvm_mnt
INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Need to store secondary storage vm copy password in the database
On Mar 4, 2013, at 8:52 AM, Sebastien Goasguen <ru...@gmail.com> wrote:
> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
>
> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
>
> and after a 'clean install' I get stuck with:
>
> Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -keystore /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use fail-safe keystore to continue.
> java.io.IOException: Fail to generate certificate!: timeout
> at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
> at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
> at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
> at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> at $Proxy388.configure(Unknown Source)
> at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
> at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> at java.util.TimerThread.mainLoop(Timer.java:555)
> at java.util.TimerThread.run(Timer.java:505)
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateKeyPairs
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database, skip updating local copy (not running as cloud user)
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to update systemvm iso with generated keypairs if needed
> Password:
>
> ?
>
> -sebastien
RE: issue with 4.1
Posted by "Musayev, Ilya" <im...@webmd.net>.
+1 to John's comment,
Regards
ilya
> -----Original Message-----
> From: John Burwell [mailto:jburwell@basho.com]
> Sent: Monday, March 04, 2013 11:16 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: issue with 4.1
>
> Chip,
>
> I neglected to mention in my reply that the extracted utility script would also
> need to be refactored to accept the various important bits (e.g. password,
> type, and length) into command line parameters or prompt the user. The
> core of the security issue I see is the defaulting of the password to
> "vmops.com", and assumptions about certificate strength.
>
> Thanks,
> -John
>
> On Mar 4, 2013, at 11:13 AM, John Burwell <jb...@basho.com> wrote:
>
> > Chip,
> >
> > My recommendation in the ticket is to extract the script from the
> management server to a external script provided as a connivence to end
> users. If we encounter a situation where a certificate is not present, provide
> a meaningful error message in the logs and exit. If a user needs help
> generating an SSL certificate, they can use execute the script with the
> appropriate parameters. Otherwise, they will generate/procure one through
> external means.
> >
> > Thanks,
> > -John
> >
> > On Mar 4, 2013, at 10:59 AM, Chip Childers <ch...@sungard.com>
> wrote:
> >
> >> On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> >>> There's a bug for this, I think it's related to passwordless sudo
> >>> for cloud user on management server.
> >>
> >> Is this the one?
> >>
> >> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> >>
> >>>
> >>> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
> <ru...@gmail.com> wrote:
> >>>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> >>>>
> >>>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> >>>>
> >>>> and after a 'clean install' I get stuck with:
> >>>>
> >>>> Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
> >>>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -
> keystore /Users/sebastiengoasguen/Documents/incubator-
> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -
> keyalg RSA -validity 3650 -dname cn="Cloudstack
> User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> >>>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
> fail-safe keystore to continue.
> >>>> java.io.IOException: Fail to generate certificate!: timeout
> >>>> at
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Config
> urationServerImpl.java:491)
> >>>> at
> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configuratio
> nServerImpl.java:512)
> >>>> at
> com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configurati
> onServerImpl.java:269)
> >>>> at
> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerIm
> pl.java:143)
> >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>>> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:57)
> >>>> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:43)
> >>>> at java.lang.reflect.Method.invoke(Method.java:601)
> >>>> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(
> AopUtils.java:319)
> >>>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoi
> npoint(ReflectiveMethodInvocation.java:183)
> >>>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> ReflectiveMethodInvocation.java:150)
> >>>> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.pr
> oceed(MethodInvocationProceedingJoinPoint.java:80)
> >>>> at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transactio
> nContextBuilder.java:37)
> >>>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
> Source)
> >>>> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:43)
> >>>> at java.lang.reflect.Method.invoke(Method.java:601)
> >>>> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
> odWithGivenArgs(AbstractAspectJAdvice.java:621)
> >>>> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
> od(AbstractAspectJAdvice.java:610)
> >>>> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJArou
> ndAdvice.java:65)
> >>>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> ReflectiveMethodInvocation.java:172)
> >>>> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(E
> xposeInvocationInterceptor.java:90)
> >>>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> ReflectiveMethodInvocation.java:172)
> >>>> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
> micAopProxy.java:202)
> >>>> at $Proxy388.configure(Unknown Source)
> >>>> at
> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
> mponentContext.java:110)
> >>>> at
> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> >>>> at java.util.TimerThread.mainLoop(Timer.java:555)
> >>>> at java.util.TimerThread.run(Timer.java:505)
> >>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing
> >>>> updateKeyPairs INFO [cloud.server.ConfigurationServerImpl]
> >>>> (Timer-2:) Keypairs already in database INFO
> >>>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already
> >>>> in database, skip updating local copy (not running as cloud user)
> >>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to
> >>>> update systemvm iso with generated keypairs if needed
> >>>> Password:
> >>>>
> >>>> ?
> >>>>
> >>>> -sebastien
> >>>
> >
>
Re: issue with 4.1
Posted by John Burwell <jb...@basho.com>.
Chip,
I neglected to mention in my reply that the extracted utility script would also need to be refactored to accept the various important bits (e.g. password, type, and length) into command line parameters or prompt the user. The core of the security issue I see is the defaulting of the password to "vmops.com", and assumptions about certificate strength.
Thanks,
-John
On Mar 4, 2013, at 11:13 AM, John Burwell <jb...@basho.com> wrote:
> Chip,
>
> My recommendation in the ticket is to extract the script from the management server to a external script provided as a connivence to end users. If we encounter a situation where a certificate is not present, provide a meaningful error message in the logs and exit. If a user needs help generating an SSL certificate, they can use execute the script with the appropriate parameters. Otherwise, they will generate/procure one through external means.
>
> Thanks,
> -John
>
> On Mar 4, 2013, at 10:59 AM, Chip Childers <ch...@sungard.com> wrote:
>
>> On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
>>> There's a bug for this, I think it's related to passwordless sudo for
>>> cloud user on management server.
>>
>> Is this the one?
>>
>> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>>
>>>
>>> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen <ru...@gmail.com> wrote:
>>>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
>>>>
>>>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
>>>>
>>>> and after a 'clean install' I get stuck with:
>>>>
>>>> Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
>>>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -keystore /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
>>>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use fail-safe keystore to continue.
>>>> java.io.IOException: Fail to generate certificate!: timeout
>>>> at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
>>>> at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
>>>> at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
>>>> at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>>> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>>>> at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
>>>> at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
>>>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>>> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
>>>> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
>>>> at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>>>> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>>>> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
>>>> at $Proxy388.configure(Unknown Source)
>>>> at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
>>>> at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
>>>> at java.util.TimerThread.mainLoop(Timer.java:555)
>>>> at java.util.TimerThread.run(Timer.java:505)
>>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateKeyPairs
>>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database
>>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database, skip updating local copy (not running as cloud user)
>>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to update systemvm iso with generated keypairs if needed
>>>> Password:
>>>>
>>>> ?
>>>>
>>>> -sebastien
>>>
>
Re: issue with 4.1
Posted by Chip Childers <ch...@sungard.com>.
Anyone want to take a shot at fixing this then? We seem to agree on the
right general direction.
On Mon, Mar 04, 2013 at 02:11:22PM -0800, Chiradeep Vittal wrote:
> +1 (again)
>
> On 3/4/13 1:06 PM, "Alex Huang" <Al...@citrix.com> wrote:
>
> >+1. It does not belong to the management server.
> >
> >--Alex
> >
> >> -----Original Message-----
> >> From: John Burwell [mailto:jburwell@basho.com]
> >> Sent: Monday, March 4, 2013 8:13 AM
> >> To: cloudstack-dev@incubator.apache.org
> >> Subject: Re: issue with 4.1
> >>
> >> Chip,
> >>
> >> My recommendation in the ticket is to extract the script from the
> >> management server to a external script provided as a connivence to end
> >> users. If we encounter a situation where a certificate is not present,
> >>provide
> >> a meaningful error message in the logs and exit. If a user needs help
> >> generating an SSL certificate, they can use execute the script with the
> >> appropriate parameters. Otherwise, they will generate/procure one
> >>through
> >> external means.
> >>
> >> Thanks,
> >> -John
> >>
> >> On Mar 4, 2013, at 10:59 AM, Chip Childers <ch...@sungard.com>
> >> wrote:
> >>
> >> > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> >> >> There's a bug for this, I think it's related to passwordless sudo for
> >> >> cloud user on management server.
> >> >
> >> > Is this the one?
> >> >
> >> > https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> >> >
> >> >>
> >> >> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
> >> <ru...@gmail.com> wrote:
> >> >>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> >> >>>
> >> >>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> >> >>>
> >> >>> and after a 'clean install' I get stuck with:
> >> >>>
> >> >>> Password:WARN [utils.script.Script] (Script-1:) Interrupting
> >>script.
> >> >>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool
> >>-genkey -
> >> keystore /Users/sebastiengoasguen/Documents/incubator-
> >> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
> >> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -
> >> keyalg RSA -validity 3650 -dname cn="Cloudstack
> >> User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> >> >>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
> >> fail-safe keystore to continue.
> >> >>> java.io.IOException: Fail to generate certificate!: timeout
> >> >>> at
> >> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Config
> >> urationServerImpl.java:491)
> >> >>> at
> >> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configuratio
> >> nServerImpl.java:512)
> >> >>> at
> >>
> >>com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configurati
> >> onServerImpl.java:269)
> >> >>> at
> >> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerIm
> >> pl.java:143)
> >> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >>Method)
> >> >>> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:57)
> >> >>> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorImpl.java:43)
> >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> >> >>> at
> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(
> >> AopUtils.java:319)
> >> >>> at
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoi
> >> npoint(ReflectiveMethodInvocation.java:183)
> >> >>> at
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> ReflectiveMethodInvocation.java:150)
> >> >>> at
> >> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.pr
> >> oceed(MethodInvocationProceedingJoinPoint.java:80)
> >> >>> at
> >> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transactio
> >> nContextBuilder.java:37)
> >> >>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
> >> Source)
> >> >>> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorImpl.java:43)
> >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> >> >>> at
> >> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
> >> odWithGivenArgs(AbstractAspectJAdvice.java:621)
> >> >>> at
> >> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
> >> od(AbstractAspectJAdvice.java:610)
> >> >>> at
> >> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJArou
> >> ndAdvice.java:65)
> >> >>> at
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> ReflectiveMethodInvocation.java:172)
> >> >>> at
> >> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(E
> >> xposeInvocationInterceptor.java:90)
> >> >>> at
> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> ReflectiveMethodInvocation.java:172)
> >> >>> at
> >> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
> >> micAopProxy.java:202)
> >> >>> at $Proxy388.configure(Unknown Source)
> >> >>> at
> >> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
> >> mponentContext.java:110)
> >> >>> at
> >> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> >> >>> at java.util.TimerThread.mainLoop(Timer.java:555)
> >> >>> at java.util.TimerThread.run(Timer.java:505)
> >> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing
> >> >>> updateKeyPairs INFO [cloud.server.ConfigurationServerImpl]
> >> >>> (Timer-2:) Keypairs already in database INFO
> >> >>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already
> >> >>> in database, skip updating local copy (not running as cloud user)
> >> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to
> >> >>> update systemvm iso with generated keypairs if needed
> >> >>> Password:
> >> >>>
> >> >>> ?
> >> >>>
> >> >>> -sebastien
> >> >>
> >
>
>
RE: issue with 4.1
Posted by Alex Huang <Al...@citrix.com>.
+1. Will be changed in 4.2. Didn't make it into 4.1 to disable to autoupgrade.
--Alex
> -----Original Message-----
> From: Edison Su [mailto:Edison.su@citrix.com]
> Sent: Monday, March 4, 2013 2:24 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: issue with 4.1
>
> I even think db upgrade should be separated from mgt server.
>
> > -----Original Message-----
> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> > Sent: Monday, March 04, 2013 2:11 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: Re: issue with 4.1
> >
> > +1 (again)
> >
> > On 3/4/13 1:06 PM, "Alex Huang" <Al...@citrix.com> wrote:
> >
> > >+1. It does not belong to the management server.
> > >
> > >--Alex
> > >
> > >> -----Original Message-----
> > >> From: John Burwell [mailto:jburwell@basho.com]
> > >> Sent: Monday, March 4, 2013 8:13 AM
> > >> To: cloudstack-dev@incubator.apache.org
> > >> Subject: Re: issue with 4.1
> > >>
> > >> Chip,
> > >>
> > >> My recommendation in the ticket is to extract the script from the
> > >>management server to a external script provided as a connivence to
> > >>end users. If we encounter a situation where a certificate is not
> > >>present, provide a meaningful error message in the logs and exit.
> > >>If a user needs help generating an SSL certificate, they can use
> > >>execute the script with the appropriate parameters. Otherwise,
> > >>they will generate/procure one through external means.
> > >>
> > >> Thanks,
> > >> -John
> > >>
> > >> On Mar 4, 2013, at 10:59 AM, Chip Childers
> > >> <ch...@sungard.com>
> > >> wrote:
> > >>
> > >> > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> > >> >> There's a bug for this, I think it's related to passwordless
> > >> >> sudo for cloud user on management server.
> > >> >
> > >> > Is this the one?
> > >> >
> > >> > https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> > >> >
> > >> >>
> > >> >> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
> > >> <ru...@gmail.com> wrote:
> > >> >>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> > >> >>>
> > >> >>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> > >> >>>
> > >> >>> and after a 'clean install' I get stuck with:
> > >> >>>
> > >> >>> Password:WARN [utils.script.Script] (Script-1:) Interrupting
> > >>script.
> > >> >>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool
> > >>-genkey -
> > >> keystore /Users/sebastiengoasguen/Documents/incubator-
> > >> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
> > >> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com
> > >>- keyalg RSA -validity 3650 -dname cn="Cloudstack
> > >>User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> > >> >>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would
> > >> >>> use
> > >> fail-safe keystore to continue.
> > >> >>> java.io.IOException: Fail to generate certificate!: timeout
> > >> >>> at
> > >>
> > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Conf
> > >> ig
> > >> urationServerImpl.java:491)
> > >> >>> at
> > >>
> > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configurat
> > >> io
> > >> nServerImpl.java:512)
> > >> >>> at
> > >>
> > >>com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Config
> > >>ur
> > >>ati
> > >> onServerImpl.java:269)
> > >> >>> at
> > >> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationSer
> > >> ve
> > >> rIm
> > >> pl.java:143)
> > >> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > >>Method)
> > >> >>> at
> > >>
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> > >> j
> > >> ava:57)
> > >> >>> at
> > >>
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> > >> sorImpl.java:43)
> > >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> > >> >>> at
> > >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflec
> > >> ti
> > >> on(
> > >> AopUtils.java:319)
> > >> >>> at
> > >>
> >
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
> > >> i
> > >> npoint(ReflectiveMethodInvocation.java:183)
> > >> >>> at
> > >>
> >
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> > >> ReflectiveMethodInvocation.java:150)
> > >> >>> at
> > >>
> > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
> > >> r
> > >> oceed(MethodInvocationProceedingJoinPoint.java:80)
> > >> >>> at
> > >>
> > com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transact
> > >> io
> > >> nContextBuilder.java:37)
> > >> >>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
> > >> Source)
> > >> >>> at
> > >>
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> > >> sorImpl.java:43)
> > >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> > >> >>> at
> > >>
> > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
> > >> h
> > >> odWithGivenArgs(AbstractAspectJAdvice.java:621)
> > >> >>> at
> > >>
> > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
> > >> h
> > >> od(AbstractAspectJAdvice.java:610)
> > >> >>> at
> > >>
> >
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
> > >> u
> > >> ndAdvice.java:65)
> > >> >>> at
> > >>
> >
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> > >> ReflectiveMethodInvocation.java:172)
> > >> >>> at
> > >> org.springframework.aop.interceptor.ExposeInvocationInterceptor.inv
> > >> ok
> > >> e(E
> > >> xposeInvocationInterceptor.java:90)
> > >> >>> at
> > >>
> >
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> > >> ReflectiveMethodInvocation.java:172)
> > >> >>> at
> > >>
> >
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
> > >> micAopProxy.java:202)
> > >> >>> at $Proxy388.configure(Unknown Source)
> > >> >>> at
> > >>
> >
> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
> > >> mponentContext.java:110)
> > >> >>> at
> > >> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:
> > >> 50)
> > >> >>> at java.util.TimerThread.mainLoop(Timer.java:555)
> > >> >>> at java.util.TimerThread.run(Timer.java:505)
> > >> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:)
> > >> >>> Processing updateKeyPairs INFO
> > >> >>> [cloud.server.ConfigurationServerImpl]
> > >> >>> (Timer-2:) Keypairs already in database INFO
> > >> >>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
> > >> >>> already in database, skip updating local copy (not running as
> > >> >>> cloud user) INFO [cloud.server.ConfigurationServerImpl]
> > >> >>> (Timer-2:) Going to update systemvm iso with generated keypairs
> > >> >>> if needed
> > >> >>> Password:
> > >> >>>
> > >> >>> ?
> > >> >>>
> > >> >>> -sebastien
> > >> >>
> > >
Re: issue with 4.1
Posted by John Burwell <jb...@basho.com>.
Kelvin,
While this workaround stops the interactive prompting by the daemon,
it is bad security practice. As the ticket states, daemon users
should be granted least privilege necessary to execute in order to
limit damage in the event of a successful attack. Granting the daemon
user password-less sudo access violates this best practice and
effectively allows the management server to execute as root.
Additionally, the SSL certificate generated by the script is an attack
vector due to the use of a common password, "vmops.com". For both of
these reasons, there is no workaround that does not compromise
security.
Thanks,
-John
On Mar 4, 2013, at 6:40 PM, Kelven Yang <ke...@citrix.com> wrote:
> To work around this issue, try to add the user(to be used to start
> management server) to sudoer list (without need for password) and comment
> out "requiretty" in /etc/sudoers configuration.
>
> Kelven
>
> On 3/4/13 2:24 PM, "Edison Su" <Ed...@citrix.com> wrote:
>
>> I even think db upgrade should be separated from mgt server.
>>
>>> -----Original Message-----
>>> From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
>>> Sent: Monday, March 04, 2013 2:11 PM
>>> To: cloudstack-dev@incubator.apache.org
>>> Subject: Re: issue with 4.1
>>>
>>> +1 (again)
>>>
>>> On 3/4/13 1:06 PM, "Alex Huang" <Al...@citrix.com> wrote:
>>>
>>>> +1. It does not belong to the management server.
>>>>
>>>> --Alex
>>>>
>>>>> -----Original Message-----
>>>>> From: John Burwell [mailto:jburwell@basho.com]
>>>>> Sent: Monday, March 4, 2013 8:13 AM
>>>>> To: cloudstack-dev@incubator.apache.org
>>>>> Subject: Re: issue with 4.1
>>>>>
>>>>> Chip,
>>>>>
>>>>> My recommendation in the ticket is to extract the script from the
>>>>> management server to a external script provided as a connivence to end
>>>>> users. If we encounter a situation where a certificate is not
>>>>> present, provide a meaningful error message in the logs and exit. If
>>>>> a user needs help generating an SSL certificate, they can use execute
>>>>> the script with the appropriate parameters. Otherwise, they will
>>>>> generate/procure one through external means.
>>>>>
>>>>> Thanks,
>>>>> -John
>>>>>
>>>>> On Mar 4, 2013, at 10:59 AM, Chip Childers
>>>>> <ch...@sungard.com>
>>>>> wrote:
>>>>>
>>>>>> On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
>>>>>>> There's a bug for this, I think it's related to passwordless sudo
>>>>>>> for cloud user on management server.
>>>>>>
>>>>>> Is this the one?
>>>>>>
>>>>>> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>>>>>>
>>>>>>>
>>>>>>> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
>>>>> <ru...@gmail.com> wrote:
>>>>>>>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
>>>>>>>>
>>>>>>>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things
>>> going.
>>>>>>>>
>>>>>>>> and after a 'clean install' I get stuck with:
>>>>>>>>
>>>>>>>> Password:WARN [utils.script.Script] (Script-1:) Interrupting
>>>>> script.
>>>>>>>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool
>>>>> -genkey -
>>>>> keystore /Users/sebastiengoasguen/Documents/incubator-
>>>>> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
>>>>> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -
>>>>> keyalg RSA -validity 3650 -dname cn="Cloudstack
>>>>> User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
>>>>>>>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
>>>>> fail-safe keystore to continue.
>>>>>>>> java.io.IOException: Fail to generate certificate!: timeout
>>>>>>>> at
>>> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Conf
>>>>> ig
>>>>> urationServerImpl.java:491)
>>>>>>>> at
>>> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configurat
>>>>> io
>>>>> nServerImpl.java:512)
>>>>>>>> at
>>>>>
>>>>> com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configur
>>>>> ati
>>>>> onServerImpl.java:269)
>>>>>>>> at
>>>>> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServe
>>>>> rIm
>>>>> pl.java:143)
>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>> Method)
>>>>>>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
>>>>> j
>>>>> ava:57)
>>>>>>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>>> sorImpl.java:43)
>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>>>>>>> at
>>>>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
>>>>> on(
>>>>> AopUtils.java:319)
>>>>>>>> at
>>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
>>>>> i
>>>>> npoint(ReflectiveMethodInvocation.java:183)
>>>>>>>> at
>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>>>> ReflectiveMethodInvocation.java:150)
>>>>>>>> at
>>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
>>>>> r
>>>>> oceed(MethodInvocationProceedingJoinPoint.java:80)
>>>>>>>> at
>>> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transact
>>>>> io
>>>>> nContextBuilder.java:37)
>>>>>>>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
>>>>> Source)
>>>>>>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>>> sorImpl.java:43)
>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>>>>>>> at
>>> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
>>>>> h
>>>>> odWithGivenArgs(AbstractAspectJAdvice.java:621)
>>>>>>>> at
>>> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
>>>>> h
>>>>> od(AbstractAspectJAdvice.java:610)
>>>>>>>> at
>>> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
>>>>> u
>>>>> ndAdvice.java:65)
>>>>>>>> at
>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>>>> ReflectiveMethodInvocation.java:172)
>>>>>>>> at
>>>>> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok
>>>>> e(E
>>>>> xposeInvocationInterceptor.java:90)
>>>>>>>> at
>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>>>>> ReflectiveMethodInvocation.java:172)
>>>>>>>> at
>>> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>>>>> micAopProxy.java:202)
>>>>>>>> at $Proxy388.configure(Unknown Source)
>>>>>>>> at
>>> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
>>>>> mponentContext.java:110)
>>>>>>>> at
>>>>> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:
>>>>> 50)
>>>>>>>> at java.util.TimerThread.mainLoop(Timer.java:555)
>>>>>>>> at java.util.TimerThread.run(Timer.java:505)
>>>>>>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:)
>>>>>>>> Processing updateKeyPairs INFO
>>>>>>>> [cloud.server.ConfigurationServerImpl]
>>>>>>>> (Timer-2:) Keypairs already in database INFO
>>>>>>>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
>>>>>>>> already in database, skip updating local copy (not running as
>>>>>>>> cloud user) INFO [cloud.server.ConfigurationServerImpl]
>>>>>>>> (Timer-2:) Going to update systemvm iso with generated keypairs
>>>>>>>> if needed
>>>>>>>> Password:
>>>>>>>>
>>>>>>>> ?
>>>>>>>>
>>>>>>>> -sebastien
>
Re: issue with 4.1
Posted by Kelven Yang <ke...@citrix.com>.
To work around this issue, try to add the user(to be used to start
management server) to sudoer list (without need for password) and comment
out "requiretty" in /etc/sudoers configuration.
Kelven
On 3/4/13 2:24 PM, "Edison Su" <Ed...@citrix.com> wrote:
>I even think db upgrade should be separated from mgt server.
>
>> -----Original Message-----
>> From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
>> Sent: Monday, March 04, 2013 2:11 PM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: Re: issue with 4.1
>>
>> +1 (again)
>>
>> On 3/4/13 1:06 PM, "Alex Huang" <Al...@citrix.com> wrote:
>>
>> >+1. It does not belong to the management server.
>> >
>> >--Alex
>> >
>> >> -----Original Message-----
>> >> From: John Burwell [mailto:jburwell@basho.com]
>> >> Sent: Monday, March 4, 2013 8:13 AM
>> >> To: cloudstack-dev@incubator.apache.org
>> >> Subject: Re: issue with 4.1
>> >>
>> >> Chip,
>> >>
>> >> My recommendation in the ticket is to extract the script from the
>> >>management server to a external script provided as a connivence to end
>> >>users. If we encounter a situation where a certificate is not
>> >>present, provide a meaningful error message in the logs and exit. If
>> >>a user needs help generating an SSL certificate, they can use execute
>> >>the script with the appropriate parameters. Otherwise, they will
>> >>generate/procure one through external means.
>> >>
>> >> Thanks,
>> >> -John
>> >>
>> >> On Mar 4, 2013, at 10:59 AM, Chip Childers
>> >> <ch...@sungard.com>
>> >> wrote:
>> >>
>> >> > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
>> >> >> There's a bug for this, I think it's related to passwordless sudo
>> >> >> for cloud user on management server.
>> >> >
>> >> > Is this the one?
>> >> >
>> >> > https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>> >> >
>> >> >>
>> >> >> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
>> >> <ru...@gmail.com> wrote:
>> >> >>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
>> >> >>>
>> >> >>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things
>>going.
>> >> >>>
>> >> >>> and after a 'clean install' I get stuck with:
>> >> >>>
>> >> >>> Password:WARN [utils.script.Script] (Script-1:) Interrupting
>> >>script.
>> >> >>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool
>> >>-genkey -
>> >> keystore /Users/sebastiengoasguen/Documents/incubator-
>> >> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
>> >> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -
>> >>keyalg RSA -validity 3650 -dname cn="Cloudstack
>> >>User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
>> >> >>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
>> >> fail-safe keystore to continue.
>> >> >>> java.io.IOException: Fail to generate certificate!: timeout
>> >> >>> at
>> >>
>> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Conf
>> >> ig
>> >> urationServerImpl.java:491)
>> >> >>> at
>> >>
>> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configurat
>> >> io
>> >> nServerImpl.java:512)
>> >> >>> at
>> >>
>> >>com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configur
>> >>ati
>> >> onServerImpl.java:269)
>> >> >>> at
>> >> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServe
>> >> rIm
>> >> pl.java:143)
>> >> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> >>Method)
>> >> >>> at
>> >>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
>> >> j
>> >> ava:57)
>> >> >>> at
>> >>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> >> sorImpl.java:43)
>> >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
>> >> >>> at
>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
>> >> on(
>> >> AopUtils.java:319)
>> >> >>> at
>> >>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
>> >> i
>> >> npoint(ReflectiveMethodInvocation.java:183)
>> >> >>> at
>> >>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> >> ReflectiveMethodInvocation.java:150)
>> >> >>> at
>> >>
>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
>> >> r
>> >> oceed(MethodInvocationProceedingJoinPoint.java:80)
>> >> >>> at
>> >>
>> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transact
>> >> io
>> >> nContextBuilder.java:37)
>> >> >>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
>> >> Source)
>> >> >>> at
>> >>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> >> sorImpl.java:43)
>> >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
>> >> >>> at
>> >>
>> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
>> >> h
>> >> odWithGivenArgs(AbstractAspectJAdvice.java:621)
>> >> >>> at
>> >>
>> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
>> >> h
>> >> od(AbstractAspectJAdvice.java:610)
>> >> >>> at
>> >>
>> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
>> >> u
>> >> ndAdvice.java:65)
>> >> >>> at
>> >>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> >> ReflectiveMethodInvocation.java:172)
>> >> >>> at
>> >> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok
>> >> e(E
>> >> xposeInvocationInterceptor.java:90)
>> >> >>> at
>> >>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> >> ReflectiveMethodInvocation.java:172)
>> >> >>> at
>> >>
>> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>> >> micAopProxy.java:202)
>> >> >>> at $Proxy388.configure(Unknown Source)
>> >> >>> at
>> >>
>> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
>> >> mponentContext.java:110)
>> >> >>> at
>> >> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:
>> >> 50)
>> >> >>> at java.util.TimerThread.mainLoop(Timer.java:555)
>> >> >>> at java.util.TimerThread.run(Timer.java:505)
>> >> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:)
>> >> >>> Processing updateKeyPairs INFO
>> >> >>> [cloud.server.ConfigurationServerImpl]
>> >> >>> (Timer-2:) Keypairs already in database INFO
>> >> >>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
>> >> >>> already in database, skip updating local copy (not running as
>> >> >>> cloud user) INFO [cloud.server.ConfigurationServerImpl]
>> >> >>> (Timer-2:) Going to update systemvm iso with generated keypairs
>> >> >>> if needed
>> >> >>> Password:
>> >> >>>
>> >> >>> ?
>> >> >>>
>> >> >>> -sebastien
>> >> >>
>> >
>
RE: issue with 4.1
Posted by Edison Su <Ed...@citrix.com>.
I even think db upgrade should be separated from mgt server.
> -----Original Message-----
> From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> Sent: Monday, March 04, 2013 2:11 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: issue with 4.1
>
> +1 (again)
>
> On 3/4/13 1:06 PM, "Alex Huang" <Al...@citrix.com> wrote:
>
> >+1. It does not belong to the management server.
> >
> >--Alex
> >
> >> -----Original Message-----
> >> From: John Burwell [mailto:jburwell@basho.com]
> >> Sent: Monday, March 4, 2013 8:13 AM
> >> To: cloudstack-dev@incubator.apache.org
> >> Subject: Re: issue with 4.1
> >>
> >> Chip,
> >>
> >> My recommendation in the ticket is to extract the script from the
> >>management server to a external script provided as a connivence to end
> >>users. If we encounter a situation where a certificate is not
> >>present, provide a meaningful error message in the logs and exit. If
> >>a user needs help generating an SSL certificate, they can use execute
> >>the script with the appropriate parameters. Otherwise, they will
> >>generate/procure one through external means.
> >>
> >> Thanks,
> >> -John
> >>
> >> On Mar 4, 2013, at 10:59 AM, Chip Childers
> >> <ch...@sungard.com>
> >> wrote:
> >>
> >> > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> >> >> There's a bug for this, I think it's related to passwordless sudo
> >> >> for cloud user on management server.
> >> >
> >> > Is this the one?
> >> >
> >> > https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> >> >
> >> >>
> >> >> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
> >> <ru...@gmail.com> wrote:
> >> >>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> >> >>>
> >> >>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> >> >>>
> >> >>> and after a 'clean install' I get stuck with:
> >> >>>
> >> >>> Password:WARN [utils.script.Script] (Script-1:) Interrupting
> >>script.
> >> >>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool
> >>-genkey -
> >> keystore /Users/sebastiengoasguen/Documents/incubator-
> >> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
> >> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -
> >>keyalg RSA -validity 3650 -dname cn="Cloudstack
> >>User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> >> >>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
> >> fail-safe keystore to continue.
> >> >>> java.io.IOException: Fail to generate certificate!: timeout
> >> >>> at
> >>
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Conf
> >> ig
> >> urationServerImpl.java:491)
> >> >>> at
> >>
> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configurat
> >> io
> >> nServerImpl.java:512)
> >> >>> at
> >>
> >>com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configur
> >>ati
> >> onServerImpl.java:269)
> >> >>> at
> >> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServe
> >> rIm
> >> pl.java:143)
> >> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >>Method)
> >> >>> at
> >>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> >> j
> >> ava:57)
> >> >>> at
> >>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorImpl.java:43)
> >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> >> >>> at
> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
> >> on(
> >> AopUtils.java:319)
> >> >>> at
> >>
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
> >> i
> >> npoint(ReflectiveMethodInvocation.java:183)
> >> >>> at
> >>
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> ReflectiveMethodInvocation.java:150)
> >> >>> at
> >>
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
> >> r
> >> oceed(MethodInvocationProceedingJoinPoint.java:80)
> >> >>> at
> >>
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transact
> >> io
> >> nContextBuilder.java:37)
> >> >>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
> >> Source)
> >> >>> at
> >>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorImpl.java:43)
> >> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> >> >>> at
> >>
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
> >> h
> >> odWithGivenArgs(AbstractAspectJAdvice.java:621)
> >> >>> at
> >>
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
> >> h
> >> od(AbstractAspectJAdvice.java:610)
> >> >>> at
> >>
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
> >> u
> >> ndAdvice.java:65)
> >> >>> at
> >>
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> ReflectiveMethodInvocation.java:172)
> >> >>> at
> >> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok
> >> e(E
> >> xposeInvocationInterceptor.java:90)
> >> >>> at
> >>
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> >> ReflectiveMethodInvocation.java:172)
> >> >>> at
> >>
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
> >> micAopProxy.java:202)
> >> >>> at $Proxy388.configure(Unknown Source)
> >> >>> at
> >>
> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
> >> mponentContext.java:110)
> >> >>> at
> >> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:
> >> 50)
> >> >>> at java.util.TimerThread.mainLoop(Timer.java:555)
> >> >>> at java.util.TimerThread.run(Timer.java:505)
> >> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:)
> >> >>> Processing updateKeyPairs INFO
> >> >>> [cloud.server.ConfigurationServerImpl]
> >> >>> (Timer-2:) Keypairs already in database INFO
> >> >>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
> >> >>> already in database, skip updating local copy (not running as
> >> >>> cloud user) INFO [cloud.server.ConfigurationServerImpl]
> >> >>> (Timer-2:) Going to update systemvm iso with generated keypairs
> >> >>> if needed
> >> >>> Password:
> >> >>>
> >> >>> ?
> >> >>>
> >> >>> -sebastien
> >> >>
> >
Re: issue with 4.1
Posted by Chiradeep Vittal <Ch...@citrix.com>.
+1 (again)
On 3/4/13 1:06 PM, "Alex Huang" <Al...@citrix.com> wrote:
>+1. It does not belong to the management server.
>
>--Alex
>
>> -----Original Message-----
>> From: John Burwell [mailto:jburwell@basho.com]
>> Sent: Monday, March 4, 2013 8:13 AM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: Re: issue with 4.1
>>
>> Chip,
>>
>> My recommendation in the ticket is to extract the script from the
>> management server to a external script provided as a connivence to end
>> users. If we encounter a situation where a certificate is not present,
>>provide
>> a meaningful error message in the logs and exit. If a user needs help
>> generating an SSL certificate, they can use execute the script with the
>> appropriate parameters. Otherwise, they will generate/procure one
>>through
>> external means.
>>
>> Thanks,
>> -John
>>
>> On Mar 4, 2013, at 10:59 AM, Chip Childers <ch...@sungard.com>
>> wrote:
>>
>> > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
>> >> There's a bug for this, I think it's related to passwordless sudo for
>> >> cloud user on management server.
>> >
>> > Is this the one?
>> >
>> > https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>> >
>> >>
>> >> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
>> <ru...@gmail.com> wrote:
>> >>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
>> >>>
>> >>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
>> >>>
>> >>> and after a 'clean install' I get stuck with:
>> >>>
>> >>> Password:WARN [utils.script.Script] (Script-1:) Interrupting
>>script.
>> >>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool
>>-genkey -
>> keystore /Users/sebastiengoasguen/Documents/incubator-
>> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
>> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -
>> keyalg RSA -validity 3650 -dname cn="Cloudstack
>> User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
>> >>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
>> fail-safe keystore to continue.
>> >>> java.io.IOException: Fail to generate certificate!: timeout
>> >>> at
>> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Config
>> urationServerImpl.java:491)
>> >>> at
>> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configuratio
>> nServerImpl.java:512)
>> >>> at
>>
>>com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configurati
>> onServerImpl.java:269)
>> >>> at
>> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerIm
>> pl.java:143)
>> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>Method)
>> >>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:57)
>> >>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> sorImpl.java:43)
>> >>> at java.lang.reflect.Method.invoke(Method.java:601)
>> >>> at
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(
>> AopUtils.java:319)
>> >>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoi
>> npoint(ReflectiveMethodInvocation.java:183)
>> >>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> ReflectiveMethodInvocation.java:150)
>> >>> at
>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.pr
>> oceed(MethodInvocationProceedingJoinPoint.java:80)
>> >>> at
>> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transactio
>> nContextBuilder.java:37)
>> >>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
>> Source)
>> >>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> sorImpl.java:43)
>> >>> at java.lang.reflect.Method.invoke(Method.java:601)
>> >>> at
>> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
>> odWithGivenArgs(AbstractAspectJAdvice.java:621)
>> >>> at
>> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
>> od(AbstractAspectJAdvice.java:610)
>> >>> at
>> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJArou
>> ndAdvice.java:65)
>> >>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> ReflectiveMethodInvocation.java:172)
>> >>> at
>> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(E
>> xposeInvocationInterceptor.java:90)
>> >>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
>> ReflectiveMethodInvocation.java:172)
>> >>> at
>> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
>> micAopProxy.java:202)
>> >>> at $Proxy388.configure(Unknown Source)
>> >>> at
>> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
>> mponentContext.java:110)
>> >>> at
>> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
>> >>> at java.util.TimerThread.mainLoop(Timer.java:555)
>> >>> at java.util.TimerThread.run(Timer.java:505)
>> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing
>> >>> updateKeyPairs INFO [cloud.server.ConfigurationServerImpl]
>> >>> (Timer-2:) Keypairs already in database INFO
>> >>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already
>> >>> in database, skip updating local copy (not running as cloud user)
>> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to
>> >>> update systemvm iso with generated keypairs if needed
>> >>> Password:
>> >>>
>> >>> ?
>> >>>
>> >>> -sebastien
>> >>
>
RE: issue with 4.1
Posted by Alex Huang <Al...@citrix.com>.
+1. It does not belong to the management server.
--Alex
> -----Original Message-----
> From: John Burwell [mailto:jburwell@basho.com]
> Sent: Monday, March 4, 2013 8:13 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: issue with 4.1
>
> Chip,
>
> My recommendation in the ticket is to extract the script from the
> management server to a external script provided as a connivence to end
> users. If we encounter a situation where a certificate is not present, provide
> a meaningful error message in the logs and exit. If a user needs help
> generating an SSL certificate, they can use execute the script with the
> appropriate parameters. Otherwise, they will generate/procure one through
> external means.
>
> Thanks,
> -John
>
> On Mar 4, 2013, at 10:59 AM, Chip Childers <ch...@sungard.com>
> wrote:
>
> > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> >> There's a bug for this, I think it's related to passwordless sudo for
> >> cloud user on management server.
> >
> > Is this the one?
> >
> > https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> >
> >>
> >> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen
> <ru...@gmail.com> wrote:
> >>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> >>>
> >>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> >>>
> >>> and after a 'clean install' I get stuck with:
> >>>
> >>> Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
> >>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -
> keystore /Users/sebastiengoasguen/Documents/incubator-
> cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-
> INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -
> keyalg RSA -validity 3650 -dname cn="Cloudstack
> User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> >>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
> fail-safe keystore to continue.
> >>> java.io.IOException: Fail to generate certificate!: timeout
> >>> at
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Config
> urationServerImpl.java:491)
> >>> at
> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(Configuratio
> nServerImpl.java:512)
> >>> at
> com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configurati
> onServerImpl.java:269)
> >>> at
> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerIm
> pl.java:143)
> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:57)
> >>> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:43)
> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> >>> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(
> AopUtils.java:319)
> >>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoi
> npoint(ReflectiveMethodInvocation.java:183)
> >>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> ReflectiveMethodInvocation.java:150)
> >>> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.pr
> oceed(MethodInvocationProceedingJoinPoint.java:80)
> >>> at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(Transactio
> nContextBuilder.java:37)
> >>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown
> Source)
> >>> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:43)
> >>> at java.lang.reflect.Method.invoke(Method.java:601)
> >>> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
> odWithGivenArgs(AbstractAspectJAdvice.java:621)
> >>> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMeth
> od(AbstractAspectJAdvice.java:610)
> >>> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJArou
> ndAdvice.java:65)
> >>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> ReflectiveMethodInvocation.java:172)
> >>> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(E
> xposeInvocationInterceptor.java:90)
> >>> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
> ReflectiveMethodInvocation.java:172)
> >>> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDyna
> micAopProxy.java:202)
> >>> at $Proxy388.configure(Unknown Source)
> >>> at
> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(Co
> mponentContext.java:110)
> >>> at
> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> >>> at java.util.TimerThread.mainLoop(Timer.java:555)
> >>> at java.util.TimerThread.run(Timer.java:505)
> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing
> >>> updateKeyPairs INFO [cloud.server.ConfigurationServerImpl]
> >>> (Timer-2:) Keypairs already in database INFO
> >>> [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already
> >>> in database, skip updating local copy (not running as cloud user)
> >>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to
> >>> update systemvm iso with generated keypairs if needed
> >>> Password:
> >>>
> >>> ?
> >>>
> >>> -sebastien
> >>
Re: issue with 4.1
Posted by John Burwell <jb...@basho.com>.
Chip,
My recommendation in the ticket is to extract the script from the management server to a external script provided as a connivence to end users. If we encounter a situation where a certificate is not present, provide a meaningful error message in the logs and exit. If a user needs help generating an SSL certificate, they can use execute the script with the appropriate parameters. Otherwise, they will generate/procure one through external means.
Thanks,
-John
On Mar 4, 2013, at 10:59 AM, Chip Childers <ch...@sungard.com> wrote:
> On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
>> There's a bug for this, I think it's related to passwordless sudo for
>> cloud user on management server.
>
> Is this the one?
>
> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>
>>
>> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen <ru...@gmail.com> wrote:
>>> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
>>>
>>> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
>>>
>>> and after a 'clean install' I get stuck with:
>>>
>>> Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
>>> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -keystore /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
>>> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use fail-safe keystore to continue.
>>> java.io.IOException: Fail to generate certificate!: timeout
>>> at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
>>> at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
>>> at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
>>> at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>>> at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
>>> at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
>>> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
>>> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
>>> at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>>> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>>> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
>>> at $Proxy388.configure(Unknown Source)
>>> at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
>>> at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
>>> at java.util.TimerThread.mainLoop(Timer.java:555)
>>> at java.util.TimerThread.run(Timer.java:505)
>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateKeyPairs
>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database
>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database, skip updating local copy (not running as cloud user)
>>> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to update systemvm iso with generated keypairs if needed
>>> Password:
>>>
>>> ?
>>>
>>> -sebastien
>>
Re: issue with 4.1
Posted by Chip Childers <ch...@sungard.com>.
On Mon, Mar 04, 2013 at 11:08:32AM -0500, John Burwell wrote:
> Chip,
>
> I opened CLOUDSTACK-1389 for the exact issue described by Sebastien. As
> noted in the ticket, I believe the behavior implemented by the script
> represents a security vulnerability(with or without the use of sudo).
Have any thoughts on how to resolve it?
>
> Thanks,
> -John
>
>
> On Mon, Mar 4, 2013 at 10:59 AM, Chip Childers <ch...@sungard.com>wrote:
>
> > On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> > > There's a bug for this, I think it's related to passwordless sudo for
> > > cloud user on management server.
> >
> > Is this the one?
> >
> > https://issues.apache.org/jira/browse/CLOUDSTACK-1389
> >
> > >
> > > On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen <ru...@gmail.com>
> > wrote:
> > > > Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> > > >
> > > > I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> > > >
> > > > and after a 'clean install' I get stuck with:
> > > >
> > > > Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
> > > > WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey
> > -keystore
> > /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore
> > -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname
> > cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> > > > WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
> > fail-safe keystore to continue.
> > > > java.io.IOException: Fail to generate certificate!: timeout
> > > > at
> > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
> > > > at
> > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
> > > > at
> > com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
> > > > at
> > com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
> > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > at java.lang.reflect.Method.invoke(Method.java:601)
> > > > at
> > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> > > > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> > > > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> > > > at
> > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> > > > at
> > com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
> > > > at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
> > > > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > > at java.lang.reflect.Method.invoke(Method.java:601)
> > > > at
> > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> > > > at
> > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> > > > at
> > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> > > > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> > > > at
> > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> > > > at
> > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> > > > at
> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> > > > at $Proxy388.configure(Unknown Source)
> > > > at
> > com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
> > > > at
> > com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> > > > at java.util.TimerThread.mainLoop(Timer.java:555)
> > > > at java.util.TimerThread.run(Timer.java:505)
> > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing
> > updateKeyPairs
> > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
> > already in database
> > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
> > already in database, skip updating local copy (not running as cloud user)
> > > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to
> > update systemvm iso with generated keypairs if needed
> > > > Password:
> > > >
> > > > ?
> > > >
> > > > -sebastien
> > >
> >
Re: issue with 4.1
Posted by John Burwell <jb...@basho.com>.
Chip,
I opened CLOUDSTACK-1389 for the exact issue described by Sebastien. As
noted in the ticket, I believe the behavior implemented by the script
represents a security vulnerability(with or without the use of sudo).
Thanks,
-John
On Mon, Mar 4, 2013 at 10:59 AM, Chip Childers <ch...@sungard.com>wrote:
> On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> > There's a bug for this, I think it's related to passwordless sudo for
> > cloud user on management server.
>
> Is this the one?
>
> https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>
> >
> > On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen <ru...@gmail.com>
> wrote:
> > > Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> > >
> > > I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> > >
> > > and after a 'clean install' I get stuck with:
> > >
> > > Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
> > > WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey
> -keystore
> /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore
> -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname
> cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> > > WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use
> fail-safe keystore to continue.
> > > java.io.IOException: Fail to generate certificate!: timeout
> > > at
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
> > > at
> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
> > > at
> com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
> > > at
> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > > at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > at java.lang.reflect.Method.invoke(Method.java:601)
> > > at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> > > at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> > > at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> > > at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> > > at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
> > > at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
> > > at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > at java.lang.reflect.Method.invoke(Method.java:601)
> > > at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> > > at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> > > at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> > > at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> > > at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> > > at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> > > at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> > > at $Proxy388.configure(Unknown Source)
> > > at
> com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
> > > at
> com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> > > at java.util.TimerThread.mainLoop(Timer.java:555)
> > > at java.util.TimerThread.run(Timer.java:505)
> > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing
> updateKeyPairs
> > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
> already in database
> > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs
> already in database, skip updating local copy (not running as cloud user)
> > > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to
> update systemvm iso with generated keypairs if needed
> > > Password:
> > >
> > > ?
> > >
> > > -sebastien
> >
>
Re: issue with 4.1
Posted by Chip Childers <ch...@sungard.com>.
On Mon, Mar 04, 2013 at 08:51:03AM -0700, Marcus Sorensen wrote:
> There's a bug for this, I think it's related to passwordless sudo for
> cloud user on management server.
Is this the one?
https://issues.apache.org/jira/browse/CLOUDSTACK-1389
>
> On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen <ru...@gmail.com> wrote:
> > Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
> >
> > I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
> >
> > and after a 'clean install' I get stuck with:
> >
> > Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
> > WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -keystore /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> > WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use fail-safe keystore to continue.
> > java.io.IOException: Fail to generate certificate!: timeout
> > at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
> > at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
> > at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
> > at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:601)
> > at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> > at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> > at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> > at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
> > at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:601)
> > at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> > at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> > at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> > at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> > at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> > at $Proxy388.configure(Unknown Source)
> > at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
> > at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> > at java.util.TimerThread.mainLoop(Timer.java:555)
> > at java.util.TimerThread.run(Timer.java:505)
> > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateKeyPairs
> > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database
> > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database, skip updating local copy (not running as cloud user)
> > INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to update systemvm iso with generated keypairs if needed
> > Password:
> >
> > ?
> >
> > -sebastien
>
Re: issue with 4.1
Posted by Marcus Sorensen <sh...@gmail.com>.
There's a bug for this, I think it's related to passwordless sudo for
cloud user on management server.
On Mon, Mar 4, 2013 at 6:52 AM, Sebastien Goasguen <ru...@gmail.com> wrote:
> Hi I am trying to test the latest 4.1 (and 4.1l10n branch).
>
> I am on OSX 10.8.2, I had to update to JDK 1.7 to get things going.
>
> and after a 'clean install' I get stuck with:
>
> Password:WARN [utils.script.Script] (Script-1:) Interrupting script.
> WARN [utils.script.Script] (Timer-2:) Timed out: sudo keytool -genkey -keystore /Users/sebastiengoasguen/Documents/incubator-cloudstack/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="168.1.20",o="168.1.20",c="Unknown" . Output is:
> WARN [cloud.server.ConfigurationServerImpl] (Timer-2:) Would use fail-safe keystore to continue.
> java.io.IOException: Fail to generate certificate!: timeout
> at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:491)
> at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:512)
> at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:269)
> at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:143)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37)
> at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> at $Proxy388.configure(Unknown Source)
> at com.cloud.utils.component.ComponentContext.initComponentsLifeCycle(ComponentContext.java:110)
> at com.cloud.servlet.CloudStartupServlet$1.run(CloudStartupServlet.java:50)
> at java.util.TimerThread.mainLoop(Timer.java:555)
> at java.util.TimerThread.run(Timer.java:505)
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Processing updateKeyPairs
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Keypairs already in database, skip updating local copy (not running as cloud user)
> INFO [cloud.server.ConfigurationServerImpl] (Timer-2:) Going to update systemvm iso with generated keypairs if needed
> Password:
>
> ?
>
> -sebastien