You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2023/01/18 14:24:57 UTC
[cloudstack] branch 4.17 updated: KVM: revert libvirtd config and retry if fail to add a host (#7090)
This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch 4.17
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.17 by this push:
new 792f8356e5 KVM: revert libvirtd config and retry if fail to add a host (#7090)
792f8356e5 is described below
commit 792f8356e5157912e3b05c066229174de6318956
Author: Wei Zhou <we...@apache.org>
AuthorDate: Wed Jan 18 15:24:47 2023 +0100
KVM: revert libvirtd config and retry if fail to add a host (#7090)
---
scripts/util/keystore-setup | 22 ++++++++++++++++++++++
.../kvm/discoverer/LibvirtServerDiscoverer.java | 3 ++-
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/scripts/util/keystore-setup b/scripts/util/keystore-setup
index 8ca6cc77ba..25bf28af00 100755
--- a/scripts/util/keystore-setup
+++ b/scripts/util/keystore-setup
@@ -23,6 +23,7 @@ KS_VALIDITY="$4"
CSR_FILE="$5"
ALIAS="cloud"
+LIBVIRTD_FILE="/etc/libvirt/libvirtd.conf"
# Re-use existing password or use the one provided
if [ -f "$PROPS_FILE" ]; then
@@ -46,6 +47,27 @@ keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyal
rm -f "$CSR_FILE"
addresses=$(ip address | grep inet | awk '{print $2}' | sed 's/\/.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | egrep -v '^::1|^fe80' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ',')
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" > /dev/null 2>&1
+
+if [ $? -ne 0 ];then
+ echo "Failed to generate CSR file, retrying after removing existing settings"
+
+ if [ -f "$LIBVIRTD_FILE" ]; then
+ echo "Reverting libvirtd to not listen on TLS"
+ sed -i "s,^listen_tls=1,listen_tls=0,g" $LIBVIRTD_FILE
+ systemctl restart libvirtd
+ fi
+
+ echo "Removing cloud.* files in /etc/cloudstack/agent"
+ rm -f /etc/cloudstack/agent/cloud.*
+
+ echo "Retrying to generate CSR file"
+ keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" >/dev/null 2>&1
+ if [ $? -ne 0 ];then
+ echo "Failed to generate CSR file while retrying"
+ exit 1
+ fi
+fi
+
cat "$CSR_FILE"
# Fix file permissions
diff --git a/server/src/main/java/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java b/server/src/main/java/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java
index 4f1fcb26a7..f4706be185 100644
--- a/server/src/main/java/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java
+++ b/server/src/main/java/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java
@@ -260,10 +260,11 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements
final String privateKey = _configDao.getValue("ssh.privatekey");
if (!SSHCmdHelper.acquireAuthorizedConnectionWithPublicKey(sshConnection, username, privateKey)) {
- s_logger.error("Failed to authenticate with ssh key");
if (org.apache.commons.lang3.StringUtils.isEmpty(password)) {
+ s_logger.error("Failed to authenticate with ssh key");
throw new DiscoveredWithErrorException("Authentication error with ssh private key");
}
+ s_logger.info("Failed to authenticate with ssh key, retrying with password");
if (!sshConnection.authenticateWithPassword(username, password)) {
s_logger.error("Failed to authenticate with password");
throw new DiscoveredWithErrorException("Authentication error with host password");