You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2018/04/04 08:34:57 UTC

[GitHub] PaulAngus opened a new issue #2530: KVM hosts fail to connect if there is more than one IP address on the host

PaulAngus opened a new issue #2530: KVM hosts fail to connect if there is more than one IP address on the host
URL: https://github.com/apache/cloudstack/issues/2530
 
 
   The secure hosts feature appears to detect the IP address that it uses to identify itself.  if there is more than one IP address associated with the host, then it often returns the incorrect IP.
   
   The mgmt log would show:
   
   > 2018-03-14 18:13:10,020 DEBUG [o.a.c.c.p.RootCACustomTrustManager] (pool-77-thread-1:null) (logid:) A client/agent attempting connection from address=10.0.0.19 has presented these certificate(s):
   > Certificate [1] :
   > Serial: 7dc845e9c253e9fc
   >   Not Before:Wed Mar 14 06:06:39 UTC 2018
   >   Not After:Thu Mar 14 18:06:39 UTC 2019
   >   Signature Algorithm:SHA256withRSA
   >   Version:3
   >   Subject DN:C=cloudstack, O=cloudstack, OU=cloudstack, CN=PhysHost2
   >   Issuer DN:CN=ca.cloudstack.apache.org
   >   Alternative Names:[[7, 10.5.2.12], [2, 10.5.2.12]]
   > Certificate [2] :
   > Serial: 9498673f271fef0e
   >   Not Before:Wed Mar 14 05:40:42 UTC 2018
   >   Not After:Fri Mar 06 17:40:42 UTC 2048
   >   Signature Algorithm:SHA256withRSA
   >   Version:3
   >   Subject DN:CN=ca.cloudstack.apache.org
   >   Issuer DN:CN=ca.cloudstack.apache.org
   >   Alternative Names:null
   > 2018-03-14 18:13:10,022 ERROR [o.a.c.c.p.RootCACustomTrustManager] (pool-77-thread-1:null) (logid:) **Certificate ownership verification failed for client: 10.0.0.19**
   > 2018-03-14 18:13:10,022 ERROR [c.c.u.n.Link] (AgentManager-SSLHandshakeHandler-1:null) (logid:) SSL error caught during wrap data: General SSLEngine problem, for local address=/10.2.2.96:8250, remote address=/10.0.0.19:45810.
   
   10.0.0.19 is a unrelated monitoring interface
   
   _I believe_ that the client should identify itself using the IP or hostname which was passed when adding the KVM host to CloudStack.
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services