You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "sudharma jain (JIRA)" <ji...@apache.org> on 2017/09/21 21:23:00 UTC
[jira] [Updated] (CLOUDSTACK-10087) Template registration errors
out when template URL is https
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
sudharma jain updated CLOUDSTACK-10087:
---------------------------------------
Description:
*Management server logs:*
2017-08-23 08:55:36,706 DEBUG [c.c.a.t.Request] (AgentManager-Handler-5:null) (logid:) Seq 4-7842174326135586819: Processing: { Ans: , MgmtId: 4278190080, via: 4, Ver: v1, Flags: 110, [{"com.cloud.agent.api.Answer":{"result":false,"details":"com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:972)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:676)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:650)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:633)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$300(AmazonHttpClient.java:601)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:583)\n\tat com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:447)\n\tat com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4137)\n\tat com.amazonaws.services.s3.AmazonS3Client.getBucketRegionViaHeadRequest(AmazonS3Client.java:4856)\n\tat com.amazonaws.services.s3.AmazonS3Client.fetchRegionFromCache(AmazonS3Client.java:4830)\n\tat com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4122)\n\tat com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4079)\n\tat com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:819)\n\tat com.cloud.utils.storage.S3.S3Utils.listDirectory(S3Utils.java:179)\n\tat org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource.s3ListVolume(NfsSecondaryStorageResource.java:1667)\n\tat org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource.execute(NfsSecondaryStorageResource.java:1721)\n\tat org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource.executeRequest(NfsSecondaryStorageResource.java:277)\n\tat com.cloud.storage.resource.PremiumSecondaryStorageResource.defaultAction(PremiumSecondaryStorageResource.java:64)\n\tat com.cloud.storage.resource.PremiumSecondaryStorageResource.executeRequest(PremiumSecondaryStorageResource.java:60)\n\tat com.cloud.agent.Agent.processRequest(Agent.java:525)\n\tat com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:833)\n\tat com.cloud.utils.nio.Task.call(Task.java:83)\n\tat com.cloud.utils.nio.Task.call(Task.java:29)\n\tat java.util.concurrent.FutureTask.run(FutureTask.java:266)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)\n\tat sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)\n\tat sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)\n\tat sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)\n\tat sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)\n\tat sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)\n\tat sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)\n\tat sun.security.ssl.Handshaker.process_record(Handshaker.java:914)\n\tat sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)\n\tat sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)\n\tat org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)\n\tat org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)\n\tat com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:132)\n\tat org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)\n\tat org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)\n\tat sun.reflect.GeneratedMethodAccessor14.invoke(Unknown Source)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:498)\n\tat com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)\n\tat com.amazonaws.http.conn.$Proxy6.connect(Unknown Source)\n\tat org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)\n\tat org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)\n\tat org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)\n\tat org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)\n\tat com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1115)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:964)\n\t... 26 more\nCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)\n\tat sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)\n\tat sun.security.validator.Validator.validate(Validator.java:260)\n\tat sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)\n\tat sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)\n\tat sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)\n\tat sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)\n\t... 52 more\nCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)\n\tat sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)\n\tat java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)\n\tat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)\n\t... 58 more\n","wait":0}}] }
*SSVM logs:*
2017-09-21 03:04:16,887 INFO [commons.httpclient.HttpMethodDirector] (pool-1-thread-1:null) I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2017-09-21 03:04:16,888 INFO [commons.httpclient.HttpMethodDirector] (pool-1-thread-1:null) Retrying request
2017-09-21 03:04:17,204 INFO [storage.template.DownloadManagerImpl] (pool-1-thread-1:null) Download Completion for jobId: 3554c733-93bb-49da-9324-c451aa182556, status=UNRECOVERABLE_ERROR
2017-09-21 03:04:17,204 INFO [storage.template.DownloadManagerImpl] (pool-1-thread-1:null) local: /mnt/SecStorage/c4bb9aa7-9bc5-3042-aa00-3ab0cc758443/template/tmpl/2/202/dnld1724449062341770888tmp_, bytes=0, error=sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, pct=0
2017-09-21 03:04:18,757 DEBUG [cloud.agent.Agent] (agentRequest-Handler-9:null) Seq 5-4165548180340998163: { Ans: , MgmtId: 4278190080, via: 5, Ver: v1, Flags: 10, [{"com.cloud.agent.api.storage.DownloadAnswer":{"jobId":"3554c733-93bb-49da-9324-c451aa182556","downloadPct":0,"errorString":"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","downloadStatus":"DOWNLOAD_ERROR","downloadPath":"/mnt/SecStorage/c4bb9aa7-9bc5-3042-aa00-3ab0cc758443/template/tmpl/2/202/dnld1724449062341770888tmp_","installPath":"template/tmpl/2/202","templateSize":0,"templatePhySicalSize":0,"result":true,"details":"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","wait":0}}] }
> Template registration errors out when template URL is https
> -----------------------------------------------------------
>
> Key: CLOUDSTACK-10087
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10087
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Reporter: sudharma jain
>
> *Management server logs:*
> 2017-08-23 08:55:36,706 DEBUG [c.c.a.t.Request] (AgentManager-Handler-5:null) (logid:) Seq 4-7842174326135586819: Processing: { Ans: , MgmtId: 4278190080, via: 4, Ver: v1, Flags: 110, [{"com.cloud.agent.api.Answer":{"result":false,"details":"com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:972)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:676)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:650)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:633)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$300(AmazonHttpClient.java:601)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:583)\n\tat com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:447)\n\tat com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4137)\n\tat com.amazonaws.services.s3.AmazonS3Client.getBucketRegionViaHeadRequest(AmazonS3Client.java:4856)\n\tat com.amazonaws.services.s3.AmazonS3Client.fetchRegionFromCache(AmazonS3Client.java:4830)\n\tat com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4122)\n\tat com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4079)\n\tat com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:819)\n\tat com.cloud.utils.storage.S3.S3Utils.listDirectory(S3Utils.java:179)\n\tat org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource.s3ListVolume(NfsSecondaryStorageResource.java:1667)\n\tat org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource.execute(NfsSecondaryStorageResource.java:1721)\n\tat org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource.executeRequest(NfsSecondaryStorageResource.java:277)\n\tat com.cloud.storage.resource.PremiumSecondaryStorageResource.defaultAction(PremiumSecondaryStorageResource.java:64)\n\tat com.cloud.storage.resource.PremiumSecondaryStorageResource.executeRequest(PremiumSecondaryStorageResource.java:60)\n\tat com.cloud.agent.Agent.processRequest(Agent.java:525)\n\tat com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:833)\n\tat com.cloud.utils.nio.Task.call(Task.java:83)\n\tat com.cloud.utils.nio.Task.call(Task.java:29)\n\tat java.util.concurrent.FutureTask.run(FutureTask.java:266)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)\n\tat sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)\n\tat sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)\n\tat sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)\n\tat sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)\n\tat sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)\n\tat sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)\n\tat sun.security.ssl.Handshaker.process_record(Handshaker.java:914)\n\tat sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)\n\tat sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)\n\tat org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)\n\tat org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)\n\tat com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:132)\n\tat org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)\n\tat org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)\n\tat sun.reflect.GeneratedMethodAccessor14.invoke(Unknown Source)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:498)\n\tat com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)\n\tat com.amazonaws.http.conn.$Proxy6.connect(Unknown Source)\n\tat org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)\n\tat org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)\n\tat org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)\n\tat org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)\n\tat com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1115)\n\tat com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:964)\n\t... 26 more\nCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)\n\tat sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)\n\tat sun.security.validator.Validator.validate(Validator.java:260)\n\tat sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)\n\tat sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)\n\tat sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)\n\tat sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)\n\t... 52 more\nCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)\n\tat sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)\n\tat java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)\n\tat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)\n\t... 58 more\n","wait":0}}] }
> *SSVM logs:*
> 2017-09-21 03:04:16,887 INFO [commons.httpclient.HttpMethodDirector] (pool-1-thread-1:null) I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> 2017-09-21 03:04:16,888 INFO [commons.httpclient.HttpMethodDirector] (pool-1-thread-1:null) Retrying request
> 2017-09-21 03:04:17,204 INFO [storage.template.DownloadManagerImpl] (pool-1-thread-1:null) Download Completion for jobId: 3554c733-93bb-49da-9324-c451aa182556, status=UNRECOVERABLE_ERROR
> 2017-09-21 03:04:17,204 INFO [storage.template.DownloadManagerImpl] (pool-1-thread-1:null) local: /mnt/SecStorage/c4bb9aa7-9bc5-3042-aa00-3ab0cc758443/template/tmpl/2/202/dnld1724449062341770888tmp_, bytes=0, error=sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, pct=0
> 2017-09-21 03:04:18,757 DEBUG [cloud.agent.Agent] (agentRequest-Handler-9:null) Seq 5-4165548180340998163: { Ans: , MgmtId: 4278190080, via: 5, Ver: v1, Flags: 10, [{"com.cloud.agent.api.storage.DownloadAnswer":{"jobId":"3554c733-93bb-49da-9324-c451aa182556","downloadPct":0,"errorString":"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","downloadStatus":"DOWNLOAD_ERROR","downloadPath":"/mnt/SecStorage/c4bb9aa7-9bc5-3042-aa00-3ab0cc758443/template/tmpl/2/202/dnld1724449062341770888tmp_","installPath":"template/tmpl/2/202","templateSize":0,"templatePhySicalSize":0,"result":true,"details":"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","wait":0}}] }
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)