Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
4.3.2
-
None
-
Security Level: Public (Anyone can view this level - this is the default.)
-
None
Description
When trying to apply a new system SSL certificate in the UI, it says the certificate was applied successfully and restarts the system vms. When they come back up, they are still loaded with the realhostip certificates.
Managment log shows the following:
2015-03-19 13:15:31,040 INFO [c.c.s.ConfigurationServerImpl] (main:null) Processing updateSSLKeyStore
2015-03-19 13:15:31,041 INFO [c.c.s.ConfigurationServerImpl] (main:null) SSL keystore located at /etc/cloudstack/management/cloudmanagementserver.keystore
2015-03-19 13:15:31,047 DEBUG [c.c.u.s.Script] (main:null) Executing: sudo keytool -genkey -keystore /etc/cloudstack/management/cloudmanagementserver.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="domain",o="domain",c="Unknown"
2015-03-19 13:15:31,062 DEBUG [c.c.u.s.Script] (main:null) Exit value is 1
2015-03-19 13:15:31,063 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty present and no askpass program specified
2015-03-19 13:15:31,064 WARN [c.c.s.ConfigurationServerImpl] (main:null) Would use fail-safe keystore to continue.
java.io.IOException: Fail to generate certificate!: sudo: no tty present and no askpass program specified
at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:577)
at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:598)
at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:288)
at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:152)
at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:117)
at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:156)
at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:113)
at org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:59)
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167)
at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339)
at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143)
at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:141)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:119)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:239)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:244)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:227)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:115)
at org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:78)
at org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37)
at org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:69)
at org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:56)
at org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:60)
at org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:51)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-03-19 13:15:31,084 INFO [c.c.s.ConfigurationServerImpl] (main:null) Processing updateKeyPairs
2015-03-19 13:15:31,084 INFO [c.c.s.ConfigurationServerImpl] (main:null) Keypairs already in database, updating local copy
2015-03-19 13:15:31,115 INFO [c.c.s.ConfigurationServerImpl] (main:null) Going to update systemvm iso with generated keypairs if needed
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in the classpath
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) System resource: null
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Classpath resource: null
2015-03-19 13:15:31,115 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Current binaries reside at /usr/share/cloudstack-management/webapps/client/WEB-INF/lib
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/WEB-INF/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,116 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/scripts/vm/systemvm/injectkeys.sh
2015-03-19 13:15:31,117 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /scripts/vm/systemvm/injectkeys.sh
If I run the command in the command line it works just fine:
sudo keytool -genkey -keystore /etc/cloudstack/management/cloudmanagementserver.keystore -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn="Cloudstack User",ou="domainRemoved",o="domain",c="Unknown"
After destroying the system vms they get the updated certificate and the console proxy works just fine.