rhtyd commented on issue #2930: HA for Management Server - roundrobin: Certificate ownership URL: https://github.com/apache/cloudstack/issues/2930#issuecomment-433854973 @DennisKonrad thanks. When a new management server starts, it first upgrades the DB and then various managers/components start. During this start stage, first the `ConfigurationManagerImpl` starts which configures various default settings, offerings, accounts (such as system, admin etc). When the CA manager starts, it asks the configured/default plugin to initialize which is the RootCA plugin by default. This plugin would check db is keypair (private/public keypair) exists and uses the CA cert to create and sign a self-signed cert for the mgmt server host. If during the initializing process, another mgmt server is started it might screw up big time conflicting for operations/default created by both ConfigurationManager and CAManager. Therefore, based on the output you've shared it's more of an env/setup issue than a bug. Please re-test master again, this time making sure that the first/primary mgmt server initializes/completes before secondary mgmt servers are added. For an existing env, to force re-kick of cert generation, shutdown all mgmt servers, then in the db and set these global settings in cloud.configurations table to null: - ca.plugin.root.private.key - ca.plugin.root.public.key - ca.plugin.root.ca.certificate And start first mgmt server, let it complete initialization and start other mgmt servers.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
