Btw, the place used the keystore is at Link.java. --Sheng
On Thu, Apr 10, 2014 at 9:36 AM, Sheng Yang <sh...@yasker.org> wrote: > We traced back the issue to: > > commit de448ec4792eda5b47d79b26e9cb8ce96a2b22f4 > Author: Wei Zhou <w.z...@leaseweb.com> > Date: Thu Nov 7 11:09:06 2013 +0100 > > CLOUDSTACK-5042: change cloud.keystore to > cloudmanagementserver.keystore and install it > > > This commit only modify the keystore name, but remain the real place to > use the keystore unchangd. It would make cloudstack fail to found the > keystore when "cloud.keystore" not existed, thus involve in fail-safe > keystore kick in. > > We're working on fix it. > > --Sheng > > > On Thu, Apr 10, 2014 at 9:27 AM, Michael Phillips <mphilli7...@hotmail.com > > wrote: > >> I created a bug report for this. >> https://issues.apache.org/jira/browse/CLOUDSTACK-6378 >> >> > From: prashanthreddy.mand...@citrix.com >> > To: dev@cloudstack.apache.org >> > Subject: RE: cloudmanagementserver.keystore >> > Date: Tue, 8 Apr 2014 05:49:49 +0000 >> > >> > I have seen this issue on fresh installation of 4.3. >> > >> > Snippet of the log from my setup >> > >> > "2014-04-07 08:00:09,295 INFO [c.c.s.ConfigurationServerImpl] >> (main:null) SSL keystore located at >> /etc/cloudstack/management/cloudmanagementserver.keystore >> > 2014-04-07 08:00:09,304 DEBUG [c.c.u.s.Script] (main:null) Executing: >> sudo keytool -genkey -keystore >> /etc/cloudstack/management/cloudmanagementserver.keystore -storepass >> vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname >> cn="Cloudstack User",ou="repro. cloud.internal",o="repro. >> cloud.internal",c="Unknown" >> > 2014-04-07 08:00:09,438 DEBUG [c.c.u.s.Script] (main:null) Exit value >> is 1 >> > 2014-04-07 08:00:09,441 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty >> present and no askpass program specified >> > 2014-04-07 08:00:09,445 WARN [c.c.s.ConfigurationServerImpl] >> (main:null) Would use fail-safe keystore to continue. >> > java.io.IOException: Fail to generate certificate!: sudo: no tty >> present and no askpass program specified" >> > >> > >> > Thanks, >> > Prashanth >> > >> > -----Original Message----- >> > From: Michael Phillips [mailto:mphilli7...@hotmail.com] >> > Sent: Tuesday, April 08, 2014 9:27 AM >> > To: dev@cloudstack.apache.org >> > Subject: cloudmanagementserver.keystore >> > >> > I know this was a problem in 4.2.1 in which the system would endlessly >> log the following error: >> > 014-04-07 22:29:29,715 WARN [c.c.u.n.Link] >> (AgentManager-Selector:null) SSL: Fail to find the generated keystore. >> Loading fail-safe one to continue. >> > The fix was to rename >> /etc/cloudstack/management/cloudmanagementserver.keystore, to >> cloud.keystore then restart cloudstack. >> > I just installed 4.3.0 fresh, and it seems like this problem persists >> with a twist. The system now does not create any keystore file and logs the >> following 3 errors. >> > Executing: sudo keytool -genkey -keystore >> /etc/cloudstack/management/cloudmanagementserver.keystore -storepass >> vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname >> cn="Cloudstack >> User",ou="ustxdalcstackwebp1.cloudagy.local",o="ustxdalcstackwebp1.cloudagy.local",c="Unknown" >> 2014-04-07 21:31:53,610 DEBUG [c.c.u.s.Script] (main:null) Exit value is >> 12014-04-07 21:31:53,610 DEBUG [c.c.u.s.Script] (main:null) sudo: no tty >> present and no askpass program specified My fix was to run the above >> command "keytool..." from the command line, then rename the file to >> cloud.keystore. Once I did that it stopped logging the "SSL: Fail to find >> the generated keystore" errors. Can anyone else confirm they saw this >> behavior in 4.3.0? If so I can make a bug report in JIRA.. >> > >> >> > >
