What I'm not clear is why CC sends a request to *https://ec2.us-east-1.amazonaw
<https://ec2.us-east-1.amazonaw/>*s.com (us-east) endpoint, while the
defined regions are ap-southeast?
On Fri, Dec 19, 2014 at 8:12 PM, Manula Chathurika Thantriwatte <
manu...@wso2.com> wrote:
>
> Hi,
>
> IMO is we should keep our own trust store for Stratos, but I'm not sure it
> encounter any problem.
>
> Thanks !
>
> On Fri, Dec 19, 2014 at 1:58 PM, Udara Liyanage <ud...@wso2.com> wrote:
>>
>> Hi,
>>
>> We need to update the carbon trust store and ship with Stratos. Currently
>> truststore is coming from kernel, we have to keep a truss tore of our own
>> then.
>>
>> On Fri, Dec 19, 2014 at 1:13 PM, Udara Liyanage <ud...@wso2.com> wrote:
>>>
>>> Hi,
>>>
>>> I think that worked. Thanks Raj.
>>>
>>>
>>> On Fri, Dec 19, 2014 at 12:09 PM, Rajkumar Rajaratnam <
>>> rajkum...@wso2.com> wrote:
>>>>
>>>> Hi Udara,
>>>>
>>>> Seems that the cert has changed at amazon side.
>>>>
>>>> Can you import the amazon cert into the client-truststore and try again?
>>>>
>>>> Thanks.
>>>>
>>>> On Fri, Dec 19, 2014 at 12:02 PM, Udara Liyanage <ud...@wso2.com>
>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> Below exception is thrown when application is deployed.
>>>>>
>>>>> Region I have specified in cloud-controller.xml and partition of the
>>>>> deployment policy is ap-souteast-1.
>>>>>
>>>>>
>>>>> TID: [0] [STRATOS] [2014-12-19 06:18:56,376] ERROR
>>>>> {org.jclouds.http.handlers.BackoffLimitedRetryHandler} - Cannot retry
>>>>> after server error, command has exceeded retry limit 5:
>>>>> [method=org.jclouds.ec2.features.AvailabilityZoneAndRegionApi.public
>>>>> abstract java.util.Map
>>>>> org.jclouds.ec2.features.AvailabilityZoneAndRegionApi.describeRegions(org.jclouds.ec2.options.DescribeRegionsOptions[])[[Lorg.jclouds.ec2.options.DescribeRegionsOptions;@5fced56c],
>>>>> request=POST https://ec2.us-east-1.amazonaws.com/ HTTP/1.1]
>>>>> TID: [0] [STRATOS] [2014-12-19 06:18:56,379] ERROR
>>>>> {org.apache.stratos.cloud.controller.iaases.JcloudsIaasUtil} - * Could
>>>>> not build iaas of type: ec2*
>>>>> *org.jclouds.http.HttpResponseException:
>>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>> valid certification path to requested target connecting to POST
>>>>> https://ec2.us-east-1.amazonaw <https://ec2.us-east-1.amazonaw>*s.com/
>>>>> HTTP/1.1
>>>>> at
>>>>> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:110)
>>>>> at
>>>>> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.java:90)
>>>>> at
>>>>> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:73)
>>>>> at
>>>>> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:44)
>>>>> at
>>>>> org.jclouds.reflect.FunctionalReflection$FunctionalInvocationHandler.handleInvocation(FunctionalReflection.java:117)
>>>>> at
>>>>> com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:87)
>>>>> at com.sun.proxy.$Proxy111.describeRegions(Unknown Source)
>>>>> at
>>>>> org.jclouds.ec2.suppliers.DescribeRegionsForRegionURIs.get(DescribeRegionsForRegionURIs.java:47)
>>>>> at
>>>>> org.jclouds.ec2.suppliers.DescribeRegionsForRegionURIs.get(DescribeRegionsForRegionURIs.java:34)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier$SetAndThrowAuthorizationExceptionSupplierBackedLoader.load(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:73)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier$SetAndThrowAuthorizationExceptionSupplierBackedLoader.load(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:57)
>>>>> at
>>>>> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
>>>>> at
>>>>> com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2317)
>>>>> at
>>>>> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2280)
>>>>> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)
>>>>> at com.google.common.cache.LocalCache.get(LocalCache.java:3934)
>>>>> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938)
>>>>> at
>>>>> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4821)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.get(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:119)
>>>>> at
>>>>> org.jclouds.location.suppliers.derived.RegionIdsFromRegionIdToURIKeySet.get(RegionIdsFromRegionIdToURIKeySet.java:49)
>>>>> at
>>>>> org.jclouds.location.suppliers.derived.RegionIdsFromRegionIdToURIKeySet.get(RegionIdsFromRegionIdToURIKeySet.java:36)
>>>>> at
>>>>> com.google.common.base.Suppliers$SupplierComposition.get(Suppliers.java:67)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier$SetAndThrowAuthorizationExceptionSupplierBackedLoader.load(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:73)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier$SetAndThrowAuthorizationExceptionSupplierBackedLoader.load(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:57)
>>>>> at
>>>>> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
>>>>> at
>>>>> com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2317)
>>>>> at
>>>>> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2280)
>>>>> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)
>>>>> at com.google.common.cache.LocalCache.get(LocalCache.java:3934)
>>>>> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938)
>>>>> at
>>>>> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4821)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.get(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:119)
>>>>> at
>>>>> org.jclouds.location.suppliers.all.RegionToProviderOrJustProvider.get(RegionToProviderOrJustProvider.java:56)
>>>>> at
>>>>> org.jclouds.location.suppliers.all.ZoneToRegionToProviderOrJustProvider.get(ZoneToRegionToProviderOrJustProvider.java:71)
>>>>> at
>>>>> org.jclouds.location.suppliers.all.ZoneToRegionToProviderOrJustProvider.get(ZoneToRegionToProviderOrJustProvider.java:46)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier$SetAndThrowAuthorizationExceptionSupplierBackedLoader.load(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:73)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier$SetAndThrowAuthorizationExceptionSupplierBackedLoader.load(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:57)
>>>>> at
>>>>> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
>>>>> at
>>>>> com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2317)
>>>>> at
>>>>> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2280)
>>>>> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)
>>>>> at com.google.common.cache.LocalCache.get(LocalCache.java:3934)
>>>>> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938)
>>>>> at
>>>>> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4821)
>>>>> at
>>>>> org.jclouds.rest.suppliers.MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.get(MemoizedRetryOnTimeOutButNotOnAuthorizationExceptionSupplier.java:119)
>>>>> at
>>>>> org.jclouds.compute.internal.BaseComputeService.listAssignableLocations(BaseComputeService.java:385)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsEC2Iaas.buildTemplate(JcloudsEC2Iaas.java:101)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsEC2Iaas.buildComputeServiceAndTemplate(JcloudsEC2Iaas.java:79)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsIaasUtil.buildComputeServiceAndTemplateFromImage(JcloudsIaasUtil.java:46)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsIaasUtil.buildComputeServiceAndTemplate(JcloudsIaasUtil.java:37)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsIaas.initialize(JcloudsIaas.java:95)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.domain.IaasProvider.getIaas(IaasProvider.java:224)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.services.impl.CloudControllerServiceUtil.buildIaas(CloudControllerServiceUtil.java:51)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.services.impl.CloudControllerServiceImpl.deployCartridgeDefinition(CloudControllerServiceImpl.java:113)
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>>> at
>>>>> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
>>>>> at
>>>>> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
>>>>> at
>>>>> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
>>>>> at
>>>>> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
>>>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
>>>>> at
>>>>> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
>>>>> at
>>>>> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
>>>>> at
>>>>> org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>>>>> at
>>>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
>>>>> at
>>>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
>>>>> at
>>>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>>>>> at
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>>>> at
>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>>>>> at
>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>>>>> at
>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>>>>> at
>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>>>>> at
>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>>>>> at
>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
>>>>> at
>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>>>>> at
>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
>>>>> at
>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>>>>> at
>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>>>>> at
>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>>>>> at
>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>>>>> at
>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
>>>>> at
>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>>>> at
>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>>>> at java.lang.Thread.run(Thread.java:744)
>>>>> Caused by: javax.net.ssl.SSLHandshakeException:
>>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>> valid certification path to requested target
>>>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>>>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>>>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>>>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>>>>> at
>>>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
>>>>> at
>>>>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
>>>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>>>>> at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>>>>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>>>>> at
>>>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
>>>>> at
>>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>>>>> at
>>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
>>>>> at
>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>>>>> at
>>>>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
>>>>> at
>>>>> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.writePayloadToConnection(JavaUrlHttpCommandExecutorService.java:303)
>>>>> at
>>>>> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(JavaUrlHttpCommandExecutorService.java:190)
>>>>> at
>>>>> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(JavaUrlHttpCommandExecutorService.java:71)
>>>>> at
>>>>> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:88)
>>>>> ... 98 more
>>>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>>>> building failed:
>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>> valid certification path to requested target
>>>>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>>>>> at
>>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
>>>>> at sun.security.validator.Validator.validate(Validator.java:260)
>>>>> at
>>>>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
>>>>> at
>>>>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
>>>>> at
>>>>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
>>>>> at
>>>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
>>>>> ... 113 more
>>>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>>>> unable to find valid certification path to requested target
>>>>> at
>>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
>>>>> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>>>>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>>>>> ... 119 more
>>>>> TID: [0] [STRATOS] [2014-12-19 06:18:56,385] ERROR
>>>>> {org.apache.stratos.cloud.controller.iaases.JcloudsIaas} - Could not
>>>>> initialize jclouds IaaS
>>>>> org.apache.stratos.cloud.controller.exception.InvalidIaasProviderException:
>>>>> Could not build iaas of type: ec2
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsIaasUtil.buildComputeServiceAndTemplateFromImage(JcloudsIaasUtil.java:50)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsIaasUtil.buildComputeServiceAndTemplate(JcloudsIaasUtil.java:37)
>>>>> at
>>>>> org.apache.stratos.cloud.controller.iaases.JcloudsIaas.initialize(Jclo
>>>>> --
>>>>>
>>>>> Udara Liyanage
>>>>> Software Engineer
>>>>> WSO2, Inc.: http://wso2.com
>>>>> lean. enterprise. middleware
>>>>>
>>>>> web: http://udaraliyanage.wordpress.com
>>>>> phone: +94 71 443 6897
>>>>>
>>>>
>>>>
>>>> --
>>>> Rajkumar Rajaratnam
>>>> Committer & PMC Member, Apache Stratos
>>>> Software Engineer, WSO2
>>>>
>>>> Mobile : +94777568639
>>>> Blog : rajkumarr.com
>>>>
>>>
>>>
>>> --
>>>
>>> Udara Liyanage
>>> Software Engineer
>>> WSO2, Inc.: http://wso2.com
>>> lean. enterprise. middleware
>>>
>>> web: http://udaraliyanage.wordpress.com
>>> phone: +94 71 443 6897
>>>
>>
>>
>> --
>>
>> Udara Liyanage
>> Software Engineer
>> WSO2, Inc.: http://wso2.com
>> lean. enterprise. middleware
>>
>> web: http://udaraliyanage.wordpress.com
>> phone: +94 71 443 6897
>>
>
>
> --
> Regards,
> Manula Chathurika Thantriwatte
> Software Engineer
> WSO2 Inc. : http://wso2.com
> lean . enterprise . middleware
>
> email : manu...@wso2.com / man...@apache.org
> phone : +94 772492511
> blog : http://manulachathurika.blogspot.com/
>
>
>
>
--
*Sajith Kariyawasam*
*Committer and PMC member, Apache Stratos,WSO2 Inc., http://wso2.com
<http://wso2.com>AMIE (SL)Mobile: +94772269575*
