[jira] [Commented] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14090518#comment-14090518 ] Sudha Ponnaganti commented on CLOUDSTACK-1389: -- I am OOO from 8/6 through 8/22 Interactive Password Prompts during Management Server Startup - Key: CLOUDSTACK-1389 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 Project: CloudStack Issue Type: Bug Security Level: Public(Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.1.0, 4.2.0 Environment: devcloud Reporter: John Burwell Labels: security Fix For: 4.4.0 When starting the management with no SSL certificate present, the system attempts to run a shell script that requires interactive password entry. Executing the following steps with a user that is either non-sudoer or a sudoer that requires a password authentication to perform sudo actions (and who has not already authenticated to sudo), execute the following commands from root directory of a cloudstack/4.1 checkout: 1. mvn -P developer clean install 2. mvn -pl :cloud-client-ui jetty:run During the startup process, the management server will not find the cloud.keystore in the the client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and attempt to generate an SSL certificate using the following shell scripts: sudo keytool -genkey -keystore /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown The following is a capture of the script timeout error from the vmops.log: 2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:null) SSL keystore located at /Users/jburwell/Docum ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) Interrupting script. 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown . Ou tput is: dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] (Timer-2:null) Would use fail-safe keystore to continue. java.io.IOException: Fail to generate certificate!: timeout at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 0) at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) at sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source) at
[jira] [Commented] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14090529#comment-14090529 ] Daan Hoogland commented on CLOUDSTACK-1389: --- b2efdf20c05ae5659965a872115745e5821dccc8 at your very wish Interactive Password Prompts during Management Server Startup - Key: CLOUDSTACK-1389 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 Project: CloudStack Issue Type: Bug Security Level: Public(Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.1.0, 4.2.0 Environment: devcloud Reporter: John Burwell Labels: security Fix For: 4.4.0 When starting the management with no SSL certificate present, the system attempts to run a shell script that requires interactive password entry. Executing the following steps with a user that is either non-sudoer or a sudoer that requires a password authentication to perform sudo actions (and who has not already authenticated to sudo), execute the following commands from root directory of a cloudstack/4.1 checkout: 1. mvn -P developer clean install 2. mvn -pl :cloud-client-ui jetty:run During the startup process, the management server will not find the cloud.keystore in the the client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and attempt to generate an SSL certificate using the following shell scripts: sudo keytool -genkey -keystore /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown The following is a capture of the script timeout error from the vmops.log: 2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:null) SSL keystore located at /Users/jburwell/Docum ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) Interrupting script. 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown . Ou tput is: dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] (Timer-2:null) Would use fail-safe keystore to continue. java.io.IOException: Fail to generate certificate!: timeout at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 0) at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) at sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source) at
[jira] [Commented] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13833688#comment-13833688 ] Jayapal Reddy commented on CLOUDSTACK-1389: --- Abhi - can you please reassign? Raja 11/27 Interactive Password Prompts during Management Server Startup - Key: CLOUDSTACK-1389 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 Project: CloudStack Issue Type: Bug Security Level: Public(Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.1.0, 4.2.0 Environment: devcloud Reporter: John Burwell Assignee: Abhinandan Prateek Labels: security Fix For: 4.3.0 When starting the management with no SSL certificate present, the system attempts to run a shell script that requires interactive password entry. Executing the following steps with a user that is either non-sudoer or a sudoer that requires a password authentication to perform sudo actions (and who has not already authenticated to sudo), execute the following commands from root directory of a cloudstack/4.1 checkout: 1. mvn -P developer clean install 2. mvn -pl :cloud-client-ui jetty:run During the startup process, the management server will not find the cloud.keystore in the the client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and attempt to generate an SSL certificate using the following shell scripts: sudo keytool -genkey -keystore /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown The following is a capture of the script timeout error from the vmops.log: 2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:null) SSL keystore located at /Users/jburwell/Docum ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) Interrupting script. 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown . Ou tput is: dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] (Timer-2:null) Would use fail-safe keystore to continue. java.io.IOException: Fail to generate certificate!: timeout at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 0) at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) at sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source) at
[jira] [Commented] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13688505#comment-13688505 ] Ian Duffy commented on CLOUDSTACK-1389: --- Any progress or workaround for this? Interactive Password Prompts during Management Server Startup - Key: CLOUDSTACK-1389 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 Project: CloudStack Issue Type: Bug Security Level: Public(Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.1.0, 4.2.0 Environment: devcloud Reporter: John Burwell Assignee: Abhinandan Prateek Labels: security Fix For: 4.2.0 When starting the management with no SSL certificate present, the system attempts to run a shell script that requires interactive password entry. Executing the following steps with a user that is either non-sudoer or a sudoer that requires a password authentication to perform sudo actions (and who has not already authenticated to sudo), execute the following commands from root directory of a cloudstack/4.1 checkout: 1. mvn -P developer clean install 2. mvn -pl :cloud-client-ui jetty:run During the startup process, the management server will not find the cloud.keystore in the the client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and attempt to generate an SSL certificate using the following shell scripts: sudo keytool -genkey -keystore /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown The following is a capture of the script timeout error from the vmops.log: 2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:null) SSL keystore located at /Users/jburwell/Docum ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) Interrupting script. 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown . Ou tput is: dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] (Timer-2:null) Would use fail-safe keystore to continue. java.io.IOException: Fail to generate certificate!: timeout at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 0) at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) at sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source) at